Truth A verification platform for concurrent systems
|
|
- Thomas Patrick Shelton
- 5 years ago
- Views:
Transcription
1 Truth A verification platform for concurrent systems Martin Lange, Martin Leucker, Thomas Noll, Stephan Tobies Abstract. We briefly explain the design and implementation of the newly developed tool Truth which serves as a general platform for the systematic investigation of different specification languages, semantic models, and logics for concurrent systems, supported by enhanced visualisation capabilities. Modularity is achieved by employing the Rewriting Logic approach as a semantic framework for concurrency. In its current version, Truth supports tableau based model checking for the full µ calculus on finite transition systems. The latter are given in terms of CCS processes for which our tool additionally offers interactive visualisation and simulation features. Further extensions of Truth, being in the implementation stage, comprise the support of the trace model of concurrency as well as game base model checking algorithms. 1 Introduction Formal Methods are becoming more and more popular for the specification and verification of industrial critical systems. Several case studies have shown that these techniques can help to find errors during the design process (see Clarke and Wing (1996) for an overview). They are also gaining commercial success, e.g., companies such as Intel, National Semiconductor or Texas Instruments are establishing new departments for formal methods (see for example the job adverts in Concurrency Mailing List). The term Formal Methods usually denotes the application of mathematical methods for specifying and verifying complex hardware and software systems. The formal specification of a system helps to understand the system under development. Furthermore, a common and formal basis for discussing about the system is given. The verification of the specified system is a further step. Its aim is to guarantee the correctness of the functionality. 1 In practice, verification is more important for debugging the design instead of showing that the design is correct. This means that verification usually proceeds in a cycle of finding errors and correcting the specification until no further errors can be detected. Two approaches for the verification of systems can be distinguished: model checking and theorem 1 Note that in this paper we concentrate on the design of a system. We do not consider the problem of assuring that the concrete implementation of a system meets its specification.
2 proving. Several case studies have shown that especially model checking can help to find errors during the design process (Clarke and Wing (1996)). In this paper we focus on model checking. The application of formal methods requires the availability of supporting tools because formal methods are especially adequate for the design of large systems where an ad hoc or conventional software engineering approach is not reasonable. Generally speaking, large systems consist of distributed processes working together concurrently. While the distribution of the processes usually does not involve any conceptual problems, the concurrent behaviour makes the system difficult to understand. Therefore, we put our emphasis on analysing concurrent systems. During the last years several prototypes of model checking tools have been developed, e.g., CWB (Moller (1992)), NCSU-CWB (Cleaveland and Sims (1996)), SPIN (Grégoire et al. (1997)) and the symbolic model checker SMV (McMillan (1992)). Most of the tools are tailored for a specific setting, e.g., CCS with transition system semantics and µ-calculus model checking. In contrast, we are aiming at a modular tool which can easily be adjusted to different specification formalisms, semantic domains, logics and model checking algorithms. In this paper we describe our verification tool Truth and our current activities to extend its functionality. Leucker and Tobies (1998) describes the tool in full detail. In Section 2 we explain the design and the features of Truth. Section 3 discusses a generic approach to incorporate different models for concurrency in a systematic fashion. The idea of game based model checking algorithms and their advantage for verification tools is outlined in Section 4. We conclude with Section 5 by mentioning one of our concrete research issues to achieve a more powerful verification tool, Mazurkiewicz traces. 2 Truth today We have developed Truth, a platform for the verification of concurrent systems (Leucker and Tobies (1998)). It is still in a prototype stadium, yet it is publicly available and can be downloaded 2 for testing. By now the tool s functionality is fairly complete regarding the specification and verification of concurrent systems. They can be specified in CCS, a well known process algebra (Milner (1989)). From the specification a labelled transition system is built. Its desired properties can be expressed using the µ-calculus (Kozen (1983)). The µ-calculus is a powerful logic which allows to describe various safety, liveness, and fairness properties (Emerson (1996)). It semantically subsumes the temporal logics CTL, CTL, and LTL, for which effective translations into the µ-calculus are known (Emerson and Lei (1986)). The tableau-based model checker proposed by Cleaveland (1990) is used to test whether these formulae are satisfied by the transition system. It has fairly 2 see URL
3 good runtime properties and supports the full µ-calculus. Furthermore, it is a local model checking algorithm, i.e., it has the advantage that in many cases not the whole transition system has to be built in order to check a formula (Emerson (1997)). This is helpful especially when developing a specification. We have run several tests to compare our implementation to several existing tools. Some results are shown below. Several formulae were tested over three instances of the alternating bit protocol arranged as a pipeline. Φ 6 lies outside the fragment of the µ-calculus the NCSU concurrency workbench can handle hence we could not test the performance in this case. Truth NCSU CWB Φ s MB s MB s MB Φ s 0.48 MB s MB 0.13 s - Φ s MB s MB s MB Φ s MB s MB s MB Φ s 0.47 MB s MB 0.12 s - Φ 6 out of mem. - n.a. n.a s - Table 1. Runtimes and heap sizes of the model checker An additional feature of Truth is the possibility for interactive, graphical, and process oriented visualisation of CCS processes. While existing tools only allow for a very basic style of simulation, Truth is able to represent processes in a much more sensible and useful manner. The simulation of processes is helpful for understanding the behaviour of a system. Figure 1 shows a screen shot for the simulation of the alternating bit protocol. The systems consists of four processes, Sender, Receiver, and channels K and L, working together in parallel and communicating. The visualisation can be scaled up to handle bigger processes by giving the explicit decomposition into subprocesses. In the game based approach to model checking as presented in Section 4, the invalidity of a formula can be demonstrated by means of an interactive construction of a counterexample. We will reuse the process visualisation component to play and visualise this game between the user and the Truth tool in order to support debugging of error prone specifications. Truth is implemented in Haskell, a general purpose, fully functional programming language (Peterson et al. (1996)). The choice of a declarative language serves a number of purposes. Changes to the system become easier when using a language which lacks side effects. Also many algorithms which are employed in the context of model checking have a very concise functional notation. This makes the implementation easier to understand. We have chosen a modular design that allows easy modifications of the system. Figure 2 gives an overview of the several modules of the system. The modular design makes the implement-
