799 research outputs found
Synthesis of Distributed Protocols by Enumeration Modulo Isomorphisms
Synthesis of distributed protocols is a hard, often undecidable, problem.
Completion techniques provide partial remedy by turning the problem into a
search problem. However, the space of candidate completions is still massive.
In this paper, we propose optimization techniques to reduce the size of the
search space by a factorial factor by exploiting symmetries (isomorphisms) in
functionally equivalent solutions. We present both a theoretical analysis of
this optimization as well as empirical results that demonstrate its
effectiveness in synthesizing both the Alternating Bit Protocol and Two Phase
Commit. Our experiments show that the optimized tool achieves a speedup of
approximately 2 to 10 times compared to its unoptimized counterpart.Comment: Moved proofs into the main text. Added link to publicly available
artifac
Incremental Dead State Detection in Logarithmic Time
Identifying live and dead states in an abstract transition system is a
recurring problem in formal verification; for example, it arises in our recent
work on efficiently deciding regex constraints in SMT. However,
state-of-the-art graph algorithms for maintaining reachability information
incrementally (that is, as states are visited and before the entire state space
is explored) assume that new edges can be added from any state at any time,
whereas in many applications, outgoing edges are added from each state as it is
explored. To formalize the latter situation, we propose guided incremental
digraphs (GIDs), incremental graphs which support labeling closed states
(states which will not receive further outgoing edges). Our main result is that
dead state detection in GIDs is solvable in amortized time per edge
for edges, improving upon per edge due to Bender, Fineman,
Gilbert, and Tarjan (BFGT) for general incremental directed graphs.
We introduce two algorithms for GIDs: one establishing the logarithmic time
bound, and a second algorithm to explore a lazy heuristics-based approach. To
enable an apples-to-apples experimental comparison, we implemented both
algorithms, two simpler baselines, and the state-of-the-art BFGT baseline using
a common directed graph interface in Rust. Our evaluation shows -x
speedups over BFGT for the largest input graphs over a range of graph classes,
random graphs, and graphs arising from regex benchmarks.Comment: 22 pages + reference
Satisfiability Modulo Finite Fields
We study satisfiability modulo the theory of finite fields and
give a decision procedure for this theory. We implement our procedure
for prime fields inside the cvc5 SMT solver. Using this theory, we con-
struct SMT queries that encode translation validation for various zero
knowledge proof compilers applied to Boolean computations. We evalu-
ate our procedure on these benchmarks. Our experiments show that our
implementation is superior to previous approaches (which encode field
arithmetic using integers or bit-vectors)
Finding Software Vulnerabilities in Open-Source C Projects via Bounded Model Checking
Computer-based systems have solved several domain problems, including
industrial, military, education, and wearable. Nevertheless, such arrangements
need high-quality software to guarantee security and safety as both are
mandatory for modern software products. We advocate that bounded model-checking
techniques can efficiently detect vulnerabilities in general software systems.
However, such an approach struggles to scale up and verify extensive code
bases. Consequently, we have developed and evaluated a methodology to verify
large software systems using a state-of-the-art bounded model checker. In
particular, we pre-process input source-code files and guide the respective
model checker to explore them systematically. Moreover, the proposed scheme
includes a function-wise prioritization strategy, which readily provides
results for code entities according to a scale of importance. Experimental
results using a real implementation of the proposed methodology show that it
can efficiently verify large software systems. Besides, it presented low peak
memory allocation when executed. We have evaluated our approach by verifying
twelve popular open-source C projects, where we have found real software
vulnerabilities that their developers confirmed.Comment: 27 pages, submitted to STTT journa
Comparing EvenB, and Why3 Models of Sparse Sets
Many representations for sets are available in programming languages
libraries. The paper focuses on sparse sets used, e.g., in some constraint
solvers for representing integer variable domains which are finite sets of
values, as an alternative to range sequence. We propose in this paper verified
implementations of sparse sets, in three deductive formal verification tools,
namely EventB, and Why3. Furthermore, we draw some comparisons
regarding specifications and proofs
The logic of separation logic: Models and proofs
The standard semantics of separation logic is restricted to finite heaps. This restriction already gives rise to a logic which does not satisfy compactness, hence it does not allow for an effective, sound and complete axiomatization. In this paper we therefore study both the general model theory and proof theory of the separation logic of finite and infinite heaps over arbitrary (first-order) models. We show that we can express in the resulting logic finiteness of the models and the existence of both countably infinite and uncountable models. We further show that a sound and complete sequent calculus still can be obtained by restricting the second-order quantification over heaps to first-order definable heaps
On the Verification of Parametric Systems
We present an approach to the verification of systems for whose description
some elements - constants or functions - are underspecified and can be regarded
as parameters, and, in particular, describe a method for automatically
generating constraints on such parameters under which certain safety conditions
are guaranteed to hold. We present an implementation and illustrate its use on
several examples.Comment: 26 pages. arXiv admin note: text overlap with arXiv:1910.0520
Chain-Free String Constraints (Technical Report)
We address the satisfiability problem for string constraints that combine
relational constraints represented by transducers, word equations, and string
length constraints. This problem is undecidable in general. Therefore, we
propose a new decidable fragment of string constraints, called weakly chaining
string constraints, for which we show that the satisfiability problem is
decidable. This fragment pushes the borders of decidability of string
constraints by generalising the existing straight-line as well as the acyclic
fragment of the string logic. We have developed a prototype implementation of
our new decision procedure, and integrated it into in an existing framework
that uses CEGAR with under-approximation of string constraints based on
flattening. Our experimental results show the competitiveness and accuracy of
the new framework
EduSAT: A Pedagogical Tool for Theory and Applications of Boolean Satisfiability
Boolean Satisfiability (SAT) and Satisfiability Modulo Theories (SMT) are
widely used in automated verification, but there is a lack of interactive tools
designed for educational purposes in this field. To address this gap, we
present EduSAT, a pedagogical tool specifically developed to support learning
and understanding of SAT and SMT solving. EduSAT offers implementations of key
algorithms such as the Davis-Putnam-Logemann-Loveland (DPLL) algorithm and the
Reduced Order Binary Decision Diagram (ROBDD) for SAT solving. Additionally,
EduSAT provides solver abstractions for five NP-complete problems beyond SAT
and SMT. Users can benefit from EduSAT by experimenting, analyzing, and
validating their understanding of SAT and SMT solving techniques. Our tool is
accompanied by comprehensive documentation and tutorials, extensive testing,
and practical features such as a natural language interface and SAT and SMT
formula generators, which also serve as a valuable opportunity for learners to
deepen their understanding. Our evaluation of EduSAT demonstrates its high
accuracy, achieving 100% correctness across all the implemented SAT and SMT
solvers. We release EduSAT as a python package in .whl file, and the source can
be identified at https://github.com/zhaoy37/SAT_Solver
- …