Displaying 1 to 20 from 22 results

awesome-software-quality - List of free software testing and verification resources


This page collects resources for anyone considering the use of software testing and formal methods. There are many axes along which one can organize such a list, such as the level of expertise of the intended audience (from experts to the public at large) or disciplinary orientation (computer science, mathematics, mathematical logic, etc.). Here I have chosen to classify the material by type of subject matter.

oak - Meaningful control of data in distributed systems.

  •    Rust

The goal of Project Oak is to create a specification and a reference implementation for the secure transfer, storage and processing of data. In present computing platforms (including virtualized, and cloud platforms), data may be encrypted at rest and in transit, but they are exposed to any part of the system that needs to process them. Even if the application is securely designed and data are encrypted, the operating system kernel (and any component with privileged access to the machine that handles the data) has unrestricted access to the machine hardware resources, and can leverage that to bypass any security mechanism on the machine itself and extract secret keys and data.

software-quality-wiki - Software Quality Wiki


To the extent possible under law, Sergey Bronnikov has waived all copyright and related or neighboring rights to this work.

acsl-by-example - Public snapshots of "ACSL by Example"

  •    C

This repository contains ACSL by Example --- a collection of C functions and data types whose behavior has been formally specified with ACSL and formally verified with Frama-C/WP. The directory StandardAlgorithms contains the complete C source code including ACSL annotations of the examples.

llvm-semantics - Formal semantics of LLVM IR in K

  •    LLVM

The goal of this project is to give a complete executable semantics to the LLVM assembly language (LLVM IR). The language is being defined in the K Semantic Framework (version 2.6-2.7).

practical-fm - A gently curated list of companies using verification formal methods in industry


If you see a company on the list that doesn't exist anymore, or does not use formal methods anymore, please send a pull request with an explanation. The same goes if you're currently working at, or know a company that uses formal methods but is not on the list. Please include the website, github (if applicable), locations, and sector. If the company is hiring please include a link to the ad.

grift - Galois RISC-V ISA Formal Tools

  •    Assembly

Galois RISC-V ISA Formal Tools (hereafter, GRIFT) is part of the BESSPIN software suite, developed by Galois, Inc. It contains a concrete representation of the semantics of the RISC-V instruction set, along with an elegant encoding/decoding mechanism, and simulation and analysis front-ends. It is intended for broad use in the RISC-V community - simulation, binary analysis, and software & hardware verification/validation are all current and/or potential future uses for GRIFT, and we have designed it specifically with these broad application domains in mind. GRIFT differs from other Haskell-based RISC-V formalizations in its coding style (using highly dependently-typed GHC Haskell) and some of its foundational design decisions. Its primary use is as a library, providing mechanisms for the encoding/decoding of instructions, as well as running RISC-V programs in simulation. However, the semantics of the instructions themselves are represented, not as Haskell functions on a RISC-V machine state (registers, PC, memory, etc.), but as symbolic expressions in a general-purpose bitvector expression language. This extra layer of representation, while sub-optimal for fast simulation, facilitates the library's use as a general-purpose encoding of the semantics, and makes GRIFT a general-purpose, "golden reference" model that can be easily translated into the syntax of other tools by providing minimal pretty printers, written in Haskell, for the underlying bitvector expression language. Having explicit semantic data for each instruction also facilitates the library's incorporation with other Haskell-based tooling, such as coverage analysis (where a notion of coverage is encoded in the same bitvector language as the semantics), binary analysis, and verification, both within and without the Haskell programming environment.

acl2 - ACL2 System and Books as Maintained by the Community

  •    Common

WARNING: On rare occasions development versions of ACL2 may be incomplete, fragile, or unable to pass the usual regression tests. You may choose to download an official ACL2 release as described on the ACL2 Home Page or below in this README. The ACL2 theorem proving environment consists of two parts: The ACL2 System and The ACL2 Books. This repository contains both.

hacl-star - HACL*, a formally verified cryptographic library written in F*

  •    Assembly

HACL* is a formally verified cryptographic library in F*, developed by the Prosecco team at INRIA Paris in collaboration with Microsoft Research, as part of Project Everest. HACL stands for High-Assurance Cryptographic Library and its design is inspired by discussions at the HACS series of workshops. The goal of this library is to develop verified C reference implementations for popular cryptographic primitives and to verify them for memory safety, functional correctness, and secret independence.

mSAT - A modular sat/smt solver with proof output.

