Executable formal specifications of complex distributed systems with CoreASM

Formal specifications play a crucial role in the design of reliable complex software systems. Executable formal specifications allow the designer to attain early validation and verification of design using static analysis techniques and accurate simulation of the runtime behavior of the system-to-be. With increasing complexity of software-intensive computer-based systems and the challenges of validation and verification of abstract software models prior to coding, the need for interactive software tools supporting executable formal specifications is even more evident. In this paper, we discuss how CoreASM, an environment for writing and running executable specifications according to the ASM method, provides flexibility and manages the complexity by using an innovative extensible language architecture

Using automated reasoning in the design of an audio-visual communication system

Formal reasoning about how users and systems interact poses a difficult challenge. Interactive systems design provides a context in which the subjective area of human understanding meets the objectivity of computer systems logic. We present results of a case study in the use of automated reasoning to aid the formal analysis of interactive systems. We show how we can use human-factors issues to generate properties of interest, and how we can use model checking and theorem proving to analyse our specifications against those properties. This is part of ongoing work in the development of a tool to allow the automatic translation of interactor based specifications into SMV, and in the analysis of the role which different verification techniques might have during the development of interactive systems.Fundação para a Ciência e Tecnologia - PRAXIS XXI/BD/9562/96

Modeling and verification of trust and reputation systems

none1noTrust is a basic soft-security condition influencing interactive and cooperative behaviors in online communities. Several systems and models have been proposed to enforce and investigate the role of trust in the process of favoring successful cooperations while minimizing selfishness and failure. However, the analysis of their effectiveness and efficiency is a challenging issue. This paper provides a formal approach to the design and verification of trust infrastructures used in the setting of software architectures and computer networks supporting online communities. The proposed framework encompasses a process calculus of concurrent systems, a temporal logic for trust, and model checking techniques. Both functional and quantitative aspects can be modeled and analyzed, while several types of trust models can be integrated.openAlessandro AldiniAldini, Alessandr

Representational reasoning and verification

Formal approaches to the design of interactive systems, such as the principled design approach rely on reasoning about properties of the system at a very high level of abstraction. Such specifications typically provide little scope for reasoning about presentations and the representation of information in the presentation. Theories of distributed cognition place a strong emphasis on the role of representations in the cognitive process, but it is not clear how such theories can be applied to design. In this paper we show how a formalisation can be used to encapsulate representational aspects, affording us an opportunity to integrate representational reasoning into the design process. We have shown in [3] how properties over the abstract state place requirements on the presentation if the properties are to be valid at the perceptual level, and we have presented a model for such properties. We base our approach on this model, and examine in more detail the issue of verification. Given the widespread consensus that proper tool support is a prerequisite for the adoption of formal techniques, we apply a higher-order logic theorem prover to the analysis

A Dual-Engine for Early Analysis of Critical Systems

This paper presents a framework for modeling, simulating, and checking properties of critical systems based on the Alloy language -- a declarative, first-order, relational logic with a built-in transitive closure operator. The paper introduces a new dual-analysis engine that is capable of providing both counterexamples and proofs. Counterexamples are found fully automatically using an SMT solver, which provides a better support for numerical expressions than the existing Alloy Analyzer. Proofs, however, cannot always be found automatically since the Alloy language is undecidable. Our engine offers an economical approach by first trying to prove properties using a fully-automatic, SMT-based analysis, and switches to an interactive theorem prover only if the first attempt fails. This paper also reports on applying our framework to Microsoft's COM standard and the mark-and-sweep garbage collection algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI), Berlin 201

ISML: an interface specification meta-language

In this paper we present an abstract metaphor model situated within a model-based user interface framework. The inclusion of metaphors in graphical user interfaces is a well established, but mostly craft-based strategy to design. A substantial body of notations and tools can be found within the model-based user interface design literature, however an explicit treatment of metaphor and its mappings to other design views has yet to be addressed. We introduce the Interface Specification Meta-Language (ISML) framework and demonstrate its use in comparing the semantic and syntactic features of an interactive system. Challenges facing this research are outlined and further work proposed

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Robust Computer Algebra, Theorem Proving, and Oracle AI

In the context of superintelligent AI systems, the term "oracle" has two meanings. One refers to modular systems queried for domain-specific tasks. Another usage, referring to a class of systems which may be useful for addressing the value alignment and AI control problems, is a superintelligent AI system that only answers questions. The aim of this manuscript is to survey contemporary research problems related to oracles which align with long-term research goals of AI safety. We examine existing question answering systems and argue that their high degree of architectural heterogeneity makes them poor candidates for rigorous analysis as oracles. On the other hand, we identify computer algebra systems (CASs) as being primitive examples of domain-specific oracles for mathematics and argue that efforts to integrate computer algebra systems with theorem provers, systems which have largely been developed independent of one another, provide a concrete set of problems related to the notion of provable safety that has emerged in the AI safety community. We review approaches to interfacing CASs with theorem provers, describe well-defined architectural deficiencies that have been identified with CASs, and suggest possible lines of research and practical software projects for scientists interested in AI safety.Comment: 15 pages, 3 figure

Reasoning about order errors in interaction

Reliability of an interactive system depends on users as well as the device implementation. User errors can result in catastrophic system failure. However, work from the field of cognitive science shows that systems can be designed so as to completely eliminate whole classes of user errors. This means that user errors should also fall within the remit of verification methods. In this paper we demonstrate how the HOL theorem prover [7] can be used to detect and prove the absence of the family of errors known as order errors. This is done by taking account of the goals and knowledge of users. We provide an explicit generic user model which embodies theory from the cognitive sciences about the way people are known to act. The user model describes action based on user communication goals. These are goals that a user adopts based on their knowledge of the task they must perform to achieve their goals. We use a simple example of a vending machine to demonstrate the approach. We prove that a user does achieve their goal for a particular design of machine. In doing so we demonstrate that communication goal based errors cannot occur