4 Fig.1. A process oriented simulation of the alternating bit protocol ation of Truth a good basis for the further developments which are sketched in this article. It is worth noting that the choice of a functional language for the implementation of a model checking tool does not imply that the resulting tool must be inefficient. Cleaveland and Sims (1996) claims that tools built with such a language can be very efficient. The statement still holds when using a purely functional language. In the implementation of Truth we applied the optimisations proposed in Cleaveland et al. (1995). By using state monads, a programming technique which allows destructive updates even for purely functional languages (Launchbury and Jones (1994)), we managed to get an implementation with as good runtime behaviour as described in Cleaveland et al. (1995). 3 Modularity via Rewriting Logic As stated above, one of the main objectives of the Truth system is the modularity with respect to both specification language and underlying semantic model. With the first point in mind, the Process Algebra Compiler PAC which is described in Cleaveland et al. (1995) has been developed as a tool which, given
5 Specification Language CCS Graphical Simulation Semantic Domain LTS Annotations LTS Data Structure Logic and Model Checking µ-calculus Tableau Model Checker Misc. Analyses Deadlocks Graph. Output Fig. 2. Architecture of Truth the syntax and the operational rules of a process algebra, generates a compiler front end which analyses programs and computes their meaning. However, since the semantics is specified in terms of structural operational rules, the scope of this tool is restricted to (labelled) transition systems. It is possible to add a further degree of freedom by allowing also the semantic domain to be specified. This goal can be achieved by employing the Rewriting Logic approach, proposed in Meseguer (1990), Meseguer (1992) as a unified semantic framework for concurrency. It aims at a separate description of the static and dynamic aspects of a distributed system. More exactly, it distinguishes the laws describing the structure of the states of the system from the rules which specify its possible transitions. The two parts are respectively formalised as an equational theory and as a (conditional) term rewriting system. Both structures operate on states, represented as terms built up from the operators of the specification language under consideration. Since a single transition may comprise several (independent) rewriting steps, concurrent behaviour can explicitly be
6 Grammar Rewriting Logic description of SL Term rewriting rules Equations Compiler System description in SL SL Parser Truth frontend LTS generating functions Labeled transition system Fig.3. Generic implementation of specification languages (SL) using Rewriting Logic modelled. Rewriting Logic has been successfully applied to specify various languages and semantic domains; an overview can be found in Meseguer (1996). As an example, we give a Rewriting Logic specification of CCS. The expositon is inspired by Viry (1994). The description of the process algebra consists of three parts. First, the syntax of the language has to be given in terms of a context free grammar (with typing information); it is omitted here. The second part is a set of rewrite rules defining the operational semantics. In the case of CCS it has the following form: R = { [α.x] α [x] [x] α [x ] [x] [x] α [x ] [x + y] α [x ] l [x l ] [y] [y ] [x y] α [x y] [x y] τ [x y ] [x[p/fix(p, x)]] α [x ] [fix(p, x)] α } [x ] Finally, the description contains a set of equations between process terms, which identify certain states of the respective system. In this way, we reduce the state space of the resulting system as well as the number of rewrite rules. Note that, for example, the symmetric rule for + is not required above since this operator is declared to be commutative in the following equations:
7 E = {x + (y + z) = (x + y) + z, x (y z) = (x y) z, x + y = y + x, x y = y x, x + nil = x, x nil = x, x + x = x, ᾱ = α} In order to integrate this approach in Truth, it is necessary to implement term rewriting modulo an equational theory. Regarding efficiency, it is indispensable to reduce the generally large and complex equational theory to rewriting modulo associativity and commutativity, involving coherence techniques as investigated in Viry (1995) (see also Viry (1996) for an application to the π calculus). This enables us to employ rewriting tools such as ELAN (Borovansky et al. (1996)) or Maude (Clavel et al. (1996)), which builds up directly on Rewriting Logic, for our implementation. It should be noted that the overall structure of a system specified in rewriting logic is that of a transition system. (Though, as stated above, a single transition may represent concurrent activities in different subcomponents.) Hence, we are able to reuse our efficient implementation of (labelled) transition systems even when dealing with true concurrency. Figure 3 gives an overview of the specification language compiler for the Truth system which employs the ideas described above. It takes a specification language description and corresponding rewriting rules as input and generates a frontend for Truth. The frontend consists of a parser for the user s specification and suitable functions for generating a corresponding labelled transition system. The specification language compiler is currently in a beta test stadium and will be part of the next release of the Truth system. 4 Games and interactive simulations Games, as introduced in Stirling (1997), are used to combine a model checking algorithm with an interactive simulation feature. Unlike conventional model checking, which tries to prove the correctness of a formula regarding a given transition system, game based model checking simultaneously tries to disprove and to prove it. Both tasks are performed by two respective players A and B moving pebbles on a combination of the transition system and of the set of subformulae of the µ-calculus formula under consideration. A winning strategy for a player is a set of rules telling him or her what to do in every situation when it is his or her turn. Thus, the question whether the formula is fulfilled is equivalent to the problem of finding a winning strategy for Player B. Hence the core of a game based model checking algorithm is not the game itself. While a game can be played in polynomial time and space the finding of a strategy is harder (at most it belongs to NP co-np). There is still some effort on deciding whether a polynomial algorithm exists.
