Maximiliano Cristiá,Gianfranco Rossi

2024-03-21

Abstract:In this paper we show how prescritive type checking and constraint solving can be combined to increase automation during software verification. We do so by defining a type system and implementing a typechecker for {log} (read `setlog'), a Constraint Logic Programming (CLP) language and satisfiability solver based on set theory. Hence, we proceed as follows: a) a type system for {log} is defined; b) the constraint solver is proved to be safe w.r.t. the type system; c) the implementation of a concrete typechecker is presented; d) the integration of type checking and set constraint solving to increase automation during software verification is discussed; and f) two industrial-strength case studies are presented where this combination is used with very good results. Under consideration in Theory and Practice of Logic Programming (TPLP)

Logic in Computer Science,Programming Languages

Fadil Kallat,Tristan Schäfer,Anna Vasileva

DOI: https://doi.org/10.4204/EPTCS.301.7

2019-08-26

Abstract:We introduce an approach that aims to combine the usage of satisfiability modulo theories (SMT) solvers with the Combinatory Logic Synthesizer (CL)S framework. (CL)S is a tool for the automatic composition of software components from a user-specified repository. The framework yields a tree grammar that contains all composed terms that comply with a target type. Type specifications for (CL)S are based on combinatory logic with intersection types. Our approach translates the tree grammar into SMT functions, which allows the consideration of additional domain-specific constraints. We demonstrate the usefulness of our approach in several experiments.

Logic in Computer Science,Formal Languages and Automata Theory

Shahbaz Ali,Hailong Sun,Yongwang Zhao

DOI: https://doi.org/10.1007/978-3-030-41418-4_18

2020-01-01

Abstract:In the current technological era, the correct functionality and quality of software systems are of prime concern and require practical approaches to improve their reliability. Besides classical testing, formal verification techniques can be employed to enhance the reliability of software systems. In this connection, we propose an approach that combines the strengths of two effective techniques, i.e., Model learning and Model checking for the formal analysis of Java libraries. To evaluate the performance of the proposed approach, we consider the implementation of “Java.util” package as a case study. First, we apply model learning to infer behavior models of Java package and then use model checking to verify that the obtained models satisfy basic properties (safety, functional, and liveness) specified in LTL/CTL languages. Our results of the formal analysis reveal that the learned models of Java package satisfy all the selected properties specified in temporal logic. Moreover, the proposed approach is generic and very promising to analyze any software library/package considered as a black-box.

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.3321/j.issn:1003-9775.2007.03.001

2007-01-01

Abstract:RTL hybrid satisfiability solving methods are classified into two categories: One is based on SMT (satisfiability modulo theories), and the other is based on circuit structure searching. The methods of the former category mainly use logic reasoning, and are widely applied in processor verification because SMT supports the fundamental theories used to express the verification conditions. The methods of the latter category are efficient because they can take full advantage of constraint information in circuits. Representative works and their key strategies are introduced for each category. Research progress of RTL hybrid satisfiability solving for our formal verification research group is also introduced.

Jonas Fritzsch,Tobias Schmid,Stefan Wagner

DOI: https://doi.org/10.1109/ICST49551.2021.00049

2020-11-20

Abstract:In the age of autonomously driving vehicles, functionality and complexity of embedded systems are increasing tremendously. Safety aspects become more important and require such systems to operate with the highest possible level of fault tolerance. Simulation and systematic testing techniques have reached their limits in this regard. Here, formal verification as a long established technique can be an appropriate complement. However, the necessary preparatory work like adequately modeling a system and specifying properties in temporal logic are anything but trivial. In this paper, we report on our experiences applying model checking to verify the arbitration logic of a Vehicle Control System. We balance pros and cons of different model checking techniques and tools, and reason about our choice of the symbolic model checker NuSMV. We describe the process of modeling the architecture, resulting in ~1500 LOC, 69 state variables and 38 LTL constraints. To handle this large-scale model, we automate and optimize the model checking procedure for use on multi-core CPUs and employ Bounded Model Checking to avoid the state explosion problem. We share our lessons learned and provide valuable insights for architects, developers, and test engineers involved in this highly present topic.

