Pub Date : 2014-05-20DOI: 10.3233/978-1-61499-385-8-77
G. Klein, T. Nipkow
We show how to formalise a small imperative programming language in the theorem prover Isabelle/HOL, how to define its semantics, and how to prove properties about the language, its type systems, and a number of data flow analyses. The emphasis is not on formalising a complex language deeply, but to teach a number of formalisation techniques and proof strategies using simple examples. For this purpose, we cover a basic type system with type safety proof, more complex security type systems, also with soundness proofs, and different kinds of data flow analyses, in particular definite initialisation analysis and constant propagation, again with correctness proofs.
{"title":"Applications of Interactive Proof to Data Flow Analysis and Security","authors":"G. Klein, T. Nipkow","doi":"10.3233/978-1-61499-385-8-77","DOIUrl":"https://doi.org/10.3233/978-1-61499-385-8-77","url":null,"abstract":"We show how to formalise a small imperative programming language in the theorem prover Isabelle/HOL, how to define its semantics, and how to prove properties about the language, its type systems, and a number of data flow analyses. The emphasis is not on formalising a complex language deeply, but to teach a number of formalisation techniques and proof strategies using simple examples. For this purpose, we cover a basic type system with type safety proof, more complex security type systems, also with soundness proofs, and different kinds of data flow analyses, in particular definite initialisation analysis and constant propagation, again with correctness proofs.","PeriodicalId":319733,"journal":{"name":"Software Systems Safety","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2014-05-20","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131609527","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-03-16DOI: 10.3233/978-1-61499-385-8-17
O. Grumberg, Sharon Shoham, Y. Vizel
SAT-based model checking is currently one of the most successful approaches to checking very large systems. In its early days, SAT-based (bounded) model checking was mainly used for bug hunting. The introduction of interpolation and IC3PDR enable efficient complete algorithms that can provide full verification as well. In this paper, we survey several approaches to enhancing SAT-based model checking. They are all based on iteratively computing an overapproximation of the set of reachable system states. They use different mechanisms to achieve scalability and faster convergence. The first one uses interpolation sequence rather than interpolation in order to obtain a more precise over-approximation of the set of reachable states. The other approach integrates lazy abstraction with IC3 in order to achieve scalability. Lazy abstraction, originally developed for software model checking, is a specific type of abstraction that allows hiding different model details at different steps of the verification. We find the IC3 algorithm most suitable for lazy abstraction since its state traversal is performed by means of local reachability checks, each involving only two consecutive sets. A different abstraction can therefore be applied in each of the local checks. The survey focuses on hardware model checking, but the presented ideas can be extended to other systems as well.
{"title":"SAT-based Model Checking: Interpolation, IC3, and Beyond","authors":"O. Grumberg, Sharon Shoham, Y. Vizel","doi":"10.3233/978-1-61499-385-8-17","DOIUrl":"https://doi.org/10.3233/978-1-61499-385-8-17","url":null,"abstract":"SAT-based model checking is currently one of the most successful approaches to checking very large systems. In its early days, SAT-based (bounded) model checking was mainly used for bug hunting. The introduction of interpolation and IC3PDR enable efficient complete algorithms that can provide full verification as well. In this paper, we survey several approaches to enhancing SAT-based model checking. They are all based on iteratively computing an overapproximation of the set of reachable system states. They use different mechanisms to achieve scalability and faster convergence. The first one uses interpolation sequence rather than interpolation in order to obtain a more precise over-approximation of the set of reachable states. The other approach integrates lazy abstraction with IC3 in order to achieve scalability. Lazy abstraction, originally developed for software model checking, is a specific type of abstraction that allows hiding different model details at different steps of the verification. We find the IC3 algorithm most suitable for lazy abstraction since its state traversal is performed by means of local reachability checks, each involving only two consecutive sets. A different abstraction can therefore be applied in each of the local checks. The survey focuses on hardware model checking, but the presented ideas can be extended to other systems as well.","PeriodicalId":319733,"journal":{"name":"Software Systems Safety","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-03-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116872553","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.3233/978-1-61499-385-8-1
Patrice Godefroid
Three-valued models, in which properties of a system are either true, false or unknown, have recently been advocated as a better representation for reactive program abstractions generated by automatic techniques such as predicate abstraction. Indeed, for the same cost, model checking three-valued abstractions, also called may/must abstractions, can be used to both prove and disprove any temporal-logic property, whereas traditional conservative abstractions can only prove universal properties. Also, verification results can be more precise with generalized model checking, which checks whether there exists a concretization of an abstraction satisfying a temporal-logic formula. Generalized model checking generalizes both model checking (when the model is complete) and satisfiability (when everything in the model is unknown), probably the two most studied problems related to temporal logic and verification. This paper presents an introduction to the main ideas behind this framework, namely models for three-valued abstractions, completeness preorders to measure the level of completeness of such models, three-valued temporal logics and generalized model checking. It also discusses algorithms and complexity bounds for three-valued model checking and generalized model-checking for various temporal logics. Finally, it discusses applications to program verification via automatic abstraction.
