857 research outputs found
A framework for proof certificates in finite state exploration
Model checkers use automated state exploration in order to prove various
properties such as reachability, non-reachability, and bisimulation over state
transition systems. While model checkers have proved valuable for locating
errors in computer models and specifications, they can also be used to prove
properties that might be consumed by other computational logic systems, such as
theorem provers. In such a situation, a prover must be able to trust that the
model checker is correct. Instead of attempting to prove the correctness of a
model checker, we ask that it outputs its "proof evidence" as a formally
defined document--a proof certificate--and that this document is checked by a
trusted proof checker. We describe a framework for defining and checking proof
certificates for a range of model checking problems. The core of this framework
is a (focused) proof system that is augmented with premises that involve "clerk
and expert" predicates. This framework is designed so that soundness can be
guaranteed independently of any concerns for the correctness of the clerk and
expert specifications. To illustrate the flexibility of this framework, we
define and formally check proof certificates for reachability and
non-reachability in graphs, as well as bisimulation and non-bisimulation for
labeled transition systems. Finally, we describe briefly a reference checker
that we have implemented for this framework.Comment: In Proceedings PxTP 2015, arXiv:1507.0837
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Incremental bounded model checking for embedded software
Program analysis is on the brink of mainstream usage in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and test case generation are some of the most common applications of automated verification tools based on bounded model checking (BMC). Existing industrial tools for embedded software use an off-the-shelf bounded model checker and apply it iteratively to verify the program with an increasing number of unwindings. This approach unnecessarily wastes time repeating work that has already been done and fails to exploit the power of incremental SAT solving. This article reports on the extension of the software model checker CBMC to support incremental BMC and its successful integration with the industrial embedded software verification tool BTC EMBEDDED TESTER. We present an extensive evaluation over large industrial embedded programs, mainly from the automotive industry. We show that incremental BMC cuts runtimes by one order of magnitude in comparison to the standard non-incremental approach, enabling the application of formal verification to large and complex embedded software. We furthermore report promising results on analysing programs with arbitrary loop structure using incremental BMC, demonstrating its applicability and potential to verify general software beyond the embedded domain
Bounded LTL Model Checking with Stable Models
In this paper bounded model checking of asynchronous concurrent systems is
introduced as a promising application area for answer set programming. As the
model of asynchronous systems a generalisation of communicating automata,
1-safe Petri nets, are used. It is shown how a 1-safe Petri net and a
requirement on the behaviour of the net can be translated into a logic program
such that the bounded model checking problem for the net can be solved by
computing stable models of the corresponding program. The use of the stable
model semantics leads to compact encodings of bounded reachability and deadlock
detection tasks as well as the more general problem of bounded model checking
of linear temporal logic. Correctness proofs of the devised translations are
given, and some experimental results using the translation and the Smodels
system are presented.Comment: 32 pages, to appear in Theory and Practice of Logic Programmin
SAT-Based Synthesis Methods for Safety Specs
Automatic synthesis of hardware components from declarative specifications is
an ambitious endeavor in computer aided design. Existing synthesis algorithms
are often implemented with Binary Decision Diagrams (BDDs), inheriting their
scalability limitations. Instead of BDDs, we propose several new methods to
synthesize finite-state systems from safety specifications using decision
procedures for the satisfiability of quantified and unquantified Boolean
formulas (SAT-, QBF- and EPR-solvers). The presented approaches are based on
computational learning, templates, or reduction to first-order logic. We also
present an efficient parallelization, and optimizations to utilize reachability
information and incremental solving. Finally, we compare all methods in an
extensive case study. Our new methods outperform BDDs and other existing work
on some classes of benchmarks, and our parallelization achieves a super-linear
speedup. This is an extended version of [5], featuring an additional appendix.Comment: Extended version of a paper at VMCAI'1
Liveness of Randomised Parameterised Systems under Arbitrary Schedulers (Technical Report)
We consider the problem of verifying liveness for systems with a finite, but
unbounded, number of processes, commonly known as parameterised systems.
Typical examples of such systems include distributed protocols (e.g. for the
dining philosopher problem). Unlike the case of verifying safety, proving
liveness is still considered extremely challenging, especially in the presence
of randomness in the system. In this paper we consider liveness under arbitrary
(including unfair) schedulers, which is often considered a desirable property
in the literature of self-stabilising systems. We introduce an automatic method
of proving liveness for randomised parameterised systems under arbitrary
schedulers. Viewing liveness as a two-player reachability game (between
Scheduler and Process), our method is a CEGAR approach that synthesises a
progress relation for Process that can be symbolically represented as a
finite-state automaton. The method is incremental and exploits both
Angluin-style L*-learning and SAT-solvers. Our experiments show that our
algorithm is able to prove liveness automatically for well-known randomised
distributed protocols, including Lehmann-Rabin Randomised Dining Philosopher
Protocol and randomised self-stabilising protocols (such as the Israeli-Jalfon
Protocol). To the best of our knowledge, this is the first fully-automatic
method that can prove liveness for randomised protocols.Comment: Full version of CAV'16 pape
Approaching the Coverability Problem Continuously
The coverability problem for Petri nets plays a central role in the
verification of concurrent shared-memory programs. However, its high
EXPSPACE-complete complexity poses a challenge when encountered in real-world
instances. In this paper, we develop a new approach to this problem which is
primarily based on applying forward coverability in continuous Petri nets as a
pruning criterion inside a backward coverability framework. A cornerstone of
our approach is the efficient encoding of a recently developed polynomial-time
algorithm for reachability in continuous Petri nets into SMT. We demonstrate
the effectiveness of our approach on standard benchmarks from the literature,
which shows that our approach decides significantly more instances than any
existing tool and is in addition often much faster, in particular on large
instances.Comment: 18 pages, 4 figure
A Supervisory Control Algorithm Based on Property-Directed Reachability
We present an algorithm for synthesising a controller (supervisor) for a
discrete event system (DES) based on the property-directed reachability (PDR)
model checking algorithm. The discrete event systems framework is useful in
both software, automation and manufacturing, as problems from those domains can
be modelled as discrete supervisory control problems. As a formal framework,
DES is also similar to domains for which the field of formal methods for
computer science has developed techniques and tools. In this paper, we attempt
to marry the two by adapting PDR to the problem of controller synthesis. The
resulting algorithm takes as input a transition system with forbidden states
and uncontrollable transitions, and synthesises a safe and
minimally-restrictive controller, correct-by-design. We also present an
implementation along with experimental results, showing that the algorithm has
potential as a part of the solution to the greater effort of formal supervisory
controller synthesis and verification.Comment: 16 pages; presented at Haifa Verification Conference 2017, the final
publication is available at Springer via
https://doi.org/10.1007/978-3-319-70389-3_
- …