Results 1  10
of
14
On the integration of security type systems into program logics
 Proc. Trustworthy Global Computing
, 2007
"... Abstract. Type systems and program logics are often conceived to be at opposing ends of the spectrum of formal software analyses. In this paper we show that a flowsensitive type system ensuring noninterference in a simple while language can be expressed through specialised rules of a program logic ..."
Abstract

Cited by 8 (2 self)
 Add to MetaCart
Abstract. Type systems and program logics are often conceived to be at opposing ends of the spectrum of formal software analyses. In this paper we show that a flowsensitive type system ensuring noninterference in a simple while language can be expressed through specialised rules of a program logic. In our framework, the structure of noninterference proofs resembles the corresponding derivations in a recent security type system, meaning that the algorithmic version of the type system can be used as a proof procedure for the logic. We argue that this is important for obtaining uniform proof certificates in a proofcarrying code framework. We discuss in which cases the interleaving of approximative and precise reasoning allows us to deal with delimited information release. Finally, we present ideas on how our results can be extended to encompass features of realistic programming languages like Java. 1
A COMPLETE AXIOMATIZATION OF QUANTIFIED DIFFERENTIAL DYNAMIC LOGIC FOR DISTRIBUTED HYBRID SYSTEMS
"... Abstract. We address a fundamental mismatch between the combinations of dynamics that occur in cyberphysical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic distributed networks, where n ..."
Abstract

Cited by 7 (7 self)
 Add to MetaCart
Abstract. We address a fundamental mismatch between the combinations of dynamics that occur in cyberphysical systems and the limited kinds of dynamics supported in analysis. Modern applications combine communication, computation, and control. They may even form dynamic distributed networks, where neither structure nor dimension stay the same while the system follows hybrid dynamics, i.e., mixed discrete and continuous dynamics. We provide the logical foundations for closing this analytic gap. We develop a formal model for distributed hybrid systems. It combines quantified differential equations with quantified assignments and dynamic dimensionalitychanges. We introduce a dynamic logic for verifying distributed hybrid systems and present a proof calculus for this logic. This is the first formal verification approach for distributed hybrid systems. We prove that our calculus is a sound and complete axiomatization of the behavior of distributed hybrid systems relative to quantified differential equations. In our calculus we have proven collision freedom in distributed car control even when an unbounded number of new cars may appear dynamically on the road. 1.
Inferring Invariants by Symbolic Execution
"... Abstract. In this paper we propose a method for inferring invariants for loops in Java programs. An example of a simple while loop is used throughout the paper to explain our approach. The method is based on a combination of symbolic execution and computing fixed points via predicate abstraction. It ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. In this paper we propose a method for inferring invariants for loops in Java programs. An example of a simple while loop is used throughout the paper to explain our approach. The method is based on a combination of symbolic execution and computing fixed points via predicate abstraction. It reuses the axiomatisation of the Java semantics of the KeY system. The method has been implemented within the KeY system which allows to infer invariants and perform verification within the same environment. We present in detail the results of a nontrivial example. 1
Automating verification of loops by parallelization
 Proc. Intl. Conf. on Logic for Programming Artificial Intelligence and Reasoning, Phnom Penh, Cambodia, volume 4246 of LNCS
, 2006
"... Abstract. Loops are a major bottleneck in formal software verification, because they generally require user interaction: typically, induction hypotheses or invariants must be found or modified by hand. This involves expert knowledge of the underlying calculus and proof engine. We show that one can r ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Abstract. Loops are a major bottleneck in formal software verification, because they generally require user interaction: typically, induction hypotheses or invariants must be found or modified by hand. This involves expert knowledge of the underlying calculus and proof engine. We show that one can replace interactive proof techniques, such as induction, with automated firstorder reasoning in order to deal with parallelizable loops, where a loop can be parallelized whenever it avoids dependence of the loop iterations from each other. We develop a dependence analysis that ensures parallelizability. It guarantees soundness of a proof rule that transforms a loop into a universally quantified update of the state change information represented by the loop body. This makes it possible to use automatic first order reasoning techniques to deal with loops. The method has been implemented in the KeY verification tool. We evaluated it with representative case studies from the JAVA CARD domain. 1
Verificationbased Test Case Generation for Full Feasible Branch Coverage
"... The goal of this work is to improve the testing of programs that contain loops and complex methods. We achieve this goal with verificationbased testing, which is a technique that can generate test cases not only from source code but also from loop invariants and method specifications provided by th ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
The goal of this work is to improve the testing of programs that contain loops and complex methods. We achieve this goal with verificationbased testing, which is a technique that can generate test cases not only from source code but also from loop invariants and method specifications provided by the user. These test cases ensure the execution of interesting program paths that are likely to be missed by existing testing techniques that are based on symbolic program execution. These techniques would require an exhaustive inspection of all execution paths, which is hard to achieve in presence of complex methods and impossible if loops are involved. Verificationbased testing takes a different approach. and in order to execute C() it has to be executed exactly 20 times. In similar programs these numbers could be much larger or be the result of complex expressions requiring an exhaustive inspection of all paths in order to find the case where the branch conditions are satisfied. The situation is similar in listing 2 where an exhaustive inspection of D() may be required in order to find a path such that after the execution of D() the branch condition i. = 20 holds. Since exhaustive symbolic execution is not possible existing testing techniques are likely to miss these cases because they have a bound on the amount of inspected execution paths. For loops and recursive methods the typical approach is to symbolically execute the first k loop iterations or recursion steps, called kbounded unwinding, where k is a limiting constant. 1.
