198,418 research outputs found
Model Checking Linear Logic Specifications
The overall goal of this paper is to investigate the theoretical foundations
of algorithmic verification techniques for first order linear logic
specifications. The fragment of linear logic we consider in this paper is based
on the linear logic programming language called LO enriched with universally
quantified goal formulas. Although LO was originally introduced as a
theoretical foundation for extensions of logic programming languages, it can
also be viewed as a very general language to specify a wide range of
infinite-state concurrent systems.
Our approach is based on the relation between backward reachability and
provability highlighted in our previous work on propositional LO programs.
Following this line of research, we define here a general framework for the
bottom-up evaluation of first order linear logic specifications. The evaluation
procedure is based on an effective fixpoint operator working on a symbolic
representation of infinite collections of first order linear logic formulas.
The theory of well quasi-orderings can be used to provide sufficient conditions
for the termination of the evaluation of non trivial fragments of first order
linear logic.Comment: 53 pages, 12 figures "Under consideration for publication in Theory
and Practice of Logic Programming
Simulated time for testing railway interlockings with TTCN-3
In this report, we first give an overview of software systems based on Vital Processor Interlocking (VPI). Interlockings guarantee safety of railway control systems, so testing these software systems is a key issue. We show why testing such systems with real time and scaled time is inefficient. We also provide a time semantics for simulated time that is more suitable for testing VPI's software. We provide a solution that allows simulated time for TTCN-3 test systems. TTCN-3 is a standard language for specifying and executing test suites. In the context of the TT-MEDAL project, TTCN-3 is applied to various domains, in particular to testing railway and automotive systems. TTCN-3 supports real-time and scaled-time testing but not simulated-time testing. The solution is based on a distributed termination detection algorithm that we extend to provide the main ingredients of simulated time: idleness detection and correct time progress. We implemented our solution as a TTCN-3 module and several Java classes that can be reused for testing other systems that have characteristics similar to those of VPI
Modular Analysis of Distributed Hybrid Systems using Post-Regions (Full Version)
We introduce a new approach to analyze distributed hybrid systems by a
generalization of rely-guarantee reasoning. First, we give a system for
deductive verification of class invariants and method contracts in
object-oriented distributed hybrid systems. In a hybrid setting, the object
invariant must not only be the post-condition of a method, but also has to hold
in the post-region of a method. The post-region describes all reachable states
after method termination before another process is guaranteed to run. The
system naturally generalizes rely-guarantee reasoning of discrete
object-oriented languages to hybrid systems and carries over its modularity to
hybrid systems: Only one dL-proof obligation is generated per method. The
post-region can be approximated using lightweight analyses and we give a
general notion of soundness for such analyses. Post-region based verification
is implemented for the Hybrid Active Object language HABS
Proving Looping and Non-Looping Non-Termination by Finite Automata
A new technique is presented to prove non-termination of term rewriting. The
basic idea is to find a non-empty regular language of terms that is closed
under rewriting and does not contain normal forms. It is automated by
representing the language by a tree automaton with a fixed number of states,
and expressing the mentioned requirements in a SAT formula. Satisfiability of
this formula implies non-termination. Our approach succeeds for many examples
where all earlier techniques fail, for instance for the S-rule from combinatory
logic
Automated verification of termination certificates
In order to increase user confidence, many automated theorem provers provide
certificates that can be independently verified. In this paper, we report on
our progress in developing a standalone tool for checking the correctness of
certificates for the termination of term rewrite systems, and formally proving
its correctness in the proof assistant Coq. To this end, we use the extraction
mechanism of Coq and the library on rewriting theory and termination called
CoLoR
Fifty years of Hoare's Logic
We present a history of Hoare's logic.Comment: 79 pages. To appear in Formal Aspects of Computin
Size-Change Termination as a Contract
Termination is an important but undecidable program property, which has led
to a large body of work on static methods for conservatively predicting or
enforcing termination. One such method is the size-change termination approach
of Lee, Jones, and Ben-Amram, which operates in two phases: (1) abstract
programs into "size-change graphs," and (2) check these graphs for the
size-change property: the existence of paths that lead to infinite decreasing
sequences.
We transpose these two phases with an operational semantics that accounts for
the run-time enforcement of the size-change property, postponing (or entirely
avoiding) program abstraction. This choice has two key consequences: (1)
size-change termination can be checked at run-time and (2) termination can be
rephrased as a safety property analyzed using existing methods for systematic
abstraction.
We formulate run-time size-change checks as contracts in the style of Findler
and Felleisen. The result compliments existing contracts that enforce partial
correctness specifications to obtain contracts for total correctness. Our
approach combines the robustness of the size-change principle for termination
with the precise information available at run-time. It has tunable overhead and
can check for nontermination without the conservativeness necessary in static
checking. To obtain a sound and computable termination analysis, we apply
existing abstract interpretation techniques directly to the operational
semantics, avoiding the need for custom abstractions for termination. The
resulting analyzer is competitive with with existing, purpose-built analyzers
- …