301 research outputs found
Light-Weight SMT-based Model Checking
AbstractRecently, the notion of an array-based system has been introduced as an abstraction of infinite state systems (such as mutual exclusion protocols or sorting programs) which allows for model checking of invariant (safety) and recurrence (liveness) properties by Satisfiability Modulo Theories (SMT) techniques. Unfortunately, the use of quantified first-order formulae to describe sets of states makes fix-point checking extremely expensive. In this paper, we show how invariant properties for a sub-class of array-based systems can be model-checked by a backward reachability algorithm where the length of quantifier prefixes is efficiently controlled by suitable heuristics. We also present various refinements of the reachability algorithm that allows it to be easily implemented in a client-server architecture, where a âlight-weightâ algorithm is the client generating proof obligations for safety and fix-point checks and an SMT solver plays the role of the server discharging the proof obligations. We also report on some encouraging preliminary experiments with a prototype implementation of our approach
Automatic Choreography Repair
Choreography analysis is a crucial problem in concurrent and distributed system development. A choreography specifies the desired ordering of message exchanges among the components of a system. The realizability of a choreography amounts to determining the existence of components whose communication behavior conforms to the given choreography. Recently, the choreography realizability problem has been proved to be decidable. In this paper, we investigate the repairability of un- realizable choreographies, where the goal is to identify a set of changes to a given un-realizable choreography that will make it realizable. We present a technique for automatically repairing un-realizable choreographies and provide formal guarantees of correctness and termination. We show the viability of our technique by applying it successfully for several small but representative unrealizable choregraphies from the domain of Singulary OS contract and Web services
Compatibility Checking for Asynchronously Communicating Software
International audienceCompatibility is a crucial problem that is encountered while constructing new software by reusing and composing existing components. A set of software components is called compatible if their composition preserves certain properties, such as deadlock freedom. However, checking compatibility for systems communicating asynchronously is an undecidable problem, and asynchronous communication is a common interaction mechanism used in building software systems. A typical approach in analyzing such systems is to bound the state space. In this paper, we take a different approach and do not impose any bounds on the number of participants or the sizes of the message buffers. Instead, we present a sufficient condition for checking compatibility of a set of asynchronously communicating components. Our approach relies on the synchronizability property which identifies systems for which interaction behavior remains the same when asynchronous communication is replaced with synchronous communication. Using the synchronizability property, we can check the compatibility of systems with unbounded message buffers by analyzing only a finite part of their behavior. We have implemented a prototype tool to automate our approach and we have applied it to many examples
Parallel mapping and circuit partitioning heuristics based on mean field annealing
Ankara : Department of Computer Engineering and Information Science and the Institute of Engineering and Science of Bilkent University, 1992.Thesis (Master's) -- Bilkent University, 1992.Includes bibliographical references.Moan Field Annealinp; (MFA) aJgoritlim, receñĂ,ly proposc'd for solving com
binatorial optimization problems, combines the characteristics of nenral networks
and simulated annealing. In this thesis, MFA is formulated for tlie
mapping i)roblcm and the circuit partitioning problem. EHicient implementation
schemes, which decrease the complexity of the proposed algorithms by
asymptotical factors, are also given. Perlormances of the proposed MFA algorithms
are evaluated in comparison with two well-known heuristics: simulated
annealing and Kernighan-Lin. Results of the experiments indicate that MFA
can be used as an alternative heuristic for the mapping problem and the circuit
partitioning problem. Inherent parallelism of the MFA is exploited by
designing efficient parallel algorithms for the proposed MFA heuristics. Parallel
MFA algorithms proposed for solving the circuit partitioning problem are
implemented on an iPS(J/2â hypercube multicompute.r. Experimental results
show that the proposed heuristics can be efficiently parallelized, which is crucial
for algorithms that solve such computationally hard problems.Bultan, TevfikM.S
Backward Reachability of Array-based Systems by SMT solving: Termination and Invariant Synthesis
The safety of infinite state systems can be checked by a backward
reachability procedure. For certain classes of systems, it is possible to prove
the termination of the procedure and hence conclude the decidability of the
safety problem. Although backward reachability is property-directed, it can
unnecessarily explore (large) portions of the state space of a system which are
not required to verify the safety property under consideration. To avoid this,
invariants can be used to dramatically prune the search space. Indeed, the
problem is to guess such appropriate invariants. In this paper, we present a
fully declarative and symbolic approach to the mechanization of backward
reachability of infinite state systems manipulating arrays by Satisfiability
Modulo Theories solving. Theories are used to specify the topology and the data
manipulated by the system. We identify sufficient conditions on the theories to
ensure the termination of backward reachability and we show the completeness of
a method for invariant synthesis (obtained as the dual of backward
