96 research outputs found
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
A Note on Negative Tagging for Least Fixed-Point Formulae
We consider proof systems with sequents of the formU |- F for proving validity of a propositional
modal mu-calculus formula F over a set U of
states in a given model. Such proof systems usually handle
fixed-point formulae through unfolding, thus allowing such formulae
to reappear in a proof. Tagging is a technique originated by Winskel
for annotating fixed-point formulae with information
about the proof states at which these are unfolded. This information
is used later in the proof to avoid unnecessary unfolding, without
having to investigate the history of the proof. Depending on whether
tags are used for acceptance or for rejection of a branch in the proof
tree, we refer to ``positive'' or ``negative'' tagging, respectively.
In their simplest form, tags consist of the sets U at which
fixed-point formulae are unfolded. In this paper, we generalise results
of earlier work by Andersen, Stirling and Winskel which, in the case
of least fixed-point formulae, are applicable to singleton U sets only
CVPP: A Tool Set for Compositonal Verification of Control-Flow Safety Properties.
This paper describes CVPP, a tool set for compositional verification of controlāflow safety properties for programs with procedures. The compositional verification principle that underlies CVPP is based on maximal models constructed from component specifications. Maximal models replace the actual components when verifying the whole program, either for the purposes of modularity of verification or due to unavailability of the component implementations at verification time. A characteristic feature of the principle and the tool set is the distinction between program structure and behaviour. While behavioural properties are more abstract and convenient for specification purposes, structural ones are easier to manipulate, in particular when it comes to verifica-tion or the construction of maximal models. Therefore, CVPP also contains the means to characterise a given behavioural formula by a set of structural formulae. The paper presents the underlying framework for compositional verification and the components of the tool set. Several verification scenarios are described, as well as wrapper tools that sup-port the automatic execution of such scenarios, providing appropriate pre ā and postāprocessing to interface smoothly with the user and to encapsulate the inner workings of the tool set
Soundness and Completeness of a Model-Checking Proof System for CTL
We propose a local model-checking proof system for a fragment of CTL. The
rules of the proof system are motivated by the well-known fixed-point
characterisation of CTL based on unfolding of the temporal operators. To
guarantee termination of proofs, we tag the sequents of our proof system with
the set of states that have already been explored for the respective temporal
formula. We define the semantics of tagged sequents, and then state and prove
soundness and completeness of the proof system, as well as termination of proof
search for finite-state models.Comment: 10 page
Formal Methods: From Academia to Industrial Practice. A Travel Guide
For many decades, formal methods are considered to be the way forward to help
the software industry to make more reliable and trustworthy software. However,
despite this strong belief and many individual success stories, no real change
in industrial software development seems to be occurring. In fact, the software
industry itself is moving forward rapidly, and the gap between what formal
methods can achieve and the daily software-development practice does not appear
to be getting smaller (and might even be growing).
In the past, many recommendations have already been made on how to develop
formal-methods research in order to close this gap. This paper investigates why
the gap nevertheless still exists and provides its own recommendations on what
can be done by the formal-methods-research community to bridge it. Our
recommendations do not focus on open research questions. In fact,
formal-methods tools and techniques are already of high quality and can address
many non-trivial problems; we do give some technical recommendations on how
tools and techniques can be made more accessible. To a greater extent, we focus
on the human aspect: how to achieve impact, how to change the way of thinking
of the various stakeholders about this issue, and in particular, as a research
community, how to alter our behaviour, and instead of competing, collaborate to
address this issue.Comment: 22 pages, 0 figure
- ā¦