Mechanical verification of parameterized real-time systems

PorJosé A. Alonso

En la tesis doctoral Mechanical verification of parameterized real-time systems se presenta un marco para la verificación formal en Isabelle/HOL sistemas en tiempo real parametrizados.

Su autor es Thomas Göthel (de la Universidad Técnica de Berlín).

Su resumen es

Real-time systems often have to be able to cope with an unbounded number of components. For example, a real-time operating system scheduler manages arbitrarily many threads or a bus system copes with arbitrarily many connected devices. Such systems can be characterized as parameterized systems. The number of (homogeneous) components is the parameter of these systems. This makes their formal verification hard because standard verification techniques for finite system models (for example model checking) can be employed directly only for instances of the system. There exist several approaches for the (automatic) verification of special sub-classes of (mostly untimed) parameterized systems. However, approaches or tools that enable the comprehensive and mechanical verification of parameterized real-time systems with complex system topologies are still missing.

In this thesis, we overcome this problem by providing a framework for the mechanical, comprehensive, and semi-automatic verification of parameterized real-time systems. At its core we employ the process calculus Timed CSP, which is well-suited to describe the functional behavior as well as the non-functional timing behavior of systems. Our main contribution is threefold: First, we have developed a formalization of the operational semantics of Timed CSP together with notions of bisimulation equivalences in the Isabelle/HOL theorem prover. Second, in order to specify (timing) properties of systems, we provide a (mechanized) timed extension of Hennessy-Milner logic. Together with our formalization of Timed CSP and corresponding bisimulations, this enables the comprehensive and mechanical verification of possibly infinite (parameterized) real-time systems in a modular fashion. In particular, by providing both bisimulation and property based verification, we allow the developer to divide the verification problem into subproblems, which eases verification significantly. At the same time, the theorem prover ensures that no corner cases can be overlooked and all proofs are guaranteed to be correct. Finally, we support the development process of such systems with the integration of automatic verification tools. To this end, we have enriched our framework with transformation engines with which (finite) Timed CSP specifications can be transformed to a discrete dialect of CSP and to UPPAAL timed automata. By this, the FDR2 refinement checker and the UPPAAL tool suite can be used to explore and verify finite instances automatically. Thus, possible design flaws can be detected and corrected early in the development cycle and prior to the relatively time-consuming task of interactive theorem proving.

We show the applicability of our framework using the case study of a parameterized real-time operating system scheduler. Thereby, we demonstrate the benefits of the proposed mapping of Timed CSP to automatically analyzable languages. Furthermore, we show the effectiveness of our theorem proving approach for the comprehensive verification of parameterized real-time systems.
The motivation for our work comes from the observation that, due to their increasing complexity, embedded systems are often built atop trusted cores such as bus systems and real-time operating systems. Their correct functioning thus heavily depends on the correctness of the underlying cores. In the area of safety-critical embedded real-time systems, simulation and testing are not sufficient because they cannot ensure the absence of critical errors. Formal verification tackles this problem. To be of practical relevance, however, formal verification techniques should be mechanized and automatized as far as possible. The mechanization comes with the additional benefit of precluding verification faults as they can occur in hand-written proofs. Our case study forms an important core part of many safety-critical systems. In summary, we show how such cores can be mechanically verified and how their development can be supported with the help of automatic verification tools.

Moessner’s theorem: an exercise in coinductive reasoning in Coq

PorJosé A. Alonso

Se ha publicado un artículo de razonamiento formalizado en Coq sobre coindución titulado Moessner’s theorem: an exercise in coinductive reasoning in Coq.

Sus autores son

Su resumen es

Moessner’s Theorem describes a construction of the sequence of powers (1ⁿ, 2ⁿ, 3ⁿ,…), by repeatedly dropping and summing elements from the sequence of positive natural numbers. The theorem was presented by Moessner in 1951 without a proof and later proved and generalized in several directions. More recently, a coinductive proof of the original theorem was given by Niqui and Rutten. We present a formalization of their proof in the Coq proof assistant. This formalization serves as a non-trivial illustration of the use of coinduction in Coq. In the process of formalizing the original proof we discovered that Long and Salié’s generalization of Moessner’s Theorem could also be proved using (almost) the same bisimulation.

El trabajo se presentó en el seminario del COIN (Coalgebra in the Netherlands) . Las transparencias de la presentación se encuentran aquí.

El código de las correspondientes teorías en Coq se encuentra aquí.

Using Isabelle/HOL to verify first-order relativity theory

PorJosé A. Alonso

Se ha publicado un artículo de razonamiento formalizado en Isabelle/HOL sobre la teoría de la relatividad titulado Using Isabelle/HOL to verify first-order relativity theory.

Sus autores son

Su resumen es

Logicians at the Rényi Mathematical Institute in Budapest have spent several years developing versions of relativity theory (special, general, and other variants) based wholly on first-order logic, and have argued in favour of the physical decidability, via exploitation of cosmological phenomena, of formally unsolvable questions such as the Halting Problem and the consistency of set theory. As part of a joint project, researchers at Sheffield have recently started generating rigorous machine-verified versions of the Hungarian proofs, so as to demonstrate the sound- ness of their work. In this paper, we explain the background to the project and demonstrate a first-order proof in Isabelle/HOL of the theorem “no inertial observer can travel faster than light”. This approach to physical theories and physical computability has several pay-offs, because the precision with which physical theories need to be formalised within automated proof systems forces us to recognise subtly hidden assumptions.

El código de las correspondientes teorías en Isabelle se encuentra aquí.

First-order logic completeness for the lazy programmer

PorJosé A. Alonso

Se ha publicado un artículo de razonamiento formalizado en Isabelle/HOL sobre metalógica titulado First-order logic completeness for the lazy programmer.

Sus autores son Jasmin Christian Blanchette, Andrei Popescu y Dmitriy Traytel (de la Universidad Técnica de Munich, Alemania).

Su resumen es

Codatatypes are regrettably absent from many programming languages and proof assistants. We make a case for their usefulness by revisiting a classic result: the completeness theorem for first-order logic established through a Gentzen system. Codatatypes help capture the essence of the proof, which establishes an abstract property of derivation trees independently of the concrete syntax or inference rules. This separation of concerns simplifies the presentation, especially for readers acquainted with lazy data structures. The proof is formalized in Isabelle/HOL and demonstrates the recently introduced definitional package for codatatypes and its integration with Isabelle’s Haskell code generator.

Applications of interactive proof to data flow analysis and security

PorJosé A. Alonso

Se ha publicado un artículo de razonamiento formalizado en Isabelle/HOL sobre semántica de lenguajes de programación titulado Applications of interactive proof to data flow analysis and security.

Sus autores son

Su resumen es

We show how to formalise a small imperative programming language in the theorem prover Isabelle/HOL, how to define its semantics, and how to prove properties about the language, its type systems, and a number of data flow analyses.

The emphasis is not on formalising a complex language deeply, but to teach a number of formalisation techniques and proof strategies using simple examples. For this purpose, we cover a basic type system with type safety proof, more complex security type systems, also with soundness proofs, and different kinds of data flow analyses, in particular definite initialisation analysis and constant propagation, again with correctness proofs.