Verification of distributed algorithms with the Why3 tool

Dissertação de mestrado integrado em Informatics EngineeringNowadays, there currently exist many working program verification tools however, the developed tools are mostly limited to the verification of sequential code, or else of multi-threaded shared-memory programs. Due to the importance that distributed systems and protocols play in many systems, they have been targeted by the program verification community since the beginning of this area. In this sense, they recently tried to create tools capable of deductive verification in the distributed setting (deductive verification techniques offer the highest degree of assurance) and claim to have achieved impressive results. Thus, this dissertation will explore the use of the Why3 deductive verification tool for the verification of dis tributed algorithms. It will comprise the definition of a dedicated Why3library, together with a representative set of case studies. The goal is to provide evidence that Why3 is a privileged tool for such a task, standing at a sweet spot regarding expressive power and practicality.Nos dias de hoje, possuímos diversas ferramentas de verificação, ferramentas essas limitadas à verificação de código sequencial, ou então de programas multi-thread de memória partilhada. Devido à importância que os sistemas e protocolos distribuídos desempenham em muitos sistemas, estes foram alvos por parte da comunidade de verificação de programas desde o início desta área. Neste sentido, recentemente tentaram criar ferramentas capazes de realizar a verificação dedutiva no ambiente distribuído (técnicas de verificação dedutiva que oferecem o mais elevado grau de segurança) e afirmam ter alcançado resultados impressionantes. Assim, esta dissertação irá explorar o uso da ferramenta de verificação dedutiva Why3 com o propósito de verificar algoritmos distribuídos. Irão ser desenvolvidos modos e modelos da biblioteca Why3do, juntamente com um conjunto representativo de casos de estudos. O objetivo é fornecer evidências de que Why3 é uma ferramenta privilegiada para esta tarefa, estando no ponto ideal na relação poder expressivo e praticabilidade.This work is financed by the ERDF – European Regional Development Fund through the North Portugal Regional Operational Programme - NORTE2020 Programme and by National Funds through the Portuguese funding agency, FCT - Fundação para a Ciência e a Tecnologia within project NORTE-01-0145-FEDER-028550- PTDC/EEI-COM/28550/2017

Domain science and engineering from computer science to the sciences of informatics. Part I: Engineering

Висловлено побажання, щоб факультети комп’ютерих наук викладали програмування і програмну інженерію на основі формальних методів і більше уваги приділяли дослідженню формальних методів для надійної розробки програмного забезпечення, а також щоб поняття науки і інженерії проблемної області стали незамінною частиною науки інформатики і програмної інженерії.In this paper we wish to advocate that departments of computer science put emphasis on teaching programming and software engineering based on formal methods; and more emphasis on research into formal methods for the trustworthy development of software. We also wish to advocate that the concepts of domain science and domain engineering become an indispensable part of the science of informatics and of software engineering

Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design – FMCAD 2022

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing

Proceedings of the 22nd Conference on Formal Methods in Computer-Aided Design – FMCAD 2022

The Conference on Formal Methods in Computer-Aided Design (FMCAD) is an annual conference on the theory and applications of formal methods in hardware and system verification. FMCAD provides a leading forum to researchers in academia and industry for presenting and discussing groundbreaking methods, technologies, theoretical results, and tools for reasoning formally about computing systems. FMCAD covers formal aspects of computer-aided system design including verification, specification, synthesis, and testing

Model Checking of State-Rich Formalisms (By Linking to Combination of State-based Formalism and Process Algebra)

