Predicting SMT solver performance for software verification

The approach Why3 takes to interfacing with a wide variety of interactive and automatic theorem provers works well: it is designed to overcome limitations on what can be proved by a system which relies on a single tightly-integrated solver. In common with other systems, however, the degree to which proof obligations (or “goals”) are proved depends as much on the SMT solver as the properties of the goal itself. In this work, we present a method to use syntactic analysis to characterise goals and predict the most appropriate solver via machine-learning techniques. Combining solvers in this way - a portfolio-solving approach - maximises the number of goals which can be proved. The driver-based architecture of Why3 presents a unique opportunity to use a portfolio of SMT solvers for software verification. The intelligent scheduling of solvers minimises the time it takes to prove these goals by avoiding solvers which return Timeout and Unknown responses. We assess the suitability of a number of machinelearning algorithms for this scheduling task. The performance of our tool Where4 is evaluated on a dataset of proof obligations. We compare Where4 to a range of SMT solvers and theoretical scheduling strategies. We find that Where4 can out-perform individual solvers by proving a greater number of goals in a shorter average time. Furthermore, Where4 can integrate into a Why3 user’s normal workflow - simplifying and automating the non-expert use of SMT solvers for software verification

Predicting SMT solver performance for software verification

The approach Why3 takes to interfacing with a wide variety of interactive and automatic theorem provers works well: it is designed to overcome limitations on what can be proved by a system which relies on a single tightly-integrated solver. In common with other systems, however, the degree to which proof obligations (or “goals”) are proved depends as much on the SMT solver as the properties of the goal itself. In this work, we present a method to use syntactic analysis to characterise goals and predict the most appropriate solver via machine-learning techniques. Combining solvers in this way - a portfolio-solving approach - maximises the number of goals which can be proved. The driver-based architecture of Why3 presents a unique opportunity to use a portfolio of SMT solvers for software verification. The intelligent scheduling of solvers minimises the time it takes to prove these goals by avoiding solvers which return Timeout and Unknown responses. We assess the suitability of a number of machinelearning algorithms for this scheduling task. The performance of our tool Where4 is evaluated on a dataset of proof obligations. We compare Where4 to a range of SMT solvers and theoretical scheduling strategies. We find that Where4 can out-perform individual solvers by proving a greater number of goals in a shorter average time. Furthermore, Where4 can integrate into a Why3 user’s normal workflow - simplifying and automating the non-expert use of SMT solvers for software verification

Actes des Cinquièmes journées nationales du Groupement De Recherche CNRS du Génie de la Programmation et du Logiciel

National audienceCe document contient les actes des Cinquièmes journées nationales du Groupement De Recherche CNRS du Gé}nie de la Programmation et du Logiciel (GDR GPL) s'étant déroulées à Nancy du 3 au 5 avril 2013. Les contributions présentées dans ce document ont été sélectionnées par les différents groupes de travail du GDR. Il s'agit de résumés, de nouvelles versions, de posters et de démonstrations qui correspondent à des travaux qui ont déjà été validés par les comités de programmes d'autres conférences et revues et dont les droits appartiennent exclusivement à leurs auteurs

33èmes Journées Francophones des Langages Applicatifs

International audienceLes 33èmes Journées Francophones des Langages Applicatifs (JFLA) se sont tenues à Saint-Médard-d'Excideuil, plus précisément Domaine d'Essendiéras (Périgord), du mardi 28 juin 2022 au vendredi 1er juillet 2022.Les JFLA réunissent concepteurs, utilisateurs et théoriciens ; elles ont pour ambition de couvrir les domaines des langages applicatifs, de la preuve formelle, de la vérification de programmes, et des objets mathématiques qui sous-tendent ces outils. Ces domaines doivent être pris au sens large : nous souhaitons promouvoir les ponts entre les différentes thématiques.- Langages fonctionnels et applicatifs : sémantique, compilation, optimisation, typage, mesures, extensions par d'autres paradigmes.- Assistants de preuve : implémentation, nouvelles tactiques, développements présentant un intérêt technique ou méthodologique.- Logique, correspondance de Curry-Howard, réalisabilité, extraction de programmes, modèles.- Spécification, prototypage, développements formels d'algorithmes.- Vérification de programmes ou de modèles, méthode déductive, interprétation abstraite, raffinement.- Utilisation industrielle des langages fonctionnels et applicatifs, ou des méthodes issues des preuves formelles, outils pour le web.Les articles soumis aux JFLA sont relus par au moins deux personnes s'ils sont acceptés, trois personnes s'ils sont rejetés. Les critiques des relecteurs sont toujours bienveillantes et la plupart du temps encourageantes et constructives, même en cas de rejet