8 Once a winning strategy for a given formula φ and a transition system K has been found it immediately solves the K = φ problem. If the plain yes/no answer does not satisfy the user it can also be used to generate a simulation environment in which the user interactively plays a graphical game versus the model checker who shows him or her why and where the statement φ is fulfilled or fails. Figure 4 shows a transition system and a snapshot of the a game graph for the formula a b tt expressing that there is a run starting with an a step followed by a b step. Obviously, the current transition system does not allow such a run. The user (Player B) wants to know why and starts the interactive simulation which shows the root of the game graph and asks whether to proceed to the left or to the right branch. Since the user believes that there is no b successor of state s 0 but expects one when moving to state number s 1, he or she chooses the right branch. However, here the game ends since in this state there is no b successor either. Looking at the successors of state s 1, the user recognises that a c step will follow and can correct the system. B looses (s 0, a b tt) B looses a c a s 0 s 1 a c b s 2 (s 0, b tt) (s 1, b tt) Fig.4. A game-based simulation 5 Towards true concurrency As described in Section 2, an interleaving model for concurrency (transition systems) is employed in the system Truth. However, interleaving models have a serious disadvantage, the state space explosion. One attempt is to employ BDDs, a technique for efficient storage of the transition system. Furthermore, the visualisation of an interleaving model is less intuitive for the user because usually one describes the underlying system by defining local parts of the system and their mutual interaction. Hence, one expects this view of the system to be visualised with the help of the tool. In Section 3 we proposed a framework which enables us to implement several specification languages over several semantic domains in an easy way. However, with respect to logics and suitable model checking algorithms, it is not clear how to achieve a similar genericity. As a first step, we want to concentrate on a single semantic model, traces (Diekert and Rozenberg (1995)), and investigate suitable specification languages,
9 several logics, their expressiveness and corresponding model checking algorithms. Due to the specification language compiler and the modularity of Truth, these logics and algorithms can easily be integrated in our verification system. 6 Conclusion In this paper we described the basic design of the Truth verification tool for concurrent systems. In its current version, it offers tableau based model checking for the full µ calculus on finite transition systems, specified as CCS processes. Additionally, it supports interactive visualisation and simulation of CCS processes. The main objective of our approach, distinguishing it from many other systems, is the modularity with respect to the three fundamental parameters for verification tools, the semantic model, the specification language, and the logic. With regard to the first two points, we are developing a compiler based on the Rewriting Logic approach. This tool will enable us to incorporate (and easily modify) specification formalisms together with their associated semantic domains in a systematic fashion, based on an equational characterisation of their algebraic structure and on an operational description of their dynamic behaviour. Existing approaches such as the PAC compiler rely on transition systems only, which are memory consumptive and difficult to visualise. Concerning the logic, it seems to be nontrivial to achieve a similar level of modularity and genericity when dealing with non-interleaving models of parallelism. Although the overall structure of a process specified in rewriting logic is a transition system, it remains open how to catch the internal structure of a transition, which generally comprises several independent rewriting steps, within a temporal logic such as the µ calculus. Finally we briefly discussed the game based approach to model checking which is striking because of its intuitive character, combining model checking and interactive simulation. It will be implemented in a future version of Truth. References P. Borovansky, C. Kirchner, H. Kirchner, P.E. Moreau, and M. Vittek. Elan: A logical framework based on computational systems. In Proc. of the First Int. Workshop on Rewriting Logic, volume 4 of Electronic Notes in Theoretical Computer Science. Elsevier, E. M. Clarke and J. M. Wing. Formal methods: State of the art and future directions. Technical Report CMU-CS , Carnegie Mellon University (CMU), September Manuel Clavel, Steven Eker, Patrick Lincoln, and Jos Meseguer. Principles of Maude. In José Meseguer, editor, Proceedings of the First International Workshop on Rewriting Logic, volume 4 of Electronic Notes in Theoretical Computer Science, pages Elsevier, 1996.
10 R. Cleaveland. Tableau-based model checking in the propositional mu-calculus. Acta Informatica, 27(8): , R. Cleaveland, E. Madelaine, and S. Sims. A front-end generator for verification tools. Lecture Notes in Computer Science, 1019: , R. Cleaveland and S. Sims. The NCSU concurrency workbench. Lecture Notes in Computer Science, 1102: , The concurrency mailing list. /Forschung/MCS/mailing list.html Volker Diekert and Grzegorz Rozenberg, editors. The Book of Traces. World Scientific, Singapore, E. A. Emerson. Automated Temporal Reasoning about Reactive Systems, volume 1043 of Lecture Notes in Computer Science, pages Springer-Verlag Inc., New York, NY, USA, E. A. Emerson. Model checking and the mu-calculus, volume 31 of DIMACS: Series in Discrete Mathematics and Theoretical Computer Science, chapter 6. American Mathematical Society, E.A. Emerson and C.L. Lei. Efficient model checking in fragments of the propositional µ calculus. In Symposion on Logic in Computer Science, pages , Washington, D.C., USA, June IEEE Computer Society Press. Jean-Charles Grégoire, Gerard J. Holzmann, and Doron A. Peled, editors. The Spin Verification System, volume 32 of DIMACS series. American Mathematical Society, ISBN , 203p. Dexter Kozen. Results on the propositional mu-calculus. Theoretical Computer Science, 27: , December J. Launchbury and S. Peyton Jones. Lazy functional state threads. In Programming Languages Design and Implementation, Orlando, ACM Press. Martin Leucker and Stephan Tobies. Truth A Platform for Verification of Distributed Systems. Technical Report 98-05, RWTH Aachen, May K. L. McMillan. The SMV system, symbolic model checking - an approach. Technical Report CMU-CS , Carnegie Mellon University, J. Meseguer. Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science, 96(1):73 155, April José Meseguer. Rewriting as a unified model of concurrency. In Proceedings Concur 90 Conference, Lecture Notes in Computer Science, Volume 458, pages , Amsterdam, August Springer. Also, Report SRI-CSL-90-02R, Computer Science Lab, SRI International. José Meseguer. Rewriting logic as a semantic framework for concurrency: a progress report. In Seventh International Conference on Concurrency Theory (CONCUR 96), volume 1119 of Lecture Notes in Computer Science, pages Springer Verlag, August R. Milner. Communication and Concurrency. International Series in Computer Science. Prentice Hall, F. Moller. The Edinburgh Concurrency Workbench (Version 6.1). Department of Computer Science, University of Edinburgh, October John Peterson, Kevin Hammond, et al. Report on the programming language haskell, a non-strict purely-functional programming language, version 1.3. Technical report, Yale University, May C. Stirling. Games for bisimulation and model checking, June Notes for Mathfit instructional meeting on games and computation, Edinburgh.
