68 research outputs found
Rewriting Logic Semantics of a Plan Execution Language
The Plan Execution Interchange Language (PLEXIL) is a synchronous language
developed by NASA to support autonomous spacecraft operations. In this paper,
we propose a rewriting logic semantics of PLEXIL in Maude, a high-performance
logical engine. The rewriting logic semantics is by itself a formal interpreter
of the language and can be used as a semantic benchmark for the implementation
of PLEXIL executives. The implementation in Maude has the additional benefit of
making available to PLEXIL designers and developers all the formal analysis and
verification tools provided by Maude. The formalization of the PLEXIL semantics
in rewriting logic poses an interesting challenge due to the synchronous nature
of the language and the prioritized rules defining its semantics. To overcome
this difficulty, we propose a general procedure for simulating synchronous set
relations in rewriting logic that is sound and, for deterministic relations,
complete. We also report on two issues at the design level of the original
PLEXIL semantics that were identified with the help of the executable
specification in Maude
Towards Coq-verified Esterel Semantics and Compiling
This paper focuses on semantics of the Esterel synchronous programming
language. In particular, in addition to the usual behavioral (CBS) and state
(CSS) semantics, it introduces a novel microstep semantics which does not need
the Can potential function. Formal proofs in Coq of the equivalence between the
CBS and CSS semantics and of the refinement between the CSS and microstep
semantics are also provided
Abstract Interpretation of Temporal Concurrent Constraint Programs
International audienceTimed Concurrent Constraint Programming (tcc) is a declarative model for concurrency offering a logic for specifying reactive systems, i.e. systems that continuously interact with the environment. The universal tcc formalism (utcc) is an extension of tcc with the abil- ity to express mobility. Here mobility is understood as communication of private names as typically done for mobile systems and security protocols. In this paper we consider the denotational semantics for tcc, and we extend it to a "collecting" semantics for utcc based on closure operators over sequences of constraints. Relying on this semantics, we formalize a general framework for data flow analyses of tcc and utcc programs by abstract inter- pretation techniques. The concrete and abstract semantics we propose are compositional, thus allowing us to reduce the complexity of data flow analyses. We show that our method is sound and parametric with respect to the abstract domain. Thus, different analyses can be performed by instantiating the framework. We illustrate how it is possible to reuse abstract domains previously defined for logic programming to perform, for instance, a groundness analysis for tcc programs. We show the applicability of this analysis in the context of reactive systems. Furthermore, we make also use of the abstract semantics to exhibit a secrecy flaw in a security protocol. We also show how it is possible to make an analysis which may show that tcc programs are suspension free. This can be useful for several purposes, such as for optimizing compilation or for debugging
Certifying cost annotations in compilers
We discuss the problem of building a compiler which can lift in a provably
correct way pieces of information on the execution cost of the object code to
cost annotations on the source code. To this end, we need a clear and flexible
picture of: (i) the meaning of cost annotations, (ii) the method to prove them
sound and precise, and (iii) the way such proofs can be composed. We propose a
so-called labelling approach to these three questions. As a first step, we
examine its application to a toy compiler. This formal study suggests that the
labelling approach has good compositionality and scalability properties. In
order to provide further evidence for this claim, we report our successful
experience in implementing and testing the labelling approach on top of a
prototype compiler written in OCAML for (a large fragment of) the C language
Automatic generation of assumptions for modular verification of software specifications
Model checking is a powerful automated technique mainly used for the verification of properties of reactive systems. In practice, model checkers are limited due to the state explosion problem. Modular verification based on the assume-guarantee paradigm mitigates this problem using a âdivide and conquerâ technique. Unfortunately, this approach is not automated, for the reason that the user must specify the environment model. In this paper, a novel technique is presented for automatically generating component assumptions based on the behaviour of the environment (the remainder of components of the systems). In a first phase, the environment of the component is computed using state space exploration techniques, and then the assumptions are generated as association rules of the component environment interface. This approach presents a number of advantages. Firstly, user assistance to specify assumptions is not necessary and assumption discharge is avoided. Secondly, the component assumptions are more restrictive and real, and therefore reduce the resources needed by the model checker. The technique is applied to the specification of a steam boiler syste
- âŠ