{"title":"May/Must Abstraction-Based Software Model Checking for Sound Verification and Falsification","authors":"Patrice Godefroid","doi":"10.3233/978-1-61499-385-8-1","DOIUrl":"https://doi.org/10.3233/978-1-61499-385-8-1","url":null,"abstract":"Three-valued models, in which properties of a system are either true, false or unknown, have recently been advocated as a better representation for reactive program abstractions generated by automatic techniques such as predicate abstraction. Indeed, for the same cost, model checking three-valued abstractions, also called may/must abstractions, can be used to both prove and disprove any temporal-logic property, whereas traditional conservative abstractions can only prove universal properties. Also, verification results can be more precise with generalized model checking, which checks whether there exists a concretization of an abstraction satisfying a temporal-logic formula. Generalized model checking generalizes both model checking (when the model is complete) and satisfiability (when everything in the model is unknown), probably the two most studied problems related to temporal logic and verification. This paper presents an introduction to the main ideas behind this framework, namely models for three-valued abstractions, completeness preorders to measure the level of completeness of such models, three-valued temporal logics and generalized model checking. It also discusses algorithms and complexity bounds for three-valued model checking and generalized model-checking for various temporal logics. Finally, it discusses applications to program verification via automatic abstraction.","PeriodicalId":319733,"journal":{"name":"Software Systems Safety","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115573022","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.3233/978-1-61499-385-8-43
Sumit Gulwani, Oleksandr Polozov, Rishabh Singh
Program synthesis is the task of automatically finding a program in the underlying programming language that satisfies the user intent expressed in the form of some specification. Since the inception of AI in the 1950s, this problem has been considered the holy grail of Computer Science. Despite inherent challenges in the problem such as ambiguity of user intent and a typically enormous search space of programs, the field of program synthesis has developed many different techniques that enable program synthesis in different real-life application domains. It is now used successfully in software engineering, biological discovery, computer-aided education, end-user programming, and data cleaning. In the last decade, several applications of synthesis in the field of programming by examples have been deployed in mass-market industrial products. This survey is a general overview of the state-of-the-art approaches to program synthesis, its applications, and subfields. We discuss the general principles common to all modern synthesis approaches such as syntactic bias, oracle-guided inductive search, and optimization techniques. We then present a literature review covering the four most common state-of-the-art techniques in program synthesis: enumerative search, constraint solving, stochastic search, and deduction-based programming by examples. We conclude with a brief list of future horizons for the field.
{"title":"Program Synthesis","authors":"Sumit Gulwani, Oleksandr Polozov, Rishabh Singh","doi":"10.3233/978-1-61499-385-8-43","DOIUrl":"https://doi.org/10.3233/978-1-61499-385-8-43","url":null,"abstract":"Program synthesis is the task of automatically finding a program in the underlying programming language that satisfies the user intent expressed in the form of some specification. Since the inception of AI in the 1950s, this problem has been considered the holy grail of Computer Science. Despite inherent challenges in the problem such as ambiguity of user intent and a typically enormous search space of programs, the field of program synthesis has developed many different techniques that enable program synthesis in different real-life application domains. It is now used successfully in software engineering, biological discovery, computer-aided education, end-user programming, and data cleaning. In the last decade, several applications of synthesis in the field of programming by examples have been deployed in mass-market industrial products. This survey is a general overview of the state-of-the-art approaches to program synthesis, its applications, and subfields. We discuss the general principles common to all modern synthesis approaches such as syntactic bias, oracle-guided inductive search, and optimization techniques. We then present a literature review covering the four most common state-of-the-art techniques in program synthesis: enumerative search, constraint solving, stochastic search, and deduction-based programming by examples. We conclude with a brief list of future horizons for the field.","PeriodicalId":319733,"journal":{"name":"Software Systems Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128466713","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.3233/978-1-61499-385-8-223
Georg Weissenbacher, Pramod Subramanyan, S. Malik
{"title":"Boolean Satisfiability: Solvers and Extensions","authors":"Georg Weissenbacher, Pramod Subramanyan, S. Malik","doi":"10.3233/978-1-61499-385-8-223","DOIUrl":"https://doi.org/10.3233/978-1-61499-385-8-223","url":null,"abstract":"","PeriodicalId":319733,"journal":{"name":"Software Systems Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131338234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.3233/978-1-61499-385-8-165
M. Kwiatkowska, Chris Thachuk
Probabilistic model checking is an automated method for verifying the correctness and performance of probabilistic models. Property specifications are expressed in probabilistic temporal logic, denoting, for example, the probability of a given event, the probability of its occurrence within a given time interval, or expected number of times it has occurred in a time period. This chapter focuses on the application of probabilistic model checking to biological systems modelled as continuous-time Markov chains, illustrating the usefulness of these techniques through relevant case studies performed with the probabilistic model checker PRISM. We begin with an introduction to discrete-time Markov chains and the corresponding model checking algorithms. Then continuous-time Markov chain models are defined, together with the logic CSL (Continuous Stochastic Logic), and an overview of model checking for CSL is given, which proceeds mainly by reduction to discrete-time Markov chains. The techniques are illustrated with examples of biochemical reaction networks, which are verified against quantitative temporal properties. Next a biological case study analysing the Fibroblast Growth Factor (FGF) molecular signalling pathway is summarised, highlighting how probabilistic model checking can assist in scientific discovery. Finally, we consider DNA computation, and specifically the DSD formalism (DNA Strand Displacement), and show how errors can be detected in DNA gate designs, analogous to model checking for digital circuits.
