Formal Aspects of Computing最新文献_第8页

The Development and Deployment of Formal Methods in the UK 正式方法在英国的发展和部署

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-07-05 DOI: https://dl.acm.org/doi/full/10.1145/3522577

Cliff B. Jones, Martyn Thomas

引用次数: 0

Review on Modelling and Verification of Secure Exams 安全考试的建模与验证研究综述

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-06-30 DOI: 10.1145/3545182

Diego Marmsoler

{"title":"Review on Modelling and Verification of Secure Exams","authors":"Diego Marmsoler","doi":"10.1145/3545182","DOIUrl":"https://doi.org/10.1145/3545182","url":null,"abstract":"Exams are an important way for assessing people’s skills and, as such, play a key role in establishing meritocracy in modern societies. To be effective, however, exams need to be fair and secure against tampering which is where Rosario Giustolisi’s book “Modelling and Verification of Secure Exams” [5] comes to a rescue. Over 133 pages, the book describes how to formalize and verify various types of exams. It is best suited for an audience with background in formal methods as well as security wanting to learn more about how formal methods can be used for the design and analysis of secure exam protocols. The book provides a nice overview of key elements of different types of exams, leading to a good understanding of exam protocols in general. To start with, the book introduces basic aspects of an exam, such as roles and principals, phases, and potential threats. In addition, different types of exams, such as traditional, computer-assisted, computer-based, internet-assisted, and internet-based, are identified and briefly discussed. The book even shows how to formally model an exam in the applied pi-calculus [1] as the concurrent execution of different types of processes, such as candidates, examiners, question committee, collector, and remaining authorities. Of particular interest are the various security requirements identified for exams and the way they are formalized. To this end, the book describes three types of security requirements: Authentication is formalized in terms of correspondence properties of the form “if a certain event happens then another event must have happened before”. Privacy requirements are formalized as special kind of bisimilarity requirements. To formalize verifiability requirements, the author first introduces an alternative definition of an exam (compared to the process algebraic one) based on basic set theory. Verifiability is then formulated as a predicate-logic formula over the model. Here, clarity is diminished by the fact that the book uses a mix of two different formalisms: while the applied","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":" ","pages":"1 - 3"},"PeriodicalIF":1.0,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45793080","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Review of Formal Methods: An Appetizer 正式方法回顾:开胃菜

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-06-30 DOI: 10.1145/3545181

G. Michaelson

{"title":"Review of Formal Methods: An Appetizer","authors":"G. Michaelson","doi":"10.1145/3545181","DOIUrl":"https://doi.org/10.1145/3545181","url":null,"abstract":"Programming is still mostly undisciplined, 45 years after Edsger Dijkstra’s “A Discipline of Programming” [1]. For sure, in critical areas, like aerospace, communications, and silicon fabrication, rigorous approached are standard. But the vast majority of the software that underpins all aspects of everyday life is still crafted by one or more hands, with assurance given by design, inspection, and testing, rather than proof or refinement from a formal specification. There are lots of reasons for this, but, most important, hand crafted software works. Certainly, set against how utterly dependent we now are on software, the number of people who have died as a direct result of failure is vanishingly small. Long may this continue. But, by analogy with other engineering professions, it will take a major disaster to make formal software design and validation mandatory, most likely driven by a legal requirement for practitioner indemnity insurance. Thus, facility with formality is rarely a prerequisite for employment. This is really unfortunate: a demonstrable understanding of foundations should give reassurance of competence at practical programming. Thankfully, most Computer Science programmes include discrete mathematics and computability theory, often alongside declarative programming. Formality may be challenging, but it need not be hard. I have long admired the Nielsons’ pedagogy of presenting formal material through the systematic calculation of concrete examples, well exemplified by their excellent introduction to semantics [2]. Their engaging new book is a direct descendant of Dijkstra’s. The first two chapters present program graphs as abstract representations of programs, and Dijkstra’s Guarded Command language as a source for program graphs.","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":"34 1","pages":"1 - 2"},"PeriodicalIF":1.0,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"45851621","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Principles of Abstract Interpretation 抽象解释原则

