91,249 research outputs found
Formally-Based Design Evaluation (extended version)
This paper investigates specification, verification and test generation for synchronous and asynchronous circuits. The approach is called DILL (Digital Logic in LOTOS). DILL models are discussed for synchronous and asynchronous circuits. Relations for (strong) conformance are defined for verifying a design specification against a high-level specification. An algorithm is also outlined for generating and applying implementation tests based on a specification. Tools have been developed for automated test generation and verification of conformance between an implementation and its specification. The approach is illustrated with various benchmark circuits as case studies
On Verifying Causal Consistency
Causal consistency is one of the most adopted consistency criteria for
distributed implementations of data structures. It ensures that operations are
executed at all sites according to their causal precedence. We address the
issue of verifying automatically whether the executions of an implementation of
a data structure are causally consistent. We consider two problems: (1)
checking whether one single execution is causally consistent, which is relevant
for developing testing and bug finding algorithms, and (2) verifying whether
all the executions of an implementation are causally consistent.
We show that the first problem is NP-complete. This holds even for the
read-write memory abstraction, which is a building block of many modern
distributed systems. Indeed, such systems often store data in key-value stores,
which are instances of the read-write memory abstraction. Moreover, we prove
that, surprisingly, the second problem is undecidable, and again this holds
even for the read-write memory abstraction. However, we show that for the
read-write memory abstraction, these negative results can be circumvented if
the implementations are data independent, i.e., their behaviors do not depend
on the data values that are written or read at each moment, which is a
realistic assumption.Comment: extended version of POPL 201
The AutoProof Verifier: Usability by Non-Experts and on Standard Code
Formal verification tools are often developed by experts for experts; as a
result, their usability by programmers with little formal methods experience
may be severely limited. In this paper, we discuss this general phenomenon with
reference to AutoProof: a tool that can verify the full functional correctness
of object-oriented software. In particular, we present our experiences of using
AutoProof in two contrasting contexts representative of non-expert usage.
First, we discuss its usability by students in a graduate course on software
verification, who were tasked with verifying implementations of various sorting
algorithms. Second, we evaluate its usability in verifying code developed for
programming assignments of an undergraduate course. The first scenario
represents usability by serious non-experts; the second represents usability on
"standard code", developed without full functional verification in mind. We
report our experiences and lessons learnt, from which we derive some general
suggestions for furthering the development of verification tools with respect
to improving their usability.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
DeepSaucer: Unified Environment for Verifying Deep Neural Networks
In recent years, a number of methods for verifying DNNs have been developed.
Because the approaches of the methods differ and have their own limitations, we
think that a number of verification methods should be applied to a developed
DNN. To apply a number of methods to the DNN, it is necessary to translate
either the implementation of the DNN or the verification method so that one
runs in the same environment as the other. Since those translations are
time-consuming, a utility tool, named DeepSaucer, which helps to retain and
reuse implementations of DNNs, verification methods, and their environments, is
proposed. In DeepSaucer, code snippets of loading DNNs, running verification
methods, and creating their environments are retained and reused as software
assets in order to reduce cost of verifying DNNs. The feasibility of DeepSaucer
is confirmed by implementing it on the basis of Anaconda, which provides
virtual environment for loading a DNN and running a verification method. In
addition, the effectiveness of DeepSaucer is demonstrated by usecase examples
Abstract Interpretation of Stateful Networks
Modern networks achieve robustness and scalability by maintaining states on
their nodes. These nodes are referred to as middleboxes and are essential for
network functionality. However, the presence of middleboxes drastically
complicates the task of network verification. Previous work showed that the
problem is undecidable in general and EXPSPACE-complete when abstracting away
the order of packet arrival.
We describe a new algorithm for conservatively checking isolation properties
of stateful networks. The asymptotic complexity of the algorithm is polynomial
in the size of the network, albeit being exponential in the maximal number of
queries of the local state that a middlebox can do, which is often small.
Our algorithm is sound, i.e., it can never miss a violation of safety but may
fail to verify some properties. The algorithm performs on-the fly abstract
interpretation by (1) abstracting away the order of packet processing and the
number of times each packet arrives, (2) abstracting away correlations between
states of different middleboxes and channel contents, and (3) representing
middlebox states by their effect on each packet separately, rather than taking
into account the entire state space. We show that the abstractions do not lose
precision when middleboxes may reset in any state. This is encouraging since
many real middleboxes reset, e.g., after some session timeout is reached or due
to hardware failure
- …