2,969 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Sciduction: Combining Induction, Deduction, and Structure for Verification and Synthesis
Even with impressive advances in automated formal methods, certain problems
in system verification and synthesis remain challenging. Examples include the
verification of quantitative properties of software involving constraints on
timing and energy consumption, and the automatic synthesis of systems from
specifications. The major challenges include environment modeling,
incompleteness in specifications, and the complexity of underlying decision
problems.
This position paper proposes sciduction, an approach to tackle these
challenges by integrating inductive inference, deductive reasoning, and
structure hypotheses. Deductive reasoning, which leads from general rules or
concepts to conclusions about specific problem instances, includes techniques
such as logical inference and constraint solving. Inductive inference, which
generalizes from specific instances to yield a concept, includes algorithmic
learning from examples. Structure hypotheses are used to define the class of
artifacts, such as invariants or program fragments, generated during
verification or synthesis. Sciduction constrains inductive and deductive
reasoning using structure hypotheses, and actively combines inductive and
deductive reasoning: for instance, deductive techniques generate examples for
learning, and inductive reasoning is used to guide the deductive engines.
We illustrate this approach with three applications: (i) timing analysis of
software; (ii) synthesis of loop-free programs, and (iii) controller synthesis
for hybrid systems. Some future applications are also discussed
Behavioral types in programming languages
A recent trend in programming language research is to use behav- ioral type theory to ensure various correctness properties of large- scale, communication-intensive systems. Behavioral types encompass concepts such as interfaces, communication protocols, contracts, and choreography. The successful application of behavioral types requires a solid understanding of several practical aspects, from their represen- tation in a concrete programming language, to their integration with other programming constructs such as methods and functions, to de- sign and monitoring methodologies that take behaviors into account. This survey provides an overview of the state of the art of these aspects, which we summarize as the pragmatics of behavioral types
Treo: Textual Syntax for Reo Connectors
Reo is an interaction-centric model of concurrency for compositional
specification of communication and coordination protocols. Formal verification
tools exist to ensure correctness and compliance of protocols specified in Reo,
which can readily be (re)used in different applications, or composed into more
complex protocols. Recent benchmarks show that compiling such high-level Reo
specifications produces executable code that can compete with or even beat the
performance of hand-crafted programs written in languages such as C or Java
using conventional concurrency constructs.
The original declarative graphical syntax of Reo does not support intuitive
constructs for parameter passing, iteration, recursion, or conditional
specification. This shortcoming hinders Reo's uptake in large-scale practical
applications. Although a number of Reo-inspired syntax alternatives have
appeared in the past, none of them follows the primary design principles of
Reo: a) declarative specification; b) all channel types and their sorts are
user-defined; and c) channels compose via shared nodes. In this paper, we offer
a textual syntax for Reo that respects these principles and supports flexible
parameter passing, iteration, recursion, and conditional specification. In
on-going work, we use this textual syntax to compile Reo into target languages
such as Java, Promela, and Maude.Comment: In Proceedings MeTRiD 2018, arXiv:1806.0933
A Compositional Deadlock Detector for Android Java
We develop a static deadlock analysis for commercial Android Java applications, of sizes in the tens of millions of
LoC, under active development at Facebook. The analysis runs
primarily at code-review time, on only the modified code and
its dependents; we aim at reporting to developers in under 15
minutes.
To detect deadlocks in this setting, we first model the real
language as an abstract language with balanced re-entrant locks,
nondeterministic iteration and branching, and non-recursive
procedure calls. We show that the existence of a deadlock in this
abstract language is equivalent to a certain condition over the
sets of critical pairs of each program thread; these record, for all
possible executions of the thread, which locks are currently held
at the point when a fresh lock is acquired. Since the critical pairs
of any program thread is finite and computable, the deadlock
detection problem for our language is decidable, and in NP.
We then leverage these results to develop an open-source
implementation of our analysis adapted to deal with real Java
code. The core of the implementation is an algorithm which
computes critical pairs in a compositional, abstract interpretation
style, running in quasi-exponential time. Our analyser is built in
the INFER verification framework and has been in industrial
deployment for over two years; it has seen over two hundred
fixed deadlock reports with a report fix rate of ∼54%
- …