154 research outputs found
Language and Proofs for Higher-Order SMT (Work in Progress)
Satisfiability modulo theories (SMT) solvers have throughout the years been
able to cope with increasingly expressive formulas, from ground logics to full
first-order logic modulo theories. Nevertheless, higher-order logic within SMT
is still little explored. One main goal of the Matryoshka project, which
started in March 2017, is to extend the reasoning capabilities of SMT solvers
and other automatic provers beyond first-order logic. In this preliminary
report, we report on an extension of the SMT-LIB language, the standard input
format of SMT solvers, to handle higher-order constructs. We also discuss how
to augment the proof format of the SMT solver veriT to accommodate these new
constructs and the solving techniques they require.Comment: In Proceedings PxTP 2017, arXiv:1712.0089
Execution Models for Choreographies and Cryptoprotocols
A choreography describes a transaction in which several principals interact.
Since choreographies frequently describe business processes affecting
substantial assets, we need a security infrastructure in order to implement
them safely. As part of a line of work devoted to generating cryptoprotocols
from choreographies, we focus here on the execution models suited to the two
levels.
We give a strand-style semantics for choreographies, and propose a special
execution model in which choreography-level messages are faithfully delivered
exactly once. We adapt this model to handle multiparty protocols in which some
participants may be compromised.
At level of cryptoprotocols, we use the standard Dolev-Yao execution model,
with one alteration. Since many implementations use a "nonce cache" to discard
multiply delivered messages, we provide a semantics for at-most-once delivery
Model checking medium access control for sensor networks
We describe verification of S-MAC, a medium access control protocol designed for wireless sensor networks, by means of the PRISM model checker. The S-MAC protocol is built on top of the IEEE 802.11 standard for wireless ad hoc networks and, as such, it uses the same randomised backoff procedure as a means to avoid collision. In order to minimise energy consumption, in S-MAC, nodes are periodically put into a sleep state. Synchronisation of the sleeping schedules is necessary for the nodes to be able to communicate. Intuitively, energy saving obtained through a periodic sleep mechanism will be at the expense of performance. In previous work on S-MAC verification, a combination of analytical techniques and simulation has been used to confirm the correctness of this intuition for a simplified (abstract) version of the protocol in which the initial schedules coordination phase is assumed correct. We show how we have used the PRISM model checker to verify the behaviour of S-MAC and compare it to that of IEEE 802.11
The Dafny Integrated Development Environment
In recent years, program verifiers and interactive theorem provers have
become more powerful and more suitable for verifying large programs or proofs.
This has demonstrated the need for improving the user experience of these tools
to increase productivity and to make them more accessible to non-experts. This
paper presents an integrated development environment for Dafny-a programming
language, verifier, and proof assistant-that addresses issues present in most
state-of-the-art verifiers: low responsiveness and lack of support for
understanding non-obvious verification failures. The paper demonstrates several
new features that move the state-of-the-art closer towards a verification
environment that can provide verification feedback as the user types and can
present more helpful information about the program or failed verifications in a
demand-driven and unobtrusive way.Comment: In Proceedings F-IDE 2014, arXiv:1404.578
Loop summarization using state and transition invariants
This paper presents algorithms for program abstraction based on the principle of loop summarization, which, unlike traditional program approximation approaches (e.g., abstract interpretation), does not employ iterative fixpoint computation, but instead computes symbolic abstract transformers with respect to a set of abstract domains. This allows for an effective exploitation of problem-specific abstract domains for summarization and, as a consequence, the precision of an abstract model may be tailored to specific verification needs. Furthermore, we extend the concept of loop summarization to incorporate relational abstract domains to enable the discovery of transition invariants, which are subsequently used to prove termination of programs. Well-foundedness of the discovered transition invariants is ensured either by a separate decision procedure call or by using abstract domains that are well-founded by construction. We experimentally evaluate several abstract domains related to memory operations to detect buffer overflow problems. Also, our light-weight termination analysis is demonstrated to be effective on a wide range of benchmarks, including OS device driver
Local Strategy Improvement for Parity Game Solving
The problem of solving a parity game is at the core of many problems in model
checking, satisfiability checking and program synthesis. Some of the best
algorithms for solving parity game are strategy improvement algorithms. These
are global in nature since they require the entire parity game to be present at
the beginning. This is a distinct disadvantage because in many applications one
only needs to know which winning region a particular node belongs to, and a
witnessing winning strategy may cover only a fractional part of the entire game
graph.
We present a local strategy improvement algorithm which explores the game
graph on-the-fly whilst performing the improvement steps. We also compare it
empirically with existing global strategy improvement algorithms and the
currently only other local algorithm for solving parity games. It turns out
that local strategy improvement can outperform these others by several orders
of magnitude
- …