118 research outputs found
Extending ACL2 with SMT Solvers
We present our extension of ACL2 with Satisfiability Modulo Theories (SMT)
solvers using ACL2's trusted clause processor mechanism. We are particularly
interested in the verification of physical systems including Analog and
Mixed-Signal (AMS) designs. ACL2 offers strong induction abilities for
reasoning about sequences and SMT complements deduction methods like ACL2 with
fast nonlinear arithmetic solving procedures. While SAT solvers have been
integrated into ACL2 in previous work, SMT methods raise new issues because of
their support for a broader range of domains including real numbers and
uninterpreted functions. This paper presents Smtlink, our clause processor for
integrating SMT solvers into ACL2. We describe key design and implementation
issues and describe our experience with its use.Comment: In Proceedings ACL2 2015, arXiv:1509.0552
Extending SMTCoq, a Certified Checker for SMT (Extended Abstract)
This extended abstract reports on current progress of SMTCoq, a communication
tool between the Coq proof assistant and external SAT and SMT solvers. Based on
a checker for generic first-order certificates implemented and proved correct
in Coq, SMTCoq offers facilities both to check external SAT and SMT answers and
to improve Coq's automation using such solvers, in a safe way. Currently
supporting the SAT solver zChaff, and the SMT solver veriT for the combination
of the theories of congruence closure and linear integer arithmetic, SMTCoq is
meant to be extendable with a reasonable amount of effort: we present work in
progress to support the SMT solver CVC4 and the theory of bit vectors.Comment: In Proceedings HaTT 2016, arXiv:1606.0542
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Size-Change Termination as a Contract
Termination is an important but undecidable program property, which has led
to a large body of work on static methods for conservatively predicting or
enforcing termination. One such method is the size-change termination approach
of Lee, Jones, and Ben-Amram, which operates in two phases: (1) abstract
programs into "size-change graphs," and (2) check these graphs for the
size-change property: the existence of paths that lead to infinite decreasing
sequences.
We transpose these two phases with an operational semantics that accounts for
the run-time enforcement of the size-change property, postponing (or entirely
avoiding) program abstraction. This choice has two key consequences: (1)
size-change termination can be checked at run-time and (2) termination can be
rephrased as a safety property analyzed using existing methods for systematic
abstraction.
We formulate run-time size-change checks as contracts in the style of Findler
and Felleisen. The result compliments existing contracts that enforce partial
correctness specifications to obtain contracts for total correctness. Our
approach combines the robustness of the size-change principle for termination
with the precise information available at run-time. It has tunable overhead and
can check for nontermination without the conservativeness necessary in static
checking. To obtain a sound and computable termination analysis, we apply
existing abstract interpretation techniques directly to the operational
semantics, avoiding the need for custom abstractions for termination. The
resulting analyzer is competitive with with existing, purpose-built analyzers
The Dafny Integrated Development Environment
In recent years, program verifiers and interactive theorem provers have
become more powerful and more suitable for verifying large programs or proofs.
This has demonstrated the need for improving the user experience of these tools
to increase productivity and to make them more accessible to non-experts. This
paper presents an integrated development environment for Dafny-a programming
language, verifier, and proof assistant-that addresses issues present in most
state-of-the-art verifiers: low responsiveness and lack of support for
understanding non-obvious verification failures. The paper demonstrates several
new features that move the state-of-the-art closer towards a verification
environment that can provide verification feedback as the user types and can
present more helpful information about the program or failed verifications in a
demand-driven and unobtrusive way.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
Extending Nunchaku to Dependent Type Theory
Nunchaku is a new higher-order counterexample generator based on a sequence
of transformations from polymorphic higher-order logic to first-order logic.
Unlike its predecessor Nitpick for Isabelle, it is designed as a stand-alone
tool, with frontends for various proof assistants. In this short paper, we
present some ideas to extend Nunchaku with partial support for dependent types
and type classes, to make frontends for Coq and other systems based on
dependent type theory more useful.Comment: In Proceedings HaTT 2016, arXiv:1606.0542
- …