Ghost Signals: Verifying Termination of Busy Waiting

Zones and Octagons are popular abstract domains for static program analysis. They enable the automated discovery of simple numerical relations that hold between pairs of program variables. Both domains are well understood mathematically but the detailed implementation of static analyses based on these domains poses many interesting algorithmic challenges. In this article, we study the two abstract domains, their implementation and use. Utilizing improved data structures and algorithms for the manipulation of graphs that represent difference-bound constraints, we present fast implementations of both abstract domains, built around a common infrastructure. We compare the performance of these implementations against alternative approaches offering the same precision. We quantify the differences in performance by measuring their speed and precision on standard benchmarks. We also assess, in the context of software verification, the extent to which the improved precision translates to better verification outcomes. Experiments demonstrate that our new implementations improve the state of the art for both Zones and Octagons significantly.

Download Full-text

Labelled cyclic proofs for separation logic

Journal of Logic and Computation ◽

10.1093/logcom/exab017 ◽

2021 ◽

Author(s):

Didier Galmiche ◽

Daniel Méry

Keyword(s):

Data Structures ◽

Program Verification ◽

Separation Logic ◽

Proof System ◽

Proof Systems ◽

Verification Tools ◽

Definition Of ◽

Logical Formalism

Abstract Separation logic (SL) is a logical formalism for reasoning about programs that use pointers to mutate data structures. It is successful for program verification as an assertion language to state properties about memory heaps using Hoare triples. Most of the proof systems and verification tools for ${\textrm{SL}}$ focus on the decidable but rather restricted symbolic heaps fragment. Moreover, recent proof systems that go beyond symbolic heaps are purely syntactic or labelled systems dedicated to some fragments of ${\textrm{SL}}$ and they mainly allow either the full set of connectives, or the definition of arbitrary inductive predicates, but not both. In this work, we present a labelled proof system, called ${\textrm{G}_{\textrm{SL}}}$, that allows both the definition of cyclic proofs with arbitrary inductive predicates and the full set of SL connectives. We prove its soundness and show that we can derive in ${\textrm{G}_{\textrm{SL}}}$ the built-in rules for data structures of another non-cyclic labelled proof system and also that ${\textrm{G}_{\textrm{SL}}}$ is strictly more powerful than that system.

Download Full-text

Sequential linked data: The state of affairs

Semantic Web ◽

10.3233/sw-210436 ◽

2021 ◽

pp. 1-36

Author(s):

Enrico Daga ◽

Albert Meroño-Peñuela ◽

Enrico Motta

Keyword(s):

Semantic Web ◽

Computer Science ◽

Data Structures ◽

Linked Data ◽

Data Models ◽

The State ◽

Sequential Data ◽

Linked List ◽

Knowledge Graphs ◽

State Of Affairs

Sequences are among the most important data structures in computer science. In the Semantic Web, however, little attention has been given to Sequential Linked Data. In previous work, we have discussed the data models that Knowledge Graphs commonly use for representing sequences and showed how these models have an impact on query performance and that this impact is invariant to triplestore implementations. However, the specific list operations that the management of Sequential Linked Data requires beyond the simple retrieval of an entire list or a range of its elements – e.g. to add or remove elements from a list –, and their impact in the various list data models, remain unclear. Covering this knowledge gap would be a significant step towards the realization of a Semantic Web list Application Programming Interface (API) that standardizes list manipulation and generalizes beyond specific data models. In order to address these challenges towards the realization of such an API, we build on our previous work in understanding the effects of various sequential data models for Knowledge Graphs, extending our benchmark and proposing a set of read-write Semantic Web list operations in SPARQL, with insert, update and delete support. To do so, we identify five classic list-based computer science sequential data structures (linked list, double linked list, stack, queue, and array), from which we derive nine atomic read-write operations for Semantic Web lists. We propose a SPARQL implementation of these operations with five typical RDF data models and compare their performance by executing them against six increasing dataset sizes and four different triplestores. In light of our results, we discuss the feasibility of our devised API and reflect on the state of affairs of Sequential Linked Data.

