Haibin Shen,Jimin Wang,Lingdi Ping,Kang Sun

DOI: https://doi.org/10.1007/11689522_32

2006-01-01

Abstract:Flexible features of C can be misused and result in potential vulnerabilities which are hard to detect by performing only static checking. Existing tools either give up run-time type checking or employ a type system whose granularity is too coarse (it does not differentiate between pointer types) so that many errors may go undetected. This paper presents a dynamic checking approach to conquer them. A type system that is based on the physical layout of data types and has the proper granularity has been employed. Rules for propagating dynamic types and checking for compatibility of types during execution of the target program are also set up. Then a model of dynamic type checking on this type system to capture run-time type errors is built. Experimental results show that it can catch most errors, including those may become system vulnerabilities and the overhead is moderate.

Alireza Esna Ashari,Eric Feron

DOI: https://doi.org/10.48550/arXiv.1309.1485

2013-12-04

Abstract:The aim is to create reliable and verifiable fault detection software to detect abrupt changes in safety-critical dynamic systems. Fault detection methods are implemented as software on digital computers that monitor and control the system. We implement three observer-based fault detection methods on a 3 degrees of freedom (3DOF) laboratory helicopter, in the form of software. We examine the performance of those methods to detect different faults during flight in a closed-loop setup. All selected methods show acceptable detection performance. However, it is not possible to repeat the test for every possible conditions, inputs and fault scenarios. In this paper, we translate fault detection properties and mathematical proofs into a formal language, previously used in software validation and verification. We include the translated properties in software in the form of non-executable annotations that can be read by machine. Consequently, some high level functional properties of the code can be verified by automatic software verification tools. This certifies fault detection software for a set of bounded data and increases the reliability in practice.

Software Engineering,Optimization and Control

Jimin Sun,So Yeon Min,Yingshan Chang,Yonatan Bisk

2024-06-27

Abstract:Tools have become a mainstay of LLMs, allowing them to retrieve knowledge not in their weights, to perform tasks on the web, and even to control robots. However, most ontologies and surveys of tool-use have assumed the core challenge for LLMs is choosing the tool. Instead, we introduce a framework for tools more broadly which guides us to explore a model's ability to detect "silent" tool errors, and reflect on how to plan. This more directly aligns with the increasingly popular use of models as tools. We provide an initial approach to failure recovery with promising results both on a controlled calculator setting and embodied agent planning.

Computation and Language,Artificial Intelligence,Machine Learning

Georgian-Vlad Saioc,Hans Hüttel

DOI: https://doi.org/10.4204/EPTCS.369.4

2022-09-20

Abstract:Many universities have courses and projects revolving around compiler or interpreter implementation as part of their degree programmes in computer science. In such teaching activities, tool support can be highly beneficial. While there are already several tools for assisting with development of the front end of compilers, tool support tapers off towards the back end, or requires more background experience than is expected of undergraduate students. Structural operational semantics is a useful and mathematically simple formalism for specifying the behaviour of programs and a specification lends itself well to implementation; in particular big-step or natural semantics is often a useful and simple approach. However, many students struggle with learning the notation and often come up with ill-defined and meaningless attempts at defining a structural operational semantics. A survey shows that students working on programming language projects feel that tool support is lacking and would be useful. Many of these problems encountered when developing a semantic definition are similar to problems encountered in programming, in particular ones that are essentially the result of type errors. We present a pedagogical metalanguage based on natural semantics, and its implementation, as an attempt to marry two notions: a syntax similar to textbook notation for natural semantics on the one hand, and automatic verification of some correctness properties on the other by means of a strong type discipline. The metalanguage and the tool provide the facilities for writing and executing specifications as a form of programming. The user can check that the specification is not meaningless as well as execute programs, if the specification makes sense.

