Rozprawy doktorskie na temat „Software verification”
Kliknij ten link, aby zobaczyć inne rodzaje publikacji na ten temat: Software verification.
Utwórz poprawne odniesienie w stylach APA, MLA, Chicago, Harvard i wielu innych
Sprawdź 50 najlepszych rozpraw doktorskich naukowych na temat „Software verification”.
Przycisk „Dodaj do bibliografii” jest dostępny obok każdej pracy w bibliografii. Użyj go – a my automatycznie utworzymy odniesienie bibliograficzne do wybranej pracy w stylu cytowania, którego potrzebujesz: APA, MLA, Harvard, Chicago, Vancouver itp.
Możesz również pobrać pełny tekst publikacji naukowej w formacie „.pdf” i przeczytać adnotację do pracy online, jeśli odpowiednie parametry są dostępne w metadanych.
Przeglądaj rozprawy doktorskie z różnych dziedzin i twórz odpowiednie bibliografie.
1
Wang, Xuan. "Verification of Digital Controller Verifications". BYU ScholarsArchive, 2005. https://scholarsarchive.byu.edu/etd/681.
Pełny tekst źródłaStreszczenie:
This thesis presents an analysis framework to verify the stablility property of a closed-loop control system with a software controller implementation. The usual approach to verifying stability for software uses experiments which are costly and can be dangerous. More recently, mathematical models of software have been proposed which can be used to reason about the correctness of controllers. However, these mathematical models ignore computational details that may be important in verification. We propose a method to determine the instability of a closed-loop system with a software controller implementation under l^2 inputs using simulation. This method avoids the cost of experimentation and the loss of precision inherent in mathematical modeling. The method uses the small gain theorem to compute a lower bound on the 2-induced norm of the uncertainty in the software implementation; if the lower bound is greater than 1/(2-induced norm of G), where G is the feedback system consisting of the mathematical model of the plant and the mathematical model of the controller, the closed-loop system is unsafe in a certain sense. The resulting method can not determine if the closed-loop system is stable, but can only suggest instability.
2
Kattenbelt, Mark Alex. "Automated quantitative software verification". Thesis, University of Oxford, 2010. http://ora.ox.ac.uk/objects/uuid:62430df4-7fdf-4c4f-b3cd-97ba8912c9f5.
Pełny tekst źródłaStreszczenie:
Many software systems exhibit probabilistic behaviour, either added explicitly, to improve performance or to break symmetry, or implicitly, through interaction with unreliable networks or faulty hardware. When employed in safety-critical applications, it is important to rigorously analyse the behaviour of these systems. This can be done with a formal verification technique called model checking, which establishes properties of systems by algorithmically considering all execution scenarios. In the presence of probabilistic behaviour, we consider quantitative properties such as "the worst-case probability that the airbag fails to deploy within 10ms", instead of qualitative properties such as "the airbag eventually deploys". Although many model checking techniques exist to verify qualitative properties of software, quantitative model checking techniques typically focus on manually derived models of systems and cannot directly verify software. In this thesis, we present two quantitative model checking techniques for probabilistic software. The first is a quantitative adaptation of a successful model checking technique called counter-example guided abstraction refinement which uses stochastic two-player games as abstractions of probabilistic software. We show how to achieve abstraction and refinement in a probabilistic setting and investigate theoretical extensions of stochastic two-player game abstractions. Our second technique instruments probabilistic software in such a way that existing, non-probabilistic software verification methods can be used to compute bounds on quantitative properties of the original, uninstrumented software. Our techniques are the first to target real, compilable software in a probabilistic setting. We present an experimental evaluation of both approaches on a large range of case studies and evaluate several extensions and heuristics. We demonstrate that, with our methods, we can successfully compute quantitative properties of real network clients comprising approximately 1,000 lines of complex ANSI-C code — the verification of such software is far beyond the capabilities of existing quantitative model checking techniques.
3
Taylor, Ramsay G. "Verification of hardware dependent software". Thesis, University of Sheffield, 2012. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.575744.
