formal-verification

I was taught about formal systems at university, but I was disappointed how they didn't seem to be used in the real word. I like the idea of being able to know that some code (object, function, whatever) works, not by testing, but by proof . I'm sure we're all familiar with the parallels that don't exist between physical engineering and software engineering (steel behaves predictably, software can do anything - who knows!), and I would love to know if there are any languages that can be use in the real word (is asking for a web framework too much to ask?) I've heard interesting things about

Continuing on from ideas in: Are there any provable real-world languages? I don't know about you, but I'm sick of writing code that I can't guarantee. After asking the above question and getting a phenomenal response (Thanks all!) I have decided to narrow my search for a provable, pragmatic, approach to Haskell . I chose Haskell because it is actually useful (there are many web frameworks written for it, this seems a good benchmark) AND I think it is strict enough, functionally , that it might be provable, or at least allow the testing of invariants. Here's what I want (and have been unable to

I want to have a boolean variable that test if, e.g., the third bit of a bit vector is 0. The theory of bitvector allows to extract 1 bit as a bitvector, but not a boolean type. I wonder if I can do this cast. Thank you. === Update === I'm sorry if my question is not clear. But the answer of Nikolaj Bjorner is how to test a certain bit of a bit vector. While I want to assign the value of the first bit of a bit vector to a variable. I try to modify the example as follows: (declare-fun x () (_ BitVec 5)) (declare-fun bit0 () Bool) (assert (= (= #b1 ((_ extract 0 0) x)) bit0 )) (check-sat) And z3

I would like to model fixed-size memory buffers and their access operations in Z3. The size of the buffers can be anywhere from a couple of bytes to hundreds of bytes. The standard way employed by several existing tools (e.g., KLEE) is to create array variables over the domain and range of bitvectors. Each memory buffer gets such an array and memory reads/writes are encoded using select / store operations. Alas, in my benchmarks, when using this approach, Z3(*) appears to be consistently slower than STP. Before analyzing the queries in more detail to figure out what's going on, I wanted to

Here, http://spinroot.com/spin/Man/Manual.html , it is written that: In Promela there is also another way to avoid the test and set problem: atomic sequences. By prefixing a sequence of statements enclosed in curly braces with the keyword atomic the user can indicate that the sequence is to be executed as one indivisible unit, non-interleaved with any other processes. It causes a run-time error if any statement, other than the first statement, blocks in an atomic sequence . This is how we can use atomic sequences to protect the concurrent access to the global variable state in the earlier

I am getting a warning in Dafny which says that my quantifiers have No terms found to trigger on. What I am trying to do for my code is to find the largest number that has a square value that is less than or equal to the given natural number 'n'. Here is the code I came up with so far: method sqrt(n : nat) returns (r: int) // square less than or equal to n ensures (r * r) <= n // largest number ensures forall i :: 0 <= i < r ==> (i * i) < (r * r) { var i := 0; // increasing number r := 0; while ((i*i) <= n) invariant (r*r) <= n invariant forall k :: 0 <= k < r ==> (k*k) < (r*r) decreases n - i

The theorem proving tool z3 is taking a lot of time to solve a formula, which I believe it should be able to handle easily. To understand this better and possibly optimize my input to z3, I wanted to see the internal constraints that z3 generates as part of its solving process. How do I print the formula that z3 produces for its back-end solvers, when using z3 from the command line? Leonardo de Moura Z3 command line tool does not have such option. Moreover, Z3 contains several solvers and pre-processing steps. It is unclear which step would be useful for you. The Z3 source code is available at