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-06-30 DOI: 10.1145/3546953

R. Wilhelm

{"title":"Principles of Abstract Interpretation","authors":"R. Wilhelm","doi":"10.1145/3546953","DOIUrl":"https://doi.org/10.1145/3546953","url":null,"abstract":"Some years ago, the author of the reviewed book and the author of the review shared a ride in the shuttle from Grenoble to Lyon Airport. The author-to-be told the reviewer-to-be about the state of his book project. The existing draft had 1,000 pages. The reviewer explained to the author that in his deep insight into the nature of things and his long-term experience with textbooks there were books that improve the world and there were books that are being read. The author asked for confirmation whether the reviewer felt that the coming book would belong to those books that improve the world. Let me skip how I got myself out of this difficult situation. When asked whether a book will be read, the question is by whom. Citing the author, this book is intended for readers interested in the theory of abstract interpretation, the understanding of formal methods, and the design of verifiers and static analyzers. And my answer is, it is a must read for these groups of people. To make one thing clear from the beginning: This reviewer need not be convinced of the value of Abstract Interpretation as his greatest scientific achievements [5, 6, 8, 10] are based on the foundational work on Abstract Interpretation by Patrick and Radhia Cousot. Static analyses are distinct from . . .model checking, which verifies the correctness of a separate external specification of a program [9]. In model checking, a user supplies the program to be verified and the logical expression or the automaton against which the program is to be checked at the same time. In static analysis there are distinct times, a time when an abstract interpreter is designed with certain facts in mind to be extracted from a class of programs, and there is a time when the abstract interpreter is applied by programmers or verification engineers to extract these type of facts from particular programs. This enables a fruitful division of work. The first phase, the design of non-trivial abstract interpreters needs highly competent specialists, while the second phase is easier, although sometimes also non-trivial. The designer needs to identify abstract domains to","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":" ","pages":"1 - 3"},"PeriodicalIF":1.0,"publicationDate":"2022-06-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48900944","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 29

Termination and Expressiveness of Execution Strategies for Networks of Bidirectional Model Transformations 双向模型转换网络执行策略的终止性与表达性

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-06-24 DOI: 10.1145/3543845

Heiko Klare, Joshua Gleitze

{"title":"Termination and Expressiveness of Execution Strategies for Networks of Bidirectional Model Transformations","authors":"Heiko Klare, Joshua Gleitze","doi":"10.1145/3543845","DOIUrl":"https://doi.org/10.1145/3543845","url":null,"abstract":"When developers describe a software system with multiple models, such as architecture diagrams, deployment descriptions, and source code, these models must represent the system in a uniform way, i.e., they must be and stay consistent. One means to automatically preserve consistency after changes to models are model transformations, of which bidirectional transformations that preserve consistency between two models have been well researched. To preserve consistency between multiple models, such transformations can be combined to networks. When transformations are developed independently and reused modularly, the resulting network can be of arbitrary topology. For such networks, no universal strategy exists to orchestrate the execution of transformations such that the resulting models are consistent. In this article, we prove that termination of such a strategy can only be guaranteed if it is incomplete, i.e., if it is allowed to fail to restore consistency for some changes although an execution order of transformations exists that yields consistent models. We propose such a strategy, for which we prove termination and show that and why it makes it easier for users of model transformation networks to understand the reasons whenever the strategy fails. In addition, we provide a simulator for the comparison of different execution strategies. These findings help transformation developers and users in understanding when and why they can expect the execution of a transformation network to terminate and when they can even expect it to succeed. Furthermore, the proposed strategy guarantees them termination and supports them in finding the reason whenever it is not successful.","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":"35 1","pages":"1 - 35"},"PeriodicalIF":1.0,"publicationDate":"2022-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46991276","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Formal Verification of Transcendental Fixed- and Floating-point Algorithms using an Automatic Theorem Prover 使用自动定理证明器对先验定点和浮点算法进行形式化验证

