12,114 research outputs found
Compositional Verification for Timed Systems Based on Automatic Invariant Generation
We propose a method for compositional verification to address the state space
explosion problem inherent to model-checking timed systems with a large number
of components. The main challenge is to obtain pertinent global timing
constraints from the timings in the components alone. To this end, we make use
of auxiliary clocks to automatically generate new invariants which capture the
constraints induced by the synchronisations between components. The method has
been implemented in the RTD-Finder tool and successfully experimented on
several benchmarks
Towards Realizability Checking of Contracts using Theories
Virtual integration techniques focus on building architectural models of
systems that can be analyzed early in the design cycle to try to lower cost,
reduce risk, and improve quality of complex embedded systems. Given appropriate
architectural descriptions and compositional reasoning rules, these techniques
can be used to prove important safety properties about the architecture prior
to system construction. Such proofs build from "leaf-level" assume/guarantee
component contracts through architectural layers towards top-level safety
properties. The proofs are built upon the premise that each leaf-level
component contract is realizable; i.e., it is possible to construct a component
such that for any input allowed by the contract assumptions, there is some
output value that the component can produce that satisfies the contract
guarantees. Without engineering support it is all too easy to write leaf-level
components that can't be realized. Realizability checking for propositional
contracts has been well-studied for many years, both for component synthesis
and checking correctness of temporal logic requirements. However, checking
realizability for contracts involving infinite theories is still an open
problem. In this paper, we describe a new approach for checking realizability
of contracts involving theories and demonstrate its usefulness on several
examples.Comment: 15 pages, to appear in NASA Formal Methods (NFM) 201
On Automated Lemma Generation for Separation Logic with Inductive Definitions
Separation Logic with inductive definitions is a well-known approach for
deductive verification of programs that manipulate dynamic data structures.
Deciding verification conditions in this context is usually based on
user-provided lemmas relating the inductive definitions. We propose a novel
approach for generating these lemmas automatically which is based on simple
syntactic criteria and deterministic strategies for applying them. Our approach
focuses on iterative programs, although it can be applied to recursive programs
as well, and specifications that describe not only the shape of the data
structures, but also their content or their size. Empirically, we find that our
approach is powerful enough to deal with sophisticated benchmarks, e.g.,
iterative procedures for searching, inserting, or deleting elements in sorted
lists, binary search tress, red-black trees, and AVL trees, in a very efficient
way
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
On Equivalence and Canonical Forms in the LF Type Theory
Decidability of definitional equality and conversion of terms into canonical
form play a central role in the meta-theory of a type-theoretic logical
framework. Most studies of definitional equality are based on a confluent,
strongly-normalizing notion of reduction. Coquand has considered a different
approach, directly proving the correctness of a practical equivalance algorithm
based on the shape of terms. Neither approach appears to scale well to richer
languages with unit types or subtyping, and neither directly addresses the
problem of conversion to canonical.
In this paper we present a new, type-directed equivalence algorithm for the
LF type theory that overcomes the weaknesses of previous approaches. The
algorithm is practical, scales to richer languages, and yields a new notion of
canonical form sufficient for adequate encodings of logical systems. The
algorithm is proved complete by a Kripke-style logical relations argument
similar to that suggested by Coquand. Crucially, both the algorithm itself and
the logical relations rely only on the shapes of types, ignoring dependencies
on terms.Comment: 41 page
Graphical modelling language for spycifying concurrency based on CSP
Introduced in this (shortened) paper is a graphical modelling language for specifying concurrency in software designs. The language notations are derived from CSP and the resulting designs form CSP diagrams. The notations reflect both data-flow and control-flow aspects of concurrent software architectures. These designs can automatically be described by CSP algebraic expressions that can be used for formal analysis. The designer does not have to be aware of the underlying mathematics. The techniques and rules presented provide guidance to the development of concurrent software architectures. One can detect and reason about compositional conflicts (errors in design), potential deadlocks (errors at run-time), and priority inversion problems (performance burden) at a high level of abstraction. The CSP diagram collaborates with objectoriented modelling languages and structured methods
- ā¦