Pub Date : 2024-11-17DOI: 10.1016/j.scico.2024.103232
Andy S. Tatman , Hans-Dieter A. Hiep , Stijn de Gouw
This artifact [1] (accompanying our iFM 2023 paper [2]) describes the software we developed that contributed towards our analysis of OpenJDK's BitSet class. This class represents a vector of bits that grows as needed. Our analysis exposed numerous bugs. In our paper, we proposed and compared a number of solutions supported by formal specifications. Full mechanical verification of the BitSet class is not yet possible due to limited support for bitwise operations in KeY and bugs in BitSet. Our artifact contains proofs for a subset of the methods and new proof rules to support bitwise operators.
{"title":"Analysis and formal specification of OpenJDK's BitSet: Proof files","authors":"Andy S. Tatman , Hans-Dieter A. Hiep , Stijn de Gouw","doi":"10.1016/j.scico.2024.103232","DOIUrl":"10.1016/j.scico.2024.103232","url":null,"abstract":"<div><div>This artifact <span><span>[1]</span></span> (accompanying our iFM 2023 paper <span><span>[2]</span></span>) describes the software we developed that contributed towards our analysis of OpenJDK's <span>BitSet</span> class. This class represents a vector of bits that grows as needed. Our analysis exposed numerous bugs. In our paper, we proposed and compared a number of solutions supported by formal specifications. Full mechanical verification of the <span>BitSet</span> class is not yet possible due to limited support for bitwise operations in KeY and bugs in BitSet. Our artifact contains proofs for a subset of the methods and new proof rules to support bitwise operators.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103232"},"PeriodicalIF":1.5,"publicationDate":"2024-11-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142702235","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-16DOI: 10.1016/j.scico.2024.103231
Achim D. Brucker , Idir Ait-Sadoune , Nicolas Méric , Burkhart Wolff
Isabelle/DOF is an ontology framework on top of Isabelle/HOL. It allows for the formal development of ontologies and continuous conformity-checking of integrated documents, including the tracing of typed meta-data of documents. Isabelle/DOF deeply integrates into the Isabelle/HOL ecosystem, allowing to write documents containing (informal) text, executable code, (formal and semiformal) definitions, and proofs. Users of Isabelle/DOF can either use HOL or one of the many formal methods that have been embedded into Isabelle/HOL to express formal parts of their documents.
In this paper, we extend Isabelle/DOF with annotations of -terms, a pervasive data-structure underlying Isabelle to syntactically represent expressions and formulas. We achieve this by using Higher-order Logic (HOL) itself for query-expressions and data-constraints (ontological invariants) executed via code-generation and reflection. Moreover, we add support for parametric ontological classes, thus exploiting HOL's polymorphic type system.
The benefits are: First, the HOL representation allows for flexible and efficient run-time checking of abstract properties of formal content under evolution. Second, it is possible to prove properties over generic ontological classes. We demonstrate these new features by a number of smaller ontologies from various domains and a case study using a substantial ontology for formal system development targeting certification according to CENELEC 50128.
