293 research outputs found
Program simplification as a means of approximating undecidable propositions
We describe an approach which mixes testing, slicing, transformation and formal verification to investigate speculative hypotheses concerning a program, formulated during program comprehension activity. Our philosophy is that such hypotheses (which are typically undecidable) can, in some sense, be `answered' by a partly automated system which returns neither `true' nor `false' but a program (the `test program') which computes the answer. The motivation for this philosophy is the way in which, as we demonstrate, static analysis and manipulation technology can be applied to ensure that the resulting test program is significantly simpler than the original program, thereby simplifying the process of investigating the original hypothesi
Pre/post conditioned slicing
Th paper shows how analysis of programs in terms of pre- and postconditions can be improved using a generalisation of conditioned program slicing called pre/post conditioned slicing. Such conditions play an important role in program comprehension, reuse, verification and reengineering. Fully automated analysis is impossible because of the inherent undecidability of pre- and post- conditions. The method presented reformulates the problem to circumvent this. The reformulation is constructed so that programs which respect the pre- and post-conditions applied to them have empty slices. For those which do not respect the conditions, the slice contains statements which could potentially break the conditions. This separates the automatable part of the analysis from the human analysis
Finite Models vs Tree Automata in Safety Verification
In this paper we deal with verification of safety properties of term-rewriting systems. The verification problem is translated to a purely logical problem of finding a finite countermodel for a first-order formula, which is further resolved by a generic finite model finding procedure. A finite countermodel produced during successful verification provides with a concise description of the system invariant sufficient to demonstrate a specific safety property.
We show the relative completeness of this approach with respect to the tree automata completion technique. On a set of examples taken from the literature we demonstrate the efficiency of finite model finding approach as well as its explanatory power
Modelling Mixed Discrete-Continuous Domains for Planning
In this paper we present pddl+, a planning domain description language for
modelling mixed discrete-continuous planning domains. We describe the syntax
and modelling style of pddl+, showing that the language makes convenient the
modelling of complex time-dependent effects. We provide a formal semantics for
pddl+ by mapping planning instances into constructs of hybrid automata. Using
the syntax of HAs as our semantic model we construct a semantic mapping to
labelled transition systems to complete the formal interpretation of pddl+
planning instances. An advantage of building a mapping from pddl+ to HA theory
is that it forms a bridge between the Planning and Real Time Systems research
communities. One consequence is that we can expect to make use of some of the
theoretical properties of HAs. For example, for a restricted class of HAs the
Reachability problem (which is equivalent to Plan Existence) is decidable.
pddl+ provides an alternative to the continuous durative action model of
pddl2.1, adding a more flexible and robust model of time-dependent behaviour
Turchin's Relation for Call-by-Name Computations: A Formal Approach
Supercompilation is a program transformation technique that was first
described by V. F. Turchin in the 1970s. In supercompilation, Turchin's
relation as a similarity relation on call-stack configurations is used both for
call-by-value and call-by-name semantics to terminate unfolding of the program
being transformed. In this paper, we give a formal grammar model of
call-by-name stack behaviour. We classify the model in terms of the Chomsky
hierarchy and then formally prove that Turchin's relation can terminate all
computations generated by the model.Comment: In Proceedings VPT 2016, arXiv:1607.0183
Derivation of Constraints from Machine Learning Models and Applications to Security and Privacy
This paper shows how we can combine the power of machine learning with the flexibility of constraints. More specifically, we show how machine learning models can be represented by first-order logic theories, and how to derive these theories. The advantage of this representation is that it can be augmented with additional formulae, representing constraints of some kind on the data domain. For instance, new knowledge, or potential attackers, or fairness desiderata. We consider various kinds of learning algorithms (neural networks, k-nearest-neighbours, decision trees, support vector machines) and for each of them we show how to infer the FOL formulae. Then we focus on one particular application domain, namely the field of security and privacy. The idea is to represent the potentialities and goals of the attacker as a set of constraints, then use a constraint solver (more precisely, a solver modulo theories) to verify the satisfiability. If a solution exists, then it means that an attack is possible, otherwise, the system is safe. We show various examples from different areas of security and privacy; specifically, we consider a side-channel attack on a password checker, a malware attack on smart health systems, and a model-inversion attack on a neural network
- …