Jia Lv,Jing Ying,Minghui Wu,Tao Jiang,Fanwei Zhu

DOI: https://doi.org/10.1109/ssiri.2009.20

2009-01-01

Abstract:The behavior model of traditional temporal logic is closed and symmetrical, while the behavior model of aspect-oriented programs is open and asymmetrical. When the programmer designs the base-code, he is not sure what aspects will be woven to it. It is indirect and difficult to specify and verify the behavior of aspect-oriented programs by using traditional temporal logic. In this paper, we propose a new temporal logic named open temporal logic, which introduced some new path operators and one new temporal operator. Since paths are divided into two kinds: internal parts and external parts, the behavioral model of open temporal logic is open and asymmetrical. Base on open temporal logic and the proof system of traditional rely-guarantee method, a new proof system is given to verify the behavior of aspect-oriented programs.

Zhenjiang Qian,Hao Huang,Fangmin Song

DOI: https://doi.org/10.13232/j.cnki.jnju.2017.03.022

2017-01-01

Abstract:The formal method is a reliable one to ensure the correctness of design and implementation of operating system.The formal design and verification of operating system is still an extremely complex progress.Because of its low-level,it is difficult to validate the correctness of the assembly layer.How to effectively model for assembly codes,and easily validate the correctness of the semantics and effectiveness becomes a hot topic in the field of operating system formalization.In this paper,we present the method of formal verification of design and implementation of operating system on the assembly layer.We construct the kernel hardware abstract model of operating system,and describe the operational semantics of instructions.Based on this abstract model,we define the data objects affecting the system state,and establish the system state domain.With the description of operational semantics of instructions,we describe the transition functions of system states.Meanwhile,we define the constructed kernel hardware abstract model of operating system in Isabelle/HOL theorem prover,and take the self-implemented trusted operating system(VSOS)as the example to validate the correctness of the design and implementation of system on the assembly layer.The result shows that the proposed method is feasible and efficient.

Xiangyu Jin,Bohua Zhan,Shuling Wang,Naijun Zhan

2024-07-12

Abstract:We present a tool called HHLPar for verifying hybrid systems modelled in Hybrid Communicating Sequential Processes (HCSP). HHLPar is built upon a Hybrid Hoare Logic for HCSP, which is able to reason about continuous-time properties of differential equations, as well as communication and parallel composition of parallel HCSP processes with the help of parameterised trace assertions and their synchronization. The logic was formalised and proved to be sound in Isabelle/HOL, which constitutes a trustworthy foundation for the verification conducted by HHLPar. HHLPar implements the Hybrid Hoare Logic in Python and supports automated verification: On one hand, it provides functions for symbolically decomposing HCSP processes, generating specifications for separate sequential processes and then composing them via synchronization to obtain the final specification for the whole parallel HCSP processes; On the other hand, it is integrated with external solvers for handling differential equations and real arithmetic properties. We have conducted experiments on a simplified cruise control system to validate the performance of the tool.

Logic in Computer Science

Ding MA,Ming FU,Lei QIAO,Xin-yu FENG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2019.02.021

2019-01-01

Abstract:Formal specification and verification of data structures are an important part of kernel verification, but there are many difficulties in actual verification work, because the kernel often uses some irregular and complex data structures. This paper proposes a method of decomposing structure and separately describing shapes and memory to specify complex data structures in the kernel. Using this method, we have successfully specified TCB lists of a space operating system and verified the related API code. The specification and verification are done in Coq.

Kaustuv Chaudhuri,Damien Doligez,Leslie Lamport,Stephan Merz

DOI: https://doi.org/10.1007/978-3-642-14203-1_12

2010-11-11

Abstract:TLAPS, the TLA+ proof system, is a platform for the development and mechanical verification of TLA+ proofs written in a declarative style requiring little background beyond elementary mathematics. The language supports hierarchical and non-linear proof construction and verification, and it is independent of any verification tool or strategy. A Proof Manager uses backend verifiers such as theorem provers, proof assistants, SMT solvers, and decision procedures to check TLA+ proofs. This paper documents the first public release of TLAPS, distributed with a BSD-like license. It handles almost all the non-temporal part of TLA+ as well as the temporal reasoning needed to prove standard safety properties, in particular invariance and step simulation, but not liveness properties.

