64,203 research outputs found
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
Instruction-Level Abstraction (ILA): A Uniform Specification for System-on-Chip (SoC) Verification
Modern Systems-on-Chip (SoC) designs are increasingly heterogeneous and
contain specialized semi-programmable accelerators in addition to programmable
processors. In contrast to the pre-accelerator era, when the ISA played an
important role in verification by enabling a clean separation of concerns
between software and hardware, verification of these "accelerator-rich" SoCs
presents new challenges. From the perspective of hardware designers, there is a
lack of a common framework for the formal functional specification of
accelerator behavior. From the perspective of software developers, there exists
no unified framework for reasoning about software/hardware interactions of
programs that interact with accelerators. This paper addresses these challenges
by providing a formal specification and high-level abstraction for accelerator
functional behavior. It formalizes the concept of an Instruction Level
Abstraction (ILA), developed informally in our previous work, and shows its
application in modeling and verification of accelerators. This formal ILA
extends the familiar notion of instructions to accelerators and provides a
uniform, modular, and hierarchical abstraction for modeling software-visible
behavior of both accelerators and programmable processors. We demonstrate the
applicability of the ILA through several case studies of accelerators (for
image processing, machine learning, and cryptography), and a general-purpose
processor (RISC-V). We show how the ILA model facilitates equivalence checking
between two ILAs, and between an ILA and its hardware finite-state machine
(FSM) implementation. Further, this equivalence checking supports accelerator
upgrades using the notion of ILA compatibility, similar to processor upgrades
using ISA compatibility.Comment: 24 pages, 3 figures, 3 table
Formal Reasoning Using an Iterative Approach with an Integrated Web IDE
This paper summarizes our experience in communicating the elements of
reasoning about correctness, and the central role of formal specifications in
reasoning about modular, component-based software using a language and an
integrated Web IDE designed for the purpose. Our experience in using such an
IDE, supported by a 'push-button' verifying compiler in a classroom setting,
reveals the highly iterative process learners use to arrive at suitably
specified, automatically provable code. We explain how the IDE facilitates
reasoning at each step of this process by providing human readable verification
conditions (VCs) and feedback from an integrated prover that clearly indicates
unprovable VCs to help identify obstacles to completing proofs. The paper
discusses the IDE's usage in verified software development using several
examples drawn from actual classroom lectures and student assignments to
illustrate principles of design-by-contract and the iterative process of
creating and subsequently refining assertions, such as loop invariants in
object-based code.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
The AutoProof Verifier: Usability by Non-Experts and on Standard Code
Formal verification tools are often developed by experts for experts; as a
result, their usability by programmers with little formal methods experience
may be severely limited. In this paper, we discuss this general phenomenon with
reference to AutoProof: a tool that can verify the full functional correctness
of object-oriented software. In particular, we present our experiences of using
AutoProof in two contrasting contexts representative of non-expert usage.
First, we discuss its usability by students in a graduate course on software
verification, who were tasked with verifying implementations of various sorting
algorithms. Second, we evaluate its usability in verifying code developed for
programming assignments of an undergraduate course. The first scenario
represents usability by serious non-experts; the second represents usability on
"standard code", developed without full functional verification in mind. We
report our experiences and lessons learnt, from which we derive some general
suggestions for furthering the development of verification tools with respect
to improving their usability.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
An Adaptive Design Methodology for Reduction of Product Development Risk
Embedded systems interaction with environment inherently complicates
understanding of requirements and their correct implementation. However,
product uncertainty is highest during early stages of development. Design
verification is an essential step in the development of any system, especially
for Embedded System. This paper introduces a novel adaptive design methodology,
which incorporates step-wise prototyping and verification. With each adaptive
step product-realization level is enhanced while decreasing the level of
product uncertainty, thereby reducing the overall costs. The back-bone of this
frame-work is the development of Domain Specific Operational (DOP) Model and
the associated Verification Instrumentation for Test and Evaluation, developed
based on the DOP model. Together they generate functionally valid test-sequence
for carrying out prototype evaluation. With the help of a case study 'Multimode
Detection Subsystem' the application of this method is sketched. The design
methodologies can be compared by defining and computing a generic performance
criterion like Average design-cycle Risk. For the case study, by computing
Average design-cycle Risk, it is shown that the adaptive method reduces the
product development risk for a small increase in the total design cycle time.Comment: 21 pages, 9 figure
Abstract State Machines 1988-1998: Commented ASM Bibliography
An annotated bibliography of papers which deal with or use Abstract State
Machines (ASMs), as of January 1998.Comment: Also maintained as a BibTeX file at http://www.eecs.umich.edu/gasm
Abstraction and Learning for Infinite-State Compositional Verification
Despite many advances that enable the application of model checking
techniques to the verification of large systems, the state-explosion problem
remains the main challenge for scalability. Compositional verification
addresses this challenge by decomposing the verification of a large system into
the verification of its components. Recent techniques use learning-based
approaches to automate compositional verification based on the assume-guarantee
style reasoning. However, these techniques are only applicable to finite-state
systems. In this work, we propose a new framework that interleaves abstraction
and learning to perform automated compositional verification of infinite-state
systems. We also discuss the role of learning and abstraction in the related
context of interface generation for infinite-state components.Comment: In Proceedings Festschrift for Dave Schmidt, arXiv:1309.455
Incremental and Modular Context-sensitive Analysis
Context-sensitive global analysis of large code bases can be expensive, which
can make its use impractical during software development. However, there are
many situations in which modifications are small and isolated within a few
components, and it is desirable to reuse as much as possible previous analysis
results. This has been achieved to date through incremental global analysis
fixpoint algorithms that achieve cost reductions at fine levels of granularity,
such as changes in program lines. However, these fine-grained techniques are
not directly applicable to modular programs, nor are they designed to take
advantage of modular structures. This paper describes, implements, and
evaluates an algorithm that performs efficient context-sensitive analysis
incrementally on modular partitions of programs. The experimental results show
that the proposed modular algorithm shows significant improvements, in both
time and memory consumption, when compared to existing non-modular, fine-grain
incremental analysis techniques. Furthermore, thanks to the proposed
inter-modular propagation of analysis information, our algorithm also
outperforms traditional modular analysis even when analyzing from scratch.Comment: 56 pages, 27 figures. To be published in Theory and Practice of Logic
Programming. v3 corresponds to the extended version of the ICLP2018 Technical
Communication. v4 is the revised version submitted to Theory and Practice of
Logic Programming. v5 (this one) is the final author version to be published
in TPL
- ā¦