235 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Locality and Singularity for Store-Atomic Memory Models
Robustness is a correctness notion for concurrent programs running under
relaxed consistency models. The task is to check that the relaxed behavior
coincides (up to traces) with sequential consistency (SC). Although
computationally simple on paper (robustness has been shown to be
PSPACE-complete for TSO, PGAS, and Power), building a practical robustness
checker remains a challenge. The problem is that the various relaxations lead
to a dramatic number of computations, only few of which violate robustness.
In the present paper, we set out to reduce the search space for robustness
checkers. We focus on store-atomic consistency models and establish two
completeness results. The first result, called locality, states that a
non-robust program always contains a violating computation where only one
thread delays commands. The second result, called singularity, is even stronger
but restricted to programs without lightweight fences. It states that there is
a violating computation where a single store is delayed.
As an application of the results, we derive a linear-size source-to-source
translation of robustness to SC-reachability. It applies to general programs,
regardless of the data domain and potentially with an unbounded number of
threads and with unbounded buffers. We have implemented the translation and
verified, for the first time, PGAS algorithms in a fully automated fashion. For
TSO, our analysis outperforms existing tools
Recommended from our members
Hybrid analysis techniques for software fault detection
Since the question "Does program P obey specification S" is undecidable in general, every practical software validation technique must compromise accuracy in some way. Testing techniques admit the possibility that a fault will go undetected, as the price for quitting after a finite number of test cases. Formal verification admits the possibility that a proof will not be found for a valid assertion, as the price for quitting after a finite amount of proof effort. No technique so dominates others that a wise validation strategy consists of applying that technique alone; rather, effective validation requires applying several techniques
Modular Analysis of Distributed Hybrid Systems using Post-Regions (Full Version)
We introduce a new approach to analyze distributed hybrid systems by a
generalization of rely-guarantee reasoning. First, we give a system for
deductive verification of class invariants and method contracts in
object-oriented distributed hybrid systems. In a hybrid setting, the object
invariant must not only be the post-condition of a method, but also has to hold
in the post-region of a method. The post-region describes all reachable states
after method termination before another process is guaranteed to run. The
system naturally generalizes rely-guarantee reasoning of discrete
object-oriented languages to hybrid systems and carries over its modularity to
hybrid systems: Only one dL-proof obligation is generated per method. The
post-region can be approximated using lightweight analyses and we give a
general notion of soundness for such analyses. Post-region based verification
is implemented for the Hybrid Active Object language HABS
Programming Languages and Systems
This open access book constitutes the proceedings of the 29th European Symposium on Programming, ESOP 2020, which was planned to take place in Dublin, Ireland, in April 2020, as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The actual ETAPS 2020 meeting was postponed due to the Corona pandemic. The papers deal with fundamental issues in the specification, design, analysis, and implementation of programming languages and systems
Foundations of Software Science and Computation Structures
This open access book constitutes the proceedings of the 23rd International Conference on Foundations of Software Science and Computational Structures, FOSSACS 2020, which took place in Dublin, Ireland, in April 2020, and was held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2020. The 31 regular papers presented in this volume were carefully reviewed and selected from 98 submissions. The papers cover topics such as categorical models and logics; language theory, automata, and games; modal, spatial, and temporal logics; type theory and proof theory; concurrency theory and process calculi; rewriting theory; semantics of programming languages; program analysis, correctness, transformation, and verification; logics of programming; software specification and refinement; models of concurrent, reactive, stochastic, distributed, hybrid, and mobile systems; emerging models of computation; logical aspects of computational complexity; models of software security; and logical foundations of data bases.
An Assertional Proof System for Multithreaded Java - Theory and Tool Support
Besides the features of a class-based object-oriented language, Java integrates concurrency via its thread classes, allowing for a multithreaded flow of control. The concurrency model includes shared-variable concurrency via instance variables, coordination via reentrant synchronization monitors, synchronous message passing, and dynamic thread creation. To reason about safety properties of multithreaded Java programs, we introduce a tool-supported assertional proof method for JavaMT ("Multi-Threaded Java"), a small sublanguage of Java, covering the mentioned concurrency issues as well as the object-based core of Java. The verification method is formulated in terms of proof-outlines, where the assertions are layered into local ones specifying the behavior of a single instance, and global ones taking care of the connections between objects. We establish the soundness and the completeness of the proof system. From an annotated program, a number of verification conditions are generated and handed over to the interactive theorem prover PVS.IST project Omega (IST-2001-33522) NWO/DFG project Mobi-J (RO 1122/9-1, RO 1122/9-2)UBL - phd migration 201
A Generalized Hybrid Hoare Logic
Deductive verification of hybrid systems (HSs) increasingly attracts more
attention in recent years because of its power and scalability, where a
powerful specification logic for HSs is the cornerstone. Often, HSs are
naturally modelled by concurrent processes that communicate with each other.
However, existing specification logics cannot easily handle such models. In
this paper, we present a specification logic and proof system for Hybrid
Communicating Sequential Processes (HCSP), that extends CSP with ordinary
differential equations (ODE) and interrupts to model interactions between
continuous and discrete evolution. Because it includes a rich set of algebraic
operators, complicated hybrid systems can be easily modelled in an algebra-like
compositional way in HCSP. Our logic can be seen as a generalization and
simplification of existing hybrid Hoare logics (HHL) based on duration calculus
(DC), as well as a conservative extension of existing Hoare logics for
concurrent programs. Its assertion logic is the first-order theory of
differential equations (FOD), together with assertions about traces recording
communications, readiness, and continuous evolution. We prove continuous
relative completeness of the logic w.r.t. FOD, as well as discrete relative
completeness in the sense that continuous behaviour can be arbitrarily
approximated by discretization. Besides, we discuss how to simplify proofs
using the logic by providing a simplified assertion language and a set of sound
and complete rules for differential invariants for ODEs. Finally, we implement
a proof assistant for the logic in Isabelle/HOL, and apply it to verify two
case studies to illustrate the power and scalability of our logic
- …