Formal Aspects of Computing最新文献

Dynamic programming (DP) is a broadly applicable algorithmic design paradigm for the efficient, exact solution of otherwise intractable, combinatorial problems. However, the design of such algorithms is often presented informally in an ad-hoc manner. It is sometimes difficult to justify the correctness of these DP algorithms. To address this issue, this paper presents a rigorous algebraic formalism for systematically deriving DP algorithms, based on semiring polymorphism. We start with a specification, construct a (brute-force) algorithm to compute the required solution which is self-evidently correct because it exhaustively generates and evaluates all possible solutions meeting the specification. We then derive, primarily through the use of shortcut fusion, an implementation of this algorithm which is both efficient and correct. We also demonstrate how, with the use of semiring lifting, the specification can be augmented with combinatorial constraints and through semiring lifting, show how these constraints can also be fused with the derived algorithm. This paper furthermore demonstrates how existing DP algorithms for a given combinatorial problem can be abstracted from their original context and re-purposed to solve other combinatorial problems.

This approach can be applied to the full scope of combinatorial problems expressible in terms of semirings. This includes, for example: optimization, optimal probability and Viterbi decoding, probabilistic marginalization, logical inference, fuzzy sets, differentiable softmax, and relational and provenance queries. The approach, building on many ideas from the existing literature on constructive algorithmics, exploits generic properties of (semiring) polymorphic functions, tupling and formal sums (lifting), and algebraic simplifications arising from constraint algebras. We demonstrate the effectiveness of this formalism for some example applications arising in signal processing, bioinformatics and reliability engineering. Python software implementing these algorithms can be downloaded from: http://www.maxlittle.net/software/dppolyalg.zip.

Modeling complex system requirements often requires specifying system components in separate models, which can be validated and verified in isolation from each other, and then integrating all components’ behavior in order to validate the operation of the whole system. If models are executable, as for state-based formal specifications, engines to orchestrate the simulation of separate component operational models are extremely useful.

This paper presents an approach for the co-simulation, according to predefined orchestration schemas, of state-based models of separate components of a Discrete Event System. More precisely, we exploit the Abstract State Machine (ASM) formal method as state-based formalism, and we (i) define a set of operators to compose ASMs that communicate with each other through I/O events, and (ii) present an engine to execute the compositional simulation of the ASMs as a whole assembly.

As proof of concepts, we use a set of model examples of Discrete Event Systems of increasing complexity to show the application of our approach and to evaluate its effectiveness in co-simulating models of real systems.

Universality of a concept here means wide conceptual and practical usefulness in mathematics and applications. The function concept owes its universality to simplicity, generality and powerful algebraic properties. Advantages proven in the sciences at large significantly benefit computing science as well. Universality critically depends on the definitional choices. The first half of this paper shows that a “function” in the sense prevalent throughout the sciences, namely, as fully specified by its domain and its values, entails the characteristics that most contribute to universality. This link is clarified by some less well-understood aspects, including the role of function types as partial specifications, the ramifications of having composition defined for any pair of functions, and unification by capturing various notions not commonly seen as functions. Simple but representative examples are given in diverse areas, mostly computing. When a codomain appears at all in basic textbooks, it mostly involves a self-contradicting definition, corrected by the labeled function variant. Either way, it severely reduces universality, especially for composition. Yet, the axiomatization of category theory common in theoretical computing science offers no other choice. The second half explores how waiving one axiom generalizes category theory to include a wider variety of concepts, primarily the conventional function variant. It is also shown how this can be done unobtrusively for typical categorical notions, such as products, coproducts, functors, natural transformations, adjunctions, Galois connections, and auxiliary concepts, illustrated by example definitions and technical comments. Allowing the familiar function variant renders category theory more appealing to a wider group of scientists. A lesson for mathematics in general is Rogaway’s maxim: “Your definitional choices should be justified”!

The relationship between states (status of a system) and modes (capabilities of a system) used to describe system requirements is often poorly defined. The unclear relationship could make systems of interest out of control because of the out of boundaries of the systems caused by the newly added modes. Formally modeling and verifying requirements can clarify the relationship, making the system safer. To this end, an innovative approach to analyzing requirements is proposed. The MoSt language (a Domain Specific Language implemented on the Xtext framework) is firstly designed for requirements modeling and a model validator is realized to check requirements statically. A code generator is then provided to realize the automatic model transformation from the MoSt model to a NuSMV model, laying the foundation for the dynamic checks of requirements through symbolic model checking. Next, a NuSMV runner is designed to connect the NuSMV with the validator to automate the whole dynamic checks. The grammar, the model validator, the code generator, and the NuSMV runner are finally integrated into a publicly available Eclipse-based tool. Two case studies have been employed to illustrate the feasibility of our approach. For each case study, we injected 14 errors. The results show that the static and dynamic checks can successfully detect all the errors.

Class invariants — consistency constraints preserved by every operation on objects of a given type — are fundamental to building, understanding and verifying object-oriented programs. For verification, however, they raise difficulties, which have not yet received a generally accepted solution. The present work introduces a proof rule meant to address these issues and allow verification tools to benefit from invariants.

It clarifies the notion of invariant and identifies the three associated problems: callbacks, furtive access and reference leak. As an example, the 2016 Ethereum DAO bug, in which $50 million were stolen, resulted from a callback invalidating an invariant.

The discussion starts with a simplified model of computation and an associated proof rule, demonstrating its soundness. It then removes one by one the three simplifying assumptions, each removal raising one of the three issues, and leading to a corresponding adaptation to the proof rule. The final version of the rule can tackle tricky examples, including “challenge problems” listed in the literature.

The reliability and safety of complex software systems are provided by extracting safety requirements from regulations and operational environments and later specifying these requirements precisely. At the early stage, these extracted safety requirements are informal. Typically, they cope with non-functional requirements. Analysis of early requirements using traditional methods is inadequate because these methods only focus on the WHAT dimension of requirements engineering but do not address the WHY dimension of requirements engineering. In this article, we are using a goal-oriented modelling method called iStar to confront these issues. To ensure that the software system developed fulfils the requirements specified in the early-phase, it is necessary to integrate early-phase requirements with late-phase requirements. To accomplish this task, in this article, we use Z formal method to integrate early-phase requirements with late-phase requirements. This integration synergistically resolves the above issues. As a case study, we use the CBTC moving block interlocking system to illustrate the synergy of the iStar and Z combination on complex software systems. Finally, we verify the developed formal model against LTL safety properties using the ProZ model checking tool.

The behavior and architecture of large scale discrete state systems found in computer software and hardware can be specified and analyzed using a particular class of primitive recursive functions. This paper begins with an illustration of the utility of the method via a number of small examples and then via longer specification and verification of the ”Paxos” distributed consensus algorithm[26]. The “sequence maps” are then shown to provide an alternative representation of deterministic state machines and algebraic products of state machines.

Distributed and composite systems, parallel and concurrent computation, and real-time behavior can all be specified naturally with these methods - which require neither extensions to the classical state machine model nor any axiomatic methods or other techniques from formal logic or other foundational methods. Compared to state diagrams or tables or the standard set-tuple-transition-maps, sequence maps are more concise and better suited to describing the behavior and compositional architecture of computer systems. Staying strictly within the boundaries of classical deterministic state machines anchors the methods to the algebraic structures of automata and makes the specifications faithful to engineering practice.