{"title":"Parametric ontologies in formal software engineering","authors":"Achim D. Brucker , Idir Ait-Sadoune , Nicolas Méric , Burkhart Wolff","doi":"10.1016/j.scico.2024.103231","DOIUrl":"10.1016/j.scico.2024.103231","url":null,"abstract":"<div><div>Isabelle/DOF is an ontology framework on top of Isabelle/HOL. It allows for the formal development of ontologies and continuous conformity-checking of integrated documents, including the tracing of typed meta-data of documents. Isabelle/DOF deeply integrates into the Isabelle/HOL ecosystem, allowing to write documents containing (informal) text, executable code, (formal and semiformal) definitions, and proofs. Users of Isabelle/DOF can either use HOL or one of the many formal methods that have been embedded into Isabelle/HOL to express formal parts of their documents.</div><div>In this paper, we extend Isabelle/DOF with annotations of <figure><img></figure>-terms, a pervasive data-structure underlying Isabelle to syntactically represent expressions and formulas. We achieve this by using Higher-order Logic (HOL) itself for query-expressions and data-constraints (ontological invariants) executed via code-generation and reflection. Moreover, we add support for <em>parametric</em> ontological classes, thus exploiting HOL's polymorphic type system.</div><div>The benefits are: First, the HOL representation allows for flexible and efficient run-time checking of abstract properties of formal content under evolution. Second, it is possible to prove properties over generic ontological classes. We demonstrate these new features by a number of smaller ontologies from various domains and a case study using a substantial ontology for formal system development targeting certification according to CENELEC 50128.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103231"},"PeriodicalIF":1.5,"publicationDate":"2024-11-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142702236","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-15DOI: 10.1016/j.scico.2024.103233
Mengwei Xu , Blair Archibald , Michele Sevegnani
We present CAN-Verify, an automated tool for analysing BDI agents written in the Conceptual Agent Notation (Can) language. CAN-Verify includes support for syntactic error detection before agent execution, agent program interpretation (running agents), and model-checking of agent programs (analysing agents). The model checking supports verifying the correctness of agents against both generic agent requirements, such as if a task is accomplished, and user-defined requirements, such as certain beliefs eventually holding. The latter can be expressed in structured natural language, allowing the tool to be used by agent programmers without formal training in the underlying verification techniques.
{"title":"CAN-Verify: Automated analysis for BDI agents","authors":"Mengwei Xu , Blair Archibald , Michele Sevegnani","doi":"10.1016/j.scico.2024.103233","DOIUrl":"10.1016/j.scico.2024.103233","url":null,"abstract":"<div><div>We present <span>CAN-Verify</span>, an automated tool for analysing BDI agents written in the Conceptual Agent Notation (<span>Can</span>) language. <span>CAN-Verify</span> includes support for syntactic error detection before agent execution, agent program interpretation (running agents), and model-checking of agent programs (analysing agents). The model checking supports verifying the correctness of agents against both generic agent requirements, such as if a task is accomplished, and user-defined requirements, such as certain beliefs eventually holding. The latter can be expressed in structured natural language, allowing the tool to be used by agent programmers without formal training in the underlying verification techniques.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103233"},"PeriodicalIF":1.5,"publicationDate":"2024-11-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142702234","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-13DOI: 10.1016/j.scico.2024.103230
Erwan Mahe , Boutheina Bannour , Christophe Gaston , Pascale Le Gall
Runtime Verification (RV) refers to a family of techniques in which system executions are observed and confronted to formal specifications, with the aim of identifying faults. In offline RV, observation and verification are done in two separate and successive steps. In this paper, we define an approach to offline RV of Distributed Systems (DS) against interactions. Interactions are formal models describing communications within a DS. A DS is composed of subsystems deployed on different machines and interacting via message passing to achieve common goals. Therefore, observing executions of a DS entails logging a collection of local execution traces, one for each subsystem, collected on its host machine. We call multi-trace such observational artifacts. A major challenge in analyzing multi-traces is that there are no practical means to synchronize the ends of observations of all the local traces. We address this via an operation called lifeline removal, which we apply on-the-fly to the specification during the verification of a multi-trace once a local trace has been entirely analyzed. This operation removes from the interaction the specification of actions occurring on the subsystem that is no longer observed. This may allow further execution of the specification by removing potential deadlock. We prove the correctness of the resulting RV algorithm and introduce two optimization techniques, which we also prove correct. We implement a Partial Order Reduction (POR) technique by selecting a one-unambiguous action (as a unique first step to a linearization) whose existence is determined via the lifeline removal operator. Additionally, Local Analyses (LOC), i.e., the verification of local traces, can be leveraged during the global multi-trace analysis to prove failure more quickly. Experiments illustrate the application of our RV approach and the benefits of our optimizations.