11 Patrick Viry. Rewriting: An effective model of concurrency. In Proceedings of PARLE 94 Parallel Architectures and Languages Europe, volume 817 of Lecture Notes in Computer Science, pages Springer-Verlag, Patrick Viry. Rewriting modulo a rewrite system. Technical Report TR-95-20, Dipartimento di Informatica, December Patrick Viry. A rewriting implementation of pi-calculus. Technical Report TR-96-30, Dipartimento di Informatica, March
The Maude LTL Model Checker and Its Implementation
The Maude LTL Model Checker and Its Implementation Steven Eker 1,José Meseguer 2, and Ambarish Sridharanarayanan 2 1 Computer Science Laboratory, SRI International Menlo Park, CA 94025 eker@csl.sri.com
More informationAn Algebraic Framework for Optimizing Parallel Programs
An Algebraic Framework for Optimizing Parallel Programs Ichiro Satoh Department of Information Sciences, Ochanomizu University 2-1-1 Otsuka Bunkyo-ku Tokyo 112, Japan ichiro@is.ocha.ac.jp Abstract This
More informationTIV: A Toolset for Interactive Verification of Basic LOTOS Specifications
TIV: A Toolset for Interactive Verification of Basic LOTOS Specifications Cheoljoo Jeong Kangho Kim Youngchan Kim Yeondae Chung Systems Engineering Research Institute Taejon, 305-333, Korea {cjeong,khkim,yckim,chung}@eagles.seri.re.kr
More informationBehavioural Equivalences and Abstraction Techniques. Natalia Sidorova
Behavioural Equivalences and Abstraction Techniques Natalia Sidorova Part 1: Behavioural Equivalences p. p. The elevator example once more How to compare this elevator model with some other? The cabin
More informationLecture1: Symbolic Model Checking with BDDs. Edmund M. Clarke, Jr. Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213
Lecture: Symbolic Model Checking with BDDs Edmund M Clarke, Jr Computer Science Department Carnegie Mellon University Pittsburgh, PA 523 Temporal Logic Model Checking Specification Language: A propositional
More informationProving the Correctness of Distributed Algorithms using TLA
Proving the Correctness of Distributed Algorithms using TLA Khushboo Kanjani, khush@cs.tamu.edu, Texas A & M University 11 May 2007 Abstract This work is a summary of the Temporal Logic of Actions(TLA)
More information40 Behaviour Compatibility
40 Behaviour Compatibility [2] R. De Nicola, Extentional Equivalences for Transition Systems, Acta Informatica, vol. 24, pp. 21-237, 1987. [3] J. Gray, Notes on Data Base Operating Systems, in Operating
More informationDistributed Systems Programming (F21DS1) Formal Verification
Distributed Systems Programming (F21DS1) Formal Verification Andrew Ireland Department of Computer Science School of Mathematical and Computer Sciences Heriot-Watt University Edinburgh Overview Focus on
More informationRewriting Needs Constraints and Constraints Need Rewriting
Rewriting Needs Constraints and Constraints Need Rewriting José Meseguer Department of Computer Science, UIUC ints 14 November 2008 Motivation Symbolic Computation, Rewriting, and Constraints Rewriting
More informationLeslie Lamport: The Specification Language TLA +
Leslie Lamport: The Specification Language TLA + This is an addendum to a chapter by Stephan Merz in the book Logics of Specification Languages by Dines Bjørner and Martin C. Henson (Springer, 2008). It
More informationFormal Methods in Software Engineering. Lecture 07
Formal Methods in Software Engineering Lecture 07 What is Temporal Logic? Objective: We describe temporal aspects of formal methods to model and specify concurrent systems and verify their correctness
More informationModel Checking VHDL with CV
Model Checking VHDL with CV David Déharbe 1, Subash Shankar 2, and Edmund M. Clarke 2 1 Universidade Federal do Rio Grande do Norte, Natal, Brazil david@dimap.ufrn.br 2 Carnegie Mellon University, Pittsburgh,
More informationSpecification Centered Testing
Specification Centered Testing Mats P. E. Heimdahl University of Minnesota 4-192 EE/CS Building Minneapolis, Minnesota 55455 heimdahl@cs.umn.edu Sanjai Rayadurgam University of Minnesota 4-192 EE/CS Building
More informationCover Page. The handle holds various files of this Leiden University dissertation
Cover Page The handle http://hdl.handle.net/1887/22891 holds various files of this Leiden University dissertation Author: Gouw, Stijn de Title: Combining monitoring with run-time assertion checking Issue
More informationCOMP 763. Eugene Syriani. Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science. McGill University
Eugene Syriani Ph.D. Student in the Modelling, Simulation and Design Lab School of Computer Science McGill University 1 OVERVIEW In the context In Theory: Timed Automata The language: Definitions and Semantics
More informationStatic Safety Analysis of UML Action Semantics for Critical Systems Development
Static Safety Analysis of UML Action Semantics for Critical Systems Development Zsigmond Pap, Dániel Varró Dept. of Measurement and Information Systems Budapest University of Technology and Economics H-1521
More informationExperiences with OWL-S, Directions for Service Composition:
Experiences with OWL-S, Directions for Service Composition: The Cashew Position Barry Norton 1 Knowledge Media Institute, Open University, Milton Keynes, UK b.j.norton@open.ac.uk Abstract. Having used
More informationVerification of Bakery algorithm variants for two processes
Verification of Bakery algorithm variants for two processes David Dedi 1, Robert Meolic 2 1 Nova Vizija d.o.o., Vreerjeva ulica 8, SI-3310 Žalec 2 Faculty of Electrical Engineering and Computer Science,
More informationTo be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 COPYRIGHT 2011 ALCATEL-LUCENT. ALL RIGHTS RESERVED.
