3,484 research outputs found
Abstract State Machines 1988-1998: Commented ASM Bibliography
An annotated bibliography of papers which deal with or use Abstract State
Machines (ASMs), as of January 1998.Comment: Also maintained as a BibTeX file at http://www.eecs.umich.edu/gasm
Soft Contract Verification
Behavioral software contracts are a widely used mechanism for governing the
flow of values between components. However, run-time monitoring and enforcement
of contracts imposes significant overhead and delays discovery of faulty
components to run-time.
To overcome these issues, we present soft contract verification, which aims
to statically prove either complete or partial contract correctness of
components, written in an untyped, higher-order language with first-class
contracts. Our approach uses higher-order symbolic execution, leveraging
contracts as a source of symbolic values including unknown behavioral values,
and employs an updatable heap of contract invariants to reason about
flow-sensitive facts. We prove the symbolic execution soundly approximates the
dynamic semantics and that verified programs can't be blamed.
The approach is able to analyze first-class contracts, recursive data
structures, unknown functions, and control-flow-sensitive refinements of
values, which are all idiomatic in dynamic languages. It makes effective use of
an off-the-shelf solver to decide problems without heavy encodings. The
approach is competitive with a wide range of existing tools---including type
systems, flow analyzers, and model checkers---on their own benchmarks.Comment: ICFP '14, September 1-6, 2014, Gothenburg, Swede
Modelling and Refinement in CODA
This paper provides an overview of the CODA framework for modelling and
refinement of component-based embedded systems. CODA is an extension of Event-B
and UML-B and is supported by a plug-in for the Rodin toolset. CODA augments
Event-B with constructs for component-based modelling including components,
communications ports, port connectors, timed communications and timing
triggers. Component behaviour is specified through a combination of UML-B state
machines and Event-B. CODA communications and timing are given an Event-B
semantics through translation rules. Refinement is based on Event-B refinement
and allows layered construction of CODA models in a consistent way.Comment: In Proceedings Refine 2013, arXiv:1305.563
Monadic Sequence Testing and Explicit Test-Refinements
We present an abstract framework for sequence testing that is implemented in Isabelle/HOL-TestGen. Our framework is based on the theory of state-exception monads, explicitly modelled in HOL, and can cope with typed input and output, interleaving executions including abort, and synchronisation. The framework is particularly geared towards symbolic execution and has proven effective in several large case-studies involving system models based on large (or infinite) state. On this basis, we rephrase the concept of test-refinements for inclusion, deadlock and IOCO-like tests, together with a formal theory of its rela- tion to traditional, IO-automata based notions
A Verified Information-Flow Architecture
SAFE is a clean-slate design for a highly secure computer system, with
pervasive mechanisms for tracking and limiting information flows. At the lowest
level, the SAFE hardware supports fine-grained programmable tags, with
efficient and flexible propagation and combination of tags as instructions are
executed. The operating system virtualizes these generic facilities to present
an information-flow abstract machine that allows user programs to label
sensitive data with rich confidentiality policies. We present a formal,
machine-checked model of the key hardware and software mechanisms used to
dynamically control information flow in SAFE and an end-to-end proof of
noninterference for this model.
We use a refinement proof methodology to propagate the noninterference
property of the abstract machine down to the concrete machine level. We use an
intermediate layer in the refinement chain that factors out the details of the
information-flow control policy and devise a code generator for compiling such
information-flow policies into low-level monitor code. Finally, we verify the
correctness of this generator using a dedicated Hoare logic that abstracts from
low-level machine instructions into a reusable set of verified structured code
generators
- …