{"title":"Efficient interaction-based offline runtime verification of distributed systems with lifeline removal","authors":"Erwan Mahe , Boutheina Bannour , Christophe Gaston , Pascale Le Gall","doi":"10.1016/j.scico.2024.103230","DOIUrl":"10.1016/j.scico.2024.103230","url":null,"abstract":"<div><div>Runtime Verification (RV) refers to a family of techniques in which system executions are observed and confronted to formal specifications, with the aim of identifying faults. In offline RV, observation and verification are done in two separate and successive steps. In this paper, we define an approach to offline RV of Distributed Systems (DS) against interactions. Interactions are formal models describing communications within a DS. A DS is composed of subsystems deployed on different machines and interacting via message passing to achieve common goals. Therefore, observing executions of a DS entails logging a collection of local execution traces, one for each subsystem, collected on its host machine. We call <em>multi-trace</em> such observational artifacts. A major challenge in analyzing multi-traces is that there are no practical means to synchronize the ends of observations of all the local traces. We address this via an operation called lifeline removal, which we apply on-the-fly to the specification during the verification of a multi-trace once a local trace has been entirely analyzed. This operation removes from the interaction the specification of actions occurring on the subsystem that is no longer observed. This may allow further execution of the specification by removing potential deadlock. We prove the correctness of the resulting RV algorithm and introduce two optimization techniques, which we also prove correct. We implement a Partial Order Reduction (POR) technique by selecting a one-unambiguous action (as a unique first step to a linearization) whose existence is determined via the lifeline removal operator. Additionally, Local Analyses (LOC), i.e., the verification of local traces, can be leveraged during the global multi-trace analysis to prove failure more quickly. Experiments illustrate the application of our RV approach and the benefits of our optimizations.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103230"},"PeriodicalIF":1.5,"publicationDate":"2024-11-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142702237","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-12DOI: 10.1016/j.scico.2024.103227
Gerhard Schellhorn, Stefan Bodenmüller, Wolfgang Reif
This paper presents a proof technique for proving refinements for general state-based models of concurrent systems that reduces proving forward simulations to thread-local, step-local proof obligations. The approach has been implemented in our theorem prover KIV, which translates imperative programs to a set of transition rules and generates proof obligations accordingly. Instances of this proof technique should also be applicable to systems specified with ASM rules, B events, or Z operations. To exemplify the proof methodology, we demonstrate it with two case studies. The first verifies linearizability of a lock-free implementation of concurrent hash sets by showing that it refines an abstract concurrent system with atomic operations. The second applies the proof technique to the verification of opacity of Transactional Mutex Locks (TML), a Software Transactional Memory algorithm. Compared to the standard approach of proving a forward simulation directly, both case studies show a significant reduction in proof effort.