Programming Languages

Bryan Olmos,Daniel Gerl,Aman Kumar,Djones Lettnin

2024-10-24

Abstract:The design of Systems on Chips (SoCs) is becoming more and more complex due to technological advancements. Missed bugs can cause drastic failures in safety-critical environments leading to the endangerment of lives. To overcome these drastic failures, formal property verification (FPV) has been applied in the industry. However, there exist multiple hardware designs where the results of FPV are not conclusive even for long runtimes of model-checking tools. For this reason, the use of High-level Equivalence Checking (HLEC) tools has been proposed in the last few years. However, the procedure for how to use it inside an industrial toolchain has not been defined. For this reason, we proposed an automated methodology based on metamodeling techniques which consist of two main steps. First, an untimed algorithmic description written in C++ is verified in an early stage using generated assertions; the advantage of this step is that the assertions at the software level run in seconds and we can start our analysis with conclusive results about our algorithm before starting to write the RTL (Register Transfer Level) design. Second, this algorithmic description is verified against its sequential design using HLEC and the respective metamodel parameters. The results show that the presented methodology can find bugs early related to the algorithmic description and prepare the setup for the HLEC verification. This helps to reduce the verification efforts to set up the tool and write the properties manually which is always error-prone. The proposed framework can help teams working on datapaths to verify and make decisions in an early stage of the verification flow.

Hardware Architecture,Artificial Intelligence

Guillaume Petiot,Nikolai Kosmatov,Bernard Botella,Alain Giorgetti,Jacques Julliand

DOI: https://doi.org/10.48550/arXiv.1508.01691

2015-08-07

Abstract:Applying deductive verification to formally prove that a program respects its formal specification is a very complex and time-consuming task due in particular to the lack of feedback in case of proof failures. Along with a non-compliance between the code and its specification (due to an error in at least one of them), possible reasons of a proof failure include a missing or too weak specification for a called function or a loop, and lack of time or simply incapacity of the prover to finish a particular proof. This work proposes a new methodology where test generation helps to identify the reason of a proof failure and to exhibit a counter-example clearly illustrating the issue. We describe how to transform an annotated C program into C code suitable for testing and illustrate the benefits of the method on comprehensive examples. The method has been implemented in STADY, a plugin of the software analysis platform FRAMA-C. Initial experiments show that detecting non-compliances and contract weaknesses allows to precisely diagnose most proof failures.

Software Engineering

Michael Hanus

2024-02-20

Abstract:Unintended failures during a computation are painful but frequent during software development. Failures due to external reasons (e.g., missing files, no permissions) can be caught by exception handlers. Programming failures, such as calling a partially defined operation with unintended arguments, are often not caught due to the assumption that the software is correct. This paper presents an approach to verify such assumptions. For this purpose, non-failure conditions for operations are inferred and then checked in all uses of partially defined operations. In the positive case, the absence of such failures is ensured. In the negative case, the programmer could adapt the program to handle possibly failing situations and check the program again. Our method is fully automatic and can be applied to larger declarative programs. The results of an implementation for functional logic Curry programs are presented.

Software Engineering,Programming Languages

Lenny Truong,Steven Herbst,Rajsekhar Setaluri,Makai Mann,Ross Daly,Keyi Zhang,Caleb Donovick,Daniel Stanley,Mark Horowitz,Clark Barrett,Pat Hanrahan

DOI: https://doi.org/10.48550/arXiv.2006.11669

2020-06-21

Abstract:While hardware generators have drastically improved design productivity, they have introduced new challenges for the task of verification. To effectively cover the functionality of a sophisticated generator, verification engineers require tools that provide the flexibility of metaprogramming. However, flexibility alone is not enough; components must also be portable in order to encourage the proliferation of verification libraries as well as enable new methodologies. This paper introduces fault, a Python embedded hardware verification language that aims to empower design teams to realize the full potential of generators.

