104,897 research outputs found
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
Statistical Assertions for Validating Patterns and Finding Bugs in Quantum Programs
In support of the growing interest in quantum computing experimentation,
programmers need new tools to write quantum algorithms as program code.
Compared to debugging classical programs, debugging quantum programs is
difficult because programmers have limited ability to probe the internal states
of quantum programs; those states are difficult to interpret even when
observations exist; and programmers do not yet have guidelines for what to
check for when building quantum programs. In this work, we present quantum
program assertions based on statistical tests on classical observations. These
allow programmers to decide if a quantum program state matches its expected
value in one of classical, superposition, or entangled types of states. We
extend an existing quantum programming language with the ability to specify
quantum assertions, which our tool then checks in a quantum program simulator.
We use these assertions to debug three benchmark quantum programs in factoring,
search, and chemistry. We share what types of bugs are possible, and lay out a
strategy for using quantum programming patterns to place assertions and prevent
bugs.Comment: In The 46th Annual International Symposium on Computer Architecture
(ISCA '19). arXiv admin note: text overlap with arXiv:1811.0544
Modular, Fully-abstract Compilation by Approximate Back-translation
A compiler is fully-abstract if the compilation from source language programs
to target language programs reflects and preserves behavioural equivalence.
Such compilers have important security benefits, as they limit the power of an
attacker interacting with the program in the target language to that of an
attacker interacting with the program in the source language. Proving compiler
full-abstraction is, however, rather complicated. A common proof technique is
based on the back-translation of target-level program contexts to
behaviourally-equivalent source-level contexts. However, constructing such a
back- translation is problematic when the source language is not strong enough
to embed an encoding of the target language. For instance, when compiling from
STLC to ULC, the lack of recursive types in the former prevents such a
back-translation.
We propose a general and elegant solution for this problem. The key insight
is that it suffices to construct an approximate back-translation. The
approximation is only accurate up to a certain number of steps and conservative
beyond that, in the sense that the context generated by the back-translation
may diverge when the original would not, but not vice versa. Based on this
insight, we describe a general technique for proving compiler full-abstraction
and demonstrate it on a compiler from STLC to ULC. The proof uses asymmetric
cross-language logical relations and makes innovative use of step-indexing to
express the relation between a context and its approximate back-translation.
The proof extends easily to common compiler patterns such as modular
compilation and it, to the best of our knowledge, it is the first compiler full
abstraction proof to have been fully mechanised in Coq. We believe this proof
technique can scale to challenging settings and enable simpler, more scalable
proofs of compiler full-abstraction
Modular Construction of Shape-Numeric Analyzers
The aim of static analysis is to infer invariants about programs that are
precise enough to establish semantic properties, such as the absence of
run-time errors. Broadly speaking, there are two major branches of static
analysis for imperative programs. Pointer and shape analyses focus on inferring
properties of pointers, dynamically-allocated memory, and recursive data
structures, while numeric analyses seek to derive invariants on numeric values.
Although simultaneous inference of shape-numeric invariants is often needed,
this case is especially challenging and is not particularly well explored.
Notably, simultaneous shape-numeric inference raises complex issues in the
design of the static analyzer itself.
In this paper, we study the construction of such shape-numeric, static
analyzers. We set up an abstract interpretation framework that allows us to
reason about simultaneous shape-numeric properties by combining shape and
numeric abstractions into a modular, expressive abstract domain. Such a modular
structure is highly desirable to make its formalization and implementation
easier to do and get correct. To achieve this, we choose a concrete semantics
that can be abstracted step-by-step, while preserving a high level of
expressiveness. The structure of abstract operations (i.e., transfer, join, and
comparison) follows the structure of this semantics. The advantage of this
construction is to divide the analyzer in modules and functors that implement
abstractions of distinct features.Comment: In Proceedings Festschrift for Dave Schmidt, arXiv:1309.455
Logic Meets Algebra: the Case of Regular Languages
The study of finite automata and regular languages is a privileged meeting
point of algebra and logic. Since the work of Buchi, regular languages have
been classified according to their descriptive complexity, i.e. the type of
logical formalism required to define them. The algebraic point of view on
automata is an essential complement of this classification: by providing
alternative, algebraic characterizations for the classes, it often yields the
only opportunity for the design of algorithms that decide expressibility in
some logical fragment.
We survey the existing results relating the expressibility of regular
languages in logical fragments of MSO[S] with algebraic properties of their
minimal automata. In particular, we show that many of the best known results in
this area share the same underlying mechanics and rely on a very strong
relation between logical substitutions and block-products of pseudovarieties of
monoid. We also explain the impact of these connections on circuit complexity
theory.Comment: 37 page
- ā¦