From Event-B models to Dafny code contracts

International audienceThe constructive approach to software correctness aims at formal modelling and verification of the structure and behaviour of a system in different levels of abstraction. In contrast, the analytical approach to software verification focuses on code level correctness and its verification. Therefore it would seem that the constructive and analytical approaches should complement each other well. To demonstrate this idea we present a case for linking two existing verification methods, Event-B (constructive) and Dafny (analytical). This approach combines the power of Event-B abstraction and its stepwise refinement with the verification capabilities of Dafny. We presented a small case study to demonstrate this approach and outline of the rules for transforming Event-B events to Dafny contracts. Finally, a tool for automatic generation of Dafny contracts from Event-B formal models is presented

Compile-Time Analysis and Specialization of Clocks in Concurrent Programs

Clocks are a mechanism for providing synchronization barriers in concurrent programming languages. They are usually implemented using primitive communication mechanisms and thus spare the programmer from reasoning about low-level implementation details such as remote procedure calls and error conditions. Clocks provide flexibility, but programs often use them in specific ways that do not require their full implementation. In this paper, we describe a tool that mitigates the overhead of general-purpose clocks by statically analyzing how programs use them and choosing optimized implementations when available. We tackle the clock implementation in the standard library of the X10 programming language—a parallel, distributed object-oriented language. We report our findings for a small set of analyses and benchmarks. Our tool only adds a few seconds to analysis time, making it practical to use as part of a compilation chain

The effects of parasitism and body length on positioning within wild fish shoals

The influence of body length and parasitism on the positioning behaviour of individuals in wild fish shoals was investigated by a novel means of capturing entire shoals of the banded killifish (Fundulus diaphanus, Lesueur) using a grid-net that maintained the two-dimensional positions of individuals within shoals. Fish in the front section of a shoal were larger than those in the rear. Individuals parasitized by the digenean trematode (Crassiphiala bulboglossa, Haitsma) showed a tendency to occupy the front of shoals. Parasitized fish were also found more in peripheral positions than central ones in a significant number of shoals. Shoal geometry was affected by the overall parasite prevalence of shoal members; shoals with high parasite prevalence displayed increasingly phallanx-like shoal formations, whereas shoals with low prevalence were more elliptical. There was no relationship between body length and parasite abundance or prevalence in the fish population which suggests body length and parasite status are independent predictors of positioning behaviour. Solitary individuals found outside shoals were both more likely to be parasitized and had higher parasite abundance than individuals engaged in shoaling. Differences in the shoaling behaviour of parasitized and unparasitized fish are discussed in the context of the adaptive manipulation hypothesis

The Five Factor Model of personality and evaluation of drug consumption risk

The problem of evaluating an individual's risk of drug consumption and misuse is highly important. An online survey methodology was employed to collect data including Big Five personality traits (NEO-FFI-R), impulsivity (BIS-11), sensation seeking (ImpSS), and demographic information. The data set contained information on the consumption of 18 central nervous system psychoactive drugs. Correlation analysis demonstrated the existence of groups of drugs with strongly correlated consumption patterns. Three correlation pleiades were identified, named by the central drug in the pleiade: ecstasy, heroin, and benzodiazepines pleiades. An exhaustive search was performed to select the most effective subset of input features and data mining methods to classify users and non-users for each drug and pleiad. A number of classification methods were employed (decision tree, random forest, $k$-nearest neighbors, linear discriminant analysis, Gaussian mixture, probability density function estimation, logistic regression and na{\"i}ve Bayes) and the most effective classifier was selected for each drug. The quality of classification was surprisingly high with sensitivity and specificity (evaluated by leave-one-out cross-validation) being greater than 70\% for almost all classification tasks. The best results with sensitivity and specificity being greater than 75\% were achieved for cannabis, crack, ecstasy, legal highs, LSD, and volatile substance abuse (VSA).Comment: Significantly extended report with 67 pages, 27 tables, 21 figure

Reasoning About Systems with Transition Fairness

Abstract. Formal verification methods model systems by Kripke structures. In order to model live behaviors of systems, Kripke structures are augmented with fairness conditions. Such conditions partition the computations of the systems into fair computations, with respect to which verification proceeds, and unfair computations, which are ignored. Reasoning about Kripke structures augmented with fairness is typically harder than reasoning about non-fair Kripke structures. We consider the transition fairness condition, where a computation π is fair iff each transition that is enabled in π infinitely often is also taken in π infinitely often. Transition fairness is a natural and useful fairness condition. We show that reasoning about Kripke structures augmented with transition fairness is not harder than reasoning about non-fair Kripke structures. We demonstrate it for fair CTL and LTL model checking, and the problem of calculating the dominators and postdominators.

Compiling SHIM

Embedded systems demand concurrency for supporting simultaneous actions in their environment and parallel hardware. Although most concurrent programming formalisms are prone to races and non-determinism, some, such as our SHIM (software/hardware integration medium) language, avoid them by design. In particular, the behavior of SHIM programs is scheduling-independent, meaning the I/O behavior of a program is independent of scheduling policies, including the relative execution rates of concurrent processes. The SHIM project demonstrates how a scheduling-independent language simplifies the design, optimization, and verification of concurrent systems. Through examples and discussion, we describe the SHIM language and code generation techniques for both shared-memory and message-passing architectures, along with some verification algorithms