Structural Resolution with Co-inductive Loop Detection

A way to combine co-SLD style loop detection with structural resolution was found and is introduced in this work, to extend structural resolution with co-induction. In particular, we present the operational semantics, called co-inductive structural resolution, of this novel combination and prove its soundness with respect to the greatest complete Herbrand model.Comment: In Proceedings CoALP-Ty'16, arXiv:1709.0419

Testing Library Specifications by Verifying Conformance Tests

Abstract. Formal specifications of standard libraries are necessary when statically verifying software that uses those libraries. Library specifications must be both correct, accurately reflecting library behavior, and useful, describing library behavior in sufficient detail to allow static verification of client programs. Specification and verification researchers regularly face the question of whether the library specifications we use are correct and useful, and we have collectively provided no good answers. Over the past few years we have created and refined a software engineering process, which we call the Formal CTD Process (FCTD), to address this problem. Although FCTD is primarily targeted toward those who write Java libraries (or specifications for existing Java libraries) using the Java Modeling Language (JML), its techniques are broadly applicable. The key to FCTD is its novel usage of library conformance test suites. Rather than executing the conformance tests, FCTD uses them to measure the correctness and utility of specifications through static verification. FCTD is beginning to see significant use within the JML community and is the cornerstone process of the JML Spec-a-thons, meetings that bring JML researchers and practitioners together for intensive specification writing sessions. This article describes the Formal CTD Process, its use in small case studies, and its broad application to the standard Java class library.

Formal Specification and Verification of JDK’s Identity Hash Map Implementation

Hash maps are a common and important data structure in efficient algorithm implementations. Despite their wide-spread use, real-world implementations are not regularly verified. In this paper, we present the first case study of the \IHM class in the Java JDK. We specified its behavior using the Java Modeling Language (JML) and proved correctness for the main insertion and lookup methods with \key, a semi-interactive theorem prover for JML-annotated Java programs. Furthermore, we report how unit testing and bounded model checking can be leveraged to find a suitable specification more quickly. We also investigated where the bottlenecks in the verification of hash maps lie for \key by comparing required automatic proof effort for different hash map implementations and draw conclusions for the choice of hash map implementations regarding their verifiability

Inferring loop invariants by mutation, dynamic analysis, and static checking

Verifiers that can prove programs correct against their full functional specification require, for programs with loops, additional annotations in the form of loop invariants - properties that hold for every iteration of a loop. We show that significant loop invariant candidates can be generated by systematically mutating postconditions; then, dynamic checking (based on automatically generated tests) weeds out invalid candidates, and static checking selects provably valid ones. We present a framework that automatically applies these techniques to support a program prover, paving the way for fully automatic verification without manually written loop invariants: Applied to 28 methods (including 39 different loops) from various Java.util classes (occasionally modified to avoid using Java features not fully supported by the static checker), our DYNAMATE prototype automatically discharged 97 percent of all proof obligations, resulting in automatic complete correctness proofs of 25 out of the 28 methods - outperforming several state-of-the-art tools for fully automatic verification

Verification-based Software-fault Detection

Software is used in many safety- and security-critical systems. Software development is, however, an error-prone task. In this dissertation new techniques for the detection of software faults (or software "bugs") are described which are based on a formal deductive verification technology. The described techniques take advantage of information obtained during verification and combine verification technology with deductive fault detection and test generation in a very unified way

Verification-based software-fault detection

Software is used in many safety- and security-critical systems. Software development is, however, an error-prone task. In this work new techniques for the detection of software faults (or software "bugs") are described which are based on a formal deductive verification technology. The described techniques take advantage of information obtained during verification and combine verification technology with deductive fault detection and test generation in a very unified way

Extração e evolução de linhas de produtos de software usando Delta-Oriented Programming : um relato de experiência

Dissertação (mestrado)—Universidade de Brasília, Instituto de Ciências Exatas, Departamento de Ciência da Computação, 2019.Delta-Oriented Programming (DOP) é uma abordagem flexível e modular para a implementação de Linha de Produtos de Software (LPS). Desde 2010, ano em que a abordagem foi proposta, vários trabalhos sobre DOP foram publicados. Entretanto, após a condução de um estudo de mapeamento sistemático da literatura para analisar as reais implicações da técnica, notou-se que poucos desses trabalhos avaliavam de forma rigorosa os aspectos relacionados à evolução de LPS em DOP. Assim sendo, este trabalho apresenta um relato das implicações do uso dessa abordagem através de três diferentes perspectivas: (i) a extração e evolução de um aplicativo mobile em uma linha de produtos usando a DOP; (ii) a caracterização dos cenários de evolução segura e parcialmente segura de DOP através dos templates existentes na literatura; e (iii) uma análise em relação à propagação de mudanças e modularidade da técnica durante o seu processo de evolução. Os resultados mostraram que, apesar da técnica possuir uma maior aderência ao princípio open-closed, o seu uso pode não ser apropriado caso o principal interesse seja a evolução modular de features da linha de produtos, além de que, atualmente, a técnica ainda está limitada ao desenvolvimento em Java, em virtude da falta de plugins ou ferramentas que suportar outras linguagens de programação.Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES).Delta-OrientedProgramming(DOP)isaflexibleandmodularapproachtoSoftwareProduct Line (SPL) implementation. Since 2010, the year the approach was proposed, several papers about DOP have been published. However, after conducting a systematic literature mapping study to analyze the real implications of the technique, it was noted that fewofthesestudiesrigorouslyevaluatedtheaspectsrelatedtotheevolutionofSPLdeltaoriented. Therefore, this work reports the implications of using this approach from three different perspectives: (i) extracting and evolving an Android application to a SPL using DOP; (ii) the characterization of safe and partially safe delta-oriented evolution scenarios throughthetemplatesexistingintheliterature; and(iii)ananalysisregardingthechange impact and modularity properties of the technique during its evolution process. The results showed that, although the technique has a greater adherence to the open-closed principle, its use may not be appropriate if the main interest is the modular evolution of product line features, and currently the technique is still limited to Java development because of the lack of plugins or tools that support other programming languages