Computer-based systems are becoming more and more complex. It is really a grand challenge to assure the dependability of these systems with the growing complexity, especially for high integrity and safety critical systems that require extremely high dependability. Circus, as a formal language, is designed to tackle this problem by providing precision preservation and correctness assurance. It is a combination of Z, CSP, refinement calculus and Dijkstra's guarded commands. A main objective of Circus is to provide calculational style refinement that differentiates itself from other integrated formal methods. Looseness, which is introduced from constants and uninitialised state space in Circus, and nondeterminism, which is introduced from disjunctive operations and CSP operators, make model checking of Circus more difficult than that of sole CSP or Z. Current approaches have a number of disadvantages like nondeterminism and divergence information loss, abstraction deterioration, and no appropriate tools to support automation. In this thesis, we present a new approach to model-check state-rich formalisms by linking them to a combination of a state-based formalism and a process algebra. Specifically, the approach illustrated in this thesis is to model-check Circus by linking to CSP || B. Eventually, we can use ProB, a model checker for B, Event-B, and CSP || B etc., to check the resultant CSP || B model. A formal link from Circus to CSP || B is defined in our work. Our link solution is to rewrite Circus models first to make all interactions between the state part and the behavioural part of Circus only through schema expressions, then translate the state part and the behavioural part to B and CSP respectively. In addition, since the semantics of Circus is based on Hoare and He's Unifying Theories of Programming (UTP), in order to prove the soundness of our link, we also give UTP semantics to CSP || B. Finally, because both ends of the link have their semantics defined in UTP, they are comparable. Furthermore, in order to support an automatic translation process, a translator is developed. It has supported almost all constructs defined in the link though with some limitations. Finally, three case studies are illustrated to show the usability of our model checking solution as well as limitations. The bounded reactive buffer is a typical Circus example. By our model checking approach, basic properties like deadlock freedom and divergence freedom for both the specification and the implementation with a small buffer size have been verified. In addition, the implementation has been verified to be a refinement of the specification in terms of traces and failures. Afterwards, in the Electronic Shelf Edge Label (ESEL) case study, we demonstrate how to use Circus to model different development stages of systems from the specification to two more specific systems. We have verified basic properties and sequential refinements of three models as well as three application related properties. Similarly, only the systems with a limited number of ESELs are verified. Finally, we present the steam boiler case study. It is a real and industrial control system problem. Though our solution cannot model check the steam boiler model completely due to its large state space, our solution still proves its benefits. Through our model checking approach, we have found a substantial number of errors from the original Circus solution. Then with counterexamples during animation and model checking, we have corrected all these found errors

Compiling Programs and Proofs: FoCaLiZe Internals

Designing a tool to ease the development of high-level security or safety systems must consider to facilitate not only design and coding but also formal demonstrations of correctness and compliance to standards. This entails some requirements on the tool as these demonstrations ask to link together computational and logical aspects of the development. These requirements are briefly considered and a solution is proposed: functions, statements and proofs are handled in a unique language, offering inheritance and parametrized modules. The FoCaLiZe environment implements this language, which remains simple enough to be used in a usual engineering process. The code generation produces an executable functional code (in OCaml) and a checkable term of a logical Type Theory (verified by Coq), close enough to truly ease traceability. It ensures that OCaml and Coq produced codes are error-free and provides compact generated code. The main contribution of this paper is a detailed presentation of the compilation scheme, which is supported by an original treatment of the dependencies induced by the combination of computational and logical constructs. As the whole source code is translated to a logical term verified by Coq, we get a strong assurance in the correctness of the generated code, hence avoiding the need to prove correctness of the compiler itself

Design, verification and automatic implementation of correct-by-construction distributed transaction systems in Maude

Designing, verifying, and implementing highly reliable distributed systems is at present a hard and very labor-intensive task. Cloud-based systems have further increased this complexity due to the desired consistency, availability, scalability, and disaster tolerance. This dissertation addresses this challenge in the context of distributed transaction systems (DTSs) from two complementary perspectives: (i) designing DTSs with high assurance such that they satisfy desired correctness and performance requirements; and (ii) transforming verified system designs into correct-by-construction distributed implementations. Regarding correctness requirements, we provide an object-based framework for formally modeling DTSs in Maude, explain how such models can be automatically instrumented to record relevant events during a run, formally define a wide range of consistency properties on such histories of events, and implement a tool which fully automates the entire specification instrumentation and model checking process. Regarding performance requirements, we propose a general, though not yet automated, method that transforms the untimed, non-probabilistic, and nondeterministic formal Maude models of DTSs into probabilistic rewrite theories, explain how we can monitor the system executions of such probabilistic theories, and shows how we can evaluate the performance of the DTS designs based on the recorded log for different performance parameters and workloads by statistical model checking. To bridge the formality gap between verified designs and distributed implementations we present a correct-by-construction automatic transformation mapping a verified formal specification of an actor-based distributed system design in Maude to a distributed implementation enjoying the same safety and liveness properties as the original formal design. Two case studies, applying this automatic transformation to state-of-the-art DTSs analyzed within the same formal framework for both logical and performance properties, show that high-quality implementations with acceptable performance and meeting performance predictions can be automatically generated in this way