Logic in Computer Science

Youngju Song,Minki Cho,Dongjae Lee,Chung-Kil Hur

DOI: https://doi.org/10.48550/arXiv.2109.02991

2021-09-07

Abstract:Contextual refinement and separation logics are successful verification techniques that are very different in nature. First, the former guarantees behavioral refinement between a concrete program and an abstract program while the latter guarantees safety of a concrete program under certain conditions (expressed in terms of pre and post conditions). Second, the former does not allow any assumption about the context when locally reasoning about a module while the latter allows rich assumptions. In this paper, we present a new verification technique, called abstraction logic (AL), that inherently combines contextual refinement and separation logics such as Iris and VST, thereby taking the advantages of both. Specifically, AL allows us to locally verify a concrete module against an abstract module under separation-logic-style pre and post conditions about external modules. AL are fully formalized in Coq and provides a proof mode that supports a combination of simulation-style reasoning using our own tactics and SL-style reasoning using IPM (Iris Proof Mode). Using the proof mode, we verified various examples to demonstrate reasoning about ownership (based on partial commutative monoids) and purity ($i.e.$, termination with no system call), cyclic and higher-order reasoning about mutual recursion and function pointers, and reusable and gradual verification via intermediate abstractions. Also, the verification results are combined with CompCert, so that we formally establish behavioral refinement from top-level abstract programs, all the way down to their assembly code.

Programming Languages

Igor Konnov,Markus Kuppe,Stephan Merz

DOI: https://doi.org/10.48550/arXiv.2211.07216

2022-11-14

Logic in Computer Science

Abstract:Using an algorithm due to Safra for distributed termination detection as a running example, we present the main tools for verifying specifications written in TLA+. Examining their complementary strengths and weaknesses, we suggest a workflow that supports different types of analysis and that can be adapted to the desired degree of confidence.

Gabriele Cecilia,Alberto Momigliano

DOI: https://doi.org/10.4204/EPTCS.404.1

2024-07-09

Abstract:The "Harmony Lemma", as formulated by Sangiorgi & Walker, establishes the equivalence between the labelled transition semantics and the reduction semantics in the $\pi$-calculus. Despite being a widely known and accepted result for the standard $\pi$-calculus, this assertion has never been rigorously proven, formally or informally. Hence, its validity may not be immediately apparent when considering extensions of the $\pi$-calculus. Contributing to the second challenge of the Concurrent Calculi Formalization Benchmark -- a set of challenges tackling the main issues related to the mechanization of concurrent systems -- we present a formalization of this result for the fragment of the $\pi$-calculus examined in the Benchmark. Our formalization is implemented in Beluga and draws inspiration from the HOAS formalization of the LTS semantics popularized by Honsell et al. In passing, we introduce a couple of useful encoding techniques for handling telescopes and lexicographic induction.

Logic in Computer Science

Katherine Kosaian,Zili Wang,Elizabeth Sloan,Kristin Rozier

2024-10-04

Abstract:Mission-time Linear Temporal Logic (MLTL) is rapidly increasing in popularity as a specification logic, e.g., for runtime verification, model checking, and other formal methods, driving a need for a larger tool base for analysis of this logic. To that end, we formalize formula progression for MLTL in the theorem prover Isabelle/HOL. As groundwork, we first formalize the syntax and semantics for MLTL as well as a verified library of key properties, including useful custom induction rules. We envision this library as being useful for future formalizations involving MLTL and as serving as a reference point for theoretical work using or developing MLTL. We then formalize the algorithm and correctness theorems for formula progression, following the literature. Along the way, we identify and fix several errors and gaps in the source material. A main motivation for our work is tool validation; we ensure the executability of our algorithms by using Isabelle's built-in functionality to generate a code export. This enables both a formal basis for correctly evaluating MLTL formulas and for automatically generating provably correct benchmarks for evaluating tools that reason about MLTL.

Logic in Computer Science

Xinfeng Shu,Zhenhua Duan,Hongwei Du

DOI: https://doi.org/10.1016/j.tcs.2017.09.026

IF: 1.002

2017-01-01

Theoretical Computer Science

Abstract:To specify and verify the concurrent and reactive systems with the theorem proving approach, a complete axiomatization is formalized for first order projection temporal logic (PTL) with both finite and infinite time. To this end, PTL is restricted to a finite domain, and the syntax, semantics as well as the axiomatization of PTL are presented. Further, the techniques of labeled normal form and labeled normal form graph of PTL formulas are introduced respectively, with which a decision procedure for quantifier free PTL (QFPTL) formulas is given. Moreover, a generalized labeled normal form graph is defined and employed to transform a quantified PTL formula into its equivalent QFPTL formula. Finally, a decision procedure for PTL is formalized and the completeness of the axiomatic system is proved based on the decidability of PTL formulas.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Junyi Liu,Bohua Zhan,Shuling Wang,Shenggang Ying,Tao Liu,Yangjia Li,Mingsheng Ying,Naijun Zhan

DOI: https://doi.org/10.1007/978-3-030-25543-5_12

2019-01-01

Abstract:We formalize the theory of quantum Hoare logic (QHL) [TOPLAS 33(6),19], an extension of Hoare logic for reasoning about quantum programs. In particular, we formalize the syntax and semantics of quantum programs in Isabelle/HOL, write down the rules of quantum Hoare logic, and verify the soundness and completeness of the deduction system for partial correctness of quantum programs. As preliminary work, we formalize some necessary mathematical background in linear algebra, and define tensor products of vectors and matrices on quantum variables. As an application, we verify the correctness of Grover's search algorithm. To our best knowledge, this is the first time a Hoare logic for quantum programs is formalized in an interactive theorem prover, and used to verify the correctness of a nontrivial quantum algorithm.