{"title":"Probabilistic Model Checking for Biology","authors":"M. Kwiatkowska, Chris Thachuk","doi":"10.3233/978-1-61499-385-8-165","DOIUrl":"https://doi.org/10.3233/978-1-61499-385-8-165","url":null,"abstract":"Probabilistic model checking is an automated method for verifying the correctness and performance of probabilistic models. Property specifications are expressed in probabilistic temporal logic, denoting, for example, the probability of a given event, the probability of its occurrence within a given time interval, or expected number of times it has occurred in a time period. This chapter focuses on the application of probabilistic model checking to biological systems modelled as continuous-time Markov chains, illustrating the usefulness of these techniques through relevant case studies performed with the probabilistic model checker PRISM. We begin with an introduction to discrete-time Markov chains and the corresponding model checking algorithms. Then continuous-time Markov chain models are defined, together with the logic CSL (Continuous Stochastic Logic), and an overview of model checking for CSL is given, which proceeds mainly by reduction to discrete-time Markov chains. The techniques are illustrated with examples of biochemical reaction networks, which are verified against quantitative temporal properties. Next a biological case study analysing the Fibroblast Growth Factor (FGF) molecular signalling pathway is summarised, highlighting how probabilistic model checking can assist in scientific discovery. Finally, we consider DNA computation, and specifically the DSD formalism (DNA Strand Displacement), and show how errors can be detected in DNA gate designs, analogous to model checking for digital circuits.","PeriodicalId":319733,"journal":{"name":"Software Systems Safety","volume":"48 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125250809","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.3233/978-1-61499-385-8-279
B. V. Delft, Niklas Broberg, David Sands
This tutorial introduces Paragon, a programming language which allows programmers to express, as an integral part of the code, security concerns about the data that is manipulated. The Paragon compiler will only allow a program to be run if it is guaranteed to respect the security policy declared for its data. In this sense Paragon promises that well-typed programs are secure by construction. But what security policies might we want for our data? Access control mechanisms are perhaps one obvious way to control security, and Java (on which Paragon is built) includes APIs to express fine-grained access to security-sensitive resources. But access controls, while useful, are often a poor tool to express the end-to-end security requirements that we actually desire from applications. For example, consider an “app” which sends you special offers from your local florists in advance of the birthdays of your friends. To function the app needs access to at least your calendar (to retrieve birthdays), the network (to retrieve the latest special offers from florists) and your geolocation (to determine which florists are located nearby). But any app with these access permissions can freely send the whole of your calendar or your location to anywhere on the net. What we want is to grant access (since it is necessary) but limit the information flows. In this case we want to limit the information flows from the calendar to the network despite granting access to both. Paragon allows the programmer to express such concerns directly in the program, by labelling data with policies describing where, and under what conditions, the data is permitted to flow. Moreover, the Paragon compiler checks, at compile time, that the intended information flows are never violated. This helps programmers check their own code for information flow errors, and can be used to ensure that third-party code respects the policy of the data to which it is given access.
{"title":"Programming in Paragon","authors":"B. V. Delft, Niklas Broberg, David Sands","doi":"10.3233/978-1-61499-385-8-279","DOIUrl":"https://doi.org/10.3233/978-1-61499-385-8-279","url":null,"abstract":"This tutorial introduces Paragon, a programming language which allows programmers to express, as an integral part of the code, security concerns about the data that is manipulated. The Paragon compiler will only allow a program to be run if it is guaranteed to respect the security policy declared for its data. In this sense Paragon promises that well-typed programs are secure by construction. But what security policies might we want for our data? Access control mechanisms are perhaps one obvious way to control security, and Java (on which Paragon is built) includes APIs to express fine-grained access to security-sensitive resources. But access controls, while useful, are often a poor tool to express the end-to-end security requirements that we actually desire from applications. For example, consider an “app” which sends you special offers from your local florists in advance of the birthdays of your friends. To function the app needs access to at least your calendar (to retrieve birthdays), the network (to retrieve the latest special offers from florists) and your geolocation (to determine which florists are located nearby). But any app with these access permissions can freely send the whole of your calendar or your location to anywhere on the net. What we want is to grant access (since it is necessary) but limit the information flows. In this case we want to limit the information flows from the calendar to the network despite granting access to both. Paragon allows the programmer to express such concerns directly in the program, by labelling data with policies describing where, and under what conditions, the data is permitted to flow. Moreover, the Paragon compiler checks, at compile time, that the intended information flows are never violated. This helps programmers check their own code for information flow errors, and can be used to ensure that third-party code respects the policy of the data to which it is given access.","PeriodicalId":319733,"journal":{"name":"Software Systems Safety","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129957538","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: