11 research outputs found
Generalization Strategies for the Verification of Infinite State Systems
We present a method for the automated verification of temporal properties of
infinite state systems. Our verification method is based on the specialization
of constraint logic programs (CLP) and works in two phases: (1) in the first
phase, a CLP specification of an infinite state system is specialized with
respect to the initial state of the system and the temporal property to be
verified, and (2) in the second phase, the specialized program is evaluated by
using a bottom-up strategy. The effectiveness of the method strongly depends on
the generalization strategy which is applied during the program specialization
phase. We consider several generalization strategies obtained by combining
techniques already known in the field of program analysis and program
transformation, and we also introduce some new strategies. Then, through many
verification experiments, we evaluate the effectiveness of the generalization
strategies we have considered. Finally, we compare the implementation of our
specialization-based verification method to other constraint-based model
checking tools. The experimental results show that our method is competitive
with the methods used by those other tools. To appear in Theory and Practice of
Logic Programming (TPLP).Comment: 24 pages, 2 figures, 5 table
Proving Correctness of Imperative Programs by Linearizing Constrained Horn Clauses
We present a method for verifying the correctness of imperative programs
which is based on the automated transformation of their specifications. Given a
program prog, we consider a partial correctness specification of the form
prog , where the assertions and are
predicates defined by a set Spec of possibly recursive Horn clauses with linear
arithmetic (LA) constraints in their premise (also called constrained Horn
clauses). The verification method consists in constructing a set PC of
constrained Horn clauses whose satisfiability implies that prog
is valid. We highlight some limitations of state-of-the-art
constrained Horn clause solving methods, here called LA-solving methods, which
prove the satisfiability of the clauses by looking for linear arithmetic
interpretations of the predicates. In particular, we prove that there exist
some specifications that cannot be proved valid by any of those LA-solving
methods. These specifications require the proof of satisfiability of a set PC
of constrained Horn clauses that contain nonlinear clauses (that is, clauses
with more than one atom in their premise). Then, we present a transformation,
called linearization, that converts PC into a set of linear clauses (that is,
clauses with at most one atom in their premise). We show that several
specifications that could not be proved valid by LA-solving methods, can be
proved valid after linearization. We also present a strategy for performing
linearization in an automatic way and we report on some experimental results
obtained by using a preliminary implementation of our method.Comment: To appear in Theory and Practice of Logic Programming (TPLP),
Proceedings of ICLP 201
Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties
This paper investigates the verification and synthesis of parameterized
protocols that satisfy leadsto properties on symmetric
unidirectional rings (a.k.a. uni-rings) of deterministic and constant-space
processes under no fairness and interleaving semantics, where and are
global state predicates. First, we show that verifying for
parameterized protocols on symmetric uni-rings is undecidable, even for
deterministic and constant-space processes, and conjunctive state predicates.
Then, we show that surprisingly synthesizing symmetric uni-ring protocols that
satisfy is actually decidable. We identify necessary and
sufficient conditions for the decidability of synthesis based on which we
devise a sound and complete polynomial-time algorithm that takes the predicates
and , and automatically generates a parameterized protocol that
satisfies for unbounded (but finite) ring sizes. Moreover, we
present some decidability results for cases where leadsto is required from
multiple distinct predicates to different predicates. To demonstrate
the practicality of our synthesis method, we synthesize some parameterized
protocols, including agreement and parity protocols
Proving theorems by program transformation
In this paper we present an overview of the unfold/fold proof method, a method for proving theorems about programs, based on program transformation. As a metalanguage for specifying programs and program properties we adopt constraint logic programming (CLP), and we present a set of transformation rules (including the familiar unfolding and folding rules) which preserve the semantics of CLP programs. Then, we show how program transformation strategies can be used, similarly to theorem proving tactics, for guiding the application of the transformation rules and inferring the properties to be proved. We work out three examples: (i) the proof of predicate equivalences, applied to the verification of equality between CCS processes, (ii) the proof of first order formulas via an extension of the quantifier elimination method, and (iii) the proof of temporal properties of infinite state concurrent systems, by using a transformation strategy that performs program specialization
Verification of Imperative Programs by Constraint Logic Program Transformation
We present a method for verifying partial correctness properties of
imperative programs that manipulate integers and arrays by using techniques
based on the transformation of constraint logic programs (CLP). We use CLP as a
metalanguage for representing imperative programs, their executions, and their
properties. First, we encode the correctness of an imperative program, say
prog, as the negation of a predicate 'incorrect' defined by a CLP program T. By
construction, 'incorrect' holds in the least model of T if and only if the
execution of prog from an initial configuration eventually halts in an error
configuration. Then, we apply to program T a sequence of transformations that
preserve its least model semantics. These transformations are based on
well-known transformation rules, such as unfolding and folding, guided by
suitable transformation strategies, such as specialization and generalization.
The objective of the transformations is to derive a new CLP program TransfT
where the predicate 'incorrect' is defined either by (i) the fact 'incorrect.'
(and in this case prog is not correct), or by (ii) the empty set of clauses
(and in this case prog is correct). In the case where we derive a CLP program
such that neither (i) nor (ii) holds, we iterate the transformation. Since the
problem is undecidable, this process may not terminate. We show through
examples that our method can be applied in a rather systematic way, and is
amenable to automation by transferring to the field of program verification
many techniques developed in the field of program transformation.Comment: In Proceedings Festschrift for Dave Schmidt, arXiv:1309.455
Removing Algebraic Data Types from Constrained Horn Clauses Using Difference Predicates
We address the problem of proving the satisfiability of Constrained Horn
Clauses (CHCs) with Algebraic Data Types (ADTs), such as lists and trees. We
propose a new technique for transforming CHCs with ADTs into CHCs where
predicates are defined over basic types, such as integers and booleans, only.
Thus, our technique avoids the explicit use of inductive proof rules during
satisfiability proofs. The main extension over previous techniques for ADT
removal is a new transformation rule, called differential replacement, which
allows us to introduce auxiliary predicates corresponding to the lemmas that
are often needed when making inductive proofs. We present an algorithm that
uses the new rule, together with the traditional folding/unfolding
transformation rules, for the automatic removal of ADTs. We prove that if the
set of the transformed clauses is satisfiable, then so is the set of the
original clauses. By an experimental evaluation, we show that the use of the
differential replacement rule significantly improves the effectiveness of ADT
removal, and we show that our transformation-based approach is competitive with
respect to a well-established technique that extends the CVC4 solver with
induction.Comment: 10th International Joint Conference on Automated Reasoning (IJCAR
2020) - version with appendix; added DOI of the final authenticated Springer
publication; minor correction
Program Verification using Constraint Handling Rules and Array Constraint Generalizations*
Thetransformationofconstraintlogicprograms(CLPprograms)hasbeenshowntobean effective methodology for verifying properties of imperative programs. By following this methodology, we encode the negation of a partial correctness property of an imperative program prog as a predicate incorrect defined by a CLP program T , and we show that prog is correct by transforming T into the empty program (and thus incorrect does not hold) through the application of semantics preserving transformation rules. We can also show that prog is incorrect by transforming T into a program with the fact incorrect (and thus incorrect does hold). Some of the transformation rules perform replacements of constraints that are based on properties of the data structures manipulated by the program prog. In this paper we show that Constraint Handling Rules (CHR) are a suitable formalism for representing and applying constraint replacements during the transformation of CLP programs. In particular, we consider programs that manipulate integer arrays and we present a CHR encoding of a constraint replacement strategy based on the theory of arrays. We also propose a novel generalization strategy for constraints on integer arrays that combines CHR constraint replacements with various generalization operators on integer constraints, such as widening and convex hull. Generalization is controlled by additional constraints that relate the variable identifiers in the imperative program prog and the CLP representation of their values. The method presented in this paper has been implemented and we have demonstrated its effectiveness on a set of benchmark programs taken from the literature
ON THE APPLICATIONS OF INTERACTIVE THEOREM PROVING IN COMPUTATIONAL SCIENCES AND ENGINEERING
Interactive Theorem Proving (ITP) is one of the most rigorous methods used in
formal verification of computing systems. While ITP provides a high level of confidence in the correctness of the system under verification, it suffers from a steep learning curve and the laborious nature of interaction with a theorem prover. As such, it is desirable to investigate whether ITP can be used in unexplored (but high-impact) domains where other verification methods fail to deliver. To this end, the focus of this dissertation is on two important domains, namely design of parameterized self-stabilizing systems, and mechanical verification of numerical approximations for Riemann integration. Self-stabilization is an important property of distributed systems that enables recovery from any system configuration/state. There are important applications for self-stabilization in network protocols, game theory, socioeconomic systems, multi-agent systems and robust data structures. Most existing techniques for the design of self-stabilization rely on a āmanual design and after-the-fact verificationā method. In a paradigm shift, we present a novel hybrid method of āsynthesize in small scale and generalizeā where we combine the power of a finite-state synthesizer with theorem proving. We have used our method for the design of network protocols that are self-stabilizing irrespective of the number of network nodes (i.e., parameterized protocols). The second domain of application of ITP that we are investigating concentrates on formal verification of the numerical propositions of Riemann integral in formal proofs. This is a high-impact problem as Riemann Integral is considered one of the most indispensable tools of modern calculus. That has significant applications in the development of mission-critical systems in many Engineering fields that require rigorous computations such as aeronautics, space mechanics, and electrodynamics. Our contribution to this problem is three fold: first, we formally specify and verify the fundamental Riemann Integral inclusion theorem in interval arithmetic; second, we propose a general method to verify numerical propositions on Riemann Integral for a large class of integrable functions; third, we develop a set of practical automatic proof strategies based on formally verified theorems. The contributions of Part II have become part of the ultra-reliable NASA PVS standard library
Generalization strategies for the verification of infinite state systems
We present a method for the automated verification of temporal properties of infinite state systems. Our verification method is based on the specialization of constraint logic programs (CLP) and works in two phases: (1) in the first phase, a CLP specification of an infinite state system is specialized with respect to the initial state of the system and the temporal property to be verified, and (2) in the second phase, the specialized program is evaluated by using a bottom-up strategy. The effectiveness of the method strongly depends on the generalization strategy which is applied during the program specialization phase. We consider several generalization strategies obtained by combining techniques already known in the field of program analysis and program transformation, and we also introduce some new strategies. Then, through many verification experiments, we evaluate the effectiveness of the generalization strategies we have considered. Finally, we compare the implementation of our specialization-based verification method to other constraint-based model checking tools. The experimental results show that our method is competitive with the methods used by those other tools