351 research outputs found
Validity-Guided Synthesis of Reactive Systems from Assume-Guarantee Contracts
Automated synthesis of reactive systems from specifications has been a topic
of research for decades. Recently, a variety of approaches have been proposed
to extend synthesis of reactive systems from proposi- tional specifications
towards specifications over rich theories. We propose a novel, completely
automated approach to program synthesis which reduces the problem to deciding
the validity of a set of forall-exists formulas. In spirit of IC3 / PDR, our
problem space is recursively refined by blocking out regions of unsafe states,
aiming to discover a fixpoint that describes safe reactions. If such a fixpoint
is found, we construct a witness that is directly translated into an
implementation. We implemented the algorithm on top of the JKind model checker,
and exercised it against contracts written using the Lustre specification
language. Experimental results show how the new algorithm outperforms JKinds
already existing synthesis procedure based on k-induction and addresses
soundness issues in the k-inductive approach with respect to unrealizable
results.Comment: 18 pages, 5 figures, 2 table
A comparison of winter wheat cultivar rankings in groups of Polish locations
The grouping of locations from local-scale multi-environmental trials (METs) into megaenvironments has been criticized. Some European countries, e.g. the Czech Republic, Poland and Germany, have been characterized as possessing homogeneous environmental conditions. For aligned environmental conditions, it has been assumed that cultivar rankings will be similar and consequently cannot be used to designate mega-environments. An example of METs at the local scale is the Polish Post Registration Variety Testing System. The objective of this study was to determine groups of test sites within 16 Polish regions which are characterized by similar yield ranking of 50 winter wheat cultivars over three growing seasons (2011–2013). The compatibility of these cultivar yield rankings across regions was evaluated using Pearson correlation coefficients. Thereby, the 16 regions were divided into six groups (mega-environments) of locations. Regions within each group have similar cultivar rankings, whereas between groups, we observed different cultivar rankings, indicating crossover interactions. Besides similar cultivar yield responses the regions within megaenvironments were characterized also by similar environmental (soil and/or climate) conditions
Effect of pH of injection vehicle on the biological activity of pregnant mare serum (P. M. S.) and chorionic (H. C. G.) gonadotrophins on the weight of the ovary and uterus in immature rats
O artigo apresenta resumo em inglês.Systemic investigations on the effect of pH on the biological activity of pregnant mare serum and chorionic gonadotropins have been carried out using intact immature rats. With the P. M. S. the uterine and the ovarian weight responses showed the lowest values at pH 3 and pH 10 and highest values at pH 7, at moderate doses of hormones. However, the observed differences were not statistically significant. With the H.C.G. the uterine and ovarian weight responses showed the lowest values at pH 3 and highest values at pH 7 and pH 10. Significant difference in the ovarian weight response between pH 3 and those of the pH 7 — pH 10 could be demonstrated, whereas no significant difference was found with the results obtained in the uterine weights groups
An Improved Implementation and Abstract Interface for Hybrid
Hybrid is a formal theory implemented in Isabelle/HOL that provides an
interface for representing and reasoning about object languages using
higher-order abstract syntax (HOAS). This interface is built around an HOAS
variable-binding operator that is constructed definitionally from a de Bruijn
index representation. In this paper we make a variety of improvements to
Hybrid, culminating in an abstract interface that on one hand makes Hybrid a
more mathematically satisfactory theory, and on the other hand has important
practical benefits. We start with a modification of Hybrid's type of terms that
better hides its implementation in terms of de Bruijn indices, by excluding at
the type level terms with dangling indices. We present an improved set of
definitions, and a series of new lemmas that provide a complete
characterization of Hybrid's primitives in terms of properties stated at the
HOAS level. Benefits of this new package include a new proof of adequacy and
improvements to reasoning about object logics. Such proofs are carried out at
the higher level with no involvement of the lower level de Bruijn syntax.Comment: In Proceedings LFMTP 2011, arXiv:1110.668
Block public access: Trust safety verification of access control policies
