32 research outputs found
Prototyping Formal System Models with Active Objects
We propose active object languages as a development tool for formal system
models of distributed systems. Additionally to a formalization based on a term
rewriting system, we use established Software Engineering concepts, including
software product lines and object orientation that come with extensive tool
support. We illustrate our modeling approach by prototyping a weak memory
model. The resulting executable model is modular and has clear interfaces
between communicating participants through object-oriented modeling.
Relaxations of the basic memory model are expressed as self-contained variants
of a software product line. As a modeling language we use the formal active
object language ABS which comes with an extensive tool set. This permits rapid
formalization of core ideas, early validity checks in terms of formal invariant
proofs, and debugging support by executing test runs. Hence, our approach
supports the prototyping of formal system models with early feedback.Comment: In Proceedings ICE 2018, arXiv:1810.0205
Detecting Deadlocks in Formal System Models with Condition Synchronization
We present a novel notion of deadlock for synchronization on arbitrary boolean conditions and a sound, fully automatic deadlock analysis. Contrary to other approaches, our analysis aims to detect deadlocks caused by faulty system design, rather than implementation bugs. We analyze synchronization on boolean conditions on the fields of an object instead of targeting specific synchronization primitives. As usual, a deadlock is a circular dependency between multiple tasks. A task depends on a second task if the execution of this second task has a side-effect that makes the blocking guard-condition of the first one evaluate to true. This requires an analysis of the computations in a method beyond syntactic properties and we integrate a logical validity calculus to do so
Modular Analysis of Distributed Hybrid Systems using Post-Regions (Full Version)
We introduce a new approach to analyze distributed hybrid systems by a
generalization of rely-guarantee reasoning. First, we give a system for
deductive verification of class invariants and method contracts in
object-oriented distributed hybrid systems. In a hybrid setting, the object
invariant must not only be the post-condition of a method, but also has to hold
in the post-region of a method. The post-region describes all reachable states
after method termination before another process is guaranteed to run. The
system naturally generalizes rely-guarantee reasoning of discrete
object-oriented languages to hybrid systems and carries over its modularity to
hybrid systems: Only one dL-proof obligation is generated per method. The
post-region can be approximated using lightweight analyses and we give a
general notion of soundness for such analyses. Post-region based verification
is implemented for the Hybrid Active Object language HABS
Locally Static, Globally Dynamic Session Types for Active Objects
Active object languages offer an attractive trade-off between low-level, preemptive concurrency and fully distributed actors: syntactically identifiable atomic code segments and asynchronous calls are the basis of cooperative concurrency, still permitting interleaving, but nevertheless being mechanically analyzable. The challenge is to reconcile local static analysis of atomic segments with the global scheduling constraints it depends on. Here, we propose an approximate, hybrid approach; At compile-time we perform a local static analysis: later, any run not complying to a global specification is excluded via runtime checks. That specification is expressed in a type-theoretic language inspired by session types. The approach reverses the usual (first global, then local) order of analysis and, thereby, supports analysis of open distributed systems
Compositional Correctness and Completeness for Symbolic Partial Order Reduction
Partial Order Reduction (POR) and Symbolic Execution (SE) are two fundamental abstraction techniques in program analysis. SE is particularly useful as a state abstraction technique for sequential programs, while POR addresses equivalent interleavings in the execution of concurrent programs. Recently, several promising connections between these two approaches have been investigated, which result in symbolic partial order reduction: partial order reduction of symbolically executed programs. In this work, we provide compositional notions of completeness and correctness for symbolic partial order reduction. We formalize completeness and correctness for (1) abstraction over program states and (2) trace equivalence, such that the abstraction gives rise to a complete and correct SE, the trace equivalence gives rise to a complete and correct POR, and their combination results in complete and correct symbolic partial order reduction. We develop our results for a core parallel imperative programming language and mechanize the proofs in Coq
Context-aware Trace Contracts
The behavior of concurrent, asynchronous procedures depends in general on the
call context, because of the global protocol that governs scheduling. This
context cannot be specified with the state-based Hoare-style contracts common
in deductive verification. Recent work generalized state-based to trace
contracts, which permit to specify the internal behavior of a procedure, such
as calls or state changes, but not its call context. In this article we propose
a program logic of context-aware trace contracts for specifying global behavior
of asynchronous programs. We also provide a sound proof system that addresses
two challenges: To observe the program state not merely at the end points of a
procedure, we introduce the novel concept of an observation quantifier. And to
combat combinatorial explosion of possible call sequences of procedures, we
transfer Liskov's principle of behavioral subtyping to the analysis of
asynchronous procedures