1,457 research outputs found
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Hybrid Systems Verification with Isabelle/HOL: Simpler Syntax, Better Models, Faster Proofs
We extend a semantic verification framework for hybrid systems with the
Isabelle/HOL proof assistant by an algebraic model for hybrid program stores, a
shallow expression model for hybrid programs and their correctness
specifications, and domain-specific deductive and calculational support. The
new store model yields clean separations and dynamic local views of variables,
e.g. discrete/continuous, mutable/immutable, program/logical, and enhanced ways
of manipulating them using combinators, projections and framing. This leads to
more local inference rules, procedures and tactics for reasoning with invariant
sets, certifying solutions of hybrid specifications or calculating derivatives
with increased proof automation and scalability. The new expression model
provides more user-friendly syntax, better control of name spaces and
interfaces connecting the framework with real-world modelling languages.Comment: 18 pages, submitted to FM 202
Crowfoot: a verifier for higher-order store programs
We present Crowfoot, an automatic verification tool for imperative programs that manipulate procedures dynamically at runtime; these programs use a heap that can store not only data but also code (commands or procedures). Such heaps are often called higher-order store, and allow for instance the creation of new recursions on the fly. One can use higher-order store to model phenomena such as runtime loading and unloading of code, runtime update of code and runtime code generation. Crowfoot's assertion language, based on separation logic, features nested Hoare triples which describe the behaviour of procedures stored on the heap. The tool addresses complex issues like deep frame rules and recursion through the store, and is the first verification tool based on recent developments in the mathematical foundations of Hoare logics with nested triples
Diagrammatic Languages and Formal Verification : A Tool-Based Approach
The importance of software correctness has been accentuated as a growing number of safety-critical systems have been developed relying on software operating these systems. One of the more prominent methods targeting the construction of a correct program is formal verification. Formal verification identifies a correct program as a program that satisfies its specification and is free of defects. While in theory formal verification guarantees a correct implementation with respect to the specification, applying formal verification techniques in practice has shown to be difficult and expensive. In response to these challenges, various support methods and tools have been suggested for all phases from program specification to proving the derived verification conditions. This thesis concerns practical verification methods applied to diagrammatic modeling languages.
While diagrammatic languages are widely used in communicating system design (e.g., UML) and behavior (e.g., state charts), most formal verification platforms require the specification to be written in a textual specification language or in the mathematical language of an underlying logical framework. One exception is invariant-based programming, in which programs together with their specifications are drawn as invariant diagrams, a type of state transition diagram annotated with intermediate assertions (preconditions, postconditions, invariants). Even though the allowed program statesâcalled situationsâare described diagrammatically, the intermediate assertions defining a situationâs meaning in the domain of the program are still written in conventional textual form. To explore the use of diagrams in expressing the intermediate assertions of invariant diagrams, we designed a pictorial language for expressing array properties. We further developed this notation into a diagrammatic domain-specific language (DSL) and implemented it as an extension to the Why3 platform. The DSL supports expression of array properties. The language is based on Reynoldsâs interval and partition diagrams and includes a construct for mapping array intervals to logic predicates.
Automated verification of a program is attained by generating the verification conditions and proving that they are true. In practice, full proof automation is not possible except for trivial programs and verifying even simple properties can require significant effort both in specification and proof stages. An animation tool which supports run-time evaluation of the program statements and intermediate assertions given any user-defined input can support this process. In particular, an execution trace leading up to a failed assertion constitutes a refutation of a verification condition that requires immediate attention. As an extension to Socos, a verificion tool for invariant diagrams built on top of the PVS proof system, we have developed an execution model where program statements and assertions can be evaluated in a given program state. A program is represented by an abstract datatype encoding the program state, together with a small-step state transition function encoding the evaluation of a single statement. This allows the programâs runtime behavior to be formally inspected during verification. We also implement animation and interactive debugging support for Socos.
The thesis also explores visualization of system development in the context of model decomposition in Event-B. Decomposing a software system becomes increasingly critical as the system grows larger, since the workload on the theorem provers must be distributed effectively. Decomposition techniques have been suggested in several verification platforms to split the models into smaller units, each having fewer verification conditions and therefore imposing a lighter load on automatic theorem provers. In this work, we have investigated a refinement-based decomposition technique that makes the development process more resilient to change in specification and allows parallel development of sub-models by a team. As part of the research, we evaluated the technique on a small case study, a simplified version of a landing gear system verification presented by Boniol and Wiels, within the Event-B specification language.Vikten av programvaras korrekthet har accentuerats dÄ ett vÀxande antal sÀkerhetskritiska system, vilka Àr beroende av programvaran som styr dessa, har utvecklas. En av de mer framtrÀdande metoderna som riktar in sig pÄ utveckling av korrekt programvara Àr formell verifiering. Inom formell verifiering avses med ett korrekt program ett program som uppfyller sina specifikationer och som Àr fritt frÄn defekter. Medan formell verifiering teoretiskt sett kan garantera ett korrekt program med avseende pÄ specifikationerna, har tillÀmpligheten av formella verifieringsmetod visat sig i praktiken vara svÄr och dyr. Till svar pÄ dessa utmaningar har ett stort antal olika stödmetoder och automatiseringsverktyg föreslagits för samtliga faser frÄn specifikationen till bevisningen av de hÀrledda korrekthetsvillkoren. Denna avhandling behandlar praktiska verifieringsmetoder applicerade pÄ diagrambaserade modelleringssprÄk.