To be or not programmable Dimitri Papadimitriou, Bernard Sales Alcatel-Lucent April 2013 Introduction SDN research directions as outlined in IRTF RG outlines i) need for more flexibility and programmability
More informationTutorial on Model Checking Modelling and Verification in Computer Science
Tutorial on Model Checking Modelling and Verification in Computer Science Armin Biere Institute for Formal Models and Verification Johannes Kepler University, Linz, Austria Abstract. This paper serves
More informationThe Model-Checking Kit
The Model-Checking Kit Claus Schröter, Stefan Schwoon and Javier Esparza Laboratory for Foundations of Computer Science, University of Edinburgh, email: {clau0603,schw1201,jav}@dcs.ed.ac.uk Abstract. The
More informationIntroduction to Formal Methods
2008 Spring Software Special Development 1 Introduction to Formal Methods Part I : Formal Specification i JUNBEOM YOO jbyoo@knokuk.ac.kr Reference AS Specifier s Introduction to Formal lmethods Jeannette
More informationModel Checking: Back and Forth Between Hardware and Software
Model Checking: Back and Forth Between Hardware and Software Edmund Clarke 1, Anubhav Gupta 1, Himanshu Jain 1, and Helmut Veith 2 1 School of Computer Science, Carnegie Mellon University {emc, anubhav,
More informationFUNCTIONAL PEARLS The countdown problem
To appear in the Journal of Functional Programming 1 FUNCTIONAL PEARLS The countdown problem GRAHAM HUTTON School of Computer Science and IT University of Nottingham, Nottingham, UK www.cs.nott.ac.uk/
More informationImperative Functional Programming
Imperative Functional Programming Uday S. Reddy Department of Computer Science The University of Illinois at Urbana-Champaign Urbana, Illinois 61801 reddy@cs.uiuc.edu Our intuitive idea of a function is
More informationCourse Modelling of Concurrent Systems Summer Semester 2016 University of Duisburg-Essen
Course Modelling of Concurrent Systems Summer Semester 2016 University of Duisburg-Essen Harsh Beohar LF 265, harsh.beohar@uni-due.de Harsh Beohar Course Modelling of Concurrent Systems 1 Course handler
More informationSymbol Tables Symbol Table: In computer science, a symbol table is a data structure used by a language translator such as a compiler or interpreter, where each identifier in a program's source code is
More informationwhen a process of the form if be then p else q is executed and also when an output action is performed. 1. Unnecessary substitution: Let p = c!25 c?x:
URL: http://www.elsevier.nl/locate/entcs/volume27.html 7 pages Towards Veried Lazy Implementation of Concurrent Value-Passing Languages (Abstract) Anna Ingolfsdottir (annai@cs.auc.dk) BRICS, Dept. of Computer
More information7. Introduction to Denotational Semantics. Oscar Nierstrasz
7. Introduction to Denotational Semantics Oscar Nierstrasz Roadmap > Syntax and Semantics > Semantics of Expressions > Semantics of Assignment > Other Issues References > D. A. Schmidt, Denotational Semantics,
More informationSubstitution in Structural Operational Semantics and value-passing process calculi
Substitution in Structural Operational Semantics and value-passing process calculi Sam Staton Computer Laboratory University of Cambridge Abstract Consider a process calculus that allows agents to communicate
More informationThe GROOVE Simulator: A Tool for State Space Generation
Presented at AGTIVE, September 2003, Charlottesville, Virginia. To appear in Lecture Notes in Computer Science, Springer-Verlag. The GROOVE Simulator: A Tool for State Space Generation Arend Rensink University
More informationManaging test suites for services
Managing test suites for services Kathrin Kaschner Universität Rostock, Institut für Informatik, 18051 Rostock, Germany kathrin.kaschner@uni-rostock.de Abstract. When developing an existing service further,
More informationRule Formats for Nominal Modal Transition Systems
Rule Formats for Nominal Modal Transition Systems Anke Stüber Universitet Uppsala, Uppsala, Sweden anke.stuber@it.uu.se Abstract. Modal transition systems are specification languages that allow the expression
More informationCLAN: A Tool for Contract Analysis and Conflict Discovery
CLAN: A Tool for Contract Analysis and Conflict Discovery Stephen Fenech 1, Gordon J. Pace 1, and Gerardo Schneider 2 1 Dept. of Computer Science, University of Malta, Malta 2 Dept. of Informatics, University
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-18/spa/ Preliminaries Outline of Lecture 1 Preliminaries Introduction
More informationA Novel Approach for Software Property Validation
A Novel Approach for Software Property Validation Salamah Salamah Department of Computer and Software Engineering, Embry-Riddle Aeronautical University, salamahs@erau.edu. Irbis Gallegos, Omar Ochoa Computer
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Seminar Analysis and Verification of Pointer Programs (WS
More informationSystem Correctness. EEC 421/521: Software Engineering. System Correctness. The Problem at Hand. A system is correct when it meets its requirements
