Verificación – Vestigium

Fallos informáticos y verificación de programas

PorJosé A. Alonso 29 diciembre 201329 diciembre 2013

Una de las principales aplicaciones del razonamiento automático consiste en la verificación de programas. Por ello, en el comienzo de los cursos de razonamiento automático se suele comentar algunos de los fallos informáticos más famosos.

Una referencia básica sobre fallos informáticos es el libro de Ivars Peterson Error fatal: a la caza de fallos informáticos (publicado por Alianza Editorial en 1999) en el que se comenta algunos errores de programación que tuvieron funestas consecuencias y presenta a alguna de las personas que se dedican a «cazar» estos fallos antes de que provoquen desgracias irreparables.

Otras recopilaciones más recientes de fallos informáticos son las siguientes:

Why is formal methods necessary? en la que el grupo de métodos formales de la NASA comenta algunos recientes fallos informáticos con grandes pérdidas económicas y vitales.
Software horror stories en la que Nachum Dershowitz ha recopilado 107 casos de importantes fallos informáticos.
Illustrative risks to the public in the use of computer systems and related technology en la que Peter G. Neumann va recopilando fallos publicados en el The risks digest (Forum on risks to the public in computers and related systems). La recopilación se va actualizando frecuentemente (la última es del 17 de diciembre de 2013) y el foro publica boletines periódicos (el último boletín es del 26 de diciembre de 2013).

A Traffic Alert and Collision Avoidance System(TCAS-II) Resolution Advisory Algorithm

PorJosé A. Alonso 5 septiembre 2013

Se ha publicado un artículo de verificación formal con PVS titulado A TCAS-II resolution advisory algorithm.

Sus autores son César Muñoz, Anthony Narkawicz y James Chamberlain (del
Langley Research Center de la NASA en Hampton, EE.UU.).

Su resumen es

The Traffic Alert and Collision Avoidance System (TCAS) is a family of airborne systems designed to reduce the risk of mid-air collisions between aircraft. TCAS II, the current generation of TCAS devices, provides resolution advisories that direct pilots to maintain or increase vertical separation when aircraft distance and time parameters are beyond designed system thresholds. This paper presents a mathematical model of the TCAS II Resolution Advisory (RA) logic that assumes accurate aircraft state information. Based on this model, an algorithm for RA detection is also presented. This algorithm is analogous to a conflict detection algorithm, but instead of predicting loss of separation, it predicts resolution advisories. It has been formally verified that for a kinematic model of aircraft trajectories, this algorithm completely and correctly characterizes all encounter geometries between two aircraft that lead to a resolution advisory within a given lookahead time interval. The RA detection algorithm proposed in this paper is a fundamental component of a NASA sense and avoid concept for the integration of Unmanned Aircraft Systems in civil airspace.

Este trabajo es parte del proyecto de la NASA Airborne Coordinated Resolution and Detection (ACCoRD) que está integrado en el proyecto Formal Analysis of Conflict Detection and Resolution Algorithms.

El trabajo se presentó el 19 de agosto en la AIAA Guidance, Navigation, and Control Conference.

Formal verification of cryptographic security proofs

PorJosé A. Alonso 4 septiembre 2013

Se ha publicado una tesis de verificación formal con Isabelle/HOL titulada Formal verification of cryptographic security proofs.

Su autor es Matthias Berg (de la Universidad de Sarre (en alemán: Saarland)) dirigido por Michael Backes.

Su resumen es

Verifying cryptographic security proofs manually is inherently tedious and error-prone. The game-playing technique for cryptographic proofs advocates a modular proof design where cryptographic programs called games are transformed stepwise such that each step can be analyzed individually. This code-based approach has rendered the formal verification of such proofs using mechanized tools feasible.

In the first part of this dissertation we present Verypto: a framework to formally verify game-based cryptographic security proofs in a machine-assisted manner. Verypto has been implemented in the Isabelle proof assistant and provides a formal language to specify the constructs occurring in typical cryptographic games, including probabilistic behavior, the usage of oracles, and polynomial-time programs. We have verified the correctness of several game transformations and demonstrate their applicability by verifying that the composition of 1-1 one-way functions is one-way and by verifying the IND-CPA security of the ElGamal encryption scheme.

