Mechanical Verification of Interactive Programs Specified by Use Cases

International audienceInteractive programs, like user interfaces, are hard to formally specify and thus to prove correct. Some ideas coming from functional programming languages have been successful to improve the way we write safer programs, compared to traditional imperative languages, but these ideas mostly apply to code fragments without any inputs–outputs. Using the purely functional language Coq, we present a new technique to represent interactive programs and formally verify use cases using the Coq proof engine as a symbolic debugger. To this end we introduce the notion of scenarios, well-typed schema of interactions between an environment and a program. We design and certify a blog system as an illustration. Our approach generalizes unit-testing techniques and outlines a new method for mechanically assisted checking of effectful functional programs. I. Introduction Implementing and proving correct interactive programs is challenging. Indeed, interactive programs are hard to reason about because they communicate with an outer environment (the operating system, the network, the user,. . .) which may be under-specified and non determin-istic. Moreover, the communications between the program and the environment can happen at many points during the execution and may depend on previous interactions. Many techniques have been developed to model, specify and prove correct interactive or concurrent programs[15]. For instance, process algebra and temporal logics are well understood abstract models for such programs. In these abstract models, some interesting behavioral properties can be automatically proved by model-checkers. Yet, these tools usually provide guarantees about the model of the program, not its actual implementation. In another approach, called software-proof co-design, the specification and the verification of a program is not disconnected from its actual implementation. In that case, specifying, implementing and verifying are tightly interleaved in the software development process. This tight integration is possible within the Coq proof assistant which is both a programming language and an assisted prover. Yet, even if a realistic compiler for the C language has already been developed in Coq[12], using Coq as a general purpose programming language may be considere

PLTL Partitioned Model Checking for Reactive Systems under Fairness Assumptions

We are interested in verifying dynamic properties of finite state reactive systems under fairness assumptions by model checking. The systems we want to verify are specified through a top-down refinement process. In order to deal with the state explosion problem, we have proposed in previous works to partition the reachability graph, and to perform the verification on each part separately. Moreover, we have defined a class, called Bmod, of dynamic properties that are verifiable by parts, whatever the partition. We decide if a property P belongs to Bmod by looking at the form of the Buchi automaton that accepts the negation of P. However, when a property P belongs to Bmod, the property f => P, where f is a fairness assumption, does not necessarily belong to Bmod. In this paper, we propose to use the refinement process in order to build the parts on which the verification has to be performed. We then show that with such a partition, if a property P is verifiable by parts and if f is the expression of the fairness assumptions on a system, then the property f => P is still verifiable by parts. This approach is illustrated by its application to the chip card protocol T=1 using the B engineering design language

The Formal Theory of Monads, Univalently

We develop the formal theory of monads, as established by Street, in univalent foundations. This allows us to formally reason about various kinds of monads on the right level of abstraction. In particular, we define the bicategory of monads internal to a bicategory, and prove that it is univalent. We also define Eilenberg-Moore objects, and we show that both Eilenberg-Moore categories and Kleisli categories give rise to Eilenberg-Moore objects. Finally, we relate monads and adjunctions in arbitrary bicategories. Our work is formalized in Coq using the https://github.com/UniMath/UniMath library

Behavioural Preorders on Stochastic Systems - Logical, Topological, and Computational Aspects

Computer systems can be found everywhere: in space, in our homes, in our cars, in our pockets, and sometimes even in our own bodies. For concerns of safety, economy, and convenience, it is important that such systems work correctly. However, it is a notoriously difficult task to ensure that the software running on computers behaves correctly. One approach to ease this task is that of model checking, where a model of the system is made using some mathematical formalism. Requirements expressed in a formal language can then be verified against the model in order to give guarantees that the model satisfies the requirements. For many computer systems, time is an important factor. As such, we need our formalisms and requirement languages to be able to incorporate real time. We therefore develop formalisms and algorithms that allow us to compare and express properties about real-time systems. We first introduce a logical formalism for reasoning about upper and lower bounds on time, and study the properties of this formalism, including axiomatisation and algorithms for checking when a formula is satisfied. We then consider the question of when a system is faster than another system. We show that this is a difficult question which can not be answered in general, but we identify special cases where this question can be answered. We also show that under this notion of faster-than, a local increase in speed may lead to a global decrease in speed, and we take step towards avoiding this. Finally, we consider how to compare the real-time behaviour of systems not just qualitatively, but also quantitatively. Thus, we are interested in knowing how much one system is faster or slower than another system. This is done by introducing a distance between systems. We show how to compute this distance and that it behaves well with respect to certain properties.Comment: PhD dissertation from Aalborg Universit

