3,976 research outputs found
The Past, Present, and Future(s): Verifying Temporal Software Properties
Software systems are increasingly present in every aspect of our society, as their deployment can be witnessed from seemingly trivial applications of light switches, to critical control systems of nuclear facilities. In the context of critical systems, software faults and errors could potentially lead to detrimental consequences, thus more rigorous methodologies beyond the scope of testing need be applied to software systems. Formal verification, the concept of being able to mathematically prove the correctness of an algorithm with respect to a mathematical formal specification, can indeed help us prevent these failures. A popular specification language for these formal specifications is temporal logic, due to its intuitive, yet precise expressions that can be utilized to both specify and verify fundamental properties pertaining to software systems. Temporal logic can express properties pertaining to safety, liveness, termination, non-termination, and more with regards to various systems such as Windows device drivers, kernel APIs, database servers, etc. This dissertation thus presents automated scalable techniques for verifying expressive temporal logic properties of software systems, specifically those beyond the scope of existing techniques. Furthermore, this work considers the temporal sub-logics fair-CTL, CTL*, and CTL*lp, as verifying these more expressive sub-logics has been an outstanding research problem. We begin building our framework by introducing a novel scalable and high-performance CTL verification technique. Our CTL methodology is unique relative to existing techniques in that it facilitates reasoning about more expressive temporal logics. In particular, it allows us to further introduce various methodologies that allow us to verify fair-CTL, CTL*, and CTL*lp. We support the verification of fair-CTL through a reduction to our CTL model checking technique via the use of infinite non-deterministic branching to symbolically partition fair from unfair executions. For CTL∗, we propose a method that uses an internal encoding which facilitates reasoning about the subtle interplay between the nesting of path and state temporal operators that occurs within CTL∗ proofs. A precondition synthesis strategy is then used over a program transformation which trades nondeterminism in the transition relation for nondeterminism explicit in variables predicting future outcomes when necessary. Finally, we propose a linear-past extension to CTL*, that being CTL*lp, in which the past is linear and each moment in time has a unique past. We support this extension through the use of history variables over our CTL∗ technique. We demonstrate the fully automated implementation of our techniques, and report our bench- marks carried out on code fragments from the PostgreSQL database server, Apache web server, Windows OS kernel, as well as smaller programs demonstrating the expressiveness of fair-CTL, CTL*, and CTL*lp specifications. Together, these novel methodologies lead to a new class of fully automated tools capable of proving crucial properties that no tool could previously prove in the infinite-state setting
Dynamic reconfiguration of GCM components
We detail in this report past research and current/future developments in formal specification of Grid component systems by temporal logic and consequent resolution technique, for an automated dynamic reconfiguration of components. It is analysed the specification procedure of GCM (Grid Component Model) components and infrastructure in respect to their state behaviour, and the verification process in a dynamic and reconfigurable distributed system. Furthermore it is demonstrated how an automata based method is used to achieve the specification, as well as how the enrichment of the temporal specification language of Computation Tree Logic CTL with the ability to capture norms, allows to formally define the concept of reconfiguration
Flow Logic
Flow networks have attracted a lot of research in computer science. Indeed,
many questions in numerous application areas can be reduced to questions about
flow networks. Many of these applications would benefit from a framework in
which one can formally reason about properties of flow networks that go beyond
their maximal flow. We introduce Flow Logics: modal logics that treat flow
functions as explicit first-order objects and enable the specification of rich
properties of flow networks. The syntax of our logic BFL* (Branching Flow
Logic) is similar to the syntax of the temporal logic CTL*, except that atomic
assertions may be flow propositions, like or , for
, which refer to the value of the flow in a vertex, and
that first-order quantification can be applied both to paths and to flow
functions. We present an exhaustive study of the theoretical and practical
aspects of BFL*, as well as extensions and fragments of it. Our extensions
include flow quantifications that range over non-integral flow functions or
over maximal flow functions, path quantification that ranges over paths along
which non-zero flow travels, past operators, and first-order quantification of
flow values. We focus on the model-checking problem and show that it is
PSPACE-complete, as it is for CTL*. Handling of flow quantifiers, however,
increases the complexity in terms of the network to , even
for the LFL and BFL fragments, which are the flow-counterparts of LTL and CTL.
We are still able to point to a useful fragment of BFL* for which the
model-checking problem can be solved in polynomial time. Finally, we introduce
and study the query-checking problem for BFL*, where under-specified BFL*
formulas are used for network exploration
Specification Patterns for Robotic Missions
Mobile and general-purpose robots increasingly support our everyday life,
requiring dependable robotics control software. Creating such software mainly
amounts to implementing their complex behaviors known as missions. Recognizing
the need, a large number of domain-specific specification languages has been
proposed. These, in addition to traditional logical languages, allow the use of
formally specified missions for synthesis, verification, simulation, or guiding
the implementation. For instance, the logical language LTL is commonly used by
experts to specify missions, as an input for planners, which synthesize the
behavior a robot should have. Unfortunately, domain-specific languages are
usually tied to specific robot models, while logical languages such as LTL are
difficult to use by non-experts. We present a catalog of 22 mission
specification patterns for mobile robots, together with tooling for
instantiating, composing, and compiling the patterns to create mission
specifications. The patterns provide solutions for recurrent specification
problems, each of which detailing the usage intent, known uses, relationships
to other patterns, and---most importantly---a template mission specification in
temporal logic. Our tooling produces specifications expressed in the LTL and
CTL temporal logics to be used by planners, simulators, or model checkers. The
patterns originate from 245 realistic textual mission requirements extracted
from the robotics literature, and they are evaluated upon a total of 441
real-world mission requirements and 1251 mission specifications. Five of these
reflect scenarios we defined with two well-known industrial partners developing
human-size robots. We validated our patterns' correctness with simulators and
two real robots
On the Complexity of ATL and ATL* Module Checking
Module checking has been introduced in late 1990s to verify open systems,
i.e., systems whose behavior depends on the continuous interaction with the
environment. Classically, module checking has been investigated with respect to
specifications given as CTL and CTL* formulas. Recently, it has been shown that
CTL (resp., CTL*) module checking offers a distinctly different perspective
from the better-known problem of ATL (resp., ATL*) model checking. In
particular, ATL (resp., ATL*) module checking strictly enhances the
expressiveness of both CTL (resp., CTL*) module checking and ATL (resp. ATL*)
model checking. In this paper, we provide asymptotically optimal bounds on the
computational cost of module checking against ATL and ATL*, whose upper bounds
are based on an automata-theoretic approach. We show that module-checking for
ATL is EXPTIME-complete, which is the same complexity of module checking
against CTL. On the other hand, ATL* module checking turns out to be
3EXPTIME-complete, hence exponentially harder than CTL* module checking.Comment: In Proceedings GandALF 2017, arXiv:1709.0176
- …