Efficient Refinement Checking in VCC

We propose a methodology for carrying out refinement proofs across declarative abstract models and concrete implementations in C, using the VCC verification tool. The main idea is to first perform a systematic translation from the top-level abstract model to a ghost implementation in VCC. Subsequent refinement proofs between successively refined abstract models and between abstract and concrete implementations are carried out in VCC. We propose an efficient technique to carry out these refinement checks in VCC. We illustrate our methodology with a case study in which we verify a simplified C implementation of an RTOS scheduler, with respect to its abstract Z specification. Overall, our methodology leads to efficient and automatic refinement proofs for complex systems that would typically be beyond the capability of tools such as Z/Eves or Rodin

Efficient Refinement Checking in VCC

We propose a methodology for carrying out refinement proofs across declarative abstract models and concrete implementations in C, using the VCC verification tool. The main idea is to first perform a systematic translation from the top-level abstract model to a ghost implementation in VCC. Subsequent refinement proofs between successively refined abstract models and between abstract and concrete implementations are carried out in VCC. We propose an efficient technique to carry out these refinement checks in VCC. We illustrate our methodology with a case study in which we verify a simplified C implementation of an RTOS scheduler, with respect to its abstract Z specification. Overall, our methodology leads to efficient and automatic refinement proofs for complex systems that would typically be beyond the capability of tools such as Z/Eves or Rodin

Ab initio Direct Phasing in Macromolecular Crystallography: an Application of the Z-test

The z-criterion has been recently formulated as a tool for judging about the ab initio solvability of a crystal structure via direct methods. The criterion is reconsidered to take into account the recent powerful techniques of phase refinement in direct and reciprocal space. A report is made on a medium size crystal structure, recently solved by SIR97 by the pure application of the tangent formula

Formal mutation testing for Circus

International audienceContext: The demand from industry for more dependable and scalable test-development mechanisms has fostered the use of formal models to guide the generation of tests. Despite many advancements having been obtained with state-based models, such as Finite State Machines (FSMs) and Input/Output Transition Systems (IOTSs), more advanced formalisms are required to specify large, state-rich, concurrent systems. Circus, a state-rich process algebra combining Z, CSP and a refinement calculus, is suitable for this; however, deriving tests from such models is accordingly more challenging. Recently, a testing theory has been stated for Circus, allowing the verification of process refinement based on exhaustive test sets. Objective: We investigate fault-based testing for refinement from Circus specifications using mutation. We seek the benefits of such techniques in test-set quality assertion and fault-based test-case selection. We target results relevant not only for Circus, but to any process algebra for refinement that combines CSP with a data language. Method: We present a formal definition for fault-based test sets, extending the Circus testing theory, and an extensive study of mutation operators for Circus. Using these results, we propose an approach to generate tests to kill mutants. Finally, we explain how prototype tool support can be obtained with the implementation of a mutant generator, a translator from Circus to CSP, and a refinement checker for CSP, and with

Simulating intergalactic quasar scintillation

Intergalactic scintillation of distant quasars is sensitive to free electrons and therefore complements Ly$\alpha$ absorption line experiments probing the neutral intergalactic medium (IGM). We present a new scheme to compute IGM refractive scintillation effects on distant sources in combination with Adaptive Mesh Refinement cosmological simulations. First we validate our model by reproducing the well-known interstellar scintillation (ISS) of Galactic sources. The simulated cosmic density field is then used to infer the statistical properties of intergalactic scintillation. Contrary to previous claims, we find that the scattering measure of the simulated IGM at $z<2$ is \langle \mbox{SM}_{\equ}\rangle=3.879, i.e. almost 40 times larger than for the usually assumed smooth IGM. This yield an average modulation index ranging from 0.01 ($\nu_s=5$ GHz) up to 0.2 ($\nu_s=50$ GHz); above \nu_{s}\gsim30 GHz the IGM contribution dominates over ISS modulation. We compare our model with data from a $0.3\leq z\leq 2$ quasar sample observed at \nu_{\obs}=8.4 GHz. For this high frequency ($10.92\leq \nu_s \leq 25.2$), high galactic latitude sample ISS is negligible, and IGM scintillation can reproduce the observed modulation with a 4% accuracy, without invoking intrinsic source variability. We conclude by discussing the possibility of using IGM scintillation as a tool to pinpoint the presence of intervening high-$z$ groups/clusters along the line of sight, thus making it a probe suitably complementing Sunyaev-Zeldovich data recently obtained by \textit{Planck}.Comment: 14 pages, 13 figures, accepted for publication in MNRA

Circus Models for Safety-Critical Java Programs

Safety-critical Java (SCJ) is a restriction of the real-time specification for Java to support the development and certification of safety-critical applications. The SCJ technology specification is the result of an international effort from industry and academia. In this paper, we present a formalization of the SCJ Level 1 execution model, formalize a translation strategy from SCJ into a refinement notation and describe a tool that largely automates the generation of the formal models. Our modelling language is part of the Circus family; at the core, we have Z, communicating sequential processes and Morgan’s calculus, but we also use object-oriented and timed constructs from the OhCircus and Circus Time variants. Our work is an essential ingredient for the development of refinement-based reasoning techniques for SCJ

The Nature of the Warm/Hot Intergalactic Medium I. Numerical Methods, Convergence, and OVI Absorption

We perform a series of cosmological simulations using Enzo, an Eulerian adaptive-mesh refinement, N-body + hydrodynamical code, applied to study the warm/hot intergalactic medium. The WHIM may be an important component of the baryons missing observationally at low redshift. We investigate the dependence of the global star formation rate and mass fraction in various baryonic phases on spatial resolution and methods of incorporating stellar feedback. Although both resolution and feedback significantly affect the total mass in the WHIM, all of our simulations find that the WHIM fraction peaks at z ~ 0.5, declining to 35-40% at z = 0. We construct samples of synthetic OVI absorption lines from our highest-resolution simulations, using several models of oxygen ionization balance. Models that include both collisional ionization and photoionization provide excellent fits to the observed number density of absorbers per unit redshift over the full range of column densities (10^13 cm-2 <= N_OVI <= 10^15 cm^-2). Models that include only collisional ionization provide better fits for high column density absorbers (N_OVI > 10^14 cm^-2). The distribution of OVI in density and temperature exhibits two populations: one at T ~ 10^5.5 K (collisionally ionized, 55% of total OVI) and one at T ~ 10^4.5 K (photoionized, 37%) with the remainder located in dense gas near galaxies. While not a perfect tracer of hot gas, OVI provides an important tool for a WHIM baryon census.Comment: 22 pages, 21 figures, emulateapj, accepted for publication in Ap

Verifying the Mondex Case Study - The KeY Approach

The Mondex Case study is still the most substantial contribution to the Grand Challenge repository. It has been the target of a number of formal verification efforts. Those efforts concentrated on correctness proofs for refinement steps of the specification in various specification formalisms using different verification tools. Here, the results of full functional verification of a Javacard implementation of the case study is reported. The functional behavior of the application as well as the security properties to be proven were formalized in JML and verified using the KeY tool, a verification tool for deductive verifying Javacard code. The implementation developed followed, as closely as possible, the concrete layer of the case study\u27s original Z specification. The result demonstrates that, with an appropriate specification language and verification tool, it is possible to bridge the gap between specification and implementation ensuring a fully verified result. The complete material - source code, proofs and binaries of the verification system - is available at http://www.key-project.org/case_studies/mondex.htm