14,393 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Recommended from our members
Using formal methods to support testing
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent
years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing
A Survey of Languages for Specifying Dynamics: A Knowledge Engineering Perspective
A number of formal specification languages for knowledge-based systems has been developed. Characteristics for knowledge-based systems are a complex knowledge base and an inference engine which uses this knowledge to solve a given problem. Specification languages for knowledge-based systems have to cover both aspects. They have to provide the means to specify a complex and large amount of knowledge and they have to provide the means to specify the dynamic reasoning behavior of a knowledge-based system. We focus on the second aspect. For this purpose, we survey existing approaches for specifying dynamic behavior in related areas of research. In fact, we have taken approaches for the specification of information systems (Language for Conceptual Modeling and TROLL), approaches for the specification of database updates and logic programming (Transaction Logic and Dynamic Database Logic) and the generic specification framework of abstract state machine
Quantitative Safety: Linking Proof-Based Verification with Model Checking for Probabilistic Systems
This paper presents a novel approach for augmenting proof-based verification
with performance-style analysis of the kind employed in state-of-the-art model
checking tools for probabilistic systems. Quantitative safety properties
usually specified as probabilistic system invariants and modeled in proof-based
environments are evaluated using bounded model checking techniques.
Our specific contributions include the statement of a theorem that is central
to model checking safety properties of proof-based systems, the establishment
of a procedure; and its full implementation in a prototype system (YAGA) which
readily transforms a probabilistic model specified in a proof-based environment
to its equivalent verifiable PRISM model equipped with reward structures. The
reward structures capture the exact interpretation of the probabilistic
invariants and can reveal succinct information about the model during
experimental investigations. Finally, we demonstrate the novelty of the
technique on a probabilistic library case study
A Temporal Logic for Hyperproperties
Hyperproperties, as introduced by Clarkson and Schneider, characterize the
correctness of a computer program as a condition on its set of computation
paths. Standard temporal logics can only refer to a single path at a time, and
therefore cannot express many hyperproperties of interest, including
noninterference and other important properties in security and coding theory.
In this paper, we investigate an extension of temporal logic with explicit path
variables. We show that the quantification over paths naturally subsumes other
extensions of temporal logic with operators for information flow and knowledge.
The model checking problem for temporal logic with path quantification is
decidable. For alternation depth 1, the complexity is PSPACE in the length of
the formula and NLOGSPACE in the size of the system, as for linear-time
temporal logic
Propositional Dynamic Logic for Message-Passing Systems
We examine a bidirectional propositional dynamic logic (PDL) for finite and
infinite message sequence charts (MSCs) extending LTL and TLC-. By this kind of
multi-modal logic we can express properties both in the entire future and in
the past of an event. Path expressions strengthen the classical until operator
of temporal logic. For every formula defining an MSC language, we construct a
communicating finite-state machine (CFM) accepting the same language. The CFM
obtained has size exponential in the size of the formula. This synthesis
problem is solved in full generality, i.e., also for MSCs with unbounded
channels. The model checking problem for CFMs and HMSCs turns out to be in
PSPACE for existentially bounded MSCs. Finally, we show that, for PDL with
intersection, the semantics of a formula cannot be captured by a CFM anymore
Managing LTL properties in Event-B refinement
Refinement in Event-B supports the development of systems via proof based
step-wise refinement of events. This refinement approach ensures safety
properties are preserved, but additional reasoning is required in order to
establish liveness and fairness properties.
In this paper we present results which allow a closer integration of two
formal methods, Event-B and linear temporal logic. In particular we show how a
class of temporal logic properties can carry through a refinement chain of
machines. Refinement steps can include introduction of new events, event
renaming and event splitting. We also identify a general liveness property that
holds for the events of the initial system of a refinement chain. The approach
will aid developers in enabling them to verify linear temporal logic properties
at early stages of a development, knowing they will be preserved at later
stages. We illustrate the results via a simple case study
Efficient First-Order Temporal Logic for Infinite-State Systems
In this paper we consider the specification and verification of
infinite-state systems using temporal logic. In particular, we describe
parameterised systems using a new variety of first-order temporal logic that is
both powerful enough for this form of specification and tractable enough for
practical deductive verification. Importantly, the power of the temporal
language allows us to describe (and verify) asynchronous systems, communication
delays and more complex properties such as liveness and fairness properties.
These aspects appear difficult for many other approaches to infinite-state
verification.Comment: 16 pages, 2 figure
MTL-Model Checking of One-Clock Parametric Timed Automata is Undecidable
Parametric timed automata extend timed automata (Alur and Dill, 1991) in that
they allow the specification of parametric bounds on the clock values. Since
their introduction in 1993 by Alur, Henzinger, and Vardi, it is known that the
emptiness problem for parametric timed automata with one clock is decidable,
whereas it is undecidable if the automaton uses three or more parametric
clocks. The problem is open for parametric timed automata with two parametric
clocks. Metric temporal logic, MTL for short, is a widely used specification
language for real-time systems. MTL-model checking of timed automata is
decidable, no matter how many clocks are used in the timed automaton. In this
paper, we prove that MTL-model checking for parametric timed automata is
undecidable, even if the automaton uses only one clock and one parameter and is
deterministic.Comment: In Proceedings SynCoP 2014, arXiv:1403.784
- …