Download Full-text

Program Verification with Separation Logic and Rely Guarantee

10.26686/wgtn.17060108 ◽

2021 ◽

Author(s):

◽

Allan Tabilog

Keyword(s):

Program Verification ◽

Separation Logic ◽

Concurrent Programs ◽

Abstract Data Type ◽

Data Abstraction ◽

Global State ◽

Shared Variable ◽

Concurrent Program ◽

Abstract Data ◽

Shared State

<p>This thesis explores two kinds of program logics that have become important for modern program verification - separation logic, for reasoning about programs that use pointers to build mutable data structures, and rely guarantee reasoning, for reasoning about shared variable concurrent programs. We look more closely into the motivations for merging these two kinds of logics into a single formalism that exploits the benefits of both approaches - local, modular, and explicit reasoning about interference between threads in a shared memory concurrent program. We discuss in detail two such formalisms - RGSep and Local Rely Guarantee (LRG), in particular we analyse how each formalism models program state and treats the distinction between global state (shared by all threads) and local state (private to a given thread) and how each logic models actions performed by threads on shared state, and look into the proof rules specifically for reasoning about atomic blocks of code. We present full examples of proofs in each logic and discuss their differences. This thesis also illustrates how a weakest precondition semantics for separation logic can be used to carry out calculational proofs. We also note how in essence these proofs are data abstraction proofs showing that a data structure implements some abstract data type, and relate this idea to a classic data abstraction technique by Hoare. Finally, as part of the thesis we also present a survey of tools that are currently available for doing manual or semi-automated proofs as well as program analyses with separation logic and rely guarantee.</p>

Download Full-text

Graph Inclusion and Matching Algorithms for Programs Manipulating Singly linked Heaps

Science Journal of University of Zakho ◽

10.25271/sjuoz.2021.9.1.778 ◽

2021 ◽

Vol 9 (1) ◽

pp. 30-37

Author(s):

Muhsin H. Atto

Keyword(s):

State Space ◽

Data Structures ◽

Graph Matching ◽

The State ◽

Memory Cells ◽

Dynamic Data Structures ◽

Dynamic Data ◽

State Spaces ◽

As Graph

Programs that manipulate heaps such as singlylinked lists, doublylinked lists, skiplists, and treesare ubiquitous, and hence ensuring their correctness is of utmost importance. Analysing correctness properties for such programs is not trivial since they induce dynamic data structures, leading to unbounded state spaces with intricate patterns. One approach that has been adopted to tackle this problem is the use of symbolic searching techniques. The state space is encoded using graphs where the nodes represent memory cells, and the edges represent pointers between the cells. It is necessary to prune the search to avoid generating massive numbers of graphs, thus making the procedure unpractical. Pruning strategies are defined based on operations such as graph matching and inclusion. In this paper, a set of algorithms for performing these operations are presented. It is demonstrated that the proposed algorithms can handle typical graphs that arise in the verification of heap manipulating programs.

Download Full-text

Verification of MILS Partition Scheduling Module Using Layered Methods

International Journal of Future Computer and Communication ◽

10.18178/ijfcc.2021.10.4.578 ◽

2021 ◽

pp. 45-52

Author(s):

Yang Gao ◽

◽

Xia Yang ◽

Wensheng Guo ◽

Xiutai Lu

Keyword(s):

Operating Systems ◽

Data Structures ◽

Data Representation ◽

Separation Logic ◽

Proof Assistant ◽

The Coq Proof Assistant ◽

Function Calls ◽

Coq Proof Assistant ◽

Data Structures And Algorithms ◽

Secure Strategies

MILS partition scheduling module ensures isolation of data between different domains completely by enforcing secure strategies. Although small in size, it involves complicated data structures and algorithms that make monolithic verification of the scheduling module difficult using traditional verification logic (e.g., separation logic). In this paper, we simplify the verification task by dividing data representation and data operation into different layers and then to link them together by composing a series of abstraction layers. The layered method also supports function calls from higher implementation layers into lower abstraction layers, allowing us to ignore implementation details in the lower implementation layers. Using this methodology, we have verified a realistic MILS partition scheduling module that can schedule operating systems (Ubuntu 14.04, VxWorks 6.8 and RTEMS 11.0) located in different domains. The entire verification has been mechanized in the Coq Proof Assistant.

Download Full-text

A separation logic for negative dependence

Proceedings of the ACM on Programming Languages ◽

10.1145/3498719 ◽

2022 ◽

Vol 6 (POPL) ◽

pp. 1-29

Author(s):

Jialu Bao ◽

Marco Gaboardi ◽

Justin Hsu ◽

Joseph Tassarotti

Keyword(s):

