14 research outputs found
Recommended from our members
Toward a verified relational database management system
We report on our experience implementing a lightweight, fully verified relational database management system (RDBMS). The functional specification of RDBMS behavior, RDBMS implementation, and proof that the implementation meets the specification are all written and verified in Coq. Our contributions include: (1) a complete specification of the relational algebra in Coq; (2) an efficient realization of that model (B+ trees) implemented with the Ynot extension to Coq; and (3) a set of simple query optimizations that are proven to respect both semantics and run-time cost. In addition to describing the design and implementation of these artifacts, we highlight the challenges we encountered formalizing them, including the choice of representation for (finite) relations of typed tuples and the challenges of reasoning about data structures with complex sharing. Our experience shows that though many challenges remain, building fully-verified systems software in Coq is within reach.Engineering and Applied Science
A Coordination Language for Databases
We present a coordination language for the modeling of distributed database
applications. The language, baptized Klaim-DB, borrows the concepts of
localities and nets of the coordination language Klaim but re-incarnates the
tuple spaces of Klaim as databases. It provides high-level abstractions and
primitives for the access and manipulation of structured data, with integrity
and atomicity considerations. We present the formal semantics of Klaim-DB and
develop a type system that avoids potential runtime errors such as certain
evaluation errors and mismatches of data format in tables, which are monitored
in the semantics. The use of the language is illustrated in a scenario where
the sales from different branches of a chain of department stores are
aggregated from their local databases. Raising the abstraction level and
encapsulating integrity checks in the language primitives have benefited the
modeling task considerably
A Formalization of SQL with Nulls
SQL is the world's most popular declarative language, forming the basis of
the multi-billion-dollar database industry. Although SQL has been standardized,
the full standard is based on ambiguous natural language rather than formal
specification. Commercial SQL implementations interpret the standard in
different ways, so that, given the same input data, the same query can yield
different results depending on the SQL system it is run on. Even for a
particular system, mechanically checked formalization of all widely-used
features of SQL remains an open problem. The lack of a well-understood formal
semantics makes it very difficult to validate the soundness of database
implementations.
Although formal semantics for fragments of SQL were designed in the past,
they usually did not support set and bag operations, nested subqueries, and,
crucially, null values. Null values complicate SQL's semantics in profound ways
analogous to null pointers or side-effects in other programming languages.
Since certain SQL queries are equivalent in the absence of null values, but
produce different results when applied to tables containing incomplete data,
semantics which ignore null values are able to prove query equivalences that
are unsound in realistic databases.
A formal semantics of SQL supporting all the aforementioned features was only
proposed recently. In this paper, we report about our mechanization of SQL
semantics covering set/bag operations, nested subqueries, and nulls, written
the Coq proof assistant, and describe the validation of key metatheoretic
properties
From Network Interface to Multithreaded Web Applications: A Case Study in Modular Program Verification
Many verifications of realistic software systems are monolithic, in the sense that they define single global invariants over complete system state. More modular proof techniques promise to support reuse of component proofs and even reduce the effort required to verify one concrete system, just as modularity simplifies standard software development. This paper reports on one case study applying modular proof techniques in the Coq proof assistant. To our knowledge, it is the first modular verification certifying a system that combines infrastructure with an application of interest to end users. We assume a nonblocking API for managing TCP networking streams, and on top of that we work our way up to certifying multithreaded, database-backed Web applications. Key verified components include a cooperative threading library and an implementation of a domain-specific language for XML processing. We have deployed our case-study system on mobile robots, where it interfaces with off-the-shelf components for sensing, actuation, and control.National Science Foundation (U.S.) (Grant CCF-1253229)United States. Defense Advanced Research Projects Agency (Agreement FA8750-12-2-0293
From Network Interface to Multithreaded Web Applications: A Case Study in Modular Program Verification
Many verifications of realistic software systems are monolithic, in the sense that they define single global invariants over complete system state. More modular proof techniques promise to support reuse of component proofs and even reduce the effort required to verify one concrete system, just as modularity simplifies standard software development. This paper reports on one case study applying modular proof techniques in the Coq proof assistant. To our knowledge, it is the first modular verification certifying a system that combines infrastructure with an application of interest to end users. We assume a nonblocking API for managing TCP networking streams, and on top of that we work our way up to certifying multithreaded, database-backed Web applications. Key verified components include a cooperative threading library and an implementation of a domain-specific language for XML processing. We have deployed our case-study system on mobile robots, where it interfaces with off-the-shelf components for sensing, actuation, and control.National Science Foundation (U.S.) (NSF grant CCF-1253229)United States. Defense Advanced Research Projects Agency (DARPA, agreement number FA8750-12-2-0293
Deductive formal verification of embedded systems
We combine static analysis techniques with model-based deductive verification using SMT solvers to provide a framework that, given an analysis aspect of the source code, automatically generates an analyzer capable of inferring information about that aspect.
The analyzer is generated by translating the collecting semantics of a program to a formula in first order logic over multiple underlying theories. We import the semantics of the API invocations as first order logic assertions. These assertions constitute the models used by the analyzer. Logical specification of the desired program behavior is incorporated as a first order logic formula. An SMT-LIB solver treats the combined formula as a constraint and solves it. The solved form can be used to identify logical and security errors in embedded programs. We have used this framework to analyze Android applications and MATLAB code.
We also report the formal verification of the conformance of the open source Netgear WNR3500L wireless router firmware implementation to the RFC 2131. Formal verification of a software system is essential for its deployment in mission-critical environments. The specifications for the development of routers are provided by RFCs that are only described informally in English. It is prudential to ensure that a router firmware conforms to its corresponding RFC before it can be deployed for managing mission-critical networks. The formal verification process demonstrates the usefulness of inductive types and higher-order logic in software certification
Development of the web-based data-driven university information management system (UIMS) for inter-university council for east Africa
A Project Report Submitted in Partial Fulfillment of the Requirements of the Award the Degree of Master of Science in Embedded and Mobile Systems of the Nelson Mandela African Institution of Science and TechnologyA significant challenge faced by the Inter-University Council for East Africa (IUCEA) is the
lack of a common Higher Education Information System (HEIS) for the East African
Community (EAC) to harmonize the region's education and training system. The system has to
manage data about the academic program, universities, research, and human capital
respectively developed in different modules. Both EAC's citizens and IUCEA need statistics
regarding this information and complex questions these data may answer. Traditional high
education management is not only costly but also ineffective. In this work, a web-based data driven University Information Management system (UIMS) for IUCEA is designed to
effectively manage university information concerning the academic life cycle, assets, finance,
and human resource. In addition, a university application portal to help high education
institutions is provided to apply for being among all degrees awarding high education. This
system is the second module of the East Africa Community High Education Information
System (EAC HEIS); it has been developed using agile software development and web
technology such as RESTful API, React, Django, and MySQL. UIMS for IUCEA will
significantly impact the IUCEA's day-to-day operation and receive recognition from the surfer.
It will improve the efficiency of many processes