Fengwei Xu,Ming Fu,Xinyu Feng,Xiaoran Zhang,Hui Zhang,Zhaohui Li

DOI: https://doi.org/10.1007/978-3-319-41540-6_4

2016-01-01

Abstract:We propose a practical verification framework for preemptive OS kernels. The framework models the correctness of API implementations in OS kernels as contextual refinement of their abstract specifications. It provides a specification language for defining the high-level abstract model of OS kernels, a program logic for refinement verification of concurrent kernel code with multi-level hardware interrupts, and automated tactics for developing mechanized proofs. The whole framework is developed for a practical subset of the C language. We have successfully applied it to verify key modules of a commercial preemptive OS mu C/OS-II [ 2], including the scheduler, interrupt handlers, message queues, and mutexes etc. We also verify the priority-inversion-freedom (PIF) in mu C/OS-II. All the proofs are mechanized in Coq. To our knowledge, our work is the first to verify the functional correctness of a practical preemptive OS kernel with machine-checkable proofs.

Loizos Hadjiloizou,Frank J. Jiang,Amr Alanwar,Karl H. Johansson

2024-04-04

Abstract:In this paper, we introduce a hybrid zonotope-based approach for formally verifying the behavior of autonomous systems operating under Linear Temporal Logic (LTL) specifications. In particular, we formally verify the LTL formula by constructing temporal logic trees (TLT)s via backward reachability analysis (BRA). In previous works, TLTs are predominantly constructed with either highly general and computationally intensive level set-based BRA or simplistic and computationally efficient polytope-based BRA. In this work, we instead propose the construction of TLTs using hybrid zonotope-based BRA. By using hybrid zonotopes, we show that we are able to formally verify LTL specifications in a computationally efficient manner while still being able to represent complex geometries that are often present when deploying autonomous systems, such as non-convex, disjoint sets. Moreover, we evaluate our approach on a parking example, providing preliminary indications of how hybrid zonotopes facilitate computationally efficient formal verification of LTL specifications in environments that naturally lead to non-convex, disjoint geometries.

Systems and Control,Logic in Computer Science

Adnan Rashid,Umair Siddique,Osman Hasan

DOI: https://doi.org/10.48550/arXiv.1804.07951

2018-04-21

Abstract:Recent developments in autonomous driving, vehicle-to-vehicle communication and smart traffic controllers have provided a hope to realize platoon formation of vehicles. The main benefits of vehicle platooning include improved safety, enhanced highway utility, efficient fuel consumption and reduced highway accidents. One of the central components of reliable and efficient platoon formation is the underlying control strategies, e.g., constant spacing, variable spacing and dynamic headway. In this paper, we provide a generic formalization of platoon control strategies in higher-order logic. In particular, we formally verify the stability constraints of various strategies using the libraries of multivariate calculus and Laplace transform within the sound core of HOL Light proof assistant. We also illustrate the use of verified stability theorems to develop runtime monitors for each controller, which can be used to automatically detect the violation of stability constraints in a runtime execution or a logged trace of the platoon controller. Our proposed formalization has two main advantages: 1) it provides a framework to combine both static (theorem proving) and dynamic (runtime) verification approaches for platoon controllers, and 2) it is inline with the industrial standards, which explicitly recommend the use of formal methods for functional safety, e.g., automotive ISO 26262.

Logic in Computer Science

ZHOU Cong-hua,SUN Bo,LIU Zhi-feng,GE Yun

DOI: https://doi.org/10.3969/j.issn.0372-2112.2012.10.025

2012-01-01

Abstract:In order to overcome the state explosion problem in model checking the probabilistic temporal logic of knowledge,a three-valued Abstraction is proposed.Our work includes three parts:first the three-value semantics of the probabilistic temporal logic of knowledge is defined on the Abstract model,and the initial Abstract model is build according to the equivalence partition of state space,and the preservation of satisfaction under the Abstraction is proved;second the model checking algorithm of the probabilistic temporal logic of knowledge is proposed;third how to refine the Abstraction by the minimal witnesses and counterexamples generated in model checking is shown.Finally,the Abstraction is applied in model checking the Dining Cryptographer protocols.