Santa Clara Magazine, Volume 35 Number 2, Spring 1993

9 - HOW SCU ALUMS PUT CLINTON IN THE DRIVER\u27S SEAT Before there was a President Clinton, there was a long-shot campaign energized by SCU grads. In Ride Around America, White House Press Sec retary Dec Dee Myers \u2783 details some decisive days on the road to Washington (page 10). Voting the Unthinkable: Why Silicon Valley Got on the Clinton-Gore Bus by Susan Frey describes how Apple\u27s Dave Barram MBA \u2773 convinced high-tech Republicans to take a chance on Clinton (page 14). 16 - HIV-POSITIVE One of every 250 Americans is infected with the AIDS-causing human immunodeficiency virus. This chilling, first-person account is a reminder that you or someone you love could be a victim. By Dee Danna 68 (MBA \u2772) 22 - WHO WILL THRIVE IN THE POST-INDUSTRIAL AGE? Knowledge explosion is transforming society and demanding creative individuals who can redefine their social and occupational roles. By Charles H. Powers 28 - THE EYE OF THE STORM Social and cultural forces will shake the U.S. Catholic Church. By William C. Spohn. S.J . 31 - UP CLOSE: JANET FLAMMANG Women are changing the face of U.S. politics, says the first woman to chair SCU\u27s Political Science Department. By Christine Spielberger \u2769https://scholarcommons.scu.edu/sc_mag/1052/thumbnail.jp

Santa Clara Magazine, Volume 35 Number 2, Spring 1993

9 - HOW SCU ALUMS PUT CLINTON IN THE DRIVER\u27S SEAT Before there was a President Clinton, there was a long-shot campaign energized by SCU grads. In Ride Around America, White House Press Sec retary Dec Dee Myers \u2783 details some decisive days on the road to Washington (page 10). Voting the Unthinkable: Why Silicon Valley Got on the Clinton-Gore Bus by Susan Frey describes how Apple\u27s Dave Barram MBA \u2773 convinced high-tech Republicans to take a chance on Clinton (page 14). 16 - HIV-POSITIVE One of every 250 Americans is infected with the AIDS-causing human immunodeficiency virus. This chilling, first-person account is a reminder that you or someone you love could be a victim. By Dee Danna 68 (MBA \u2772) 22 - WHO WILL THRIVE IN THE POST-INDUSTRIAL AGE? Knowledge explosion is transforming society and demanding creative individuals who can redefine their social and occupational roles. By Charles H. Powers 28 - THE EYE OF THE STORM Social and cultural forces will shake the U.S. Catholic Church. By William C. Spohn. S.J . 31 - UP CLOSE: JANET FLAMMANG Women are changing the face of U.S. politics, says the first woman to chair SCU\u27s Political Science Department. By Christine Spielberger \u2769https://scholarcommons.scu.edu/sc_mag/1052/thumbnail.jp

Foundations of Information-Flow Control and Effects

In programming language research, information-flow control (IFC) is a technique for enforcing a variety of security aspects, such as confidentiality of data,on programs. This Licenciate thesis makes novel contributions to the theory and foundations of IFC in the following ways: Chapter A presents a new proof method for showing the usual desired property of noninterference; Chapter B shows how to securely extend the concurrent IFC language MAC with asynchronous exceptions; and, Chapter C presents a new and simpler language for IFC with effects based on an explicit separation of pure and effectful computations