1,204 research outputs found
Automatic Verification of Erlang-Style Concurrency
This paper presents an approach to verify safety properties of Erlang-style,
higher-order concurrent programs automatically. Inspired by Core Erlang, we
introduce Lambda-Actor, a prototypical functional language with
pattern-matching algebraic data types, augmented with process creation and
asynchronous message-passing primitives. We formalise an abstract model of
Lambda-Actor programs called Actor Communicating System (ACS) which has a
natural interpretation as a vector addition system, for which some verification
problems are decidable. We give a parametric abstract interpretation framework
for Lambda-Actor and use it to build a polytime computable, flow-based,
abstract semantics of Lambda-Actor programs, which we then use to bootstrap the
ACS construction, thus deriving a more accurate abstract model of the input
program. We have constructed Soter, a tool implementation of the verification
method, thereby obtaining the first fully-automatic, infinite-state model
checker for a core fragment of Erlang. We find that in practice our abstraction
technique is accurate enough to verify an interesting range of safety
properties. Though the ACS coverability problem is Expspace-complete, Soter can
analyse these verification problems surprisingly efficiently.Comment: 12 pages plus appendix, 4 figures, 1 table. The tool is available at
http://mjolnir.cs.ox.ac.uk/soter
Safety verification of asynchronous pushdown systems with shaped stacks
In this paper, we study the program-point reachability problem of concurrent
pushdown systems that communicate via unbounded and unordered message buffers.
Our goal is to relax the common restriction that messages can only be retrieved
by a pushdown process when its stack is empty. We use the notion of partially
commutative context-free grammars to describe a new class of asynchronously
communicating pushdown systems with a mild shape constraint on the stacks for
which the program-point coverability problem remains decidable. Stacks that fit
the shape constraint may reach arbitrary heights; further a process may execute
any communication action (be it process creation, message send or retrieval)
whether or not its stack is empty. This class extends previous computational
models studied in the context of asynchronous programs, and enables the safety
verification of a large class of message passing programs
PRUNE: Dynamic and Decidable Dataflow for Signal Processing on Heterogeneous Platforms
The majority of contemporary mobile devices and personal computers are based
on heterogeneous computing platforms that consist of a number of CPU cores and
one or more Graphics Processing Units (GPUs). Despite the high volume of these
devices, there are few existing programming frameworks that target full and
simultaneous utilization of all CPU and GPU devices of the platform.
This article presents a dataflow-flavored Model of Computation (MoC) that has
been developed for deploying signal processing applications to heterogeneous
platforms. The presented MoC is dynamic and allows describing applications with
data dependent run-time behavior. On top of the MoC, formal design rules are
presented that enable application descriptions to be simultaneously dynamic and
decidable. Decidability guarantees compile-time application analyzability for
deadlock freedom and bounded memory.
The presented MoC and the design rules are realized in a novel Open Source
programming environment "PRUNE" and demonstrated with representative
application examples from the domains of image processing, computer vision and
wireless communications. Experimental results show that the proposed approach
outperforms the state-of-the-art in analyzability, flexibility and performance.Comment: This is the author's version of an article that has been published in
this journal. Changes were made to this version by the publisher prior to
publicatio
Deadlock detection for actor-based coroutines
The actor-based language studied in this paper features asynchronous method calls and supports coroutines which allow for the cooperative scheduling of the method invocations belonging to an actor. We model the local behavior of an actor as a well-structured transition system by means of predicate abstraction and derive the decidability of the occurrence of deadlocks caused by the coroutine mode of method execution
Verisig: verifying safety properties of hybrid systems with neural network controllers
This paper presents Verisig, a hybrid system approach to verifying safety properties of closed-loop systems using neural networks as controllers. We focus on sigmoid-based networks and exploit the fact that the sigmoid is the solution to a quadratic differential equation, which allows us to transform the neural network into an equivalent hybrid system. By composing the networkâs hybrid system with the plantâs, we transform the problem into a hybrid system verification problem which can be solved using state-of-theart reachability tools. We show that reachability is decidable for networks with one hidden layer and decidable for general networks if Schanuelâs conjecture is true. We evaluate the applicability and scalability of Verisig in two case studies, one from reinforcement learning and one in which the neural network is used to approximate a model predictive controller
Intruder deducibility constraints with negation. Decidability and application to secured service compositions
The problem of finding a mediator to compose secured services has been
reduced in our former work to the problem of solving deducibility constraints
similar to those employed for cryptographic protocol analysis. We extend in
this paper the mediator synthesis procedure by a construction for expressing
that some data is not accessible to the mediator. Then we give a decision
procedure for verifying that a mediator satisfying this non-disclosure policy
can be effectively synthesized. This procedure has been implemented in CL-AtSe,
our protocol analysis tool. The procedure extends constraint solving for
cryptographic protocol analysis in a significative way as it is able to handle
negative deducibility constraints without restriction. In particular it applies
to all subterm convergent theories and therefore covers several interesting
theories in formal security analysis including encryption, hashing, signature
and pairing.Comment: (2012
Verifying message-passing programs with dependent behavioural types
Concurrent and distributed programming is notoriously hard. Modern languages and toolkits ease this difficulty by offering message-passing abstractions, such as actors (e.g., Erlang, Akka, Orleans) or processes (e.g., Go): they allow for simpler reasoning w.r.t. shared-memory concurrency, but do not ensure that a program implements a given specification. To address this challenge, it would be desirable to specify and verify the intended behaviour of message-passing applications using types, and ensure that, if a program type-checks and compiles, then it will run and communicate as desired. We develop this idea in theory and practice. We formalise a concurrent functional language λÏ, with a new blend of behavioural types (from Ï-calculus theory), and dependent function types (from the Dotty programming language, a.k.a. the future Scala 3). Our theory yields four main payoffs: (1) it verifies safety and liveness properties of programs via typeĆ level model checking; (2) unlike previous work, it accurately verifies channel-passing (covering a typical pattern of actor programs) and higher-order interaction (i.e., sending/receiving mobile code); (3) it is directly embedded in Dotty, as a toolkit called Effpi, offering a simplified actor-based API; (4) it enables an efficient runtime system for Effpi, for highly concurrent programs with millions of processes/actors
Model Checking Classes of Metric LTL Properties of Object-Oriented Real-Time Maude Specifications
This paper presents a transformational approach for model checking two
important classes of metric temporal logic (MTL) properties, namely, bounded
response and minimum separation, for nonhierarchical object-oriented Real-Time
Maude specifications. We prove the correctness of our model checking
algorithms, which terminate under reasonable non-Zeno-ness assumptions when the
reachable state space is finite. These new model checking features have been
integrated into Real-Time Maude, and are used to analyze a network of medical
devices and a 4-way traffic intersection system.Comment: In Proceedings RTRTS 2010, arXiv:1009.398
- âŠ