System Correctness EEC 421/521: Software Engineering A Whirlwind Intro to Software Model Checking A system is correct when it meets its requirements a design without requirements cannot be right or wrong,
More informationOn the Definition of Sequential Consistency
On the Definition of Sequential Consistency Ali Sezgin Ganesh Gopalakrishnan Abstract The definition of sequential consistency is compared with an intuitive notion of correctness. A relation between what
More informationSérgio Campos, Edmund Clarke
Sérgio Campos, Edmund 1 / 23 Model checking is a technique that relies on building a finite model of a system and checking that a desired property holds in that model. The check is performed by an exhaustive
More informationCourse Modelling of Concurrent Systems Summer Semester 2016 University of Duisburg-Essen
Course Modelling of Concurrent Systems Summer Semester 2016 University of Duisburg-Essen Harsh Beohar LF 265, harsh.beohar@uni-due.de Harsh Beohar Course Modelling of Concurrent Systems 1 Course handler
More informationUSING QBF SOLVERS TO SOLVE GAMES AND PUZZLES. Zhihe Shen. Advisor: Howard Straubing
Boston College Computer Science Senior Thesis USING QBF SOLVERS TO SOLVE GAMES AND PUZZLES Zhihe Shen Advisor: Howard Straubing Abstract There are multiple types of games, such as board games and card
More informationMore on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
More informationwhich a value is evaluated. When parallelising a program, instances of this class need to be produced for all the program's types. The paper commented
A Type-Sensitive Preprocessor For Haskell Noel Winstanley Department of Computer Science University of Glasgow September 4, 1997 Abstract This paper presents a preprocessor which generates code from type
More informationPropositional Logic. Part I
Part I Propositional Logic 1 Classical Logic and the Material Conditional 1.1 Introduction 1.1.1 The first purpose of this chapter is to review classical propositional logic, including semantic tableaux.
More informationComposability Test of BOM based models using Petri Nets
I. Mahmood, R. Ayani, V. Vlassov and F. Moradi 7 Composability Test of BOM based models using Petri Nets Imran Mahmood 1, Rassul Ayani 1, Vladimir Vlassov 1, and Farshad Moradi 2 1 Royal Institute of Technology
More informationRIGOROUSLY AUTOMATING TRANSFORMATIONS OF UML BEHAVIOR MODELS
RIGOROUSLY AUTOMATING TRANSFORMATIONS OF UML BEHAVIOR MODELS Jon Whittle 1, João Araújo 2, Ambrosio Toval 3, and Jose Luis Fernández Alemán 3 1 QSS / NASA Ames Research Center, M/S 269-2, Moffett Field,
More informationLecture 2: Symbolic Model Checking With SAT
Lecture 2: Symbolic Model Checking With SAT Edmund M. Clarke, Jr. School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 (Joint work over several years with: A. Biere, A. Cimatti, Y.
More information3.4 Deduction and Evaluation: Tools Conditional-Equational Logic
3.4 Deduction and Evaluation: Tools 3.4.1 Conditional-Equational Logic The general definition of a formal specification from above was based on the existence of a precisely defined semantics for the syntax
More informationPropositional Calculus: Boolean Algebra and Simplification. CS 270: Mathematical Foundations of Computer Science Jeremy Johnson
Propositional Calculus: Boolean Algebra and Simplification CS 270: Mathematical Foundations of Computer Science Jeremy Johnson Propositional Calculus Topics Motivation: Simplifying Conditional Expressions
More informationScenario Graphs Applied to Security (Summary Paper)
Book Title Book Editors IOS Press, 2003 1 Scenario Graphs Applied to Security (Summary Paper) Jeannette M. Wing Computer Science Department Carnegie Mellon University Pittsburgh, PA 15213 US Abstract.
More informationLiveness and Fairness Properties in Multi-Agent Systems
Liveness and Fairness Properties in Multi-Agent Systems Hans-Dieter Burkhard FB Informatik Humboldt-University Berlin PF 1297, 1086 Berlin, Germany e-mail: hdb@informatik.hu-berlin.de Abstract Problems
More informationFlight Systems are Cyber-Physical Systems
Flight Systems are Cyber-Physical Systems Dr. Christopher Landauer Software Systems Analysis Department The Aerospace Corporation Computer Science Division / Software Engineering Subdivision 08 November
More informationModeling, Testing and Executing Reo Connectors with the. Reo, Eclipse Coordination Tools
Replace this file with prentcsmacro.sty for your meeting, or with entcsmacro.sty for your meeting. Both can be found at the ENTCS Macro Home Page. Modeling, Testing and Executing Reo Connectors with the
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Conceptual Structure of a Compiler Source code x1 := y2
More informationSpecification and Analysis of Real-Time Systems Using Real-Time Maude
Specification and Analysis of Real-Time Systems Using Real-Time Maude Peter Csaba Ölveczky1,2 and José Meseguer 1 1 Department of Computer Science, University of Illinois at Urbana-Champaign 2 Department
More informationWhere is ML type inference headed?
1 Constraint solving meets local shape inference September 2005 2 Types are good A type is a concise description of the behavior of a program fragment. Typechecking provides safety or security guarantees.
