Position paper: the science of deep specification

Andrew W. Appel; Lennart Beringer; Adam Chlipala; Benjamin C. Pierce; Zhong Shao; Stephanie Weirich; Steve Zdancewic

doi:10.1098/rsta.2016.0331

Position paper: the science of deep specification

Andrew W. Appel, Lennart Beringer, Adam Chlipala, Benjamin C. Pierce, Zhong Shao, Stephanie Weirich, Steve Zdancewic

Research output: Contribution to journal › Article › peer-review

25 Scopus citations

Abstract

We introduce our efforts within the project ‘The science of deep specification’ to work out the key formal underpinnings of industrial-scale formal specifications of software and hardware components, anticipating a world where large verified systems are routinely built out of smaller verified components that are also used by many other projects. We identify an important class of specification that has already been used in a few experiments that connect strong component-correctness theorems across the work of different teams. To help popularize the unique advantages of that style, we dub it deep specification, and we say that it encompasses specifications that are rich, two-sided, formal and live (terms that we define in the article). Our core team is developing a proof-of-concept system (based on the Coq proof assistant) whose specification and verification work is divided across largely decoupled subteams at our four institutions, encompassing hardware microarchitecture, compilers, operating systems and applications, along with cross-cutting principles and tools for effective specification. We also aim to catalyse interest in the approach, not just by basic researchers but also by users in industry. This article is part of the themed issue ‘Verified trustworthy software systems’.

Original language	English (US)
Article number	20160331
Journal	Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences
Volume	375
Issue number	2104
DOIs	https://doi.org/10.1098/rsta.2016.0331
State	Published - Oct 13 2017

All Science Journal Classification (ASJC) codes

Mathematics(all)
Engineering(all)
Physics and Astronomy(all)

Keywords

Formal methods
Programming languages
Proof assistants

Access to Document

10.1098/rsta.2016.0331

Cite this

@article{c92d0789ef434569ab07432b2fda9b33,

title = "Position paper: the science of deep specification",

abstract = "We introduce our efforts within the project {\textquoteleft}The science of deep specification{\textquoteright} to work out the key formal underpinnings of industrial-scale formal specifications of software and hardware components, anticipating a world where large verified systems are routinely built out of smaller verified components that are also used by many other projects. We identify an important class of specification that has already been used in a few experiments that connect strong component-correctness theorems across the work of different teams. To help popularize the unique advantages of that style, we dub it deep specification, and we say that it encompasses specifications that are rich, two-sided, formal and live (terms that we define in the article). Our core team is developing a proof-of-concept system (based on the Coq proof assistant) whose specification and verification work is divided across largely decoupled subteams at our four institutions, encompassing hardware microarchitecture, compilers, operating systems and applications, along with cross-cutting principles and tools for effective specification. We also aim to catalyse interest in the approach, not just by basic researchers but also by users in industry. This article is part of the themed issue {\textquoteleft}Verified trustworthy software systems{\textquoteright}.",

keywords = "Formal methods, Programming languages, Proof assistants",

author = "Appel, {Andrew W.} and Lennart Beringer and Adam Chlipala and Pierce, {Benjamin C.} and Zhong Shao and Stephanie Weirich and Steve Zdancewic",

note = "Funding Information: Data accessibility. This article has no additional data. Competing interests. We declare we have no competing interests. Funding. The Science of Deep Specification is a Collaborative Research: Expeditions in Computing project funded by the National Science Foundation (NSF) under the awards 1521602 (A.W.A), 1521584 (A.C.), 1521539 (S.W., S.Z., B.C.P.) and 1521523 (Z.S.). Acknowledgements. We thank the graduate students and post-doctoral researchers of our research groups for their contributions, and our external academic and industrial collaborators for their participation. The comments we received from the editor and the anonymous referees were particularly helpful in shaping our presentation. Publisher Copyright: {\textcopyright} 2017 The Author(s) Published by the Royal Society. All rights reserved.",

year = "2017",

month = oct,

day = "13",

doi = "10.1098/rsta.2016.0331",

language = "English (US)",

volume = "375",

journal = "Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences",

issn = "1364-503X",

publisher = "Royal Society of London",

number = "2104",

}

TY - JOUR

T1 - Position paper

T2 - the science of deep specification

AU - Appel, Andrew W.

