10,903 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Bug Hunting with False Negatives Revisited
Safe data abstractions are widely used for verification purposes. Positive verification results can be transferred from the abstract to the concrete system. When a property is violated in the abstract system, one still has to check whether a concrete violation scenario exists. However, even when the violation scenario is not reproducible in the concrete system (a false negative), it may still contain information on possible sources of bugs. Here, we propose a bug hunting framework based on abstract violation scenarios. We first extract a violation pattern from one abstract violation scenario. The violation pattern represents multiple abstract violation scenarios, increasing the chance that a corresponding concrete violation exists. Then, we look for a concrete violation that corresponds to the violation pattern by using constraint solving techniques. Finally, we define the class of counterexamples that we can handle and argue correctness of the proposed framework. Our method combines two formal techniques, model checking and constraint solving. Through an analysis of contracting and precise abstractions, we are able to integrate overapproximation by abstraction with concrete counterexample generation
Abstraction and Learning for Infinite-State Compositional Verification
Despite many advances that enable the application of model checking
techniques to the verification of large systems, the state-explosion problem
remains the main challenge for scalability. Compositional verification
addresses this challenge by decomposing the verification of a large system into
the verification of its components. Recent techniques use learning-based
approaches to automate compositional verification based on the assume-guarantee
style reasoning. However, these techniques are only applicable to finite-state
systems. In this work, we propose a new framework that interleaves abstraction
and learning to perform automated compositional verification of infinite-state
systems. We also discuss the role of learning and abstraction in the related
context of interface generation for infinite-state components.Comment: In Proceedings Festschrift for Dave Schmidt, arXiv:1309.455
Synthesis of Switching Protocols from Temporal Logic Specifications
We propose formal means for synthesizing switching protocols that determine the sequence in which the modes of a switched system are activated to satisfy certain high-level specifications in linear temporal logic. The synthesized protocols are robust against exogenous disturbances on the continuous dynamics. Two types of finite transition systems, namely under- and over-approximations, that abstract the behavior of the underlying continuous dynamics are defined. In particular, we show that the discrete synthesis problem for an under-approximation can be formulated as a model checking problem, whereas that for an over-approximation can be transformed into a two-player game. Both of these formulations are amenable to efficient, off-the-shelf software tools. By construction, existence of a discrete switching strategy for the discrete synthesis problem guarantees the existence of a continuous switching protocol for the continuous synthesis problem, which can be implemented at the continuous level to ensure the correctness of the nonlinear switched system. Moreover, the proposed framework can be straightforwardly extended to accommodate specifications that require reacting to possibly adversarial external events. Finally, these results are illustrated using three examples from different application domains
Variability Abstraction and Refinement for Game-Based Lifted Model Checking of Full CTL
One of the most promising approaches to fighting the configuration space explosion problem in lifted model checking are variability abstractions. In this work, we define a novel game-based approach for variability-specific abstraction and refinement for lifted model checking of the full CTL, interpreted over 3-valued semantics. We propose a direct algorithm for solving a 3-valued (abstract) lifted model checking game. In case the result of model checking an abstract variability model is indefinite, we suggest a new notion of refinement, which eliminates indefinite results. This provides an iterative incremental variability-specific abstraction and refinement framework, where refinement is applied only where indefinite results exist and definite results from previous iterations are reused. The practicality of this approach is demonstrated on several variability models
StocHy: automated verification and synthesis of stochastic processes
StocHy is a software tool for the quantitative analysis of discrete-time
stochastic hybrid systems (SHS). StocHy accepts a high-level description of
stochastic models and constructs an equivalent SHS model. The tool allows to
(i) simulate the SHS evolution over a given time horizon; and to automatically
construct formal abstractions of the SHS. Abstractions are then employed for
(ii) formal verification or (iii) control (policy, strategy) synthesis. StocHy
allows for modular modelling, and has separate simulation, verification and
synthesis engines, which are implemented as independent libraries. This allows
for libraries to be easily used and for extensions to be easily built. The tool
is implemented in C++ and employs manipulations based on vector calculus, the
use of sparse matrices, the symbolic construction of probabilistic kernels, and
multi-threading. Experiments show StocHy's markedly improved performance when
compared to existing abstraction-based approaches: in particular, StocHy beats
state-of-the-art tools in terms of precision (abstraction error) and
computational effort, and finally attains scalability to large-sized models (12
continuous dimensions). StocHy is available at www.gitlab.com/natchi92/StocHy
Verification of Agent-Based Artifact Systems
Artifact systems are a novel paradigm for specifying and implementing
business processes described in terms of interacting modules called artifacts.
Artifacts consist of data and lifecycles, accounting respectively for the
relational structure of the artifacts' states and their possible evolutions
over time. In this paper we put forward artifact-centric multi-agent systems, a
novel formalisation of artifact systems in the context of multi-agent systems
operating on them. Differently from the usual process-based models of services,
the semantics we give explicitly accounts for the data structures on which
artifact systems are defined. We study the model checking problem for
artifact-centric multi-agent systems against specifications written in a
quantified version of temporal-epistemic logic expressing the knowledge of the
agents in the exchange. We begin by noting that the problem is undecidable in
general. We then identify two noteworthy restrictions, one syntactical and one
semantical, that enable us to find bisimilar finite abstractions and therefore
reduce the model checking problem to the instance on finite models. Under these
assumptions we show that the model checking problem for these systems is
EXPSPACE-complete. We then introduce artifact-centric programs, compact and
declarative representations of the programs governing both the artifact system
and the agents. We show that, while these in principle generate infinite-state
systems, under natural conditions their verification problem can be solved on
finite abstractions that can be effectively computed from the programs. Finally
we exemplify the theoretical results of the paper through a mainstream
procurement scenario from the artifact systems literature
Hybrid automata dicretising agents for formal modelling of robots
Some of the fundamental capabilities required by autonomous vehicles and systems for their intelligent decision making are: modelling of the environment and forming data abstractions for symbolic, logic based reasoning. The paper formulates a discrete agent framework that abstracts and controls a hybrid system that is a composition of hybrid automata modelled continuous individual processes. Theoretical foundations are laid down for a class of general model composition agents (MCAs) with an advanced subclass of rational physical agents (RPAs). We define MCAs as the most basic structures for the description of complex autonomous robotic systems. The RPA’s have logic based decision making that is obtained by an extension of the hybrid systems concepts using a set of abstractions. The theory presented helps the creation of robots with reliable performance and safe operation in their environment. The paper emphasizes the abstraction aspects of the overall hybrid system that emerges from parallel composition of sets of RPAs and MCAs
- …