In a related project Barthe et al. developed the EasyCrypt toolset, which employs techniques from automated program verification to validate game transformations. In the second part of this dissertation we use EasyCrypt to verify the security of the Merkle-Damgård construction – a general design principle underlying many hash functions. In particular we verify its collision resistance and prove that it is indifferentiable from a random oracle.

Reseña: “Certifying homological algorithms to study biomedical images”

PorJosé A. Alonso 28 junio 201328 junio 2013

Se ha presentado una Tesis doctoral de verificación formal con Coq/SSReflect titulada Certifying homological algorithms to study biomedical images.

Su autora es María Poza López de Echazarreta dirigida por César Domínguez y Julio Rubio (de la Universidad de la Rioja).

Su resumen es

In this memoir, we have reported on a research which provides a certified computation of homology groups associated with some digital images coming from a biomedical problem. The main contributions allowing us to reach this challenging goal have been the following ones.

The implementation in Coq/SSReflect of the Romero-Sergeraert algorithm computing an admissible discrete vector field for a digital image.
The complete formalization in Coq/SSReflect of the theorem known as Basic Perturbation Lemma (BPL).
Two formalizations of the Vector-Field Reduction Theorem for matrices. One is proved using the BPL and the other one applying the Hexagonal Lemma.
A discussion on different methods to overcome the efficiency problems appearing when executing programs inside proof assistants. In particular, the Haskell programming language has been used in two different ways: first, to model algorithms which are subsequently implemented in Coq and, second, as an oracle to produce results whose properties are verified in the proof assistant.
A verified program to compute homology groups of a simplicial complex obtained from a digital image.
As a by-product of all the other contributions, an application of Algebraic Topology to study biomedical images in a reliable manner. Our methodology ensures that the final homological calculations are correct.

By observing the memoir as a whole, it is clear that, even if our initial emphasis was in biomedical applications, much of the work has been devoted to the formalization of mathematics and program verification. The reason is that, even if we have built over very solid foundations (effective homology from the
algorithmic side and SSReflect as theorem proving basis), we needed to reproduce inside Coq/SSReflect a part of Computational Algebraic Topology. As a consequence, we focused on obtaining a complete verified path from biomedical digital images to homological computing, but without getting a good performance in the final implementation. Thus, our research should be considered as a proof of concept: homological image processing can be implemented in a verified manner by using interactive theorem provers. Our results are therefore rather a starting point, instead of a closed problem.

Un aspecto destacable es la metodología híbrida que se ha utilizado. Dicha metodología se explica en la página 24:

In our developments the formally certified implementation of the algorithms have followed the methodology presented in [Mörtberg 2010]. This methodology can be split into these three steps:

Implement a version of our algorithms in Haskell, a lazy functional programming language.
Test properties about the Haskell programs using QuickCheck. This tool allows one to test intensively properties about programs implemented in Haskell, in an automatic way.
Verify the programs using Coq, an interactive proof assistant, and its SSReflect library.

Using QuickCheck can be considered as a good starting point towards the formal verification of our programs. This provides us two advantages:

A specification of the properties which must be satisfied by our programs is given (a necessary step in the formalization process which will be reused
in Coq).

The testing process can be useful in order to detect bugs in a quick and easy way, before trying a formal verification of our programs (a quite difficult task).

Reseña: Certified HLints with Isabelle/HOLCF-Prelude

PorJosé A. Alonso 10 junio 2013

Se ha publicado un trabajo de verificación formal con Isabelle sobre Haskell titulado Certified HLints with Isabelle/HOLCF-Prelude.

Sus autores son Joachim Breitner, Brian Huffman, Neil Mitchell y Christian Sternagel.

El trabajo se presentará en el HART 2013 ( 1st International Workshop on Haskell And Rewriting Techniques).

Su resumen es

We present the HOLCF-Prelude, a formalization of a large part of Haskell’s standard prelude in Isabelle/HOLCF. Applying this formalization to the hints suggested by HLint allows us to certify them formally.

El códido del HOLCF-Prelude se encuentra aquí.