2,825 research outputs found
Why Just Boogie? Translating Between Intermediate Verification Languages
The verification systems Boogie and Why3 use their respective intermediate
languages to generate verification conditions from high-level programs. Since
the two systems support different back-end provers (such as Z3 and Alt-Ergo)
and are used to encode different high-level languages (such as C# and Java),
being able to translate between their intermediate languages would provide a
way to reuse one system's features to verify programs meant for the other. This
paper describes a translation of Boogie into WhyML (Why3's intermediate
language) that preserves semantics, verifiability, and program structure to a
large degree. We implemented the translation as a tool and applied it to 194
Boogie-verified programs of various sources and sizes; Why3 verified 83% of the
translated programs with the same outcome as Boogie. These results indicate
that the translation is often effective and practically applicable
Recommended from our members
Using formal methods to support testing
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent
years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing
Hennessy-Milner Logic with Greatest Fixed Points as a Complete Behavioural Specification Theory
There are two fundamentally different approaches to specifying and verifying
properties of systems. The logical approach makes use of specifications given
as formulae of temporal or modal logics and relies on efficient model checking
algorithms; the behavioural approach exploits various equivalence or refinement
checking methods, provided the specifications are given in the same formalism
as implementations.
In this paper we provide translations between the logical formalism of
Hennessy-Milner logic with greatest fixed points and the behavioural formalism
of disjunctive modal transition systems. We also introduce a new operation of
quotient for the above equivalent formalisms, which is adjoint to structural
composition and allows synthesis of missing specifications from partial
implementations. This is a substantial generalisation of the quotient for
deterministic modal transition systems defined in earlier papers
Introduction to the ISO specification language LOTOS
LOTOS is a specification language that has been specifically developed for the formal description of the OSI (Open Systems Interconnection) architecture, although it is applicable to distributed, concurrent systems in general. In LOTOS a system is seen as a set of processes which interact and exchange data with each other and with their environment. LOTOS is expected to become an ISO international standard by 1988
The Paths to Choreography Extraction
Choreographies are global descriptions of interactions among concurrent
components, most notably used in the settings of verification (e.g., Multiparty
Session Types) and synthesis of correct-by-construction software (Choreographic
Programming). They require a top-down approach: programmers first write
choreographies, and then use them to verify or synthesize their programs.
However, most existing software does not come with choreographies yet, which
prevents their application.
To attack this problem, we propose a novel methodology (called choreography
extraction) that, given a set of programs or protocol specifications,
automatically constructs a choreography that describes their behavior. The key
to our extraction is identifying a set of paths in a graph that represents the
symbolic execution of the programs of interest. Our method improves on previous
work in several directions: we can now deal with programs that are equipped
with a state and internal computation capabilities; time complexity is
dramatically better; we capture programs that are correct but not necessarily
synchronizable, i.e., they work because they exploit asynchronous
communication
- …