2,704 research outputs found
Verifying total correctness of graph programs
GP 2 is an experimental nondeterministic programming language based on graph transformation rules, allowing for visual programming and the solving of graph problems at a high-level of abstraction. In previous work we demonstrated how to verify graph programs using a Hoare-style proof calculus, but only partial correctness was considered. In this paper, we add new proof rules and termination functions, which allow for proofs to additionally guarantee that program executions always terminate (weak total correctness), or that programs always terminate and do so without failure (total correctness). We show that the new proof rules are sound with respect to the operational semantics of GP 2, complete for termination, and demonstrate their use on some example programs
Verification of graph programs with monadic second-order logic
In this thesis, we consider Hoare-style verification for the graph programming language GP 2. In literature, Hoare-style verification for graph programs has been studied by using extensions of nested conditions called E-conditions and M-conditions as assertions. However, E-conditions are only able to express first-order properties of GP 2 graphs, while M-conditions can only express properties of a non-attributed graph. Hence, there is still no logic that can express monadic second-order properties of GP 2 graphs. Moreover, both E-conditions and M-conditions may not be easy to comprehend by programmers used to formal specifications expressed in standard first-order logic.
Here, we present an approach to verify GP 2 graph programs with a standard monadic second-order logic. We show how to construct a strongest liberal postcondition with respect to a rule schema and a precondition. We then extend this construction to obtain a strongest liberal postcondition for arbitrary loop-free programs. Also, we show how to construct a precondition expressing successful execution of a loop-free program, and failing execution of a so-called iteration command. These constructions allow us to define a partial proof calculus that can handle a larger class of graph programs than what can be verified by the calculus that uses E-conditions and M-conditions as assertions.
Other than partial proof calculus whose assertions are monadic second-order logic, we also define semantic partial proof calculus. Similar calculus has been introduced in literature, but here we update the calculus by considering a GP 2 command that was not considered in existing work
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
COSMICAH 2005: workshop on verification of COncurrent Systems with dynaMIC Allocated Heaps (a Satellite event of ICALP 2005) - Informal Proceedings
Lisboa Portugal, 10 July 200
Mechanized semantics
The goal of this lecture is to show how modern theorem provers---in this
case, the Coq proof assistant---can be used to mechanize the specification of
programming languages and their semantics, and to reason over individual
programs and over generic program transformations, as typically found in
compilers. The topics covered include: operational semantics (small-step,
big-step, definitional interpreters); a simple form of denotational semantics;
axiomatic semantics and Hoare logic; generation of verification conditions,
with application to program proof; compilation to virtual machine code and its
proof of correctness; an example of an optimizing program transformation (dead
code elimination) and its proof of correctness
Lucretia - intersection type polymorphism for scripting languages
Scripting code may present maintenance problems in the long run. There is,
then, the call for methodologies that make it possible to control the
properties of programs written in dynamic languages in an automatic fashion. We
introduce Lucretia, a core language with an introspection primitive. Lucretia
is equipped with a (retrofitted) static type system based on local updates of
types that describe the structure of objects being used. In this way, we deal
with one of the most dynamic features of scripting languages, that is, the
runtime modification of object interfaces. Judgements in our systems have a
Hoare-like shape, as they have a precondition and a postcondition part.
Preconditions describe static approximations of the interfaces of visible
objects before a certain expression has been executed and postconditions
describe them after its execution. The field update operation complicates the
issue of aliasing in the system. We cope with it by introducing intersection
types in method signatures.Comment: In Proceedings ITRS 2014, arXiv:1503.0437
Mapping Fusion and Synchronized Hyperedge Replacement into Logic Programming
In this paper we compare three different formalisms that can be used in the
area of models for distributed, concurrent and mobile systems. In particular we
analyze the relationships between a process calculus, the Fusion Calculus,
graph transformations in the Synchronized Hyperedge Replacement with Hoare
synchronization (HSHR) approach and logic programming. We present a translation
from Fusion Calculus into HSHR (whereas Fusion Calculus uses Milner
synchronization) and prove a correspondence between the reduction semantics of
Fusion Calculus and HSHR transitions. We also present a mapping from HSHR into
a transactional version of logic programming and prove that there is a full
correspondence between the two formalisms. The resulting mapping from Fusion
Calculus to logic programming is interesting since it shows the tight analogies
between the two formalisms, in particular for handling name generation and
mobility. The intermediate step in terms of HSHR is convenient since graph
transformations allow for multiple, remote synchronizations, as required by
Fusion Calculus semantics.Comment: 44 pages, 8 figures, to appear in a special issue of Theory and
Practice of Logic Programming, minor revisio
- …