© 2020 Owner/Author. Data stored in cloud services is highly sensitive and so access to it is controlled via policies written in domain-specific languages (DSLs). The expressiveness of these DSLs provides users flexibility to cover a wide variety of uses cases, however, unintended misconfigurations can lead to potential security issues. We introduce Block Public Access, a tool that formally verifies policies to ensure that they only allow access to trusted principals, i.e. that they prohibit access to the general public. To this end, we formalize the notion of Trust Safety that formally characterizes whether or not a policy allows unconstrained (public) access. Next, we present a method to compile the policy down to a logical formula whose unsatisfiability can be (1) checked by SMT and (2) ensures Trust Safety. The constructs of the policy DSLs render unsatisfiability checking PSPACE-complete, which precludes verifying the millions of requests per second seen at cloud scale. Hence, we present an approach that leverages the structure of the policy DSL to compute a much smaller residual policy that corresponds only to untrusted accesses. Our approach allows Block Public Access to, in the common case, syntactically verify Trust Safety without having to query the SMT solver. We have implemented Block Public Access and present an evaluation showing how the above optimization yields a low-latency policy verifier that the S3 team at AWS has integrated into their authorization system, where it is currently in production, analyzing millions of policies everyday to ensure that client buckets do not grant unintended public access
Gospodarka światowa w XXI wieku: współczesne uwarunkowania i wyzwania
Praca recenzowana / peer-reviewed pape
Formal Model-Based Assurance Cases in Isabelle/SACM : An Autonomous Underwater Vehicle Case Study
Isabelle/SACM is a tool for automated construction of model-based assurance cases with integrated formal methods, based on the Isabelle proof assistant. Assurance cases show how a system is safe to operate, through a human comprehensible argument demonstrating that the requirements are satisfied, using evidence of various provenances. They are usually required for certification of critical systems, often with evidence that originates from formal methods. Automating assurance cases increases rigour, and helps with maintenance and evolution. In this paper we apply Isabelle/SACM to a fragment of the assurance case for an autonomous underwater vehicle demonstrator. We encode the metric unit system (SI) in Isabelle, to allow modelling requirements and state spaces using physical units. We develop a behavioural model in the graphical RoboChart state machine language, embed the artifacts into Isabelle/SACM, and use it to demonstrate satisfaction of the requirements
Stratified Abstraction of Access Control Policies
The shift to cloud-based APIs has made application security critically depend on understanding and reasoning about policies that regulate access to cloud resources. We present stratified predicate abstraction, a new approach that summarizes complex security policies into a compact set of positive and declarative statements that precisely state who has access to a resource. We have implemented stratified abstraction and deployed it as the engine powering AWS’s IAM Access Analyzer service, and hence, demonstrate how formal methods and SMT can be used for security policy explanation
Recommended from our members
Construction program for a large superconducting MHD magnet system at the coal-fired flow facility
The Argonne National Laboratory has designed and is constructing a 6 T large aperture superconducting MHD magnet for use in the Coal-Fired Flow Facility (CFFF) at the University of Tennessee Space Institute (UTSI) at Tullahoma, Tennessee. The magnet system consists of the superconducting magnet, a magnet power supply, an integrated instrumentation for operation, control and protection, and a complete cryogenic facility including a CTI Model 2800 helium refrigerator/liquefier with two compressors, helium gas handling system and a 7500 liter liquid helium dewar. The complete system will be tested at Argonne, IL in 1981. The magnet design is reviewed, and the coil fabrication programs are described in detail
Needle & knot : binder boilerplate tied up
To lighten the burden of programming language mechanization, many approaches have been developed that tackle the substantial boilerplate which arises from variable binders. Unfortunately, the existing approaches are limited in scope. They typically do not support complex binding forms (such as multi-binders) that arise in more advanced languages, or they do not tackle the boilerplate due to mentioning variables and binders in relations. As a consequence, the human mechanizer is still unnecessarily burdened with binder boilerplate and discouraged from taking on richer languages.
This paper presents Knot, a new approach that substantially extends the support for binder boilerplate. Knot is a highly expressive language for natural and concise specification of syntax with binders. Its meta-theory constructively guarantees the coverage of a considerable amount of binder boilerplate for well-formed specifications, including that for well-scoping of terms and context lookups. Knot also comes with a code generator, Needle, that specializes the generic boilerplate for convenient embedding in COQ and provides a tactic library for automatically discharging proof obligations that frequently come up in proofs of weakening and substitution lemmas of type-systems.
Our evaluation shows, that Needle & Knot significantly reduce the size of language mechanizations (by 40% in our case study). Moreover, as far as we know, Knot enables the most concise mechanization of the POPLmark Challenge (1a + 2a) and is two-thirds the size of the next smallest. Finally, Knot allows us to mechanize for instance dependentlytyped languages, which is notoriously challenging because of dependent contexts and mutually-recursive sorts with variables
- …