240,678 research outputs found
Type systems for distributed programs: session communication
Distributed systems are everywhere around us and guaranteeing their correctness is of paramount importance. It is natural to expect that these systems interact and communicate among them to achieve a common task.
In this work, we develop techniques based on types and type systems for the verification of correctness, consistency and safety properties related to communication in complex distributed systems. We study advanced safety properties related to communication, like deadlock or lock freedom and progress. We study session types in the pi-calculus describing distributed systems and communication-centric computation. Most importantly, we de- fine an encoding of the session pi-calculus into the standard typed pi-calculus in order to understand the expressive power of these concurrent calculi. We show how to derive in the session pi-calculus basic properties, like type safety or complex ones, like progress, by exploiting this encoding
Verifying Concurrent Stacks by Divergence-Sensitive Bisimulation
The verification of linearizability -- a key correctness criterion for
concurrent objects -- is based on trace refinement whose checking is
PSPACE-complete. This paper suggests to use \emph{branching} bisimulation
instead. Our approach is based on comparing an abstract specification in which
object methods are executed atomically to a real object program. Exploiting
divergence sensitivity, this also applies to progress properties such as
lock-freedom. These results enable the use of \emph{polynomial-time}
divergence-sensitive branching bisimulation checking techniques for verifying
linearizability and progress. We conducted the experiment on concurrent
lock-free stacks to validate the efficiency and effectiveness of our methods
Higher-order Program Verification as Satisfiability Modulo Theories with Algebraic Data-types
We report on work in progress on automatic procedures for proving properties
of programs written in higher-order functional languages. Our approach encodes
higher-order programs directly as first-order SMT problems over Horn clauses.
It is straight-forward to reduce Hoare-style verification of first-order
programs into satisfiability of Horn clauses. The presence of closures offers
several challenges: relatively complete proof systems have to account for
closures; and in practice, the effectiveness of search procedures depend on
encoding strategies and capabilities of underlying solvers. We here use
algebraic data-types to encode closures and rely on solvers that support
algebraic data-types. The viability of the approach is examined using examples
from the literature on higher-order program verification
An Axiomatic Approach to Liveness for Differential Equations
This paper presents an approach for deductive liveness verification for
ordinary differential equations (ODEs) with differential dynamic logic.
Numerous subtleties complicate the generalization of well-known discrete
liveness verification techniques, such as loop variants, to the continuous
setting. For example, ODE solutions may blow up in finite time or their
progress towards the goal may converge to zero. Our approach handles these
subtleties by successively refining ODE liveness properties using ODE
invariance properties which have a well-understood deductive proof theory. This
approach is widely applicable: we survey several liveness arguments in the
literature and derive them all as special instances of our axiomatic refinement
approach. We also correct several soundness errors in the surveyed arguments,
which further highlights the subtlety of ODE liveness reasoning and the utility
of our deductive approach. The library of common refinement steps identified
through our approach enables both the sound development and justification of
new ODE liveness proof rules from our axioms.Comment: FM 2019: 23rd International Symposium on Formal Methods, Porto,
Portugal, October 9-11, 201
CTL Model Checking with the Sweep-line State Space Exploration Method
Model checking is a powerful approach to verification of distributed systems. The sweep-line method alleviates the inherent state explosion problem in model checking by exploiting progress in the system being verified. Verification with the sweep-line method has until now been restricted to verification of safety and linear-time properties. The contribution of this paper is a new model checking algorithm that enables verification of two common branching time properties. The basic idea is to combine the sweep-line method with on-the-fly computation and inspection of strongly connected components. We experimentally evaluate our algorithm on a communication protocol
A Unified View of Piecewise Linear Neural Network Verification
The success of Deep Learning and its potential use in many safety-critical
applications has motivated research on formal verification of Neural Network
(NN) models. Despite the reputation of learned NN models to behave as black
boxes and the theoretical hardness of proving their properties, researchers
have been successful in verifying some classes of models by exploiting their
piecewise linear structure and taking insights from formal methods such as
Satisifiability Modulo Theory. These methods are however still far from scaling
to realistic neural networks. To facilitate progress on this crucial area, we
make two key contributions. First, we present a unified framework that
encompasses previous methods. This analysis results in the identification of
new methods that combine the strengths of multiple existing approaches,
accomplishing a speedup of two orders of magnitude compared to the previous
state of the art. Second, we propose a new data set of benchmarks which
includes a collection of previously released testcases. We use the benchmark to
provide the first experimental comparison of existing algorithms and identify
the factors impacting the hardness of verification problems.Comment: Updated version of "Piecewise Linear Neural Network verification: A
comparative study
Correctness and Progress Verification of Non-Blocking Programs
The progression of multi-core processors has inspired the development of concurrency libraries that guarantee safety and liveness properties of multiprocessor applications. The difficulty of reasoning about safety and liveness properties in a concurrent environment has led to the development of tools to verify that a concurrent data structure meets a correctness condition or progress guarantee. However, these tools possess shortcomings regarding the ability to verify a composition of data structure operations. Additionally, verification techniques for transactional memory evaluate correctness based on low-level read/write histories, which is not applicable to transactional data structures that use a high-level semantic conflict detection. In my dissertation, I present tools for checking the correctness of multiprocessor programs that overcome the limitations of previous correctness verification techniques. Correctness Condition Specification (CCSpec) is the first tool that automatically checks the correctness of a composition of concurrent multi-container operations performed in a non-atomic manner. Transactional Correctness tool for Abstract Data Types (TxC-ADT) is the first tool that can check the correctness of transactional data structures. TxC-ADT elevates the standard definitions of transactional correctness to be in terms of an abstract data type, an essential aspect for checking correctness of transactions that synchronize only for high-level semantic conflicts. Many practical concurrent data structures, transactional data structures, and algorithms to facilitate non-blocking programming all incorporate helping schemes to ensure that an operation comprising multiple atomic steps is completed according to the progress guarantee. The helping scheme introduces additional interference by the active threads in the system to achieve the designed progress guarantee. Previous progress verification techniques do not accommodate loops whose termination is dependent on complex behaviors of the interfering threads, making these approaches unsuitable. My dissertation presents the first progress verification technique for non-blocking algorithms that are dependent on descriptor-based helping mechanisms
Stop It, and Be Stubborn!
A system is AG EF terminating, if and only if from every reachable state, a
terminal state is reachable. This publication argues that it is beneficial for
both catching non-progress errors and stubborn set state space reduction to try
to make verification models AG EF terminating. An incorrect mutual exclusion
algorithm is used as an example. The error does not manifest itself, unless the
first action of the customers is modelled differently from other actions. An
appropriate method is to add an alternative first action that models the
customer stopping for good. This method typically makes the model AG EF
terminating. If the model is AG EF terminating, then the basic strong stubborn
set method preserves safety and some progress properties without any additional
condition for solving the ignoring problem. Furthermore, whether the model is
AG EF terminating can be checked efficiently from the reduced state space
- …