本文提出了一种证明技术,用于证明基于状态的一般并发系统模型的完善性,该技术将证明前向模拟简化为线程本地、步本地证明义务。这种方法已在我们的定理证明器 KIV 中实现,该定理证明器将命令式程序转换为一组转换规则,并生成相应的证明义务。这种证明技术的实例也应适用于使用 ASM 规则、B 事件或 Z 操作指定的系统。为了举例说明这种证明方法,我们通过两个案例研究进行了演示。第一个案例验证了并发哈希集合无锁实现的线性化,证明它完善了具有原子操作的抽象并发系统。第二个案例将证明技术应用于验证软件事务内存算法事务互锁(TML)的不透明性。与直接证明前向模拟的标准方法相比,这两项案例研究都显示证明工作量大大减少。
{"title":"Verification of forward simulations with thread-local, step-local proof obligations","authors":"Gerhard Schellhorn, Stefan Bodenmüller, Wolfgang Reif","doi":"10.1016/j.scico.2024.103227","DOIUrl":"10.1016/j.scico.2024.103227","url":null,"abstract":"<div><div>This paper presents a proof technique for proving refinements for general state-based models of concurrent systems that reduces proving forward simulations to thread-local, step-local proof obligations. The approach has been implemented in our theorem prover KIV, which translates imperative programs to a set of transition rules and generates proof obligations accordingly. Instances of this proof technique should also be applicable to systems specified with ASM rules, B events, or Z operations. To exemplify the proof methodology, we demonstrate it with two case studies. The first verifies linearizability of a lock-free implementation of concurrent hash sets by showing that it refines an abstract concurrent system with atomic operations. The second applies the proof technique to the verification of opacity of Transactional Mutex Locks (TML), a Software Transactional Memory algorithm. Compared to the standard approach of proving a forward simulation directly, both case studies show a significant reduction in proof effort.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103227"},"PeriodicalIF":1.5,"publicationDate":"2024-11-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142660651","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"OA","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-11-06DOI: 10.1016/j.scico.2024.103228
Zhiqi Chen , Yuzhou Liu , Lei Liu , Huaxiao Liu , Ren Li , Peng Zhang
When comparing similar APIs, developers tend to distinguish them from the aspects of functional details. At the same time, some important non-functional factors (such as performance, usability, and security) may be ignored or noticed after using the API in the project. This may result in unnecessary errors or extra costs. API-related questions are common on Stack Overflow, and they can give a well-rounded picture of the APIs. This provides us with a rich resource for API comparison. However, although many methods are offered for mining Questions and Answers (Q&As) automatically, they often suffer from two main problems: 1) they only focus on the functional information of APIs; 2) they analyze each text in isolation but ignore the correlations among them. In this paper, we propose an approach based on the pre-training model BERT to mine the non-functional information of APIs from Stack Overflow: we first tease out the correlations among questions, answers as well as corresponding reviews, so that one Q&A can be analyzed as a whole; then, an information extraction model is constructed by fine-tuning BERT with three subtasks—entity identification, aspect classification, and sentiment analysis separately, and we use it to mine the texts in Q&As step by step; finally, we summarize and visualize the results in a user-friendly way, so that developers can understand the information intuitively at the beginning of API selection. We evaluate our approach on 4,456 Q&As collected from Stack Overflow. The results show our approach can identify the correlations among reviews with 90.1% precision, and such information can improve the performance of the data mining process. In addition, the survey on maturers and novices indicates the understandability and helpfulness of our method. Moreover, compared with language models, our method can provide more intuitive and brief information for API comparison in non-functional aspects.
在比较类似的应用程序接口时,开发人员往往会从功能细节方面进行区分。同时,在项目中使用 API 后,一些重要的非功能性因素(如性能、可用性和安全性)可能会被忽略或注意到。这可能会导致不必要的错误或额外成本。在 Stack Overflow 上,与 API 相关的问题很常见,这些问题可以让我们对 API 有一个全面的了解。这为我们提供了丰富的 API 比较资源。然而,尽管有很多方法可以自动挖掘问与答(Q&As),但它们往往存在两个主要问题:1)它们只关注 API 的功能信息;2)它们孤立地分析每个文本,却忽略了它们之间的关联性。在本文中,我们提出了一种基于预训练模型 BERT 的方法,从 Stack Overflow 中挖掘 API 的非功能性信息:首先,我们找出问题、答案以及相应评论之间的关联性,从而将一个 Q&A 作为一个整体进行分析;然后,通过对 BERT 进行微调,分别完成实体识别、方面分类和情感分析三个子任务,构建信息提取模型,并利用该模型逐步挖掘 Q&As 中的文本;最后,我们以用户友好的方式对结果进行总结和可视化,以便开发人员在开始选择 API 时就能直观地了解信息。我们对从 Stack Overflow 收集的 4,456 个 Q&As 进行了评估。结果表明,我们的方法能以 90.1% 的精度识别出评论之间的相关性,而这些信息能提高数据挖掘过程的性能。此外,对成熟用户和新用户的调查表明,我们的方法易于理解,而且很有帮助。此外,与语言模型相比,我们的方法能在非功能方面为 API 比较提供更直观、更简短的信息。
