Runtime verification using Valour

In this paper we give an overview of Valour, a runtime verification tool which has been developed in the context of a project to act as a backend verification tool for financial transaction software. A Valour script is written by the user and is then compiled into a verification system. Although, developed as part of a project, the tool has been designed as a stand-alone general-purpose verification engine with a particular emphasis on event consumption. The strong points of Valour when compared to other runtime verification tools is its focus on scalability and robustness.peer-reviewe

Integrating formal methods into medical software development : the ASM approach

Medical devices are safety-critical systems since their malfunctions can seriously compromise human safety. Correct operation of a medical device depends upon the controlling software, whose development should adhere to certification standards. However, these standards provide general descriptions of common software engineering activities without any indication regarding particular methods and techniques to assure safety and reliability. This paper discusses how to integrate the use of a formal approach into the current normative for the medical software development. The rigorous process is based on the Abstract State Machine (ASM) formal method, its refinement principle, and model analysis approaches the method supports. The hemodialysis machine case study is used to show how the ASM-based design process covers most of the engineering activities required by the related standards, and provides rigorous approaches for medical software validation and verification

PranCS: A protocol and discrete controller synthesis tool

© 2017, Springer International Publishing AG. PranCS is a tool for synthesizing protocol adapters and discrete controllers. It exploits general search techniques such as simulated annealing and genetic programming for homing in on correct solutions, and evaluates the fitness of candidates by using model-checking results. Our Proctocol and Controller Synthesis (PranCS) tool uses NuSMV as a back-end for the individual model-checking tasks and a simple candidate mutator to drive the search. PranCS is also designed to explore the parameter space of the search techniques it implements. In this paper, we use PranCS to study the influence of turning various parameters in the synthesis process

Tightening the contract refinements of a system architecture

Contract-based design is an emerging paradigm for correct-by-construction hierarchical systems: components are associated with assumptions and guarantees expressed as formal properties; the architecture is analyzed by verifying that each contract of composite components is correctly refined by the contracts of its subcomponents. The approach is very efficient, because the overall correctness proof is decomposed into proofs local to each component. However, the process for the contract specification and refinement is quite expensive because the requirements are formalized into formal properties, where part of the complexity is delegated to the designer, who has the burden of specifying the contracts. Typical problems include understanding which contracts are necessary, and how they can be simplified without breaking the correctness of the refinement and other refinements in case some subcontracts are shared. In this paper, we tackle these problems by proposing a technique to understand and simplify the contract refinements of a system architecture during the development process for the contract specification and refinement. The technique, called tightening, is based on parameter synthesis. The idea is to generate a set of parametric proof obligations, where each parameter evaluation corresponds to a variant of the original(s) contract refinement(s), and to search for tighter variants of the contracts that still ensure the correctness of the refinement(s). We cast this approach in the OCRA framework, where contracts are expressed with LTL formulas, and we evaluate its performance and effectiveness on a number of benchmarks.Fil: Cimatti, Alessandro. Fondazione Bruno Kessler; ItaliaFil: Demasi, Ramiro Adrian. Fondazione Bruno Kessler; Italia. Universidad Nacional de Córdoba. Facultad de Matemática, Astronomía y Física. Sección Ciencias de la Computación; ArgentinaFil: Tonetta, Stefano. Fondazione Bruno Kessler; Itali

Software Engineering and Formal Methods [electronic resource] : 14th International Conference, SEFM 2016, Held as Part of STAF 2016, Vienna, Austria, July 4-8, 2016, Proceedings /