Software Engineering,Hardware Architecture,Systems and Control

Francesco Mazzoli,Andreas Abel

DOI: https://doi.org/10.48550/arXiv.1609.09709

2016-09-30

Abstract:In this paper we describe how to leverage higher-order unification to type check a dependently typed language with meta-variables. The literature usually presents the unification algorithm as a standalone component, however the need to check definitional equality of terms while type checking gives rise to a tight interplay between type checking and unification. This interplay is a major source of complexity in the type-checking algorithm for existing dependently typed programming languages. We propose an algorithm that encodes a type-checking problem entirely in the form of unification constraints, reducing the complexity of the type-checking code by taking advantage of higher order unification, which is already part of the implementation of many dependently typed languages.

Programming Languages

Weiwei Zheng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.3321/j.issn:1003-9775.2006.04.012

2006-01-01

Abstract:A RTL SAT solver is built which uses linear programming (LP) as the basic tool, and is applied to the property checking of RTL circuits. After researching further the method to model RTL elements in LP constraints, a general method to model RTL circuits is got. By transforming RTL properties to virtual RTL circuits, the RTL property verification can be realized. By conducting experiments and comparing the results with that produced by NuSMV, a model checking tool which uses zchaff Boolean solver, it demonstrate the superiority in memory and time consumption of RTL solver based property checking approach.

Adam Naumowicz

DOI: https://doi.org/10.1007/s10817-015-9332-6

2015-06-16

Journal of Automated Reasoning

Abstract:In this paper we present the results of an experiment with employing an external SAT solver to strengthen the notion of obviousness of the Mizar proof checker. The presented extension of the Mizar system is based on a version of MiniSAT, called Logic2CNF. The SAT-enhanced Mizar checker is programmed to automatically spawn a new Logic2CNF process whenever it needs to justify any goal that can be solved by reducing it into a corresponding propositional satisfiability problem (equalities based on Boolean operations or set inclusion). The external tool is interfaced within the implementation of Mizar’s requirements directives.

computer science, artificial intelligence

Zhou Conghua,Chen Zhenyu,Ju Shiguang

2008-01-01

Journal of Computer Research and Development

Abstract:For concurrent software systems, linear temporal logic SE-LTL is a specification language with high expressive power and the ability to reason about both states and events. Until now, the SE-LTL model checking algorithm is still explicit, and the state explosion is the primary verification difficulty. A bounded model checking procedure is introduced for SE-LTL which reduces model checking to propositional satisfiability. This new technique avoids the space blow up of BDDs, and sometimes speeds up the verification. For SE-LTL-X the procedure and stuttering equivalent technique is further integrated. The experiment result shows that the integration can reduce the verification time very much.

Xinyu Feng,Zhong Shao,Yu Guo,Yuan Dong

DOI: https://doi.org/10.1007/978-3-540-87873-5_8

2008-01-01

Abstract:A major challenge for verifying completesoftware systems is their complexity. A complete software system consists of program modules that use many language features and span different abstraction levels (e.g. user code and run-time system code). It is extremely difficult to use one verification system (e.g. type system or Hoare-style program logic) to support all these features and abstraction levels. In our previous work, we have developed a new methodology to solve this problem. We apply specialized "domain-specific" verification systems to verify individual program modules and then link the modules in a foundational open logical framework to compose the verified complete software package. In this paper, we show how this new methodology is applied to verify a software package containing implementations of preemptive threads and a set of synchronization primitives. Our experience shows that domain-specific verification systems can greatly simplify the verification process of low-level software, and new techniques for combining domain-specific and foundational logics are critical for the successful verification of complete software systems.