{"title":"API comparison based on the non-functional information mined from Stack Overflow","authors":"Zhiqi Chen , Yuzhou Liu , Lei Liu , Huaxiao Liu , Ren Li , Peng Zhang","doi":"10.1016/j.scico.2024.103228","DOIUrl":"10.1016/j.scico.2024.103228","url":null,"abstract":"<div><div>When comparing similar APIs, developers tend to distinguish them from the aspects of functional details. At the same time, some important non-functional factors (such as performance, usability, and security) may be ignored or noticed after using the API in the project. This may result in unnecessary errors or extra costs. API-related questions are common on Stack Overflow, and they can give a well-rounded picture of the APIs. This provides us with a rich resource for API comparison. However, although many methods are offered for mining Questions and Answers (Q&As) automatically, they often suffer from two main problems: 1) they only focus on the functional information of APIs; 2) they analyze each text in isolation but ignore the correlations among them. In this paper, we propose an approach based on the pre-training model BERT to mine the non-functional information of APIs from Stack Overflow: we first tease out the correlations among questions, answers as well as corresponding reviews, so that one Q&A can be analyzed as a whole; then, an information extraction model is constructed by fine-tuning BERT with three subtasks—entity identification, aspect classification, and sentiment analysis separately, and we use it to mine the texts in Q&As step by step; finally, we summarize and visualize the results in a user-friendly way, so that developers can understand the information intuitively at the beginning of API selection. We evaluate our approach on 4,456 Q&As collected from Stack Overflow. The results show our approach can identify the correlations among reviews with 90.1% precision, and such information can improve the performance of the data mining process. In addition, the survey on maturers and novices indicates the understandability and helpfulness of our method. Moreover, compared with language models, our method can provide more intuitive and brief information for API comparison in non-functional aspects.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103228"},"PeriodicalIF":1.5,"publicationDate":"2024-11-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142660650","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-31DOI: 10.1016/j.scico.2024.103226
Jan Vermaelen, Tom Holvoet
As autonomous robotic systems integrate into various domains, ensuring their safe operation becomes increasingly crucial. A key challenge is guaranteeing safe decision making for cyber-physical systems, given the inherent complexity and uncertainty of real-world environments.
Tools like Gwendolen, vGOAL, and Tumato enable the use of formal methods to provide guarantees for correct and safe decision making. This paper concerns Tumato, a formal planning framework that generates complete behavior from a declarative specification. Tumato ensures safety by avoiding unsafe actions and states while achieving robustness by considering nondeterministic outcomes of actions. While formal methods claim to manage complexity, provide safety guarantees, and ensure robustness, empirical evaluation is necessary to validate these claims.
This work presents an empirical study comparing the characteristics of various ad hoc behavior planning implementations (developed by participants with diverse levels of experience in computer science), with implementations using Tumato. We investigate the usability of the different approaches and evaluate i) their effectiveness, ii) the achieved safety (guarantees), iii) their robustness in handling uncertainties, and iv) their adaptability, extensibility, and scalability. To our knowledge, this is the first participant-based empirical study of a formal approach for (safe and robust) autonomous behavior.
Our analysis confirms that while ad hoc methods offer some development flexibility, they lack the rigorous safety guarantees provided by formal methods. The study supports the hypothesis that formal methods, as implemented in Tumato, are effective tools for developing safe autonomous systems, particularly in managing complexity and ensuring robust decision making and planning.