Lars B. van den Haak,Anton Wijs,Marieke Huisman,Mark van den Brand

2024-01-19

Abstract:The HaliVer tool integrates deductive verification into the popular scheduling language Halide, used for image processing pipelines and array computations. HaliVer uses Vercors, a separation logic-based verifier, to verify the correctness of (1) the Halide algorithms and (2) the optimised parallel code produced by \halide when an optimisation schedule is applied to the algorithm. This allows proving complex, optimised code correct while reducing the effort to provide the required verification annotations. For both approaches, the same specification is used. We evaluated the tool on several optimised programs generated from characteristic Halide algorithms, using all but one of the essential scheduling directives available in Halide. Without annotation effort, Haliver proves memory safety in almost all programs. With annotations Haliver, additionally, proves functional correctness properties. We show that the approach is viable and reduces the manual annotation effort by an order of magnitude.

Logic in Computer Science,Programming Languages

Leifeng He,Guanjun Liu

DOI: https://doi.org/10.1109/TCSS.2022.3164052

2020-12-18

Abstract:Computation Tree Logic of Knowledge (CTLK) can specify many design requirements of privacy and security of multi-agent systems (MAS). In our conference paper, we defined Knowledge-oriented Petri Nets (KPN) to model MAS and proposed Reachability Graphs with Equivalence Relations (RGER) to verify CTLK. In this paper, we use the technique of Ordered Binary Decision Diagrams (OBDD) to encode RGER in order to alleviate the state explosion problem and enhance the verification efficiency. We propose a heuristic method to order those variables in OBDD, which can well improve the time and space performance of producing, encoding and exploring a huge state space. More importantly, our method does not produce and encode any transition or equivalence relation of states when producing and encoding an RGER, and in fact it dynamically produces those transition or equivalence relations that are required in the verification process of CTLK formulas. This policy can save a lot of time and space since the number of transition or equivalence relations of states is much greater than the number of states themselves. We design symbolic model checking algorithms, develop a tool and apply them to two famous examples: Alice-Bob Protocol and Dining Cryptographers Protocol. We compare our tool with MCMAS which is the state-of-the-art model checker of verifying CTLK. The experimental results illustrate the advantages of our model and method. Our tool running in a general PC can totally spend less than 14 hours to verify Dining Cryptographers Protocol with 1200 concurrent cryptographers where there are about $10^{1080}$ states and the two verified CTLK formulas have more than 6000 atomic propositions and more than 3600 operators. These good performances are owed to a combination of the OBDD technique and the structure characteristics of KPN.

Software Engineering

Luwen Huang,Lav R. Varshney,Karen E. Willcox

2024-11-28

Abstract:Verifying the correctness of a digital twin provides a formal guarantee that the digital twin operates as intended. Digital twin verification is challenging due to the presence of uncertainties in the virtual representation, the physical environment, and the bidirectional flow of information between physical and virtual. A further challenge is that a digital twin of a complex system is composed of distributed components. This paper presents a methodology to specify and verify digital twin behavior, translating uncertain processes into a formally verifiable finite state machine. We use the Temporal Logic of Actions (TLA) to create a specification, an implementation abstraction that defines the properties required for correct system behavior. Our approach includes a novel weakening of formal security properties, allowing controlled information leakage while preserving theoretical guarantees. We demonstrate this approach on a digital twin of an unmanned aerial vehicle, verifying synchronization of physical-to-virtual and virtual-to-digital data flows to detect unintended misalignments.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Information Theory,Systems and Control

Muhammad Syifa'ul Mufid,Andrea Micheli,Alessandro Abate,Alessandro Cimatti

2023-08-21

Abstract:Max-Plus Linear (MPL) systems are an algebraic formalism with practical applications in transportation networks, manufacturing and biological systems. In this paper, we investigate the problem of automatically analyzing the properties of MPL, taking into account both structural properties such as transient and cyclicity, and the open problem of user-defined temporal properties. We propose Time-Difference LTL (TDLTL), a logic that encompasses the delays between the discrete time events governed by an MPL system, and characterize the problem of model checking TDLTL over MPL. We first consider a framework based on the verification of infinite-state transition systems, and propose an approach based on an encoding into model checking. Then, we leverage the specific features of MPL systems to devise a highly optimized, combinational approach based on Satisfiability Modulo Theory (SMT). We experimentally evaluate the features of the proposed approaches on a large set of benchmarks. The results show that the proposed approach substantially outperforms the state of the art competitors in expressiveness and effectiveness, and demonstrate the superiority of the combinational approach over the reduction to model checking.

Formal Languages and Automata Theory