116 research outputs found
Model Checking CTL is Almost Always Inherently Sequential
The model checking problem for CTL is known to be P-complete (Clarke,
Emerson, and Sistla (1986), see Schnoebelen (2002)). We consider fragments of
CTL obtained by restricting the use of temporal modalities or the use of
negations---restrictions already studied for LTL by Sistla and Clarke (1985)
and Markey (2004). For all these fragments, except for the trivial case without
any temporal operator, we systematically prove model checking to be either
inherently sequential (P-complete) or very efficiently parallelizable
(LOGCFL-complete). For most fragments, however, model checking for CTL is
already P-complete. Hence our results indicate that, in cases where the
combined complexity is of relevance, approaching CTL model checking by
parallelism cannot be expected to result in any significant speedup. We also
completely determine the complexity of the model checking problem for all
fragments of the extensions ECTL, CTL+, and ECTL+
Overview of Hydra: a concurrent language for synchronous digital circuit design
Hydra is a computer hardware description language that integrates several kinds of software tool (simulation, netlist generation and timing analysis) within a single circuit specification. The design language is inherently concurrent, and it offers black box abstraction and general design patterns that simplify the design of circuits with regular structure. Hydra specifications are concise, allowing the complete design of a computer system as a digital circuit within a few pages. This paper discusses the motivations behind Hydra, and illustrates the system with a significant portion of the design of a basic RISC processor
Shoggoth: A Formal Foundation for Strategic Rewriting
Rewriting is a versatile and powerful technique used in many domains. Strategic rewriting allows programmers to control the application of rewrite rules by composing individual rewrite rules into complex rewrite strategies. These strategies are semantically complex, as they may be nondeterministic, they may raise errors that trigger backtracking, and they may not terminate.Given such semantic complexity, it is necessary to establish a formal understanding of rewrite strategies and to enable reasoning about them in order to answer questions like: How do we know that a rewrite strategy terminates? How do we know that a rewrite strategy does not fail because we compose two incompatible rewrites? How do we know that a desired property holds after applying a rewrite strategy?In this paper, we introduce Shoggoth: a formal foundation for understanding, analysing and reasoning about strategic rewriting that is capable of answering these questions. We provide a denotational semantics of System S, a core language for strategic rewriting, and prove its equivalence to our big-step operational semantics, which extends existing work by explicitly accounting for divergence. We further define a location-based weakest precondition calculus to enable formal reasoning about rewriting strategies, and we prove this calculus sound with respect to the denotational semantics. We show how this calculus can be used in practice to reason about properties of rewriting strategies, including termination, that they are well-composed, and that desired postconditions hold. The semantics and calculus are formalised in Isabelle/HOL and all proofs are mechanised
Verificare: a platform for composable verification with application to SDN-Enabled systems
Software-Defined Networking (SDN) has become increasing prevalent
in both the academic and industrial communities. A new class of system built on
SDNs, which we refer to as SDN-Enabled, provide programmatic interfaces between
the SDN controller and the larger distributed system. Existing tools for SDN
verification and analysis are insufficiently expressive to capture
this composition of a network and a larger distributed system. Generic
verification systems are an infeasible solution, due to their monolithic
approach to modeling and rapid state-space explosion.
In this thesis we present a new compositional approach to system modeling and
verification that is particularly appropriate for SDN-Enabled systems.
Compositional models may have sub-components (such as switches and
end-hosts) modified, added, or removed with only minimal, isolated changes.
Furthermore, invariants may be defined over the composed system that restrict
its behavior, allowing assumptions to be added or removed and for components to
be abstracted away into the service guarantee that they provide (such as
guaranteed packet arrival). Finally, compositional modeling can minimize the
size of the state space to be verified by taking advantage of known model
structure.
We also present the Verificare platform, a tool chain for building
compositional models in our modeling language and automatically compiling them
to multiple off-the-shelf verification tools. The compiler outputs a minimal,
calculus-oblivious formalism, which is accessed by plugins via a translation
API. This enables a wide variety of requirements to be
verified. As new tools become available, the translator can easily be extended
with plugins to support them
The model checking fingerprints of CTL operators
The aim of this study is to understand the inherent expressive power of CTL
operators. We investigate the complexity of model checking for all CTL
fragments with one CTL operator and arbitrary Boolean operators. This gives us
a fingerprint of each CTL operator. The comparison between the fingerprints
yields a hierarchy of the operators that mirrors their strength with respect to
model checking
A Deductive Verification Framework for Circuit-building Quantum Programs
While recent progress in quantum hardware open the door for significant
speedup in certain key areas, quantum algorithms are still hard to implement
right, and the validation of such quantum programs is a challenge. Early
attempts either suffer from the lack of automation or parametrized reasoning,
or target high-level abstract algorithm description languages far from the
current de facto consensus of circuit-building quantum programming languages.
As a consequence, no significant quantum algorithm implementation has been
currently verified in a scale-invariant manner. We propose Qbricks, the first
formal verification environment for circuit-building quantum programs,
featuring clear separation between code and proof, parametric specifications
and proofs, high degree of proof automation and allowing to encode quantum
programs in a natural way, i.e. close to textbook style. Qbricks builds on best
practice of formal verification for the classical case and tailor them to the
quantum case: we bring a new domain-specific circuit-building language for
quantum programs, namely Qbricks-DSL, together with a new logical specification
language Qbricks-Spec and a dedicated Hoare-style deductive verification rule
named Hybrid Quantum Hoare Logic. Especially, we introduce and intensively
build upon HOPS, a higher-order extension of the recent path-sum symbolic
representation, used for both specification and automation. To illustrate the
opportunity of Qbricks, we implement the first verified parametric
implementations of several famous and non-trivial quantum algorithms, including
the quantum part of Shor integer factoring (Order Finding - Shor-OF), quantum
phase estimation (QPE) - a basic building block of many quantum algorithms, and
Grover search. These breakthroughs were amply facilitated by the specification
and automated deduction principles introduced within Qbricks
Specification and Verification using Temporal Logics
International audienceThis chapter illustrates two aspects of automata theory related to linear-time temporal logic LTL used for the verification of computer systems. First, we present a translation from LTL formulae to Büchi automata. The aim is to design an elementary translation which is reasonably efficient and produces small automata so that it can be easily taught and used by hand on real examples. Our translation is in the spirit of the classical tableau constructions but is optimized in several ways. Secondly, we recall how temporal operators can be defined from regular languages and we explain why adding even a single operator definable by a context-free language can lead to undecidability
- …