Software Engineering,Hardware Architecture

Hezhen Liu,Jiacheng Yin,Chengqiang Huang,Hao Lan,Zhi Jin,Zheng,Xun Zhang

DOI: https://doi.org/10.1109/issrew60843.2023.00045

2023-01-01

Abstract:Previous studies suggest that the combination of model-based fault injection and model checking can effectively detect the dependability bottlenecks and verify the fault-tolerance capability of systems at very early phases of their lifecycles. However, a challenge of applying such techniques in the industry is that semi-formal modeling languages like UML cannot easily support automated analysis and formal verification. To address this challenge, we propose a fault injection and verification framework based on UML sequence diagrams. The idea is to create formal models from sequence diagrams as well as predefined fault models, and then run a model checker to check if specific properties are violated. With an exhaustive exploration of a system’s states and fault space by the model checker, the approach ensures complete, automated reasoning on failure modes and effects. The framework also allows the designs of additional recovery actions to tolerate faults and then the verification of the updated models. The framework separates manual and automated activities, providing a guide to the practices of developers and the development of the support tool. We conduct a study on an industrial case and demonstrate that by the proposed approach, critical design flaws are revealed.

Xu Bao,Nie Chang,Liang Shi,Chen Huo

2006-01-01

Abstract:This paper presents a failure diagnosing method based on the combinatorial design for testing.This method analyzes the schemas included by the correct running test cases and failure caused test cases in the combinatorial testing suite,it then can conclude that the errors must be in a very small range through analyzing the test cases and retesting with some complementary test cases.So it can provide the very efficient and valuable guidance for the debugging and testing of software.This paper gives a further study on Combinatorial Design Approach for Testing,which is studied and applied widely for its scientificity and effectiveness in software testing with a quite small test suite,especially for the software under testing whose faults come mainly from the parameters or the interactions of the system parameters.

Jinbo Huang,Baolong Wang,JinZhu Chen

DOI: https://doi.org/10.1109/ICEMI.2011.6037909

2011-01-01

Abstract:The cost effectiveness of fault detection and isolation techniques used in complex systems is paid more attention in nowadays. Well design for testability (DFT) can save cost in fault detection and isolation, assure adequate failure coverage by Built-In Test (BIT) and Automatic Test Equipment (ATE), reduce false alarms, and reduce maintenance training requirements. However, there are limited intelligent approaches implemented and applied for DFT for integrated diagnostics. Meanwhile, different tools for DFT are incompatible with each other. This phenomenon has prevented testability engineering from integrating into system engineering. The paper promotes a general-purpose graph and information based intelligent approach to DFT supporting concurrent system engineering. Testability models, including information flow model, multi-signal flow model, hybrid dependency model, etc, can all be described by a graph theory core with information attached. Meanwhile, intelligent algorithms are imported to solve complex testability inference problems, most of which are NP problems. The testability figures of merit (TFOMs) defined in IEEE 1522 are adopted to standardize the quantitative parameters to assess the testability level. An intelligent DFT framework is constructed according to AI-ESTATE to realize artificial intelligent information exchanges. The graph and information based intelligent approach is shown to be efficient and effective to realize advanced DFT of complex large systems. The transitive closure algorithm and the logical closure algorithm given in the paper is verified by the example of an electronic equipment with 4 test items and 5 fault modes. The genetic algorithms (GAs) based fault detection rate (FDR) allocation method is applied in a 3 layers' certain electronic system composed of 6 subsystems. By comparing with experience and fault rate based TFOMs allocation method, GAs is shown to be more adaptive and efficiency. © 2011 IEEE.

Mahmoud I. Banat,Belal H. Sababha,Sami Al-Hamdan

DOI: https://doi.org/10.48550/arXiv.2010.08933

2021-01-13

Abstract:Reliability and availability analysis are essential in dependable critical embedded systems. The classical implementation of dependability for an embedded system relies on merging both fundamental structures with the required dependability techniques to form one composite structure. The separation of the basic system components from the dependability components, reduces complexity and improves the design. The goal of this work is to assist implementing reconfiguration-based fault tolerance in safety-critical embedded systems applications. The primary intention is to reduce the repair time in order to enhance fault tolerance and produce dependable embedded systems. The proposed solution is a dedicated CAD-tool designed to generate a reference strategy for the system manager of a distributed embedded system to control and automatically reconfigure the processing elements of the system. The proposed tool auto-generates program codes to be executed by a system manager to govern the DES. It also computes different reliability solutions with necessary supporting calculated parameters and graphs sorted to support the fault tolerance design of the system. The proposed tool can be used to simulate possible configurations based on the desired degrees of faults and system reliability. The graphical interface of the tool is unique and hides the complexity of the systems underneath. A comparison with a similar tool is presented.