More informationThe design of a programming language for provably correct programs: success and failure
The design of a programming language for provably correct programs: success and failure Don Sannella Laboratory for Foundations of Computer Science School of Informatics, University of Edinburgh http://homepages.inf.ed.ac.uk/dts
More informationAlgorithmic Verification. Algorithmic Verification. Model checking. Algorithmic verification. The software crisis (and hardware as well)
Algorithmic Verification The software crisis (and hardware as well) Algorithmic Verification Comp4151 Lecture 1-B Ansgar Fehnker Computer become more powerful (Moore s law) The quality of programs cannot
More informationCompiler Construction
Compiler Construction Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ss-16/cc/ Seminar Analysis and Verification of Pointer Programs (WS
More informationModel Checking. Dragana Cvijanovic
Model Checking Dragana Cvijanovic d.cvijanovic@cs.ucl.ac.uk 1 Introduction Computerised systems pervade more and more our everyday lives. Digital technology is now used to supervise critical functions
More informationNew Results on Simple Stochastic Games
New Results on Simple Stochastic Games Decheng Dai 1 and Rong Ge 2 1 Tsinghua University, ddc02@mails.tsinghua.edu.cn 2 Princeton University, rongge@cs.princeton.edu Abstract. We study the problem of solving
More informationLearning-Based Assume-Guarantee Verification (Tool Paper)
-Based Assume-Guarantee Verification (Tool Paper) Dimitra Giannakopoulou and Corina S. Păsăreanu NASA Ames Research Center, Moffett Field, CA 94035-1000, USA 1 Introduction Despite significant advances
More informationUtilizing Static Analysis for Programmable Logic Controllers
Sébastien Bornot Ralf Huuck Ben Lukoschus Lehrstuhl für Softwaretechnologie Universität Kiel Preußerstraße 1 9, D-24105 Kiel, Germany seb rhu bls @informatik.uni-kiel.de Yassine Lakhnech Verimag Centre
More informationXI International PhD Workshop OWD 2009, October Fuzzy Sets as Metasets
XI International PhD Workshop OWD 2009, 17 20 October 2009 Fuzzy Sets as Metasets Bartłomiej Starosta, Polsko-Japońska WyŜsza Szkoła Technik Komputerowych (24.01.2008, prof. Witold Kosiński, Polsko-Japońska
More informationLeveraging DTrace for runtime verification
Leveraging DTrace for runtime verification Carl Martin Rosenberg June 7th, 2016 Department of Informatics, University of Oslo Context: Runtime verification Desired properties System Every request gets
More informationModel checking Timber program. Paweł Pietrzak
Model checking Timber program Paweł Pietrzak 1 Outline Background on model checking (spam?) The SPIN model checker An exercise in SPIN - model checking Timber Deriving finite models from Timber programs
More informationModelling and Verifying Web Service Orchestration by means of the Concurrency Workbench p.1/19
Modelling and Verifying Web Service Orchestration by means of the Concurrency Workbench Mariya Koshkina / Franck van Breugel IBM, Toronto / York University, Toronto Modelling and Verifying Web Service
More informationModel-checking with the TimeLine formalism
Model-checking with the TimeLine formalism Andrea Zaccara University of Antwerp Andrea.Zaccara@student.uantwerpen.be Abstract A logical model checker can be an effective tool for verification of software
More informationExtracting the Range of cps from Affine Typing
Extracting the Range of cps from Affine Typing Extended Abstract Josh Berdine, Peter W. O Hearn Queen Mary, University of London {berdine, ohearn}@dcs.qmul.ac.uk Hayo Thielecke The University of Birmingham
More informationBinary Decision Diagrams and Symbolic Model Checking
Binary Decision Diagrams and Symbolic Model Checking Randy Bryant Ed Clarke Ken McMillan Allen Emerson CMU CMU Cadence U Texas http://www.cs.cmu.edu/~bryant Binary Decision Diagrams Restricted Form of
More information15-819M: Data, Code, Decisions
15-819M: Data, Code, Decisions 08: First-Order Logic André Platzer aplatzer@cs.cmu.edu Carnegie Mellon University, Pittsburgh, PA André Platzer (CMU) 15-819M/08: Data, Code, Decisions 1 / 40 Outline 1
More informationIntroduction to Linear-Time Temporal Logic. CSE 814 Introduction to LTL
Introduction to Linear-Time Temporal Logic CSE 814 Introduction to LTL 1 Outline Motivation for TL in general Types of properties to be expressed in TL Structures on which LTL formulas are evaluated Syntax
More informationA Functional Graph Library
A Functional Graph Library Christian Doczkal Universität des Saarlandes Abstract. Algorithms on graphs are of great importance, both in teaching and in the implementation of specific problems. Martin Erwig
More informationOn Formal Analysis of OO Languages using. OO Languages and Rewriting Logic: Designing for Performance
On Formal Analysis of OO Languages using Rewriting Logic: Designing for Performance {mhills, grosu}@cs.uiuc.edu Department of Computer Science University of Illinois at Urbana-Champaign 6 June 2007 1 2
More informationFormal Specification of Software Systems
Formal Specification of Software Systems Lecture Notes Winter Term 2001 / 2002 Heinrich Hußmann Technische Universität Dresden Formal Specification of Software Systems Summary: Construction of large software
More informationMarch 2, Homepage:
Action Semantics for an Executable UML Thomas Feng March 2, 2003 Email: thomas@email.com.cn Homepage: http://moncs.cs.mcgill.ca/people/tfeng/ Why are we interested in semantics? Other than syntax, the
More informationResearch Collection. Formal background and algorithms. Other Conference Item. ETH Library. Author(s): Biere, Armin. Publication Date: 2001
Research Collection Other Conference Item Formal background and algorithms Author(s): Biere, Armin Publication Date: 2001 Permanent Link: https://doi.org/10.3929/ethz-a-004239730 Rights / License: In Copyright
More informationFormally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