{"title":"An empirical evaluation of a formal approach versus ad hoc implementations in robot behavior planning","authors":"Jan Vermaelen, Tom Holvoet","doi":"10.1016/j.scico.2024.103226","DOIUrl":"10.1016/j.scico.2024.103226","url":null,"abstract":"<div><div>As autonomous robotic systems integrate into various domains, ensuring their safe operation becomes increasingly crucial. A key challenge is guaranteeing safe decision making for cyber-physical systems, given the inherent complexity and uncertainty of real-world environments.</div><div>Tools like Gwendolen, vGOAL, and Tumato enable the use of formal methods to provide guarantees for correct and safe decision making. This paper concerns Tumato, a formal planning framework that generates complete behavior from a declarative specification. Tumato ensures safety by avoiding unsafe actions and states while achieving robustness by considering nondeterministic outcomes of actions. While formal methods claim to manage complexity, provide safety guarantees, and ensure robustness, empirical evaluation is necessary to validate these claims.</div><div>This work presents an empirical study comparing the characteristics of various ad hoc behavior planning implementations (developed by participants with diverse levels of experience in computer science), with implementations using Tumato. We investigate the usability of the different approaches and evaluate i) their effectiveness, ii) the achieved safety (guarantees), iii) their robustness in handling uncertainties, and iv) their adaptability, extensibility, and scalability. To our knowledge, this is the first participant-based empirical study of a formal approach for (safe and robust) autonomous behavior.</div><div>Our analysis confirms that while ad hoc methods offer some development flexibility, they lack the rigorous safety guarantees provided by formal methods. The study supports the hypothesis that formal methods, as implemented in Tumato, are effective tools for developing safe autonomous systems, particularly in managing complexity and ensuring robust decision making and planning.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103226"},"PeriodicalIF":1.5,"publicationDate":"2024-10-31","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142586890","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-10-23DOI: 10.1016/j.scico.2024.103225
Lara Bargmann, Heike Wehrheim
Weak memory models describe the semantics of concurrent programs in modern multicore architectures. As these semantics deviate from the commonly assumed model of sequential consistency, reasoning techniques like Owicki-Gries-style proof calculi need to be adapted to specific memory models. To avoid having to design a new proof calculus for every new memory model, a uniform approach for axiomatic reasoning has recently been proposed. This approach bases reasoning on memory-model independent axioms about thread views and how they are changed by program actions like reads and writes. It allows to prove program correctness based on axioms only. Such proofs are valid for all memory models instantiating the axioms.
In this paper, we study instantiations of the axioms for two memory models, the Partial Store Order (PSO) and the Strong Release Acquire (SRA) model. We see that both models fulfil all but one axiom, a different one though. For PSO, the missing axiom refers to message-passing abilities of memory models; for SRA, the missing axiom refers to the independence of actions on executing threads. We discuss the consequences of these missing axioms and illustrate the reasoning technique on a specific litmus test.
{"title":"View-based axiomatic reasoning for the weak memory models PSO and SRA","authors":"Lara Bargmann, Heike Wehrheim","doi":"10.1016/j.scico.2024.103225","DOIUrl":"10.1016/j.scico.2024.103225","url":null,"abstract":"<div><div>Weak memory models describe the semantics of concurrent programs in modern multicore architectures. As these semantics deviate from the commonly assumed model of sequential consistency, reasoning techniques like Owicki-Gries-style proof calculi need to be adapted to specific memory models. To avoid having to design a new proof calculus for every new memory model, a uniform approach for <em>axiomatic</em> reasoning has recently been proposed. This approach bases reasoning on memory-model independent <em>axioms</em> about thread <em>views</em> and how they are changed by program actions like reads and writes. It allows to prove program correctness based on axioms only. Such proofs are valid for all memory models instantiating the axioms.</div><div>In this paper, we study instantiations of the axioms for two memory models, the <em>Partial Store Order</em> (PSO) and the <em>Strong Release Acquire</em> (SRA) model. We see that both models fulfil all but one axiom, a different one though. For PSO, the missing axiom refers to message-passing abilities of memory models; for SRA, the missing axiom refers to the independence of actions on executing threads. We discuss the consequences of these missing axioms and illustrate the reasoning technique on a specific litmus test.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"240 ","pages":"Article 103225"},"PeriodicalIF":1.5,"publicationDate":"2024-10-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142554783","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
As chip designs become increasingly complex, the potential for errors and defects in circuits inevitably rises, posing significant challenges to chip security and reliability. This study investigates the use of the SAT-based bounded model checking (BMC) for Propositional Projection Temporal Logic (PPTL) to verify Verilog chip designs at the register transfer level (RTL). To this end, we propose an algorithm to implement automated extraction of state transfer relations from AIGER netlist and construction of Kripke structure. Additionally, we employ PPTL with the full regular expressiveness to describe the circuit properties to be verified, especially the periodic repetitive properties. This is not possible with Linear Temporal Logic (LTL) and Computational Tree Logic (CTL). By combining the PPTL properties with finite system paths and transforming them into conjunctive normal forms (CNFs), we utilize an SAT solver for verification. Experimental results demonstrate that our verification tool, SAT-BMC4PPTL, achieves higher verification efficiency and comprehensiveness.
