13,374 research outputs found
A sequential real-time refinement calculus
We present a comprehensive refinement calculus for the development of sequential, real-time programs from real-time specifications. A specification may include not only execution time limits, but also requirements on the behaviour of outputs over the duration of the execution of the program. The approach allows refinement steps that separate timing constraints and functional requirements. New rules are provided for handling timing constraints, but the refinement of components implementing functional requirements is essentially the same as in the standard refinement calculus. The product of the refinement process is a program in the target programming language extended with timing deadline directives. The extended language is a machine-independent, real-time programming language. To provide valid machine code for a particular model of machine, the machine code produced by a compiler must be analysed to guarantee that it meets the specified timing deadlines
Circus Models for Safety-Critical Java Programs
Safety-critical Java (SCJ) is a restriction of the real-time specification for Java to support the development and certification of safety-critical applications. The SCJ technology specification is the result of an international effort from industry and academia. In this paper, we present a formalization of the SCJ Level 1 execution model, formalize a translation strategy from SCJ into a refinement notation and describe a tool that largely automates the generation of the formal models. Our modelling language is part of the Circus family; at the core, we have Z, communicating sequential processes and Morganās calculus, but we also use object-oriented and timed constructs from the OhCircus and Circus Time variants. Our work is an essential ingredient for the development of refinement-based reasoning techniques for SCJ
Refining SCJ Mission Specifications into Parallel Handler Designs
Safety-Critical Java (SCJ) is a recent technology that restricts the
execution and memory model of Java in such a way that applications can be
statically analysed and certified for their real-time properties and safe use
of memory. Our interest is in the development of comprehensive and sound
techniques for the formal specification, refinement, design, and implementation
of SCJ programs, using a correct-by-construction approach. As part of this
work, we present here an account of laws and patterns that are of general use
for the refinement of SCJ mission specifications into designs of parallel
handlers used in the SCJ programming paradigm. Our notation is a combination of
languages from the Circus family, supporting state-rich reactive models with
the addition of class objects and real-time properties. Our work is a first
step to elicit laws of programming for SCJ and fits into a refinement strategy
that we have developed previously to derive SCJ programs.Comment: In Proceedings Refine 2013, arXiv:1305.563
A Denotational Semantics for Communicating Unstructured Code
An important property of programming language semantics is that they should
be compositional. However, unstructured low-level code contains goto-like
commands making it hard to define a semantics that is compositional. In this
paper, we follow the ideas of Saabas and Uustalu to structure low-level code.
This gives us the possibility to define a compositional denotational semantics
based on least fixed points to allow for the use of inductive verification
methods. We capture the semantics of communication using finite traces similar
to the denotations of CSP. In addition, we examine properties of this semantics
and give an example that demonstrates reasoning about communication and jumps.
With this semantics, we lay the foundations for a proof calculus that captures
both, the semantics of unstructured low-level code and communication.Comment: In Proceedings FESCA 2015, arXiv:1503.0437
Provably correct Java implementations of Spi Calculus security protocols specifications
Spi Calculus is an untyped high level modeling language for security protocols, used for formal protocols specification and verification. In this paper, a type system for the Spi Calculus and a translation function are formally defined, in order to formalize the refinement of a Spi Calculus specification into a Java implementation. The Java implementation generated by the translation function uses a custom Java library. Formal conditions on such library are stated, so that, if the library implementation code satisfies such conditions, then the generated Java implementation correctly simulates the Spi Calculus specification. A verified implementation of part of the custom library is further presente
Refinement Calculus of Reactive Systems
Refinement calculus is a powerful and expressive tool for reasoning about
sequential programs in a compositional manner. In this paper we present an
extension of refinement calculus for reactive systems. Refinement calculus is
based on monotonic predicate transformers, which transform sets of post-states
into sets of pre-states. To model reactive systems, we introduce monotonic
property transformers, which transform sets of output traces into sets of input
traces. We show how to model in this semantics refinement, sequential
composition, demonic choice, and other semantic operations on reactive systems.
We use primarily higher order logic to express our results, but we also show
how property transformers can be defined using other formalisms more amenable
to automation, such as linear temporal logic (suitable for specifications) and
symbolic transition systems (suitable for implementations). Finally, we show
how this framework generalizes previous work on relational interfaces so as to
be able to express systems with infinite behaviors and liveness properties
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
- ā¦