More informationCLF: A logical framework for concurrent systems
CLF: A logical framework for concurrent systems Thesis Proposal Kevin Watkins Carnegie Mellon University Committee: Frank Pfenning, CMU (Chair) Stephen Brookes, CMU Robert Harper, CMU Gordon Plotkin, University
More informationEmbedding Cryptol in Higher Order Logic
Embedding Cryptol in Higher Order Logic Joe Hurd Computer Laboratory Cambridge University joe.hurd@cl.cam.ac.uk 10 March 2007 Abstract This report surveys existing approaches to embedding Cryptol programs
More informationDesigning a Semantic Ground Truth for Mathematical Formulas
Designing a Semantic Ground Truth for Mathematical Formulas Alan Sexton 1, Volker Sorge 1, and Masakazu Suzuki 2 1 School of Computer Science, University of Birmingham, UK, A.P.Sexton V.Sorge@cs.bham.ac.uk,
More informationWHEN concurrent processes share a resource such as a file
1 Verification of mutual exclusion algorithms with SMV System Nikola Bogunović, Edgar Pek Faculty of Electrical Engineering and Computing Unska 3 Croatia email: nikola.bogunovic@fer.hr, edgar.pek@fer.hr
More informationTransient Analysis Of Stochastic Petri Nets With Interval Decision Diagrams
Transient Analysis Of Stochastic Petri Nets With Interval Decision Diagrams Martin Schwarick ms@informatik.tu-cottbus.de Brandenburg University of Technology Cottbus, Germany Abstract. This paper presents
More informationPromela and SPIN. Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH. Promela and SPIN
Promela and SPIN Mads Dam Dept. Microelectronics and Information Technology Royal Institute of Technology, KTH Promela and SPIN Promela (Protocol Meta Language): Language for modelling discrete, event-driven
More informationSimulink Design Verifier vs. SPIN a Comparative Case Study
Simulink Design Verifier vs. SPIN a Comparative Case Study Florian Leitner and Stefan Leue Department of Computer and Information Science University of Konstanz, Germany {Florian.Leitner,Stefan.Leue}@uni-konstanz.de
More informationRAISE in Perspective
RAISE in Perspective Klaus Havelund NASA s Jet Propulsion Laboratory, Pasadena, USA Klaus.Havelund@jpl.nasa.gov 1 The Contribution of RAISE The RAISE [6] Specification Language, RSL, originated as a development
More informationK and Matching Logic
K and Matching Logic Grigore Rosu University of Illinois at Urbana-Champaign Joint work with the FSL group at UIUC (USA) and the FMSE group at UAIC (Romania) Question could it be that, after 40 years of
More informationTheoretical Computer Science
Theoretical Computer Science 493 (2013) 46 65 Contents lists available at SciVerse ScienceDirect Theoretical Computer Science journal homepage: www.elsevier.com/locate/tcs Connectivity games over dynamic
More informationCONTROLLER DEPENDABILITY ANALYSIS BY PROBABILISTIC MODEL CHECKING. Marta Kwiatkowska, Gethin Norman and David Parker
CONTROLLER DEPENDABILITY ANALYSIS BY PROBABILISTIC MODEL CHECKING Marta Kwiatkowska, Gethin Norman and David Parker School of Computer Science, University of Birmingham, Birmingham, B15 2TT, United Kingdom
More informationISR 2014 Strategies. Hélène KIRCHNER Inria. August Topics, Objectives, Contents. Hélène KIRCHNER Inria ISR 2014 Strategies 1 / 48
ISR 2014 Strategies Hélène KIRCHNER Inria August 2014 Topics, Objectives, Contents Hélène KIRCHNER Inria ISR 2014 Strategies 1 / 48 Computation, Deduction and Strategies Series of workshops since 1997
More informationPractical Case Studies in Teaching Concurrency. A. J. Cowling
Practical Case Studies in Teaching Concurrency A. J. Cowling Department of Computer Science, University of Sheffield, Sheffield, S10 2TN, UK. Telephone: +44 114 222 1823; Fax: +44 114 222 1810; Email:
More informationCentre for Parallel Computing, University of Westminster, London, W1M 8JS
Graphical Construction of Parallel Programs G. R. Ribeiro Justo Centre for Parallel Computing, University of Westminster, London, WM 8JS e-mail: justog@wmin.ac.uk, Abstract Parallel programming is not
More informationConditional Evaluation in Simple Multi-Visit Attribute-Grammar Evaluators
Conditional Evaluation in Simple Multi-Visit Attribute-Grammar Evaluators WUU YANG Department of Computer and Information Science National Chiao-Tung University Hsin-Chu, Taiwan, R.O.C. wuuyang@cis.nctu.edu.tw
More informationRegression Verification - a practical way to verify programs
Regression Verification - a practical way to verify programs Ofer Strichman Benny Godlin Technion, Haifa, Israel. Email: ofers@ie.technion.ac.il bgodlin@cs.technion.ac.il 1 Introduction When considering
More informationPROGRAMMING LANGUAGE PARADIGMS & THE MAIN PRINCIPLES OF OBJECT-ORIENTED PROGRAMMING
PROGRAMMING LANGUAGE PARADIGMS & THE MAIN PRINCIPLES OF OBJECT-ORIENTED PROGRAMMING JAN BARTONÍČEK This paper's goal is to briefly explain the basic theory behind programming languages and their history
More informationA New Model Checking Tool
A New Model Checking Tool LAURA F. CACOVEAN, FLORIN STOICA, DANA SIMIAN Department of Computer Science Lucian Blaga University of Sibiu, Faculty of Sciences Str. Dr. Ion Ratiu 5-7, 550012, Sibiu ROMANIA
More informationControl Flow Analysis with SAT Solvers
Control Flow Analysis with SAT Solvers Steven Lyde, Matthew Might University of Utah, Salt Lake City, Utah, USA Abstract. Control flow analyses statically determine the control flow of programs. This is
More information1 A question of semantics
PART I BACKGROUND 1 A question of semantics The goal of this chapter is to give the reader a glimpse of the applications and problem areas that have motivated and to this day continue to inspire research
More informationFault Detection of Reachability Testing with Game Theoretic Approach
Fault Detection of Reachability Testing with Game Theoretic Approach S. Preetha Dr.M. Punithavalli Research Scholar, Karpagam University, Coimbatore. Director, Sri Ramakrishna Engineering College, Coimbatore.
More information