Performance evaluation and model checking of probabilistic real-time actors

This dissertation is composed of two parts. In the first part, performance evaluation and verification of safety properties are provided for real-time actors. Recently, the actor-based language, Timed Rebeca, was introduced to model distributed and asynchronous systems with timing constraints and message passing communication. A toolset was developed for automated translation of Timed Rebeca models to Erlang. The translated code can be executed using a timed extension of McErlang for model checking and simulation. In the first part of this dissertation, we induce a new toolset that provides statistical model checking of Timed Rebeca models. Using statistical model checking, we are now able to verify larger models against safety properties comparing to McErlang model checking. We examine the typical case studies of elevators and ticket service to show the efficiency of statistical model checking and applicability of our toolset. In the second part of this dissertation, we enhance our modeling ability and cover more properties by performance evaluation and model checking of probabilistic real-time actors. Distributed systems exhibit probabilistic and nondeterministic behaviors and may have time constraints. Probabilistic Timed Rebeca (PTRebeca) is introduced as a timed and probabilistic actor-based language for modeling distributed real-time systems with asynchronous message passing. The semantics of PTRebeca is a Timed Markov Decision Process (TMDP). We provide SOS rules for PTRebeca, and develop two toolsets for analyzing PTRebeca models. The first toolset automatically generates a TMDP model from a PTRebeca model in the form of the input language of the PRISM model checker. We use PRISM for performance analysis of PTRebeca models against expected reachability and probabilistic reachability properties. Additionally, we develop another toolset to automatically generate a Markov Automaton from a PTRebeca model in the form of the input language of the Interactive Markov Chain Analyzer (IMCA). The IMCA can be used as the back-end model checker for performance analysis of PTRebeca models against expected reachability and probabilistic reachability properties. We present the needed time for the analysis of different case studies using PRISM-based and IMCA-based approaches. The IMCA-based approach needs considerably less time, and so has the ability of analyzing significantly larger models. We show the applicability of both approaches and the efficiency of our tools by analyzing a few case studies and experimental results.Þessi ritgerð er tvískipt. Í fyrri hlutanum er farið í mat og sannprófun á eiginleikum öryggis í rauntímalíkönum. Fyrir stuttu síðan var leikendabyggða málið, Timed Rebeca, notað við líkana dreifingu og ósamstillt kerfi með tímastillingu og samskipti í skilaboðum. Búið var til verkfærasett fyrir sjálfvirka þýðingu á Timed Rebeca líkön yfir í Erlang. Hægt er að nota þýdda kóðann með því að nota tímastillta framlengingu af McErlang fyrir líkanaprófun og hermun. Í fyrri hluta þessarar ritgerðar, ætlum við að kynna verkfærasettið sem veitir tölfræðilega prófun á líkön á Timed Rebeca líkön. Með því að nota tölfræðileg próf á líkön er núna hægt að sannreyna stærri líkön eins og í öryggiskröfum McErlang. Við rannsökum dæmigerðar ferilsathuganir af lyftum og miðasölu til að sýna fram á skilvirkni tölfræðilegra líkana og beitingu verkfærasettsins okkar. Í seinni hluta þessarar ritgerðar aukum við við getu líkanagerðarinnar og við náum yfir fleiri eiginleika með mati á framkvæmd og prófunum á líkönum á líkinda rauntíma leikara. Dreifð kerfi sýna líkindi og brigðgenga hegðun sem kunna að hafa tímamörk. Probabilistic Timed Rebeca (PTRebeca) er kynnt sem tímastillt og líkinda leikarabyggt mál líkindadreifðra rauntímakerfa með ósamstillta sendingu skilaboða. Merkingarfræði PTRebeca er Timed Markov Decision Process (TMDP). Við verðum með SOS reglur fyrir PTRebeca, og þróum tvö verkfærasett til að greina PTRebeca líkön.The work on this dissertation was supported by the project "Timed Asynchronous Reactive Objects in Distributed Systems: TARO" (nr.110020021) of the Icelandic Research Fund