AU - Beringer, Lennart

AU - Chlipala, Adam

AU - Pierce, Benjamin C.

AU - Shao, Zhong

AU - Weirich, Stephanie

AU - Zdancewic, Steve

N1 - Funding Information: Data accessibility. This article has no additional data. Competing interests. We declare we have no competing interests. Funding. The Science of Deep Specification is a Collaborative Research: Expeditions in Computing project funded by the National Science Foundation (NSF) under the awards 1521602 (A.W.A), 1521584 (A.C.), 1521539 (S.W., S.Z., B.C.P.) and 1521523 (Z.S.). Acknowledgements. We thank the graduate students and post-doctoral researchers of our research groups for their contributions, and our external academic and industrial collaborators for their participation. The comments we received from the editor and the anonymous referees were particularly helpful in shaping our presentation. Publisher Copyright: © 2017 The Author(s) Published by the Royal Society. All rights reserved.

PY - 2017/10/13

Y1 - 2017/10/13

N2 - We introduce our efforts within the project ‘The science of deep specification’ to work out the key formal underpinnings of industrial-scale formal specifications of software and hardware components, anticipating a world where large verified systems are routinely built out of smaller verified components that are also used by many other projects. We identify an important class of specification that has already been used in a few experiments that connect strong component-correctness theorems across the work of different teams. To help popularize the unique advantages of that style, we dub it deep specification, and we say that it encompasses specifications that are rich, two-sided, formal and live (terms that we define in the article). Our core team is developing a proof-of-concept system (based on the Coq proof assistant) whose specification and verification work is divided across largely decoupled subteams at our four institutions, encompassing hardware microarchitecture, compilers, operating systems and applications, along with cross-cutting principles and tools for effective specification. We also aim to catalyse interest in the approach, not just by basic researchers but also by users in industry. This article is part of the themed issue ‘Verified trustworthy software systems’.

AB - We introduce our efforts within the project ‘The science of deep specification’ to work out the key formal underpinnings of industrial-scale formal specifications of software and hardware components, anticipating a world where large verified systems are routinely built out of smaller verified components that are also used by many other projects. We identify an important class of specification that has already been used in a few experiments that connect strong component-correctness theorems across the work of different teams. To help popularize the unique advantages of that style, we dub it deep specification, and we say that it encompasses specifications that are rich, two-sided, formal and live (terms that we define in the article). Our core team is developing a proof-of-concept system (based on the Coq proof assistant) whose specification and verification work is divided across largely decoupled subteams at our four institutions, encompassing hardware microarchitecture, compilers, operating systems and applications, along with cross-cutting principles and tools for effective specification. We also aim to catalyse interest in the approach, not just by basic researchers but also by users in industry. This article is part of the themed issue ‘Verified trustworthy software systems’.

KW - Formal methods

KW - Programming languages

KW - Proof assistants

UR - http://www.scopus.com/inward/record.url?scp=85028945294&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85028945294&partnerID=8YFLogxK

U2 - 10.1098/rsta.2016.0331

DO - 10.1098/rsta.2016.0331

M3 - Article

C2 - 28871056

AN - SCOPUS:85028945294

SN - 1364-503X

VL - 375

JO - Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences

JF - Philosophical Transactions of the Royal Society A: Mathematical, Physical and Engineering Sciences

IS - 2104

M1 - 20160331

ER -

Position paper: the science of deep specification

Abstract

All Science Journal Classification (ASJC) codes

Keywords

Access to Document

Other files and links

Fingerprint

Cite this