A verification concept for SDL systems and its application to the Abracadabra protocol

SDL is a specification language to specify distributed systems. Especially it is suitable for communication protocols. In some cases however it is not enough to describe just the behaviour of a protocol, but there are formulated some additional properties as requirements of the SDL system. A formalism convenient to describe them is for example first order logic. Our approach is to prove such properties with methods of automated reasoning after transforming the SDL specification into a first order logic specification. The proofs are done with the program verification system Tatzelwurm, especially with its prover. Practical experience shows that it is convenient to do a proof in two steps. In the first step the behaviour of the system is calculated out of the behaviour of the agents. The proofs of this step is independent of the property to prove. In this report we give a proof methods containing instructions how the arguments are applied during these proofs. It is shown how reachability analysis is done during a formal proof and how fairness arguments are applied. The report contains two papers, where the first one describes the formal basis of the method and shows the proof obligations occurring verifying a communication protocol. The second paper shows how some tedious tasks can be done more elegant using rewrite rules and recursive equations. In the appendix we give two examples out of the verification of the Abracadabra Protocol

Programmverifikationssystem Tatzelwurm. Weiterentwicklung während des KORSO-Projekts

Der Bericht enthält eine kurze Darstellung der Entwicklungsarbeiten, die im Rahmen des KORSO-Projekts erfolgt sind. Eine Versionsverwaltung erlaubt den Einsatz des Verifikationssystems während der Programmentwicklungsphase. Zum Beweis der in allen Phasen der Softwareentwicklung anfallenden Verifikations- bedingungen wurde der Beweiser erheblich weiterentwickelt. Der Benutzer hat die Möglichkeit, eigene Beweisregeln zu definieren. Eine Sprache zur Formulierung von Beweisplnen erleichtert die während der Entwicklung von korrekter Software oftmals notwendige Wiederholung von Beweisen. Mit Hilfsmitteln zur Erzeugung von Gegenbeispielen bei unbeweisbaren Formeln erhält der Anwender nützliche Hinweise zur Lokalisierung von Fehlern

Automatische Erzeugung von Verifikations- und Falsifikationsbedingungen sequentieller Programme

The aim of program verification is to prove the correctness of a program S with respect to a formal specification, that consists of a pre- and a postcondition V and N. In other words: are program S and specification (V, N) consistent? -- V S -- N Program S is correct, if S starts in a state that fulfills V and terminates in state that fulfills N. The form al definition of correctness is S is correct wrt. (V, N) if [V => wp(S, N)]. wp(S, N) is the wea kest precondition, that guarantees termination in a state fulfilling N. For the purpose of program verification the axiomatic or relational semantics is necessary. These two kinds of formal semantics are equivalent. Axiomatic semantics uses the wp-function, that works on the complete lattice of predicates. Relational semantics uses the LP (largest preset)-function, that works on the complete lattice of state sets. These two lattices are isomorph thru the characteristic predicate function of a set. In order to work efficiently with the wp-function some properties of that function are necessary and useful. Two new properties are shown: strong disjunctivity for comparable predicates and the substitution lemma for wp. Furthermore it turns out, t hat all properties of the wp-function are easily provable in the lattice of state sets with elementary set theory. A VC is defined to be a condition that implies correctness, formally [VC => [V => wp(S, N)]. A distinction is made between exact and ap proximate VCs. The major results of the thesis are verifying loops without an invariant and falsification conditions. In order to verify loops without a given invariant, two strategies are possible: 1. generate the invariant or 2. compute the wp-function for the loop Strategy 1 is used to compute invariants for for-loops. The invariant is generated by substituting a constant in the postcondition by a variable, more exactly the upper limit of the loop is substituted by the loop variable. In gener al the upper limit is not a variable. Therefore the loop is transformed into a semantically equivalent loop. Strategy 2 is used to compute the wp of while-loops by a new method that uses E-unification. Falsification conditions (FCs) are very useful i n practical program verification. They explicitly prove the incorrectness of a program and facilitate a localization of program errors. FCs are defined in an analog way as VCs: an FC implies the incorrectness of a program, formally [FC => not [V => w p(S, N)]. FCs are reduced to constraint programming problems (cpp) or, in the case of integer types, to integer programming problems (ipp). ipp also arise in data dependence analysis. Therefore similar methods can be applied

Contribuição para uma teoria formal de sistemas de produção

O presente relatório descreve o trabalho desenvolvido pelo autor no seu projecto de doutoramento “Contribuição para uma Teoria Formal de Sistemas de Produção”. A necessidade, identificada pela Comunidade científica, de uma base teórica sólida e rigorosa para a área da engenharia de sistemas de produção, funcionou como principal motivação para este projecto. O objectivo geral consiste em desenvolver elementos de uma teoria formal de sistemas de produção, recorrendo para isso à lógica matemática, teoria de linguagens e teoria de autómatos. A tese defendida neste projecto é formada por três componentes: (i) não existe uma teoria formal unificada de sistemas de produção, (ii) uma abordagem baseada na lógica de primeira ordem, gramáticas formais, e autómatos permite caminhar no sentido de obter essa teoria e aplicá-la no processo de projecto de sistemas produtivos, e, (iii) a utilização de técnicas de descrição formal permite automatizar algumas fases desse processo de projecto. O trabalho foi concluído com sucesso - demonstraram-se os componentes da tese, e contribuiu-se, efectivamente, para o estabelecimento da desejada fundação teórica formal para a área dos sistemas de produçãoThis report describes the author’s work on his doctoral project – “Contribution to a Formal Theory of Manufacturing Systems”. As identified by the scientific community, the need for a sound theoretical base to the manufacturing systems engineering area has provided the main motivation for this project. The overall objective is the development of elements of a formal theory of manufacturing systems, based on mathematical logic, languages theory and automata theory. The project’s thesis has three components: (i) there is no unified formal theory of manufacturing systems, (ii) an approach based on first-order logic, formal grammars and automata allows the investigation towards that theory, and its application in the manufacturing systems design process, and, (iii) the use of formal description techniques allows the automation of some stages of that design process. The work was successfully accomplished – the thesis’s components were demonstrated, and an effective contribution to the establishment of the desired manufacturing systems theoretical formal foundation, was provided.Universidade do Minho