Data Structures ◽

Algorithm Design ◽

Random Variables ◽

Separation Logic ◽

Negative Dependence ◽

Probabilistic Data ◽

Complete Proof ◽

Partial Operation ◽

Verification Methods ◽

Independence Of Random Variables

Formal reasoning about hashing-based probabilistic data structures often requires reasoning about random variables where when one variable gets larger (such as the number of elements hashed into one bucket), the others tend to be smaller (like the number of elements hashed into the other buckets). This is an example of negative dependence , a generalization of probabilistic independence that has recently found interesting applications in algorithm design and machine learning. Despite the usefulness of negative dependence for the analyses of probabilistic data structures, existing verification methods cannot establish this property for randomized programs. To fill this gap, we design LINA, a probabilistic separation logic for reasoning about negative dependence. Following recent works on probabilistic separation logic using separating conjunction to reason about the probabilistic independence of random variables, we use separating conjunction to reason about negative dependence. Our assertion logic features two separating conjunctions, one for independence and one for negative dependence. We generalize the logic of bunched implications (BI) to support multiple separating conjunctions, and provide a sound and complete proof system. Notably, the semantics for separating conjunction relies on a non-deterministic , rather than partial, operation for combining resources. By drawing on closure properties for negative dependence, our program logic supports a Frame-like rule for negative dependence and monotone operations. We demonstrate how LINA can verify probabilistic properties of hash-based data structures and balls-into-bins processes.

Download Full-text

Program Verification with Separation Logic and Rely Guarantee

10.26686/wgtn.17060108.v1 ◽

2021 ◽

Author(s):

◽

Allan Tabilog

Keyword(s):

Program Verification ◽

Separation Logic ◽

Concurrent Programs ◽

Abstract Data Type ◽

Data Abstraction ◽

Global State ◽

Shared Variable ◽

Concurrent Program ◽

Abstract Data ◽

Shared State

<p>This thesis explores two kinds of program logics that have become important for modern program verification - separation logic, for reasoning about programs that use pointers to build mutable data structures, and rely guarantee reasoning, for reasoning about shared variable concurrent programs. We look more closely into the motivations for merging these two kinds of logics into a single formalism that exploits the benefits of both approaches - local, modular, and explicit reasoning about interference between threads in a shared memory concurrent program. We discuss in detail two such formalisms - RGSep and Local Rely Guarantee (LRG), in particular we analyse how each formalism models program state and treats the distinction between global state (shared by all threads) and local state (private to a given thread) and how each logic models actions performed by threads on shared state, and look into the proof rules specifically for reasoning about atomic blocks of code. We present full examples of proofs in each logic and discuss their differences. This thesis also illustrates how a weakest precondition semantics for separation logic can be used to carry out calculational proofs. We also note how in essence these proofs are data abstraction proofs showing that a data structure implements some abstract data type, and relate this idea to a classic data abstraction technique by Hoare. Finally, as part of the thesis we also present a survey of tools that are currently available for doing manual or semi-automated proofs as well as program analyses with separation logic and rely guarantee.</p>

Download Full-text

Formal verification of a concurrent bounded queue in a weak memory model

Proceedings of the ACM on Programming Languages ◽

10.1145/3473571 ◽

2021 ◽

Vol 5 (ICFP) ◽

pp. 1-29

Author(s):

Glen Mével ◽

Jacques-Henri Jourdan

Keyword(s):

Formal Verification ◽

Data Structures ◽

Experimental Verification ◽

Separation Logic ◽

Memory Model ◽

Formal Reasoning ◽

Concurrent Data Structures ◽

Concurrent Separation Logic

We use Cosmo, a modern concurrent separation logic, to formally specify and verify an implementation of a multiple-producer multiple-consumer concurrent queue in the setting of the Multicore OCaml weak memory model. We view this result as a demonstration and experimental verification of the manner in which Cosmo allows modular and formal reasoning about advanced concurrent data structures. In particular, we show how the joint use of logically atomic triples and of Cosmo's views makes it possible to describe precisely in the specification the interaction between the queue library and the weak memory model.

Download Full-text

Proof-of-Reputation: An Alternative Consensus Mechanism for Blockchain Systems

International Journal of Network Security & Its Applications ◽

10.5121/ijnsa.2021.13403 ◽

2021 ◽

Vol 13 (04) ◽

pp. 23-40

Author(s):

Oladotun Aluko ◽

Anton Kolonin

Keyword(s):

The State ◽

Consensus Algorithm ◽

P2p Networks ◽

Security Risk ◽

Incentive Mechanisms ◽

Consensus Group ◽

The Creation ◽

Shared State ◽

At Will

Blockchains combine other technologies, such as cryptography, networking, and incentive mechanisms, to enable the creation, validation, and recording of transactions between participating nodes. A consensus algorithm is used in a blockchain system to determine the shared state among distributed nodes. An important component underlying any blockchain-based system is its consensus mechanism, which principally determines the performance and security of the overall system. As the nature of peer-topeer(P2P) networks is open and dynamic, the security risk within that environment is greatly increased mostly because nodes can join and leave the network at will. Thus, it is important to have a system that can check against malicious behaviour. In this work, we propose a reputation-based consensus mechanism for blockchain-based systems, Proof-of-Reputation(PoR) where the nodes with the highest reputation values eventually become part of a consensus group that determines the state of the blockchain.

Download Full-text