skip to main content
10.1145/1449913.1449926acmconferencesArticle/Chapter ViewAbstractPublication PagesgpceConference Proceedingsconference-collections

Generating customized verifiers for automatically generated code

Published: 19 October 2008 Publication History


Program verification using Hoare-style techniques requires many logical annotations. We have previously developed a generic annotation inference algorithm that weaves in all annotations required to certify safety properties for automatically generated code. It uses patterns to capture generator- and property-specific code idioms and property-specific meta-program fragments to construct the annotations. The algorithm is customized by specifying the code patterns and integrating them with the meta-program fragments for annotation construction. However, this is difficult since it involves tedious and error-prone low-level term manipulations.
Here, we describe an approach that automates this customization task using generative techniques. It uses a small annotation schema compiler that takes a collection of high-level declarative annotation schemas tailored towards a specific code generator and safety property, and generates all customized analysis functions and glue code required for interfacing with the generic algorithm core, thus effectively creating a customized annotation inference algorithm. The compiler raises the level of abstraction and simplifies schema development and maintenance. It also takes care of some more routine aspects of formulating patterns and schemas, in particular handling of irrelevant program fragments and irrelevant variance in the program structure, which reduces the size, complexity, and number of different patterns and annotation schemas required. The improvements described here make it easier and faster to customize the system to a new safety property or a new generator, and we demonstrate this by customizing it to certify frame safety of space flight navigation code that was automatically generated from Simulink models by MathWorks' Real-Time Workshop.


XML Path Language (XPath) Version 1.0, 1999.
M. Antkiewicz, T. Tonelli Bartolomei, and K. Czarnecki. Automatic extraction of framework-specific models from framework-based application code. In ASE'07, pp. 214--223. ACM, 2007.
N. Basir, E. Denney, and B. Fischer. Constructing a Safety Case for Automatically Generated Code from Formal Program Verification Information. In SAFECOMP'08, LNCS 5219, pp. 249--262. Springer, 2008.
J. Brunel et al. A Foundation for Flow-Based Program Matching Using Temporal Logic and Model Checking. Technical Report 08/2/INFO, Ecole des Mines de Nantes, 2008.
P. Cousot et al. The Astreé analyzer. In ESOP'05, LNCS 3444, pp. 21---30. Springer, 2005.
E. Denney and B. Fischer. Correctness of source-level safety policies. In FM'03, LNCS 2805, pp. 894--913. Springer, 2003.
E. Denney and B. Fischer. Certifiable program generation. In GPCE'05, LNCS 3676, pp. 17--28. Springer, 2005.
E. Denney and B. Fischer. A generic annotation inference algorithm for the safety certification of automatically generated code. In GPCE'06, pp. 121--130. ACM Press, 2006.
N. Dershowitz and Z. Manna. Inference rules for program annotation. ICSE-3, pp. 158--167. IEEE Press, 1978.
M. D. Ernst, J. Cockrell, W. G. Griswold, and D. Notkin. Dynamically discovering likely program invariants to support program evolution. IEEE TSE, 27(2):1--25, 2001.
B. Fischer and J. Schumann. AutoBayes: A system for generating data analysis programs from statistical models. J. Functional Programming, 13(3):483--508, 2003.
C. Flanagan and K. R. M. Leino. Houdini, an annotation assistant for ESC/Java. In FME'01, LNCS 2021, pp. 500--517. Springer, 2001.
M. J. Harrold and G. Rothermel. Syntax-directed construction of program dependence graphs. Technical Report OSU-CISRC-5/96-TR32, The Ohio State University, 1996.
L. Kovács and T. Jebelean. Finding Polynomial Invariants for Imperative Loops in the Theorema System. In Proc. IJCAR'06 Workshop Verify'06, pp. 52--67, 2006.
O. Lee, H. Yang, and K. Yi. Automatic Verification of Pointer Programs Using Grammar-Based Shape Analysis. In ESOP'05, LNCS 3444, pp. 124--240. Springer, 2005.
M. Lowry, T. Pressburger, and G. Roşu. Certifying domain-specific policies. In ASE'01, pp. 118--125. IEEE, 2001.
C. Morgan, K. De Volder, and E. Wohlstadter. A Static Aspect Language for Checking Design Rules. In AOSD '07, pp. 63--72. ACM Press, 2007.
J. W. Nimmer and M. D. Ernst. Static verification of dynamically detected invariants: Integrating Daikon and ESC/Java. In First Workshop on Runtime Verification, Elec. Notes in Theoretical Computer Science, 55(2). Elsevier, 2001.
S. Schulz. E - A Brainiac Theorem Prover. J. AI Communications, 15(2/3):111--126, 2002.
G. Sutcliffe and D. Seyfang. Smart selective competition parallelism ATP. In FLAIRS'99, pp. 341--345. AAAI Press, 1999.
D. A. Vallado. Fundamentals of Astrodynamics and Applications. Space Technology Library. Microcosm Press and Kluwer Academic Publishers, second edition, 2001.
B. Wegbreit. The synthesis of loop predicates. CACM, 17(2):102--112, 1974.
C. Weidenbach et al. SPASS Version 2.0. In Proc. 18th CADE, LNAI 2392, pp. 275--279. Springer, 2002.
M. Whalen, J. Schumann, and B. Fischer. Synthesizing certified code. In FME'02, LNCS 2391, pp. 431--450. Springer, 2002.
J. Whittle and J. Schumann. Automating the implementation of Kalman filter algorithms. ACM Trans. Mathematical Software, 30(4):434--453, 2004.