reachability), again, under suitable hypotheses on the theories. We also
present a pragmatic approach to interleave invariant synthesis and backward
reachability so that a fix-point for the set of backward reachable states is
more easily obtained. Finally, we discuss heuristics that allow us to derive an
implementation of the techniques in the model checker MCMT, showing remarkable
speed-ups on a significant set of safety problems extracted from a variety of
sources.Comment: Accepted for publication in Logical Methods in Computer Scienc
Land Use Effects on Climate: Current State, Recent Progress, and Emerging Topics
As demand for food and fiber, but also for negative emissions, brings most of the Earthâs land surface under management, we aim to consolidate the scientific progress of recent years on the climatic effects of global land use change, including land management, and related land cover changes (LULCC)
Contracting the Facebook API
In recent years, there has been an explosive growth in the popularity of
online social networks such as Facebook. In a new twist, third party developers
are now able to create their own web applications which plug into Facebook and
work with Facebook's "social" data, enabling the entire Facebook user base of
more than 400 million active users to use such applications. These client
applications can contain subtle errors that can be hard to debug if they misuse
the Facebook API. In this paper we present an experience report on applying
Microsoft's new code contract system for the .NET framework to the Facebook
API.We wrote contracts for several classes in the Facebook API wrapper which
allows Microsoft .NET developers to implement Facebook applications. We
evaluated the usefulness of these contracts during implementation of a new
Facebook application. Our experience indicates that having code contracts
provides a better and quicker software development experience.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
Land-use change emissions based on high-resolution activity data substantially lower than previously estimated
Land-use and land-cover changes (LULCCs) contributed around one third to the cumulative, anthropogenic CO2 emissions from 1850 to 2019. Despite its great importance, estimates of the net CO 2 fluxes from LULCC (E LUC ) have high uncertainties, compared to other components of the global carbon cycle. One major source of uncertainty roots in the underlying LULCC forcing data. In this study, we implemented a new high-resolution LULCC dataset (HILDA + ) in a bookkeeping model (BLUE) and compared the results to estimates from simulations based on LUH2, which is the LULCC dataset most commonly used in global carbon cycle models. Compared to LUH2-based estimates, results based on HILDA + show lower total E LUC (global mean difference 1960â2019: 541 TgC yr â»Âč , 65%) and large spatial and temporal differences in component fluxes (e.g. CO 2 fluxes from deforestation). In general, the congruence of component fluxes is higher in the mid-latitudes compared to tropical and subtropical regions, which is to some degree explained with the different implementations of shifting cultivation in the underlying LULCC datasets. However, little agreement is reached on the trend of the last decade between E LUC estimates based on the two LULCC reconstructions. Globally and in many regions, E LUC estimates based on HILDA + have decreasing trends, whereas estimates based on LUH2 indicate an increase. Furthermore, we analyzed the effect of different resolutions on E LUC estimates. By comparing estimates from simulations at 0.01 â and 0.25 â resolution, we find that component fluxes of estimates based on the coarser resolution tend to be larger compared to estimates based on the finer resolution, both in terms of sources and sinks (global mean difference 1960â2019: 36 TgC yr â»Âč, 96%). The reason for these differences are successive transitions: these are not adequately represented at coarser resolution, which has the effect thatâdespite capturing the same extent of transition areasâoverall less area remains pristine at the coarser resolution compared to the finer resolution
Symbolic Model Checking of Infinite State Programs Using Presburger Artihmetic
Model checking is a powerful technique for analyzing large, finite-state
systems. In an infinite transition system, however, many basic properties
are undecidable. In this paper we present a new symbolic model checker
which conservatively evaluates safety and liveness properties on
infinite-state programs. We use Presburger formulas to symbolically
encode a program's transition system, as well as its model-checking
computations. All fixpoint calculations are executed symbolically, and
their convergence is guaranteed by using approximation techniques. We
demonstrate the promise of this technology on some well-known infinite-state
concurrency problems.
(Also cross-referenced as UMIACS-TR-96-66
Compositional Verification by Model Checking for Counter-Examples
Many concurrent systems are required to maintain certain safety and
liveness properties. One emerging method of achieving confidence in such
systems is to statically verify them using "model checking". In this
approach an abstract, finite-state model of the system is constructed;
then an automatic check is made to ensure that the requirements are
satisfied by the model. In practice, however, this method is limited by
the "state space explosion problem".
We have developed a compositional method that directly addresses this
problem in the context of multi-tasking programs. Our solution depends on
three key space-saving ingredients: (1) checking for counter-examples,
which leads to simpler search algorithms; (2) automatic extraction of
interfaces, which allows a refinement of the finite model -- even before
its communicating partners have been compiled; and (3) using propositional
"strengthening assertions" for the sole purpose of reducing state space.
In this paper we present our compositional approach, and describe the
software tools that support it.
(Also cross-referenced as UMIACS-TR-95-98
- âŠ