Advanced Symbolic Analysis Tools for Fault-Tolerant Integrated Distributed Systems

The project aims to develop advanced model-checking algorithms and tools to automate the verification of fault-tolerant distributed systems for avionics. We present a new method called Property-Directed K-Induction (PD-KIND) for synthesizing K-inductive invariants of state-transition systems. PD-KIND builds upon Satifiability Modulo Theories (SMT) to generalize Bradley's IC3 method and its variants. This method is implemented in a new tool called SALLY. Case studies show that PD-KIND can automatically verify fault-tolerant algorithms under a variety of fault models and that SALLY is competitive with other SMT-based model checkers

Generating Property-Directed Potential Invariants By Backward Analysis

This paper addresses the issue of lemma generation in a k-induction-based formal analysis of transition systems, in the linear real/integer arithmetic fragment. A backward analysis, powered by quantifier elimination, is used to output preimages of the negation of the proof objective, viewed as unauthorized states, or gray states. Two heuristics are proposed to take advantage of this source of information. First, a thorough exploration of the possible partitionings of the gray state space discovers new relations between state variables, representing potential invariants. Second, an inexact exploration regroups and over-approximates disjoint areas of the gray state space, also to discover new relations between state variables. k-induction is used to isolate the invariants and check if they strengthen the proof objective. These heuristics can be used on the first preimage of the backward exploration, and each time a new one is output, refining the information on the gray states. In our context of critical avionics embedded systems, we show that our approach is able to outperform other academic or commercial tools on examples of interest in our application field. The method is introduced and motivated through two main examples, one of which was provided by Rockwell Collins, in a collaborative formal verification framework.Comment: In Proceedings FTSCS 2012, arXiv:1212.657

Verification and refutation of C programs based on k -induction and invariant inference

From Springer Nature via Jisc Publications RouterHistory: registration 2020-04-23, online 2020-05-18, pub-electronic 2020-05-18, pub-print 2021-04Publication status: PublishedFunder: University of ManchesterAbstract: DepthK is a source-to-source transformation tool that employs bounded model checking (BMC) to verify and falsify safety properties in single- and multi-threaded C programs, without manual annotation of loop invariants. Here, we describe and evaluate a proof-by-induction algorithm that combines k-induction with invariant inference to prove and refute safety properties. We apply two invariant generators to produce program invariants and feed these into a k-induction-based verification algorithm implemented in DepthK, which uses the efficient SMT-based context-bounded model checker (ESBMC) as sequential verification back-end. A set of C benchmarks from the International Competition on Software Verification (SV-COMP) and embedded-system applications extracted from the available literature are used to evaluate the effectiveness of the proposed approach. Experimental results show that k-induction with invariants can handle a wide variety of safety properties, in typical programs with loops and embedded software applications from the telecommunications, control systems, and medical domains. The results of our comparative evaluation extend the knowledge about approaches that rely on both BMC and k-induction for software verification, in the following ways. (1) The proposed method outperforms the existing implementations that use k-induction with an interval-invariant generator (e.g., 2LS and ESBMC), in the category ConcurrencySafety, and overcame, in others categories, such as SoftwareSystems, other software verifiers that use plain BMC (e.g., CBMC). Also, (2) it is more precise than other verifiers based on the property-directed reachability (PDR) algorithm (i.e., SeaHorn, Vvt and CPAchecker-CTIGAR). This way, our methodology demonstrated improvement over existing BMC and k-induction-based approaches

On Equivalence and Canonical Forms in the LF Type Theory

Decidability of definitional equality and conversion of terms into canonical form play a central role in the meta-theory of a type-theoretic logical framework. Most studies of definitional equality are based on a confluent, strongly-normalizing notion of reduction. Coquand has considered a different approach, directly proving the correctness of a practical equivalance algorithm based on the shape of terms. Neither approach appears to scale well to richer languages with unit types or subtyping, and neither directly addresses the problem of conversion to canonical. In this paper we present a new, type-directed equivalence algorithm for the LF type theory that overcomes the weaknesses of previous approaches. The algorithm is practical, scales to richer languages, and yields a new notion of canonical form sufficient for adequate encodings of logical systems. The algorithm is proved complete by a Kripke-style logical relations argument similar to that suggested by Coquand. Crucially, both the algorithm itself and the logical relations rely only on the shapes of types, ignoring dependencies on terms.Comment: 41 page

p-adic path set fractals and arithmetic

This paper considers a class C(Z_p) of closed sets of the p-adic integers obtained by graph-directed constructions analogous to those of Mauldin and Williams over the real numbers. These sets are characterized as collections of those p-adic integers whose p-adic expansions are describeed by paths in the graph of a finite automaton issuing from a distinguished initial vertex. This paper shows that this class of sets is closed under the arithmetic operations of addition and multiplication by p-integral rational numbers. In addition the Minkowski sum (under p-adic addition) of two set in the class is shown to also belong to this class. These results represent purely p-adic phenomena in that analogous closure properties do not hold over the real numbers. We also show the existence of computable formulas for the Hausdorff dimensions of such sets.Comment: v1 24 pages; v2 added to title, 28 pages; v3, 30 pages, added concluding section, v.4, incorporate changes requested by reviewe

Isomorphism Conjecture for homotopy K-theory and groups acting on trees

We discuss an analogon to the Farrell-Jones Conjecture for homotopy algebraic K-theory. In particular, we prove that if a group G acts on a tree and all isotropy groups satisfy this conjecture, then G satisfies this conjecture. This result can be used to get rational injectivity results for the assembly map in the Farrell-Jones Conjecture in algebraic K-theory.Comment: 40 pages, to appear in J. Pure Applied Algebr