{"title":"Verifying chip designs at RTL level","authors":"Nan Zhang, Zhijie Xu, Zhenhua Duan, Cong Tian, Wu Wang, Chaofeng Yu","doi":"10.1016/j.scico.2024.103224","DOIUrl":"10.1016/j.scico.2024.103224","url":null,"abstract":"<div><div>As chip designs become increasingly complex, the potential for errors and defects in circuits inevitably rises, posing significant challenges to chip security and reliability. This study investigates the use of the SAT-based bounded model checking (BMC) for Propositional Projection Temporal Logic (PPTL) to verify Verilog chip designs at the register transfer level (RTL). To this end, we propose an algorithm to implement automated extraction of state transfer relations from AIGER netlist and construction of Kripke structure. Additionally, we employ PPTL with the full regular expressiveness to describe the circuit properties to be verified, especially the periodic repetitive properties. This is not possible with Linear Temporal Logic (LTL) and Computational Tree Logic (CTL). By combining the PPTL properties with finite system paths and transforming them into conjunctive normal forms (CNFs), we utilize an SAT solver for verification. Experimental results demonstrate that our verification tool, SAT-BMC4PPTL, achieves higher verification efficiency and comprehensiveness.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"240 ","pages":"Article 103224"},"PeriodicalIF":1.5,"publicationDate":"2024-10-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142532656","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In our previous work, we have developed and tested different visualizations that help analyze fork ecosystems. Our goal is to contribute analyses and tools that support developers as well as researchers in obtaining a better understanding of what happens within such ecosystems. In this article, we focus on the tool implementation of our most recent visualizations, which can help users to better understand the relations between and activities within forks. Since fork ecosystems are widely used in practice and well established research subjects, we hope that our tooling constitutes a helpful means for other researchers, too.
{"title":"VisFork: Towards a toolsuite for visualizing fork ecosystems","authors":"Siyue Chen , Loek Cleophas , Sandro Schulze , Jacob Krüger","doi":"10.1016/j.scico.2024.103223","DOIUrl":"10.1016/j.scico.2024.103223","url":null,"abstract":"<div><div>In our previous work, we have developed and tested different visualizations that help analyze fork ecosystems. Our goal is to contribute analyses and tools that support developers as well as researchers in obtaining a better understanding of what happens within such ecosystems. In this article, we focus on the tool implementation of our most recent visualizations, which can help users to better understand the relations between and activities within forks. Since fork ecosystems are widely used in practice and well established research subjects, we hope that our tooling constitutes a helpful means for other researchers, too.</div></div>","PeriodicalId":49561,"journal":{"name":"Science of Computer Programming","volume":"241 ","pages":"Article 103223"},"PeriodicalIF":1.5,"publicationDate":"2024-10-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142592762","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
扫码关注我们
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号