A formal framework for heterogeneous systems semantics

Cyber physical systems are usually complex systems which are often critical, meaning their failure can have significant negative impacts on human lives. A key point in their development is the verification and validation (V & V) activities which are used to assess their correctness towards user requirements and the associated specifications. This process aims at avoiding failure cases, thus preventing any incident or accident. In order to conduct these V & V steps on such complex systems, separations of concerns of various nature are used. In that purpose, the system is modeled using heterogeneous models that have to be combined together. The nature of these separations of concerns can be as follows: horizontal, which corresponds to a structural decomposition of the system; vertical, which corresponds to the different steps leading from the abstract specification to the concrete implementation; and transversal, which consists in gathering together the parts that are thematically identical (function, performance, security, safety...). These parts are usually expressed using domain specific modeling languages, while the V & V activities are historically conducted using testing and proofreading, and more and more often, using formal methods, which is advocated in our approach. In all these cases, the V & V activities must take into account these separations in order to provide confidence in the global system from the confidence of its sub-parts bound to the separation in question. In other words, to ensure the correctness of the system, a behavioral semantics is needed which has to rely on the ad-hoc semantics of the subsystems. In order to define it, these semantics must be successfully combined in a single formalism. This thesis stems from the GEMOC project a workbench that allows the definition of various languages along with their coordination properties, and target the formal modeling of the GEMOC core through the association of trace semantics to each preoccupation and the expression of constraints between them to encode the correct behavior of the system. This thesis follows several other works conducted under the TOPCASED, OPEES, QuarteFt, P and GEMOC projects, and provides four contributions in that global context: the first one proposes a methodology to give an operational semantics to executable models illustrated through two case studies: Petri nets and models of processes. The second one proposes a formal context on which refinement can be expressed to tackle vertical separation. The third one gives a denotational semantics to CCSL which is the language that is currently used in the GEMOC projects to express behavioural properties between events from one or several models, possibly heterogeneous. Finally, the fourth one proposes an investigation on how to extend CCSL with the notion of refinement we proposed. All these contribution are mechanized in the Agda proof assistant, and thus have been modeled and proven in a formal manner

Mécanismes Orientés-Objets pour l'Interopérabilité entre Systèmes de Preuve

Dedukti is a Logical Framework resulting from the combination ofdependent typing and rewriting. It can be used to encode many logicalsystems using shallow embeddings preserving their notion of reduction.These translations of logical systems in a common format are anecessary first step for exchanging proofs between systems. Thisobjective of interoperability of proof systems is the main motivationof this thesis.To achieve it, we take inspiration from the world of programminglanguages and more specifically from object-oriented languages becausethey feature advanced mechanisms for encapsulation, modularity, anddefault definitions. For this reason we start by a shallowtranslation of an object calculus to Dedukti. The most interestingpoint in this translation is the treatment of subtyping.Unfortunately, it seems very hard to incorporate logic in this objectcalculus. To proceed, object-oriented mechanisms should be restrictedto static ones which seem enough for interoperability. Such acombination of static object-oriented mechanisms and logic is alreadypresent in the FoCaLiZe environment so we propose a shallow embeddingof FoCaLiZe in Dedukti. The main difficulties arise from theintegration of FoCaLiZe automatic theorem prover Zenon and from thetranslation of FoCaLiZe functional implementation language featuringtwo constructs which have no simple counterparts in Dedukti: localpattern matching and recursion.We then demonstrate how this embedding of FoCaLiZe to Dedukti can beused in practice for achieving interoperability of proof systemsthrough FoCaLiZe, Zenon, and Dedukti. In order to avoid strengtheningto much the theory in which the final proof is expressed, we useDedukti as a meta-language for eliminating unnecessary axioms.Dedukti est un cadre logique résultant de la combinaison du typagedépendant et de la réécriture. Il permet d'encoder de nombreuxsystèmes logiques au moyen de plongements superficiels qui préserventla notion de réduction.Ces traductions de systèmes logiques dans un format commun sont unepremière étape nécessaire à l'échange de preuves entre cessystèmes. Cet objectif d'interopérabilité des systèmes de preuve estla motivation principale de cette thèse.Pour y parvenir, nous nous inspirons du monde des langages deprogrammation et plus particulièrement des langages orientés-objetparce qu'ils mettent en œuvre des mécanismes avancés d'encapsulation,de modularité et de définitions par défaut. Pour cette raison, nouscommençons par une traduction superficielle d'un calcul orienté-objeten Dedukti. L'aspect le plus intéressant de cette traduction est letraitement du sous-typage.Malheureusement, ce calcul orienté-objet ne semble pas adapté àl'incorporation de traits logiques. Afin de continuer, nous devonsrestreindre les mécanismes orientés-objet à des mécanismes statiques,plus faciles à combiner avec la logique et apparemment suffisant pournotre objectif d'interopérabilité. Une telle combinaison de mécanismesorientés-objet et de logique est présente dans l'environnementFoCaLiZe donc nous proposons un encodage superficiel de FoCaLiZe dansDedukti. Les difficultés principales proviennent de l'intégration deZenon, le prouveur automatique de théorèmes sur lequel FoCaLiZerepose, et de la traduction du langage d'implantation fonctionnel deFoCaLiZe qui présente deux constructions qui n'ont pas decorrespondance simple en Dedukti : le filtrage de motif local et larécursivité.Nous démontrons finalement comment notre encodage de FoCaLiZe dansDedukti peut servir en pratique à l'interopérabilité entre dessystèmes de preuve à l'aide de FoCaLiZe, Zenon et Dedukti. Pour éviterde trop renforcer la théorie dans laquelle la preuve finale estobtenue, nous proposons d'utiliser Dedukti en tant que méta-langagepour éliminer des axiomes superflus

The European Pilgrimage Routes for promoting sustainable and quality tourism in rural areas

The International Conference the European Pilgrimage Routes for promoting sustainable and quality tourism in rural areas took place December 4 to 6, 2014 in Firenze (Italy) and was organized by the Department of Agricultural, Food and Forestry Systems – University of Florence in collaboration with the Tuscany Region, the Department for Life Quality Studies and Department of Agricultural Sciences – University of Bologna, the Italian Association of Agricultural Engineering and the European Association of the Francigena Way. The Conference involving 150 experts from 18 countries and was divided into five areas of discussion: conservation and evolution of the landscape along the routes; life quality and social impact; tourism and local development; sustainability in the rural areas; tools and methods for building a tourist attraction

Back to the future. The future in the past: ICDHS 10th+1 Barcelona 2018: Conference proceedings book

Obra dedicada a la memòria d'Anna Calvera (1954–2018).Conté: 0. Opening pages -- 1.1 Territories in the scene of globalised design: localisms and cosmopolitanisms -- 1.2 Designing the histories of southern designs -- 1.3 Mediterranean-ness: an inquiry into design and design history -- 1.4 From ideology to methodology: design histories and current developments in post-socialist countries -- 1.5 [100th anniversary of the Bauhaus Foundation]: tracing the map of the diaspora of its students -- 1.6 Design history: gatekeeper of the past and passport to a meaningful future? -- 1.7 Constructivism and deconstructivism: global development and criticism -- 1.8 An expanded global framework for design history -- 1.9 Design museums network: strengthening design by making it part of cultural legacy -- 1.10 Types and histories: past and present issues of type and book design -- 2.1 Design aesthetics: beyond the pragmatic experience and phenomenology -- 2.2 Public policies on design and design-driven innovation -- 2.3 Digital humanities: how does design in today's digital realm respond to what we need? -- 2.4 Design studies: design methods and methodology, the cognitive approach -- 2.5 Vehicles of design criticism -- 3 Open session: research and works in progress (1) -- 3 Open session: research and works in progress (2) -- Addenda: 10th+I keywords mapInternational Committee of Design History and Design Studies. Conference (11a : 2018 : Barcelona, Catalunya),ICDHS is the acronym of the International Committee of De­sign History and Design Studies, an organisation that brings together scholars from Spain, Cuba, Turkey, Mexico, Finland, Japan, Belgium, the Netherlands, Brazil, Portugal, the US, Tai­wan, Canada and the UK. Since 1999, when the Design and Art History departments of the University of Barcelona organised the first edition of the ICDHS, a conference has been held every two years at a different venue around the world. These conferences have had two dis­tinct aims: first, to present original research in the fields of Design History and Design Studies and, second, to include contributions in these fields from non-hegemonic countries, offering a speaking platform to many scientific communities that are already active or are forming and developing. For that reason, the structure of the conferences combines many paral­lel strands, including poster presentations and keynote speak­ers who lecture on the conferences’ main themes. The 2018 event is rather special. The Taipei 2016 conference was the 10th edition and a commemoration of the ten celebrations to date. Returning to Barcelona in 2018 marks the end of one stage and the beginning of a new one for the Committee. The numbering chosen—“10+1”—also means that Barcelona 2018 is both an end and a beginning in the ICDHS’s own history. The book brings together 137 papers delivered at the ICDHS 10th+1 Conference held in Barcelona on 29–31 October 2018. The papers are preceded by texts of the four keynote lectures and a written tribute from the ICDHS Board to its founder and figurehead, Anna Calvera (1954–2018). The Conference, and the book, are dedicated to her memory