17 research outputs found
Inferring Symbolic Automata
We study the learnability of symbolic finite state automata, a model shown useful in many applications in software verification. The state-of-the-art literature on this topic follows the query learning paradigm, and so far all obtained results are positive. We provide a necessary condition for efficient learnability of SFAs in this paradigm, from which we obtain the first negative result. The main focus of our work lies in the learnability of SFAs under the paradigm of identification in the limit using polynomial time and data. We provide a necessary condition and a sufficient condition for efficient learnability of SFAs in this paradigm, from which we derive a positive and a negative result
Second-Order Hyperproperties
We introduce HyperLTL, a temporal logic for the specification of
hyperproperties that allows for second-order quantification over sets of
traces. Unlike first-order temporal logics for hyperproperties, such as
HyperLTL, HyperLTL can express complex epistemic properties like common
knowledge, Mazurkiewicz trace theory, and asynchronous hyperproperties. The
model checking problem of HyperLTL is, in general, undecidable. For the
expressive fragment where second-order quantification is restricted to smallest
and largest sets, we present an approximate model-checking algorithm that
computes increasingly precise under- and overapproximations of the quantified
sets, based on fixpoint iteration and automata learning. We report on
encouraging experimental results with our model-checking algorithm, which we
implemented in the tool~\texttt{HySO}
Automata-Based Software Model Checking of Hyperproperties
We develop model checking algorithms for Temporal Stream Logic (TSL) and
Hyper Temporal Stream Logic (HyperTSL) modulo theories. TSL extends Linear
Temporal Logic (LTL) with memory cells, functions and predicates, making it a
convenient and expressive logic to reason over software and other systems with
infinite data domains. HyperTSL further extends TSL to the specification of
hyperproperties - properties that relate multiple system executions. As such,
HyperTSL can express information flow policies like noninterference in software
systems. We augment HyperTSL with theories, resulting in HyperTSL(T),and build
on methods from LTL software verification to obtain model checking algorithms
for TSL and HyperTSL(T). This results in a sound but necessarily incomplete
algorithm for specifications contained in the forall*exists* fragment of
HyperTSL(T). Our approach constitutes the first software model checking
algorithm for temporal hyperproperties with quantifier alternations that does
not rely on a finite-state abstraction
Realizable and Context-Free Hyperlanguages
Hyperproperties lift conventional trace-based languages from a set of execution traces to a set of sets of executions. From a formal-language perspective, these are sets of sets of words, namely hyperlanguages. Hyperautomata are based on classical automata models that are lifted to handle hyperlanguages. Finite hyperautomata (NFH) have been suggested to express regular hyperproperties. We study the realizability problem for regular hyperlanguages: given a set of languages, can it be precisely described by an NFH? We show that the problem is complex already for singleton hyperlanguages.
We then go beyond regular hyperlanguages, and study context-free hyperlanguages. We show that the natural extension to context-free hypergrammars is highly undecidable. We then suggest a refined model, namely synchronous hypergrammars, which enables describing interesting non-regular hyperproperties, while retaining many decidable properties of context-free grammars
Inferring Symbolic Automata
We study the learnability of symbolic finite state automata, a model shown useful in many applications in software verification. The state-of-the-art literature on this topic follows the query learning paradigm, and so far all obtained results are positive. We provide a necessary condition for efficient learnability of SFAs in this paradigm, from which we obtain the first negative result. The main focus of our work lies in the learnability of SFAs under the paradigm of identification in the limit using polynomial time and data. We provide a necessary condition and a sufficient condition for efficient learnability of SFAs in this paradigm, from which we derive a positive and a negative result
Assume, Guarantee or Repair - A Regular Framework for Non Regular Properties
We present Assume-Guarantee-Repair (AGR) - a novel framework which verifies that a program satisfies a set of properties and also repairs the program in case the verification fails.
We consider communicating programs - these are simple C-like programs, extended with synchronous actions over communication channels.
Our method, which consists of a learning-based approach to assume-guarantee reasoning, performs verification and repair simultaneously: in every iteration, AGR either makes another step towards proving that the (current) system satisfies the required properties, or alters the system in a way that brings it closer to satisfying the properties. To handle infinite-state systems we build finite abstractions,
for which we check the satisfaction of complex properties that contain first-order constraints, using both syntactic and semantic-aware methods.
We implemented AGR and evaluated it on various communication protocols. Our experiments present compact proofs of correctness and quick repairs
Assume, Guarantee or Repair
We present Assume-Guarantee-Repair (AGR) – a novel framework which not only verifies that a program satisfies a set of properties, but also repairs the program in case the verification fails. We consider communicating programs – these are simple C-like programs, extended with synchronous communication actions over communication channels. Our method, which consists of a learning-based approach to assume-guarantee reasoning, performs verification and repair simultaneously. In every iteration, AGR either makes another step towards proving that the (current) system satisfies the specification, or alters the system in a way that brings it closer to satisfying the specification. We manage handling infinite-state systems by using a finite abstract representation, and reduce the semantic problems in hand – satisfying complex specifications that also contain first-order constraints – to syntactic ones, namely membership and equivalence queries for regular languages. We implemented our algorithm and evaluated it on various examples. Our experiments present compact proofs of correctness and quick repairs
Second-Order Hyperproperties
We introduce Hyper^2LTL, a temporal logic for the specification of hyperproperties that allows for second-order quantification over sets of traces. Unlike first-order temporal logics for hyperproperties, such as HyperLTL, Hyper^2LTL can express complex epistemic properties like common knowledge, Mazurkiewicz trace theory, and asynchronous hyperproperties. The model checking problem of Hyper^2LTL is, in general, undecidable. For the expressive fragment where second-order quantification is restricted to smallest and largest sets, we present an approximate model-checking algorithm that computes increasingly precise under- and overapproximations of the quantified sets, based on fixpoint iteration and automata learning. We report on encouraging experimental results with our model-checking algorithm, which we implemented in the tool HySO
Automated Program Repair Using Formal Verification Techniques
We focus on two different approaches to automatic program repair, based on formal verification methods. Both repair techniques consider infinite-state C-like programs, and consist of a generate-validate loop, in which potentially repaired programs are repeatedly generated and verified. Both approaches are incremental – partial information gathered in previous verification attempts is used in the next steps. However, the settings of both approaches, including their techniques for finding repairs, are quite distinct. The first approach uses syntactic mutations to repair sequential programs with respect to assertions in the code. It is based on a reduction to the problem of finding unsatisfiable sets of constraints, which is addressed using an interplay between SAT and SMT solvers. A novel notion of must-fault-localization enables efficient pruning of the search space, without losing any potential repair. The second approach uses an Assume-Guarantee (AG) style reasoning in order to verify large programs, composed of two concurrent components. The AG reasoning is based on automata-learning techniques. When verification fails, the procedure repeatedly repairs one of the components, until a correct repair is found. Several different repair methods are considered, trading off precision and convergence to a correct repair