685 research outputs found
Bounded Satisfiability for PCTL
While model checking PCTL for Markov chains is decidable in polynomial-time,
the decidability of PCTL satisfiability, as well as its finite model property,
are long standing open problems. While general satisfiability is an intriguing
challenge from a purely theoretical point of view, we argue that general
solutions would not be of interest to practitioners: such solutions could be
too big to be implementable or even infinite. Inspired by bounded synthesis
techniques, we turn to the more applied problem of seeking models of a bounded
size: we restrict our search to implementable -- and therefore reasonably
simple -- models. We propose a procedure to decide whether or not a given PCTL
formula has an implementable model by reducing it to an SMT problem. We have
implemented our techniques and found that they can be applied to the practical
problem of sanity checking -- a procedure that allows a system designer to
check whether their formula has an unexpectedly small model
Deciding the Satisfiability of MITL Specifications
In this paper we present a satisfiability-preserving reduction from MITL
interpreted over finitely-variable continuous behaviors to Constraint LTL over
clocks, a variant of CLTL that is decidable, and for which an SMT-based bounded
satisfiability checker is available. The result is a new complete and effective
decision procedure for MITL. Although decision procedures for MITL already
exist, the automata-based techniques they employ appear to be very difficult to
realize in practice, and, to the best of our knowledge, no implementation
currently exists for them. A prototype tool for MITL based on the encoding
presented here has, instead, been implemented and is publicly available.Comment: In Proceedings GandALF 2013, arXiv:1307.416
Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis
The safety of infinite state systems can be checked by a backward
reachability procedure. For certain classes of systems, it is possible to prove
the termination of the procedure and hence conclude the decidability of the
safety problem. Although backward reachability is property-directed, it can
unnecessarily explore (large) portions of the state space of a system which are
not required to verify the safety property under consideration. To avoid this,
invariants can be used to dramatically prune the search space. Indeed, the
problem is to guess such appropriate invariants. In this paper, we present a
fully declarative and symbolic approach to the mechanization of backward
reachability of infinite state systems manipulating arrays by Satisfiability
Modulo Theories solving. Theories are used to specify the topology and the data
manipulated by the system. We identify sufficient conditions on the theories to
ensure the termination of backward reachability and we show the completeness of
a method for invariant synthesis (obtained as the dual of backward
reachability), again, under suitable hypotheses on the theories. We also
present a pragmatic approach to interleave invariant synthesis and backward
reachability so that a fix-point for the set of backward reachable states is
more easily obtained. Finally, we discuss heuristics that allow us to derive an
implementation of the techniques in the model checker MCMT, showing remarkable
speed-ups on a significant set of safety problems extracted from a variety of
sources.Comment: Accepted for publication in Logical Methods in Computer Scienc
Verifying temporal specifications of Java programs
none5Many Java programs encode temporal behaviors in their source code, typically mixing three features provided by the Java language: (1) pausing the execution for a limited amount of time, (2) waiting for an event that has to occur before a deadline expires, and (3) comparing timestamps. In this work, we show how to exploit modern SMT solvers together with static analysis in order to produce a network of timed automata approximating the temporal behavior of a set of Java threads. We also prove that the presented abstraction preserves the truth of MTL and ATCTL formulae, two well-known logics for expressing timed specifications. As far as we know, this is the first feasible approach enabling the user to automatically model check timed specifications of Java software directly from the source code.openSpegni F.; Spalazzi L.; Liva G.; Pinzger M.; Bollin A.Spegni, F.; Spalazzi, L.; Liva, G.; Pinzger, M.; Bollin, A
Verifying temporal specifications of Java programs
Many Java programs encode temporal behaviors in their source code, typically mixing three features provided by the Java language: (1) pausing the execution for a limited amount of time, (2) waiting for an event that has to occur before a deadline expires, and (3) comparing timestamps. In this work, we show how to exploit modern SMT solvers together with static analysis in order to produce a network of timed automata approximating the temporal behavior of a set of Java threads. We also prove that the presented abstraction preserves the truth of MTL and ATCTL formulae, two well-known logics for expressing timed specifications. As far as we know, this is the first feasible approach enabling the user to automatically model check timed specifications of Java software directly from the source code
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Real-time MTL with durations as SMT with applications to schedulability analysis
This paper introduces a synthesis procedure for the satisfiability problem of RMTL-D formulas as SAT solving modulo theories. RMTL-D is a real-time version of metric temporal logic (MTL) extended by a duration quantifier allowing to measure time durations. For any given formula, a SAT instance modulo the theory of arrays, uninterpreted functions with equality and non-linear real-arithmetic is synthesized and may then be further investigated using appropriate SMT solvers. We show the benefits of using RMTL-D with the given SMT encoding on a diversified set of examples that include in particular its application in the area of schedulability analysis. Therefore, we introduce a simple language for formalizing schedulability problems and show how to formulate timing constraints as RMTL-D formulas. Our practical evaluation based on our synthesis and Z3 as back-end SMT solver also shows the feasibility of the overall approach.This work was partially supported by BMVI project IHATEC / SecurePort; by National Funds through FCT/M- CTES (Portuguese Foundation for Science and Technology), within the CISTER Research Unit (UID/CEC/04234) and the INESC TEC (UIDB/50014/2020); also by the Norte Portugal Regional Operational Programme (NORTE 2020) under the Portugal 2020 Partnership Agreement, through the European Regional Development Fund (ERDF) and also by national funds through the FCT, within project NORTE-01-0145- FEDER-028550 (REASSURE)
- …