Static analysis and deductive verification of programs. Licentiate thesis
, 2006
"... This thesis is concerned with analysis of programs. Analysis of programs can be divided into two camps: static analysis and formal verification. Static program analyses compute a result and terminate for all programs. Since virtually all interesting semantic properties are undecidable, a static prog ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
This thesis is concerned with analysis of programs. Analysis of programs can be divided into two camps: static analysis and formal verification. Static program analyses compute a result and terminate for all programs. Since virtually all interesting semantic properties are undecidable, a static program analysis needs to be approximative to ensure termination. When designing such an analysis it can be hard to know which features that have the largest impact on the precision and should be added. This is the subject of the first paper in this thesis in which we investigate the impact a number of features have on the precision of usage analysis. Formal verification often refers to deductive verification based on logic and theorem proving. When verifying a property, the program and the property are both translated into logical formulas and a theorem prover is used to show that the property holds for the program. Formal verification is a much more precise and general purpose technique than static analysis. This does, however,
Specification Predicates with Explicit Dependency Information
"... Abstract. Specifications of programs use auxiliary symbols to encapsulate concepts for a variety of reasons: readability, reusability, structuring and, in particular, for writing recursive definitions. The definition of these symbols often depends implicitly on the value of other locations such as f ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Specifications of programs use auxiliary symbols to encapsulate concepts for a variety of reasons: readability, reusability, structuring and, in particular, for writing recursive definitions. The definition of these symbols often depends implicitly on the value of other locations such as fields that are not stated explicitly as arguments. These hidden dependencies make the verification process substantially more difficult. In this paper we develop a framework that makes dependency on locations explicit. This allows to define general simplification rules that avoid unfolding of predicate definitions in many cases. A number of nontrivial case studies show the usefulness of the concept. 1
Satisfiability Solving and Model Generation for Quantified Firstorder Logic Formulas
"... Abstract. The generation of models, i.e. interpretations, that satisfy firstorder logic (FOL) formulas is an important problem in different application domains, such as, e.g., formal software verification, testing, and artificial intelligence. Satisfiability modulo theory (SMT) solvers are the stat ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. The generation of models, i.e. interpretations, that satisfy firstorder logic (FOL) formulas is an important problem in different application domains, such as, e.g., formal software verification, testing, and artificial intelligence. Satisfiability modulo theory (SMT) solvers are the stateoftheart techniques for handling this problem. A major bottleneck is, however, the handling of quantified formulas. Our contribution is a model generation technique for quantified formulas that is powered by a verification technique. The model generation technique can be used either standalone for model generation, or as a precomputation step for SMT solvers to eliminate quantifiers. Quantifier elimination in this sense is sound for showing satisfiability but not for refutational or validity proofs. A prototype of this technique is implemented. 1
A Dynamic Logics of Dynamical Systems
"... We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important for modeling and understanding many applications, including embedded ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
We study the logic of dynamical systems, that is, logics and proof principles for properties of dynamical systems. Dynamical systems are mathematical models describing how the state of a system evolves over time. They are important for modeling and understanding many applications, including embedded systems and cyberphysical systems. In discrete dynamical systems, the state evolves in discrete steps, one step at a time, as described by a difference equation or discrete state transition relation. In continuous dynamical systems, the state evolves continuously along a function, typically described by a differential equation. Hybrid dynamical systems or hybrid systems combine both discrete and continuous dynamics. Distributed hybrid systems combine distributed systems with hybrid systems, i.e., they are multiagent hybrid systems that interact through remote communication or physical interaction. Stochastic hybrid systems combine stochastic dynamics with hybrid systems. We survey dynamic logics for specifying and verifying properties for each of those classes of dynamical systems. A dynamic logic is a firstorder modal logic with a pair of parametrized modal operators for each dynamical system to express necessary or possible properties of their transition behavior. Due to their full basis of firstorder modal logic operators, dynamic logics can express a rich variety of system properties, including safety, controllability, reactivity, liveness, and quantified parametrized properties, even about
Could we have chosen a better Loop Invariant or Method Contract?
"... Abstract. The method contract and loop invariant rules (contract rules) are an important software verification technique for handling method invocations and loops. However, if a verification condition resulting from using a contract rule turns out to be falsifiable, then the user does not know if sh ..."
Abstract
 Add to MetaCart
Abstract. The method contract and loop invariant rules (contract rules) are an important software verification technique for handling method invocations and loops. However, if a verification condition resulting from using a contract rule turns out to be falsifiable, then the user does not know if she could have chosen a stronger contract to verify the program or if the program is not verifiable due to a software bug. We approach this problem and present a novel technique that unifies verification and software bug detection. 1