Zhe Zhou,Qianchuan Ye,Benjamin Delaware,Suresh Jagannathan

DOI: https://doi.org/10.1145/3656433

2024-09-27

Abstract:Functional programs typically interact with stateful libraries that hide state behind typed abstractions. One particularly important class of applications are data structure implementations that rely on such libraries to provide a level of efficiency and scalability that may be otherwise difficult to achieve. However, because the specifications of the methods provided by these libraries are necessarily general and rarely specialized to the needs of any specific client, any required application-level invariants must often be expressed in terms of additional constraints on the (often) opaque state maintained by the library. In this paper, we consider the specification and verification of such representation invariants using symbolic finite automata (SFA). We show that SFAs can be used to succinctly and precisely capture fine-grained temporal and data-dependent histories of interactions between functional clients and stateful libraries. To facilitate modular and compositional reasoning, we integrate SFAs into a refinement type system to qualify stateful computations resulting from such interactions. The particular instantiation we consider, Hoare Automata Types (HATs), allows us to both specify and automatically type-check the representation invariants of a datatype, even when its implementation depends on stateful library methods that operate over hidden state. We also develop a new bidirectional type checking algorithm that implements an efficient subtyping inclusion check over HATs, enabling their translation into a form amenable for SMT-based automated verification. We present extensive experimental results on an implementation of this algorithm that demonstrates the feasibility of type-checking complex and sophisticated HAT-specified OCaml data structure implementations.

Programming Languages

Alexei Iliasov,Dominic Taylor,Linas Laibinis,Alexander Romanovsky

DOI: https://doi.org/10.48550/arXiv.2108.10091

2021-08-23

Software Engineering

Abstract:The increasing complexity of modern interlocking poses a major challenge to ensuring railway safety. This calls for application of formal methods forassurance and verification of their safety. We have developed an industry-strength toolset, called SafeCap, for formal verification of interlockings. Our aim was to overcome the main barriers in deploying formal methods in industry. The approach proposed verifies interlocking data developed by signalling engineers in the ways they are designed by industry. It ensures fully-automated verification of safety properties using the state of the art techniques (automated theorem provers and solvers), and provides diagnostics in terms of the notations used by engineers. In the last two years SafeCap has been successfully used to verify 26 real-world mainline interlockings, developed by different suppliers and design offices. SafeCap is currently used in an advisory capacity, supplementing manual checking and testing processes by providing an additional level of verification and enabling earlier identification of errors. We are now developing a safety case to support its use as an alternative to some of these activities.

Dennis Peuter,Philipp Marohn,Viorica Sofronie-Stokkermans

2023-10-27

Abstract:We present an approach to the verification of systems for whose description some elements - constants or functions - are underspecified and can be regarded as parameters, and, in particular, describe a method for automatically generating constraints on such parameters under which certain safety conditions are guaranteed to hold. We present an implementation and illustrate its use on several examples.

Logic in Computer Science

Salwa Tabet Gonzalez,Predrag Janičić,Julien Narboux

DOI: https://doi.org/10.4204/EPTCS.398.6

2024-01-22

Abstract:Conjecturing and theorem proving are activities at the center of mathematical practice and are difficult to separate. In this paper, we propose a framework for completing incomplete conjectures and incomplete proofs. The framework can turn a conjecture with missing assumptions and with an under-specified goal into a proper theorem. Also, the proposed framework can help in completing a proof sketch into a human-readable and machine-checkable proof. Our approach is focused on synthetic geometry, and uses coherent logic and constraint solving. The proposed approach is uniform for all three kinds of tasks, flexible and, to our knowledge, unique such approach.

Artificial Intelligence,Logic in Computer Science

Van Chan Ngo,Mario Dehesa-Azuara,Matthew Fredrikson,Jan Hoffmann

DOI: https://doi.org/10.48550/arXiv.1801.01896

2018-01-06

Abstract:We propose a novel type system for verifying that programs correctly implement constant-resource behavior. Our type system extends recent work on automatic amortized resource analysis (AARA), a set of techniques that automatically derive provable upper bounds on the resource consumption of programs. We devise new techniques that build on the potential method to achieve compositionality, precision, and automation. A strict global requirement that a program always maintains constant resource usage is too restrictive for most practical applications. It is sufficient to require that the program's resource behavior remain constant with respect to an attacker who is only allowed to observe part of the program's state and behavior. To account for this, our type system incorporates information flow tracking into its resource analysis. This allows our system to certify programs that need to violate the constant-time requirement in certain cases, as long as doing so does not leak confidential information to attackers. We formalize this guarantee by defining a new notion of resource-aware noninterference, and prove that our system enforces it. Finally, we show how our type inference algorithm can be used to synthesize a constant-time implementation from one that cannot be verified as secure, effectively repairing insecure programs automatically. We also show how a second novel AARA system that computes lower bounds on resource usage can be used to derive quantitative bounds on the amount of information that a program leaks through its resource use. We implemented each of these systems in Resource Aware ML, and show that it can be applied to verify constant-time behavior in a number of applications including encryption and decryption routines, database queries, and other resource-aware functionality.