Distributed, Parallel, and Cluster Computing

Pengyi Li,Jing Sun,Hai Wang

DOI: https://doi.org/10.18293/seke2017-133

2017-01-01

Abstract:With the growing in size and complexity of modern computer systems, the need for improving the quality at all stages of software development has become a critical issue. The current software production has been largely depended on manual code development. Despite the slow development process, the errors introduced by the programmers contribute to a substantial portion of defects in the final software product. This paper explores the possibility of generating code and assertion constraints from formal design models and use them to verify the implementation. We translate Z formal models into their OCL counter-parts and Java assertions. With the help of existing tools, we demonstrate various checking at different levels to enhance correctness.

Chih-Hong Cheng,Christian Buckl,Javier Esparza,Alois Knoll

DOI: https://doi.org/10.48550/arXiv.0905.3946

2009-05-25

Abstract:The focus of the tool FTOS is to alleviate designers' burden by offering code generation for non-functional aspects including fault-tolerance mechanisms. One crucial aspect in this context is to ensure that user-selected mechanisms for the system model are sufficient to resist faults as specified in the underlying fault hypothesis. In this paper, formal approaches in verification are proposed to assist the claim. We first raise the precision of FTOS into pure mathematical constructs, and formulate the deterministic assumption, which is necessary as an extension of Giotto-like systems (e.g., FTOS) to equip with fault-tolerance abilities. We show that local properties of a system with the deterministic assumption will be preserved in a modified synchronous system used as the verification model. This enables the use of techniques known from hardware verification. As for implementation, we develop a prototype tool called FTOS-Verify, deploy it as an Eclipse add-on for FTOS, and conduct several case studies.

Distributed, Parallel, and Cluster Computing,Logic in Computer Science

David Landsberg,Earl Barr

DOI: https://doi.org/10.48550/arXiv.1810.00798

2018-10-02

Abstract:To fix a software bug, you must first find it. As software grows in size and complexity, finding bugs is becoming harder. To solve this problem, measures have been developed to rank lines of code according to their "suspiciousness" wrt being faulty. Engineers can then inspect the code in descending order of suspiciousness until a fault is found. Despite advances, ideal measures --- ones which are at once lightweight, effective, and intuitive --- have not yet been found. We present Doric, a new formal foundation for statistical fault localisation based on classical probability theory. To demonstrate Doric's versatility, we derive cl, a lightweight measure of the likelihood some code caused an error. cl returns probabilities, when spectrum-based heuristics (sbhs) usually return difficult to interpret scores. cl handles fundamental fault scenarios that spectrum-based measures cannot and can also meaningfully identify causes with certainty. We demonstrate its effectiveness in, what is to our knowledge, the largest scale experiment in the fault localisation literature. For Defects4J benchmarks, cl permits a developer to find a fault after inspecting 6 lines of code 41.18% of the time. Furthermore, cl is more accurate at locating faults than all known 127 sbh. In particular, on Steimann's benchmarks one would expect to find a fault by investigating 5.02 methods, as opposed to 9.02 with the best performing sbh.

Software Engineering

Jeffrey M. Bell,Françoise Bellegarde,James Hook,Richard B. Kieburtz,Alex Kotov,Jeffrey Lewis,Laura McKinney,Dino Oliva,Tim Sheard,L. Tong,Lisa Walton,Tong Zhou

DOI: https://doi.org/10.1145/197694.197740

1994-01-01

Abstract:The Pacific Software Research Center is developing a new method to support reuse and introduce reliability into software. The method is based on design capture in domain specific design languages and automatic program generation using a reusable suite of program transformation tools. The transformation tools, and a domain specific component generator incorporating them, are being implemented as part of a major project underway at the Oregon Graduate Institute of Science and Technology. The processes used in tool development and application of the method are being captured. Once completed, an experiment will be performed on the generator to assess its usability and flexibility.This paper describes the Software Design for Reliability and Reuse method and illustrates its application to the Message Translation and Validation domain, a problem identified by our sponsors so that our method can be compared directly to a previously existing state-of-the-art solution based on code templates produced by the Software Engineering Institute (SEI) [14].