This book constitutes the proceedings of the 14th International Conference on Software Engineering and Formal Methods, SEFM 2016, held as part of STAF 2016, in Vienna, Austria, in July 2016. The 20 full and 5 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They were organized in topical sections named: concurrency and non-interference; program analysis; model checking; verification; interaction and adaptation; and development methods.Invited Papers -- Abstractions, Semantic Models and Analysis Tools for Concurrent Systems: Progress and Open Problems -- Satisfiability Checking: Theory and Applications -- Concurrency and Non-Interference -- Automatic Derivation of Platform Noninterference Properties -- Linearizability and Causality -- Refinement-based verification of Communicating Unstructured Code -- Guided Dynamic Symbolic Execution Using Subgraph Control-Flow Information (short paper) -- Program Analysis -- Correlating Structured Inputs and Outputs in Functional Specifications -- Combining Predicate Abstraction with Fixpoint Approximations -- Finding Boundary Elements in Ordered Sets with Application to Safety and Requirements Analysis -- Combining Abstract Interpretation with Symbolic Execution for a Static Value Range Analysis of Block Diagrams -- Model Checking -- Program Generation using Simulated Annealing and Model Checking -- LTL Parameter Synthesis of Parametric Timed Automata -- Model checking simulation rules for linearizability -- LTL Model Checking under Fairness in ProB (short paper) -- Verification -- Counterexamples from Proof Failures in SPARK -- Proving Termination of Programs with Bitvector Arithmetic by Symbolic Execution -- SMT-based automatic proof of ASM model refinement -- Coq Implementation of OO Verification Framework VeriJ (short paper) -- Towards a Proof Framework for Information Systems with Weak Consistency (short paper) -- Interaction and Adaptation -- A Cognitive Framework based on Rewriting Logic for the Analysis of Interactive Systems -- Incentive Stackelberg Mean-payoff Games -- Stability-based Adaptation of Asynchronously Communicating Software -- Compliance Checking in the Open Payments Ecosystem (short paper) -- Development Methods -- CoCoSpec: A mode aware contract language -- Modularizing Crosscutting Concerns in Component-Based Systems -- Tightening a Contract Refinement -- BMotionWeb: A Tool for Rapid Creation of Formal Prototypes.This book constitutes the proceedings of the 14th International Conference on Software Engineering and Formal Methods, SEFM 2016, held as part of STAF 2016, in Vienna, Austria, in July 2016. The 20 full and 5 short papers presented in this volume were carefully reviewed and selected from 88 submissions. They were organized in topical sections named: concurrency and non-interference; program analysis; model checking; verification; interaction and adaptation; and development methods

Model Checking Spatial Logics for Closure Spaces

Spatial aspects of computation are becoming increasingly relevant in Computer Science, especially in the field of collective adaptive systems and when dealing with systems distributed in physical space. Traditional formal verification techniques are well suited to analyse the temporal evolution of programs; however, properties of space are typically not taken into account explicitly. We present a topology-based approach to formal verification of spatial properties depending upon physical space. We define an appropriate logic, stemming from the tradition of topological interpretations of modal logics, dating back to earlier logicians such as Tarski, where modalities describe neighbourhood. We lift the topological definitions to the more general setting of closure spaces, also encompassing discrete, graph-based structures. We extend the framework with a spatial surrounded operator, a propagation operator and with some collective operators. The latter are interpreted over arbitrary sets of points instead of individual points in space. We define efficient model checking procedures, both for the individual and the collective spatial fragments of the logic and provide a proof-of-concept tool

The Adversarial Stackelberg Value in Quantitative Games

In this paper, we study the notion of adversarial Stackelberg value for two-player non-zero sum games played on bi-weighted graphs with the mean-payoff and the discounted sum functions. The adversarial Stackelberg value of Player 0 is the largest value that Player 0 can obtain when announcing her strategy to Player 1 which in turn responds with any of his best response. For the mean-payoff function, we show that the adversarial Stackelberg value is not always achievable but epsilon-optimal strategies exist. We show how to compute this value and prove that the associated threshold problem is in NP. For the discounted sum payoff function, we draw a link with the target discounted sum problem which explains why the problem is difficult to solve for this payoff function. We also provide solutions to related gap problems.Comment: long version of an ICALP'20 pape

Fragility and Robustness in Mean-payoff Adversarial Stackelberg Games

Two-player mean-payoff Stackelberg games are nonzero-sum infinite duration games played on a bi-weighted graph by a leader (Player~0) and a follower (Player~1). Such games are played sequentially: first, the leader announces her strategy, second, the follower chooses his strategy. This pair of strategies defines a unique infinite path in the graph and both players receive their respective payoff computed as the mean of the rewards that they receive when traversing edges along the infinite path. As a consequence, if we assume that the follower is rational then we can deduce that the follower's response to the leader strategy is a strategy that maximizes his payoff against the strategy proposed by the leader; it is thus a best-response to this strategy. Knowing that, the leader should choose a strategy that maximizes the payoff that she receives when the follower chooses a best-response to her strategy. If we cannot impose which best-response is chosen by the follower, we say that the follower, though strategic, is \emph{adversarial} towards the leader. The maximal value that the leader can get in this nonzero-sum game is called the {\em adversarial Stackelberg value} of the game. First, we show that the nonzero-sum nature of the mean-payoff Stackelberg game makes it fragile against modelling imprecisions. This is in contrast with mean-payoff games in the zero-sum setting which are robust. Second, we show how robustness is recovered when considering $\epsilon$-best responses of the follower instead of best-responses only. This lead to the notion of $\epsilon$-adversarial Stackelberg value. Third, we provide algorithms to decide the threshold problem for this robust value as well as ways to compute it effectively. Finally, we characterize the memory needed by the strategies of the leader and the follower in these games.Comment: Added discussion on fragility and robustness of mean-payoff games for both non-zero sum and zero-sum cases, and new results on NP-completeness of games restricted to memoryless strategies of the leade