Programming Languages

Sol Swords,Jared Davis

DOI: https://doi.org/10.4204/EPTCS.192.2

2015-09-21

Abstract:When using existing ACL2 datatype frameworks, many theorems require type hypotheses. These hypotheses slow down the theorem prover, are tedious to write, and are easy to forget. We describe a principled approach to types that provides strong type safety and execution efficiency while avoiding type hypotheses, and we present a library that automates this approach. Using this approach, types help you catch programming errors and then get out of the way of theorem proving.

Logic in Computer Science,Programming Languages

Carlos Ansótegui,Felip Manyà,Jesus Ojeda,Josep M. Salvia,Eduard Torres

DOI: https://doi.org/10.48550/arXiv.2105.12552

2021-05-26

Abstract:We present a Satisfiability (SAT)-based approach for building Mixed Covering Arrays with Constraints of minimum length, referred to as the Covering Array Number problem. This problem is central in Combinatorial Testing for the detection of system failures. In particular, we show how to apply Maximum Satisfiability (MaxSAT) technology by describing efficient encodings for different classes of complete and incomplete MaxSAT solvers to compute optimal and suboptimal solutions, respectively. Similarly, we show how to solve through MaxSAT technology a closely related problem, the Tuple Number problem, which we extend to incorporate constraints. For this problem, we additionally provide a new MaxSAT-based incomplete algorithm. The extensive experimental evaluation we carry out on the available Mixed Covering Arrays with Constraints benchmarks and the comparison with state-of-the-art tools confirm the good performance of our approaches.

Artificial Intelligence

Marco Cadoli,Toni Mancini

DOI: https://doi.org/10.1017/S1471068406002857

2006-01-11

Abstract:The goal of this paper is to provide a strong integration between constraint modelling and relational DBMSs. To this end we propose extensions of standard query languages such as relational algebra and SQL, by adding constraint modelling capabilities to them. In particular, we propose non-deterministic extensions of both languages, which are specially suited for combinatorial problems. Non-determinism is introduced by means of a guessing operator, which declares a set of relations to have an arbitrary extension. This new operator results in languages with higher expressive power, able to express all problems in the complexity class NP. Some syntactical restrictions which make data complexity polynomial are shown. The effectiveness of both extensions is demonstrated by means of several examples. The current implementation, written in Java using local search techniques, is described. To appear in Theory and Practice of Logic Programming (TPLP)

Artificial Intelligence,Logic in Computer Science

Tao Zhihong,Chen Zhenyu,Chen Zhong,Wang Lifu

IF: 1.019

2007-01-01

Chinese Journal of Electronics

Abstract:The success of combining local and global model checking is utilization of on-the-fly process and compactness of symbolic representation. In this paper, a new paradigm of on-the-fly model checking for CTL is presented. A 3-valued logic is introduced to produce a form of abstract interpretations. A novel feature of our approach is the combination of explicit and symbolic representation. In the early stage, explicit representation is implemented for quick verification. It could be switched to symbolic model checking smoothly for sheering state space explosion. The fixpoint semantics and reduction of 3-valued logic ensure such transplant is seamless. The experimental results demonstrate the feasibility and effectiveness of our approach.

Yuting Chen,Shaoying Liu,W. Eric Wong

DOI: https://doi.org/10.1109/BMEI.2008.332

2008-01-01

Abstract:The application of specification-based program verification techniques (e.g., black-box testing, formal proof) faces strong challenges in practice when the gap between the structure of a specification and that of its program is large. This paper describes a method combining program review and testing to address these challenges. The essential idea of the combination is first to use a view-based program review approach to maintain consistency between the specification structure and the program structure, and then to use a view-based testing approach to dynamically check whether the program satisfies the functional requirements defined in the specification. Views are used to serve as the basis for reviewing structural consistency and for testing functional consistency.