Cited By

View all
  • (2020)Fault Localization With Weighted Test Model in Model TransformationsIEEE Access10.1109/ACCESS.2020.29665408(14054-14064)Online publication date: 2020
  • (2015)A survey of approaches for verifying model transformationsSoftware and Systems Modeling (SoSyM)10.1007/s10270-013-0358-014:2(1003-1028)Online publication date: 1-May-2015
  • (2015)Towards Modular Verification of Threaded Concurrent Executable Code Generated from DSL ModelsRevised Selected Papers of the 12th International Conference on Formal Aspects of Component Software - Volume 953910.1007/978-3-319-28934-2_8(141-160)Online publication date: 14-Oct-2015
  • Show More Cited By



Information & Contributors


Published In

cover image ACM Conferences
GPCE '08: Proceedings of the 7th international conference on Generative programming and component engineering
October 2008
194 pages
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]



Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 October 2008


Request permissions for this article.

Check for updates

Author Tags

  1. automated code generation
  2. automated theorem proving
  3. hoare logic
  4. logical annotations
  5. program verification
  6. software certification


  • Research-article


GPCE '08

Acceptance Rates

Overall Acceptance Rate 56 of 180 submissions, 31%


Other Metrics

Bibliometrics & Citations


Article Metrics

  • Downloads (Last 12 months)3
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Feb 2025

Other Metrics


Cited By

View all
  • (2020)Fault Localization With Weighted Test Model in Model TransformationsIEEE Access10.1109/ACCESS.2020.29665408(14054-14064)Online publication date: 2020
  • (2015)A survey of approaches for verifying model transformationsSoftware and Systems Modeling (SoSyM)10.1007/s10270-013-0358-014:2(1003-1028)Online publication date: 1-May-2015
  • (2015)Towards Modular Verification of Threaded Concurrent Executable Code Generated from DSL ModelsRevised Selected Papers of the 12th International Conference on Formal Aspects of Component Software - Volume 953910.1007/978-3-319-28934-2_8(141-160)Online publication date: 14-Oct-2015
  • (2014)Automating the Assembly of Aviation Safety CasesIEEE Transactions on Reliability10.1109/TR.2014.233599563:4(830-849)Online publication date: Dec-2014
  • (2013)Simulink timed models for program verificationTheories of Programming and Formal Methods10.5555/2554641.2554647(82-99)Online publication date: 1-Jan-2013
  • (2013)Simulink Timed Models for Program VerificationTheories of Programming and Formal Methods10.1007/978-3-642-39698-4_6(82-99)Online publication date: 2013
  • (2012)Heterogeneous Aviation Safety Cases: Integrating the Formal and the Non-formal2012 IEEE 17th International Conference on Engineering of Complex Computer Systems10.1109/ICECCS20050.2012.6299215(199-208)Online publication date: Jul-2012
  • (2012)AdvoCATEProceedings of the 2012 international conference on Computer Safety, Reliability, and Security10.1007/978-3-642-33675-1_2(8-21)Online publication date: 25-Sep-2012
  • (2010)Verifying semantic conformance of state machine-to-java code generatorsProceedings of the 13th international conference on Model driven engineering languages and systems: Part I10.5555/1926458.1926475(166-180)Online publication date: 3-Oct-2010
  • (2010)Verifying Semantic Conformance of State Machine-to-Java Code GeneratorsModel Driven Engineering Languages and Systems10.1007/978-3-642-16145-2_12(166-180)Online publication date: 2010
  • Show More Cited By

View Options

Login options

View options


View or Download as a PDF file.



View online with eReader.







Share this Publication link

Share on social media