558 research outputs found
An Approach for Verifying Concurrent C Programs
International audienceAs software system and its complexity are fast growing, software correctness becomes more and more a crucial issue. We address the problem of verifying functional properties of real-time operating system (microkernel) implemented with C. We present a work-in-progress approach for formally specifying and verifying concurrent C programs directly based on the semantics of C. The basis of this approach is to automatically translate a C code into a TLA+ specification which can be checked by the TLC model checker. We define a set of translation rules and implement it in a tool (C2TLA+) that automatically translates C code into a TLA+ specification. Generated specifications can be integrated with manually written specifications that provide primitives that cannot be expressed in C, or that provide abstract versions of the generated specifications to address the state-explosion problem
Verifying Safety Properties With the TLA+ Proof System
TLAPS, the TLA+ proof system, is a platform for the development and
mechanical verification of TLA+ proofs written in a declarative style requiring
little background beyond elementary mathematics. The language supports
hierarchical and non-linear proof construction and verification, and it is
independent of any verification tool or strategy. A Proof Manager uses backend
verifiers such as theorem provers, proof assistants, SMT solvers, and decision
procedures to check TLA+ proofs. This paper documents the first public release
of TLAPS, distributed with a BSD-like license. It handles almost all the
non-temporal part of TLA+ as well as the temporal reasoning needed to prove
standard safety properties, in particular invariance and step simulation, but
not liveness properties
A Concurrent Perspective on Smart Contracts
In this paper, we explore remarkable similarities between multi-transactional
behaviors of smart contracts in cryptocurrencies such as Ethereum and classical
problems of shared-memory concurrency. We examine two real-world examples from
the Ethereum blockchain and analyzing how they are vulnerable to bugs that are
closely reminiscent to those that often occur in traditional concurrent
programs. We then elaborate on the relation between observable contract
behaviors and well-studied concurrency topics, such as atomicity, interference,
synchronization, and resource ownership. The described
contracts-as-concurrent-objects analogy provides deeper understanding of
potential threats for smart contracts, indicate better engineering practices,
and enable applications of existing state-of-the-art formal verification
techniques.Comment: 15 page
Verification of Decision Making Software in an Autonomous Vehicle: An Industrial Case Study
Correctness of autonomous driving systems is crucial as\ua0incorrect behaviour may have catastrophic consequences. Many different\ua0hardware and software components (e.g. sensing, decision making, actuation,\ua0and control) interact to solve the autonomous driving task, leading to a level of complexity that brings new challenges for the formal verification\ua0community. Though formal verification has been used to prove\ua0correctness of software, there are significant challenges in transferring\ua0such techniques to an agile software development process and to ensure\ua0widespread industrial adoption. In the light of these challenges, the identification\ua0of appropriate formalisms, and consequently the right verification\ua0tools, has significant impact on addressing them. In this paper, we\ua0evaluate the application of different formal techniques from supervisory\ua0control theory, model checking, and deductive verification to verify existing\ua0decision and control software (in development) for an autonomous\ua0vehicle. We discuss how the verification objective differs with respect tothe choice of formalism and the level of formality that can be applied.\ua0Insights from the case study show a need for multiple formal methods to\ua0prove correctness, the difficulty to capture the right level of abstraction\ua0to model and specify the formal properties for the verification objectives
Uncovering Bugs in Distributed Storage Systems during Testing (not in Production!)
Testing distributed systems is challenging due to multiple sources of nondeterminism. Conventional testing techniques, such as unit, integration and stress testing, are ineffective in preventing serious but subtle bugs from reaching production. Formal techniques, such as TLA+, can only verify high-level specifications of systems at the level of logic-based models, and fall short of checking the actual executable code. In this paper, we present a new methodology for testing distributed systems. Our approach applies advanced systematic testing techniques to thoroughly check that the executable code adheres to its high-level specifications, which significantly improves coverage of important system behaviors. Our methodology has been applied to three distributed storage systems in the Microsoft Azure cloud computing platform. In the process, numerous bugs were identified, reproduced, confirmed and fixed. These bugs required a subtle combination of concurrency and failures, making them extremely difficult to find with conventional testing techniques. An important advantage of our approach is that a bug is uncovered in a small setting and witnessed by a full system trace, which dramatically increases the productivity of debugging
Specifying time-sensitive systems with TLA+
International audienceWe present a pattern-based method to express time specifications in the language TLA+. A real-time module RealTimeNew is introduced to encapsulate the definitions of commonly used time patterns. We present a general framework to differentiate the temporal characterizations from system functionality with time constraints. The temporal specification is concise and provably as a refinement of its corresponding functional description without time. The method ameliorates the usability of TLA+ in specifying and verifying time-sensitive systems. A case study is harnessed to illustrate and validate the approach
- …