Gurvan Le Guernic

DOI: https://doi.org/10.48550/arXiv.1405.1115

2014-05-06

Cryptography and Security

Abstract:A system is said to be fail-secure, sometimes confused with fail-safe, if it maintains its security requirements even in the event of some faults. Fail-secure analyses are required by some validation schemes, such as some Common Criteria or NATO certifications. However, it is an aspect of security which as been overlooked by the community. This paper attempts to shed some light on the fail-secure field of study by: giving a definition of fail-secure as used in those certification schemes, and emphasizing the differences with fail-safe; and exhibiting a first feasibility draft of a fail-secure design analysis tool based on the Alloy model checker.

Peter-Jan H.S. Derks,Alex Townsend-Teague,Ansgar G. Burchards,Jens Eisert

2024-07-19

Abstract:Quantum error-correcting codes, such as subspace, subsystem, and Floquet codes, are typically constructed within the stabilizer formalism, which does not fully capture the idea of fault-tolerance needed for practical quantum computing applications. In this work, we explore the remarkably powerful formalism of detector error models, which fully captures fault-tolerance at the circuit level. We introduce the detector error model formalism in a pedagogical manner and provide several examples. Additionally, we apply the formalism to three different levels of abstraction in the engineering cycle of fault-tolerant circuit designs: finding robust syndrome extraction circuits, identifying efficient measurement schedules, and constructing fault-tolerant procedures. We enhance the surface code's resistance to measurement errors, devise short measurement schedules for color codes, and implement a more efficient fault-tolerant method for measuring logical operators.

Quantum Physics

CUI Xiao-le,CHEN Hong-ying,CUI Xiao-xin,ZHANG Xing

DOI: https://doi.org/10.3969/j.issn.1000-7180.2007.06.009

2007-01-01

Abstract:EDA tools for HW/SW codesign such as COOL, CORSAIR and POLIS are designed based on the finite state machine model, while this paper provides a blueprint on a EDA tool solution based on process algebra, and discusses the specification description problem as a key point. By applying Timed CSP as a high level specification language, this tool has the advantages such as easier to make formal validation in the high level, reuse of COT tools, extensibility etc.

Ian Cassar,Adrian Francalanza,Claudio Antares Mezzina,Emilio Tuosto

DOI: https://doi.org/10.4204/EPTCS.254.6

2017-08-24

Abstract:Distributed programs are hard to get right because they are required to be open, scalable, long-running, and tolerant to faults. In particular, the recent approaches to distributed software based on (micro-)services where different services are developed independently by disparate teams exacerbate the problem. In fact, services are meant to be composed together and run in open context where unpredictable behaviours can emerge. This makes it necessary to adopt suitable strategies for monitoring the execution and incorporate recovery and adaptation mechanisms so to make distributed programs more flexible and robust. The typical approach that is currently adopted is to embed such mechanisms in the program logic, which makes it hard to extract, compare and debug. We propose an approach that employs formal abstractions for specifying failure recovery and adaptation strategies. Although implementation agnostic, these abstractions would be amenable to algorithmic synthesis of code, monitoring and tests. We consider message-passing programs (a la Erlang, Go, or MPI) that are gaining momentum both in academia and industry. Our research agenda consists of (1) the definition of formal behavioural models encompassing failures, (2) the specification of the relevant properties of adaptation and recovery strategy, (3) the automatic generation of monitoring, recovery, and adaptation logic in target languages of interest.

Programming Languages,Distributed, Parallel, and Cluster Computing,Formal Languages and Automata Theory