2,107 research outputs found
Synthesizing Robust Systems with RATSY
Specifications for reactive systems often consist of environment assumptions
and system guarantees. An implementation should not only be correct, but also
robust in the sense that it behaves reasonably even when the assumptions are
(temporarily) violated. We present an extension of the requirements analysis
and synthesis tool RATSY that is able to synthesize robust systems from GR(1)
specifications, i.e., system in which a finite number of safety assumption
violations is guaranteed to induce only a finite number of safety guarantee
violations. We show how the specification can be turned into a two-pair Streett
game, and how a winning strategy corresponding to a correct and robust
implementation can be computed. Finally, we provide some experimental results.Comment: In Proceedings SYNT 2012, arXiv:1207.055
A Peered Bulletin Board for Robust Use in Verifiable Voting Systems
The Web Bulletin Board (WBB) is a key component of verifiable election
systems. It is used in the context of election verification to publish evidence
of voting and tallying that voters and officials can check, and where
challenges can be launched in the event of malfeasance. In practice, the
election authority has responsibility for implementing the web bulletin board
correctly and reliably, and will wish to ensure that it behaves correctly even
in the presence of failures and attacks. To ensure robustness, an
implementation will typically use a number of peers to be able to provide a
correct service even when some peers go down or behave dishonestly. In this
paper we propose a new protocol to implement such a Web Bulletin Board,
motivated by the needs of the vVote verifiable voting system. Using a
distributed algorithm increases the complexity of the protocol and requires
careful reasoning in order to establish correctness. Here we use the Event-B
modelling and refinement approach to establish correctness of the peered design
against an idealised specification of the bulletin board behaviour. In
particular we show that for n peers, a threshold of t > 2n/3 peers behaving
correctly is sufficient to ensure correct behaviour of the bulletin board
distributed design. The algorithm also behaves correctly even if honest or
dishonest peers temporarily drop out of the protocol and then return. The
verification approach also establishes that the protocols used within the
bulletin board do not interfere with each other. This is the first time a
peered web bulletin board suite of protocols has been formally verified.Comment: 49 page
FastPay: High-Performance Byzantine Fault Tolerant Settlement
FastPay allows a set of distributed authorities, some of which are Byzantine,
to maintain a high-integrity and availability settlement system for pre-funded
payments. It can be used to settle payments in a native unit of value
(crypto-currency), or as a financial side-infrastructure to support retail
payments in fiat currencies. FastPay is based on Byzantine Consistent Broadcast
as its core primitive, foregoing the expenses of full atomic commit channels
(consensus). The resulting system has low-latency for both confirmation and
payment finality. Remarkably, each authority can be sharded across many
machines to allow unbounded horizontal scalability. Our experiments demonstrate
intra-continental confirmation latency of less than 100ms, making FastPay
applicable to point of sale payments. In laboratory environments, we achieve
over 80,000 transactions per second with 20 authorities---surpassing the
requirements of current retail card payment networks, while significantly
increasing their robustness
Pruning, Pushdown Exception-Flow Analysis
Statically reasoning in the presence of exceptions and about the effects of
exceptions is challenging: exception-flows are mutually determined by
traditional control-flow and points-to analyses. We tackle the challenge of
analyzing exception-flows from two angles. First, from the angle of pruning
control-flows (both normal and exceptional), we derive a pushdown framework for
an object-oriented language with full-featured exceptions. Unlike traditional
analyses, it allows precise matching of throwers to catchers. Second, from the
angle of pruning points-to information, we generalize abstract garbage
collection to object-oriented programs and enhance it with liveness analysis.
We then seamlessly weave the techniques into enhanced reachability computation,
yielding highly precise exception-flow analysis, without becoming intractable,
even for large applications. We evaluate our pruned, pushdown exception-flow
analysis, comparing it with an established analysis on large scale standard
Java benchmarks. The results show that our analysis significantly improves
analysis precision over traditional analysis within a reasonable analysis time.Comment: 14th IEEE International Working Conference on Source Code Analysis
and Manipulatio
- …