Medan diagrambaserade sprĂ„k ofta anvĂ€nds för kommunikation av programvarudesign (t.ex. UML) samt beteende (t.ex. tillstĂ„ndsdiagram), krĂ€ver de flesta verifieringsplattformar att specifikationen kodas medelst ett textuellt specifikationsspĂ„k eller i sprĂ„ket hos det underliggande logiska ramverket. Ett undantag Ă€r invariantbaserad programmering, inom vilken ett program tillsammans med dess specifikation ritas upp som sk. invariantdiagram, en typ av tillstĂ„ndstransitionsdiagram annoterade med mellanliggande logiska villkor (förvillkor, eftervillkor, invarianter). Ăven om de tillĂ„tna programtillstĂ„ndenâsk. situationerâbeskrivs diagrammatiskt Ă€r de logiska predikaten som beskriver en situations betydelse i programmets domĂ€n fortfarande skriven pĂ„ konventionell textuell form. För att vidare undersöka anvĂ€ndningen av diagram vid beskrivningen av mellanliggande villkor inom invariantbaserad programming, har vi konstruerat ett bildbaserat sprĂ„k för villkor över arrayer. Vi har dĂ€refter vidareutvecklat detta sprĂ„k till ett diagrambaserat domĂ€n-specifikt sprĂ„k (domain-specific language, DSL) och implementerat stöd för det i verifieringsplattformen Why3. SprĂ„ket lĂ„ter anvĂ€ndaren uttrycka egenskaper hos arrayer, och Ă€r baserat pĂ„ Reynolds intevall- och partitionsdiagram samt inbegriper en konstruktion för mappning av array-intervall till logiska predikat.
Automatisk verifiering av ett program uppnÄs genom generering av korrekthetsvillkor och Ätföljande bevisning av dessa. I praktiken kan full automatisering av bevis inte uppnÄs utom för trivial program, och Àven bevisning av enkla egenskaper kan krÀva betydande anstrÀngningar bÄde vid specifikations- och bevisfaserna. Ett animeringsverktyg som stöder exekvering av sÄvÀl programmets satser som mellanliggande villkor för godtycklig anvÀndarinput kan vara till hjÀlp i denna process. SÀrskilt ett exekveringspÄr som leder upp till ett falskt mellanliggande villkor utgör ett direkt vederlÀggande (refutation) av ett bevisvillkor, vilket krÀver omedelbar uppmÀrksamhet frÄn programmeraren. Som ett tillÀgg till Socos, ett verifieringsverktyg för invariantdiagram baserat pÄ bevissystemet PVS, har vi utvecklat en exekveringsmodell dÀr programmets satser och villkor kan evalueras i ett givet programtillstÄnd. Ett program representeras av en abstrakt datatyp för programmets tillstÄnd tillsammans med en small-step transitionsfunktion för evalueringen av en enskild programsats. Detta möjliggör att ett programs exekvering formellt kan analyseras under verifieringen. Vi har ocksÄ implementerat animation och interaktiv felsökning i Socos.
Avhandlingen undersöker ocksÄ visualisering av systemutveckling i samband med modelluppdelning inom Event-B. Uppdelning av en systemmodell blir allt mer kritisk dÄ ett systemet vÀxer sig större, emedan belastningen pÄ underliggande teorembe visare mÄste fördelas effektivt. Uppdelningstekniker har föreslagits inom mÄnga olika verifieringsplattformar för att dela in modellerna i mindre enheter, sÄ att varje enhet har fÀrre verifieringsvillkor och dÀrmed innebÀr en mindre belastning pÄ de automatiska teorembevisarna. I detta arbete har vi undersökt en refinement-baserad uppdelningsteknik som gör utvecklingsprocessen mer kapabel att hantera förÀndringar hos specifikationen och som tillÄter parallell utveckling av delmodellerna inom ett team. Som en del av forskningen har vi utvÀrderat tekniken pÄ en liten fallstudie: en förenklad modell av automationen hos ett landningsstÀll av Boniol and Wiels, uttryckt i Event-B-specifikationsprÄket
A Study on Formal Verification for JavaScript Software
Information security is still a major problem for users of websites and hybrid mobile applications. While many apps and websites come with terms of service agreements between the developer and end user, there is no rigorous mechanism in place to ensure that these agreements are being followed. Formal methods can offer greater confidence that these policies are being followed, but there is currently no widely adopted tool that makes formal methods available for average consumers. After studying the current state-of-the-art in JavaScript policy enforcement and verification, this research proposes several new techniques for applying model checking to JavaScript that strikes a balance of low runtime overhead and fine-grained policy enforcement that other techniques do not achieve
Convolution, Separation and Concurrency
A notion of convolution is presented in the context of formal power series
together with lifting constructions characterising algebras of such series,
which usually are quantales. A number of examples underpin the universality of
these constructions, the most prominent ones being separation logics, where
convolution is separating conjunction in an assertion quantale; interval
logics, where convolution is the chop operation; and stream interval functions,
where convolution is used for analysing the trajectories of dynamical or
real-time systems. A Hoare logic is constructed in a generic fashion on the
power series quantale, which applies to each of these examples. In many cases,
commutative notions of convolution have natural interpretations as concurrency
operations.Comment: 39 page
- âŠ