Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems

Amos Robinson; Alex Potanin

doi:10.4230/LIPIcs.ECOOP.2024.34

Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems

Amos Robinson^*, Alex Potanin^*

^*Corresponding author for this work

School of Computing

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

Synchronous languages such as Lustre and Scade are used to implement safety-critical control systems; proving such programs correct and having the proved properties apply to the compiled code is therefore equally critical. We introduce Pipit, a small synchronous language embedded in F^✶, designed for verifying control systems and executing them in real-time. Pipit includes a verified translation to transition systems; by reusing F^✶’s existing proof automation, certain safety properties can be automatically proved by k-induction on the transition system. Pipit can also generate executable code in a subset of F^✶ which is suitable for compilation and real-time execution on embedded devices. The executable code is deterministic and total and preserves the semantics of the original program.

Original language	English
Title of host publication	38th European Conference on Object-Oriented Programming, ECOOP 2024
Editors	Jonathan Aldrich, Guido Salvaneschi
Publisher	Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing
ISBN (Electronic)	9783959773416
DOIs	https://doi.org/10.4230/LIPIcs.ECOOP.2024.34
Publication status	Published - Sept 2024
Event	38th European Conference on Object-Oriented Programming, ECOOP 2024 - Vienna, Austria Duration: 16 Sept 2024 → 20 Sept 2024

Publication series

Name	Leibniz International Proceedings in Informatics, LIPIcs
Volume	313
ISSN (Print)	1868-8969

Conference

Conference	38th European Conference on Object-Oriented Programming, ECOOP 2024
Country/Territory	Austria
City	Vienna
Period	16/09/24 → 20/09/24

Access to Document

10.4230/LIPIcs.ECOOP.2024.34

Cite this

Robinson, A., & Potanin, A. (2024). Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems. In J. Aldrich, & G. Salvaneschi (Eds.), 38th European Conference on Object-Oriented Programming, ECOOP 2024 Article 28 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 313). Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. https://doi.org/10.4230/LIPIcs.ECOOP.2024.34

@inproceedings{d037bfa9c22b4e7288498c4819ae50b9,

title = "Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems",

abstract = "Synchronous languages such as Lustre and Scade are used to implement safety-critical control systems; proving such programs correct and having the proved properties apply to the compiled code is therefore equally critical. We introduce Pipit, a small synchronous language embedded in F✶, designed for verifying control systems and executing them in real-time. Pipit includes a verified translation to transition systems; by reusing F✶{\textquoteright}s existing proof automation, certain safety properties can be automatically proved by k-induction on the transition system. Pipit can also generate executable code in a subset of F✶ which is suitable for compilation and real-time execution on embedded devices. The executable code is deterministic and total and preserves the semantics of the original program.",

keywords = "Lustre, reactive, streaming, verification",

author = "Amos Robinson and Alex Potanin",

note = "Publisher Copyright: {\textcopyright} Amos Robinson and Alex Potanin;; 38th European Conference on Object-Oriented Programming, ECOOP 2024 ; Conference date: 16-09-2024 Through 20-09-2024",

year = "2024",

month = sep,

doi = "10.4230/LIPIcs.ECOOP.2024.34",

language = "English",

series = "Leibniz International Proceedings in Informatics, LIPIcs",

publisher = "Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing",

editor = "Jonathan Aldrich and Guido Salvaneschi",

booktitle = "38th European Conference on Object-Oriented Programming, ECOOP 2024",

address = "Germany",

}

Robinson, A & Potanin, A 2024, Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems. in J Aldrich & G Salvaneschi (eds), 38th European Conference on Object-Oriented Programming, ECOOP 2024., 28, Leibniz International Proceedings in Informatics, LIPIcs, vol. 313, Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 38th European Conference on Object-Oriented Programming, ECOOP 2024, Vienna, Austria, 16/09/24. https://doi.org/10.4230/LIPIcs.ECOOP.2024.34

Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems. / Robinson, Amos; Potanin, Alex.
38th European Conference on Object-Oriented Programming, ECOOP 2024. ed. / Jonathan Aldrich; Guido Salvaneschi. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing, 2024. 28 (Leibniz International Proceedings in Informatics, LIPIcs; Vol. 313).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Pipit on the Post

T2 - 38th European Conference on Object-Oriented Programming, ECOOP 2024

AU - Robinson, Amos

AU - Potanin, Alex

N1 - Publisher Copyright: © Amos Robinson and Alex Potanin;

PY - 2024/9

Y1 - 2024/9

N2 - Synchronous languages such as Lustre and Scade are used to implement safety-critical control systems; proving such programs correct and having the proved properties apply to the compiled code is therefore equally critical. We introduce Pipit, a small synchronous language embedded in F✶, designed for verifying control systems and executing them in real-time. Pipit includes a verified translation to transition systems; by reusing F✶’s existing proof automation, certain safety properties can be automatically proved by k-induction on the transition system. Pipit can also generate executable code in a subset of F✶ which is suitable for compilation and real-time execution on embedded devices. The executable code is deterministic and total and preserves the semantics of the original program.

AB - Synchronous languages such as Lustre and Scade are used to implement safety-critical control systems; proving such programs correct and having the proved properties apply to the compiled code is therefore equally critical. We introduce Pipit, a small synchronous language embedded in F✶, designed for verifying control systems and executing them in real-time. Pipit includes a verified translation to transition systems; by reusing F✶’s existing proof automation, certain safety properties can be automatically proved by k-induction on the transition system. Pipit can also generate executable code in a subset of F✶ which is suitable for compilation and real-time execution on embedded devices. The executable code is deterministic and total and preserves the semantics of the original program.

KW - Lustre

KW - reactive

KW - streaming

KW - verification

UR - http://www.scopus.com/inward/record.url?scp=85205028976&partnerID=8YFLogxK

U2 - 10.4230/LIPIcs.ECOOP.2024.34

DO - 10.4230/LIPIcs.ECOOP.2024.34

M3 - Conference contribution

AN - SCOPUS:85205028976

T3 - Leibniz International Proceedings in Informatics, LIPIcs

BT - 38th European Conference on Object-Oriented Programming, ECOOP 2024

A2 - Aldrich, Jonathan

A2 - Salvaneschi, Guido

PB - Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing

Y2 - 16 September 2024 through 20 September 2024

ER -

Robinson A, Potanin A. Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems. In Aldrich J, Salvaneschi G, editors, 38th European Conference on Object-Oriented Programming, ECOOP 2024. Schloss Dagstuhl- Leibniz-Zentrum fur Informatik GmbH, Dagstuhl Publishing. 2024. 28. (Leibniz International Proceedings in Informatics, LIPIcs). doi: 10.4230/LIPIcs.ECOOP.2024.34

Pipit on the Post: Proving Pre- and Post-Conditions of Reactive Systems

Abstract

Publication series

Conference

Access to Document

Other files and links

Fingerprint

Cite this