  •    OCaml

MSAT is an OCaml library that features a modular SAT-solver and some extensions (including SMT), derived from Alt-Ergo Zero. This program is distributed under the Apache Software License version 2.0. See the enclosed file LICENSE.

spark-by-example - SPARK by Example is an adaptation of ACSL by Example for SPARK 2014, a programming language which is a formally verified subset of Ada

  •    Ada

Adacore has developed a great tutorial website for Ada/SPARK beginners here. It is recommended to follow at least the SPARK part of this tutorial before reading SPARK by Example. GNAT Community 2018 has been used for this project. You may download and install it using the previous link.

z-eves - Z-EVES for linux. Maybe the only place where you can found it...

  •    Python

Neither I know why or for what you should use this shit... but let me tell you something... You maybe need to use it. If you (like me) are studying Software Engineering or any Computer Science related degree, you may be prompt to use this shit. Yes.

ouroboros-high-assurance - High-assurance implementation of the Ouroboros protocol family

  •    Isabelle

The goal of this project is to develop implementations of blockchain consensus protocols from the Ouroboros family in a process calculus and verify that they have various key properties.

gneiss - Framework for platform-independent SPARK components

  •    Ada

Many applications still follow a monolithic design pattern today. Often, their size and complexity precludes thorough verification and increases the likelihood of errors. The lack of isolation allows an errors in an uncritical part of a software to impact other security critical parts. A well-known solution to this problem are systems comprised of components which only interact through well-defined communication channels. In such systems functionality is split into complex untrusted components and simple trusted components. While untrusted parts realize sophisticated application logic, trusted components are typically small, implement mandatory policies, and enforce security properties. An open question is how to implement such trusted components correctly.

RecordFlux - Formal message specification and generation of verifiable binary parsers and message generators

  •    Ada

RecordFlux is a toolset for the formal specification of messages and the generation of verifiable binary parsers and message generators. The RecordFlux specification language is a domain-specific language to formally specify message formats of existing real-world binary protocols. Its syntax is inspired by Ada. A detailed description of the language elements can be found in the Language Reference.

SXML - Formally verified, bounded-stack XML library

  •    Ada

SXML is an XML library implemented in pure SPARK 2014. Absence of runtime errors and bounded stack usage have been proven for the library. This makes it a ideal choice for processing information of untrusted origin. The full API documentation is available in doc/api/index.html.

tool_lists - Links to tools by subject


To the extent possible under law, the authors have waived all copyright and related or neighboring rights to this text. For copying conditions, consult COPYING.txt, which is the CC0 Public Domain Dedication.

StainlessFit - Stainless directly built on System FR, with standalone front-end

  •    Scala

This project works to formalize the proof obligation checking of Stainless. It is a natural follow-up to the System FR from https://arxiv.org/abs/1904.03482. Run sbt cli/universal:stage to get a binary in folder cli/target/universal/stage/bin.

SystemFR - System FR: Formalized Foundations for Stainless

  •    Coq

This project aims to formalize in Coq part of the Stainless project. It describes a call-by-value lambda-calculus and defines a rich type system (based on computations) that describes behaviors of lambda-calculus terms. Supported types include: System F polymorphism, recursive types, infinite intersections, refinement and dependent types, equality types. The proofs require Coq and Coq-Equations, which can be installed using opam with the coq and coq-equations packages. Some instructions are available here and there.

We have large collection of open source products. Follow the tags from Tag Cloud >>

Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.