175 research outputs found
On synthesizing Skolem functions for first order logic formulae
Skolem functions play a central role in logic, from eliminating quantifiers
in first order logic formulas to providing functional implementations of
relational specifications. While classical results in logic are only interested
in their existence, the question of how to effectively compute them is also
interesting, important and useful for several applications. In the restricted
case of Boolean propositional logic formula, this problem of synthesizing
Boolean Skolem functions has been addressed in depth, with various recent work
focussing on both theoretical and practical aspects of the problem. However,
there are few existing results for the general case, and the focus has been on
heuristical algorithms.
In this article, we undertake an investigation into the computational
hardness of the problem of synthesizing Skolem functions for first order logic
formula. We show that even under reasonable assumptions on the signature of the
formula, it is impossible to compute or synthesize Skolem functions. Then we
determine conditions on theories of first order logic which would render the
problem computable. Finally, we show that several natural theories satisfy
these conditions and hence do admit effective synthesis of Skolem functions
Automata-Based Software Model Checking of Hyperproperties
We develop model checking algorithms for Temporal Stream Logic (TSL) and
Hyper Temporal Stream Logic (HyperTSL) modulo theories. TSL extends Linear
Temporal Logic (LTL) with memory cells, functions and predicates, making it a
convenient and expressive logic to reason over software and other systems with
infinite data domains. HyperTSL further extends TSL to the specification of
hyperproperties - properties that relate multiple system executions. As such,
HyperTSL can express information flow policies like noninterference in software
systems. We augment HyperTSL with theories, resulting in HyperTSL(T),and build
on methods from LTL software verification to obtain model checking algorithms
for TSL and HyperTSL(T). This results in a sound but necessarily incomplete
algorithm for specifications contained in the forall*exists* fragment of
HyperTSL(T). Our approach constitutes the first software model checking
algorithm for temporal hyperproperties with quantifier alternations that does
not rely on a finite-state abstraction
Falsification of Cyber-Physical Systems with Robustness-Guided Black-Box Checking
For exhaustive formal verification, industrial-scale cyber-physical systems
(CPSs) are often too large and complex, and lightweight alternatives (e.g.,
monitoring and testing) have attracted the attention of both industrial
practitioners and academic researchers. Falsification is one popular testing
method of CPSs utilizing stochastic optimization. In state-of-the-art
falsification methods, the result of the previous falsification trials is
discarded, and we always try to falsify without any prior knowledge. To
concisely memorize such prior information on the CPS model and exploit it, we
employ Black-box checking (BBC), which is a combination of automata learning
and model checking. Moreover, we enhance BBC using the robust semantics of STL
formulas, which is the essential gadget in falsification. Our experiment
results suggest that our robustness-guided BBC outperforms a state-of-the-art
falsification tool.Comment: Accepted to HSCC 202
A Deductive Verification Infrastructure for Probabilistic Programs
This paper presents a quantitative program verification infrastructure for discrete probabilistic programs. Our infrastructure can be viewed as the probabilistic analogue of Boogie: its central components are an intermediate verification language (IVL) together with a real-valued logic. Our IVL provides a programming-language-style for expressing verification conditions whose validity implies the correctness of a program under investigation. As our focus is on verifying quantitative properties such as bounds on expected outcomes, expected run-times, or termination probabilities, off-the-shelf IVLs based on Boolean first-order logic do not suffice. Instead, a paradigm shift from the standard Boolean to a real-valued domain is required.
Our IVL features quantitative generalizations of standard verification constructs such as assume- and assert-statements. Verification conditions are generated by a weakest-precondition-style semantics, based on our real-valued logic. We show that our verification infrastructure supports natural encodings of numerous verification techniques from the literature. With our SMT-based implementation, we automatically verify a variety of benchmarks. To the best of our knowledge, this establishes the first deductive verification infrastructure for expectation-based reasoning about probabilistic programs
Logics and Algorithms for Hyperproperties
System requirements related to concepts like information flow, knowledge, and robustness cannot be judged in terms of individual system executions, but rather require an analysis of the relationship between multiple executions. Such requirements belong to the class of hyperproperties, which generalize classic trace properties to properties of sets of traces. During the past decade, a range of new specification logics has been introduced with the goal of providing a unified theory for reasoning about hyperproperties. This paper gives an overview on the current landscape of logics for the specification of hyperproperties and on algorithms for satisfiability checking, model checking, monitoring, and synthesis
Perfect Is the Enemy of Good: Best-Effort Program Synthesis
Program synthesis promises to help software developers with everyday tasks by generating code snippets automatically from input-output examples and other high-level specifications. The conventional wisdom is that a synthesizer must always satisfy the specification exactly. We conjecture that this all-or-nothing paradigm stands in the way of adopting program synthesis as a developer tool: in practice, the user-written specification often contains errors or is simply too hard for the synthesizer to solve within a reasonable time; in these cases, the user is left with a single over-fitted result or, more often than not, no result at all. In this paper we propose a new program synthesis paradigm we call best-effort program synthesis, where the synthesizer returns a ranked list of partially-valid results, i.e. programs that satisfy some part of the specification.
To support this paradigm, we develop best-effort enumeration, a new synthesis algorithm that extends a popular program enumeration technique with the ability to accumulate and return multiple partially-valid results with minimal overhead. We implement this algorithm in a tool called BESTER, and evaluate it on 79 synthesis benchmarks from the literature. Contrary to the conventional wisdom, our evaluation shows that BESTER returns useful results even when the specification is flawed or too hard: i) for all benchmarks with an error in the specification, the top three BESTER results contain the correct solution, and ii) for most hard benchmarks, the top three results contain non-trivial fragments of the correct solution. We also performed an exploratory user study, which confirms our intuition that partially-valid results are useful: the study shows that programmers use the output of the synthesizer for comprehension and often incorporate it into their solutions
Leveraging Static Analysis: An IDE for RTLola
Runtime monitoring is an essential part of guaranteeing the safety of
cyber-physical systems. Recently, runtime monitoring frameworks based on formal
specification languages gained momentum. These languages provide valuable
abstractions for specifying the behavior of a system. Yet, writing
specifications remains challenging as, among other things, the specifier has to
keep track of the timing behavior of streams. This paper presents the RTLola
Playground, a browser-based development environment for the stream-based
runtime monitoring framework RTLola. It features new methods to explore the
static analysis results of RTLola, leveraging the advantages of such a formal
language to support the developer in writing and understanding specifications.
Specifications are executed locally in the browser, plotting the resulting
stream values, allowing for intuitive testing. Step-wise execution based on
user-provided system traces enables the debugging of identified errors
- …