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-06-13 DOI: 10.1145/3543670

Samuel Coward, Lawrence Charles Paulson, Theo Drane, Emiliano Morini

引用次数: 1

A Debugging Game for Probabilistic Models 一个概率模型调试游戏

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-05-15 DOI: 10.1145/3536429

Hichem Debbi

{"title":"A Debugging Game for Probabilistic Models","authors":"Hichem Debbi","doi":"10.1145/3536429","DOIUrl":"https://doi.org/10.1145/3536429","url":null,"abstract":"One of the major advantages of model checking over other formal methods is its ability to generate a counterexample when a model does not satisfy is its specification. A counterexample is an error trace that helps to locate the source of the error. Therefore, the counterexample represents a valuable tool for debugging. In Probabilistic Model Checking (PMC), the task of counterexample generation has a quantitative aspect. Unlike the previous methods proposed for conventional model checking that generate the counterexample as a single path ending with a bad state representing the failure, the task in PMC is completely different. A counterexample in PMC is a set of evidences or diagnostic paths that satisfy a path formula, whose probability mass violates the probability threshold. Counterexample generation is not sufficient for finding the exact source of the error. Therefore, in conventional model checking, many debugging techniques have been proposed to act on the counterexamples generated to locate the source of the error. In PMC, debugging counterexamples is more challenging, since the probabilistic counterexample consists of multiple paths and it is probabilistic. In this article, we propose a debugging technique based on stochastic games to analyze probabilistic counterexamples generated for probabilistic models described as Markov chains in PRISM language. The technique is based mainly on the idea of considering the modules composing the system as players of a reachability game, whose actions contribute to the evolution of the game. Through many case studies, we will show that our technique is very effective for systems employing multiple components. The results are also validated by introducing a debugging tool called GEPCX (Game Explainer of Probabilistic Counterexamples).","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":"34 1","pages":"1 - 25"},"PeriodicalIF":1.0,"publicationDate":"2022-05-15","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"43494912","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 0

Fast Automated Abstract Machine Repair Using Simultaneous Modifications and Refactoring 使用同步修改和重构的快速自动化抽象机器维修

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-05-14 DOI: 10.1145/3536430

Chenghao Cai, Jing Sun, G. Dobbie, Zhé Hóu, Hadrien Bride, J. Dong, S. Lee

引用次数: 0

A Case in Point: Verification and Testing of a EULYNX Interface 一个恰当的案例:一个EULYNX接口的验证与测试

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-05-10 DOI: 10.1145/3528207

M. Bouwman, Djurre van der Wal, B. Luttik, M. Stoelinga, A. Rensink

{"title":"A Case in Point: Verification and Testing of a EULYNX Interface","authors":"M. Bouwman, Djurre van der Wal, B. Luttik, M. Stoelinga, A. Rensink","doi":"10.1145/3528207","DOIUrl":"https://doi.org/10.1145/3528207","url":null,"abstract":"We present a case study on the application of formal methods in the railway domain. The case study is part of the FormaSig project, which aims to support the development of EULYNX — a European standard defining generic interfaces for railway equipment — using formal methods. We translate the semi-formal SysML models created within EULYNX to formal mCRL2 models. By adopting a model-centric approach in which a formal model is used both for analyzing the quality of the EULYNX specification and for automated compliance testing, a high degree of traceability is achieved. The target of our case study is the EULYNX Point subsystem interface. We present a detailed catalog of the safety requirements, and provide counterexamples that show that some of them do not hold without specific fairness assumptions. We also use the mCRL2 model to generate both random and guided tests, which we apply to a third-party software simulator. We share metrics on the coverage and execution time of the tests, which show that guided testing outperforms random testing. The test results indicate several discrepancies between the model and the simulator. One of these discrepancies is caused by a fault in the simulator, the others are caused by false positives, i.e. an over-approximation of fail verdicts by our test setup.","PeriodicalId":50432,"journal":{"name":"Formal Aspects of Computing","volume":"35 1","pages":"1 - 38"},"PeriodicalIF":1.0,"publicationDate":"2022-05-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47554306","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}

引用次数: 2

Tight Error Analysis in Fixed-point Arithmetic 不动点算法的严密误差分析

IF 1 4区计算机科学

Formal Aspects of Computing Pub Date : 2022-05-04 DOI: 10.1145/3524051

Stella Simić, A. Bemporad, Omar Inverso, M. Tribastone

引用次数: 5