Pełny tekst źródłaStreszczenie:
Many good processes exist for ensuring the integrity of software systems, Some are analysis processes that seek to confirm that cer- tain properties hold for the system, and these rely on the ability to infer a correct model of the behaviour of the software, To ensure that such inference is possible many high-integrity systems are writ- ten in "safe" language subsets that restrict the program to constructs whose behaviour is sufficiently abstract and well defined that it can be determined independent of the execution environment. This nec- essarily prevents any assumptions about the system hardware. but consequently makes it impossible to use these techniques on software that must interact with the hardware. such as device drivers. This thesis addresses this shortcoming by taking the opposite approach: if the analyst accepts absolute hardware dependence - that the analysis will only be valid for a particular target system: the hardware that the driver is intended to control -- then the specifica- tion of the system can be used to infer the behaviour of the software that interacts with it, An analysis process is developed that operates on disassembled executable files and formal system specifications to produce CSP-OZ formal models of the software's behaviour, This analysis process is implemented in a prototype called Spurinna. that is then used in conjunction with the verification tools Z2SAL, the SAL suite, and IsabelleHOL. to demonstrate the verification of prop- erties of the software.
4
Jobredeaux, Romain J. "Formal verification of control software". Diss., Georgia Institute of Technology, 2015. http://hdl.handle.net/1853/53841.
Pełny tekst źródłaStreszczenie:
In a context of heightened requirements for safety-critical embedded systems and
ever-increasing costs of verification and validation, this research proposes to
advance the state of formal analysis for control software. Formal methods are a
field of computer science that uses mathematical techniques and formalisms to
rigorously analyze the behavior of programs. This research develops a framework
and tools to express and prove high level properties of control law
implementations. One goal is to bridge the gap between control theory and
computer science. An annotation language is extended with symbols and axioms to
describe control-related concepts at the code level. Libraries of theorems,
along with their proofs, are developed to enable an interactive proof assistant
to verify control-related properties. Through integration in a prototype tool,
the process of verification is made automatic, and applied to several example systems.In a context of heightened requirements for safety-critical embedded systems and
ever-increasing costs of verification and validation, this research proposes to
advance the state of formal analysis for control software. Formal methods are a
field of computer science that uses mathematical techniques and formalisms to
rigorously analyze the behavior of programs. This research develops a framework
and tools to express and prove high level properties of control law
implementations. One goal is to bridge the gap between control theory and
computer science. An annotation language is extended with symbols and axioms to
describe control-related concepts at the code level. Libraries of theorems,
along with their proofs, are developed to enable an interactive proof assistant
to verify control-related properties. Through integration in a prototype tool,
the process of verification is made automatic, and applied to several example systems.
5
Kirschenbaum, Jason P. "Investigations in Automating Software Verification". The Ohio State University, 2011. http://rave.ohiolink.edu/etdc/view?acc_num=osu1306862918.
Pełny tekst źródła
6
Ferro, Sara <1996>. "Software Verification of PLC programs". Master's Degree Thesis, Università Ca' Foscari Venezia, 2020. http://hdl.handle.net/10579/17637.
Pełny tekst źródłaStreszczenie:
Programmable Logic Controllers (PLC) play an important role in Industrial Control Systems, as they manage the actions of physical tools by collecting data from input devices and sending commands to output devices.
In this thesis, we introduce a formal framework for software verification of robustness of PLC programs. In particular, we identify external vulnerabilities based on dynamic user interaction, we define the semantics of Structured Control Language (SCL) and the semantics of Timed Automata (TA), we provide a set of transformation rules to transform a program written in SCL to a Timed Automaton, and we show their correctness with respect to the corresponding semantics. By applying these transformation rules, we can apply Model Checking tools (namely UPPAAL) to verify robustness properties of the PLC source code.
7
Olliaro, Martina <1991>. "String analysis for software verification". Doctoral thesis, Università Ca' Foscari Venezia, 2021. http://hdl.handle.net/10579/18470.
Pełny tekst źródłaStreszczenie:
This thesis aims to investigate string manipulation with security implications in different programming languages and to improve the state-of-the-art by applying the abstract interpretation theory to string analysis. Erroneous string manipulation is a challenging problem in software verification and, in fact, it is one of the major cause of program vulnerabilities that can be exploited by malicious users, leading to severe consequences for the affected systems. By string analysis we mean statically computing the set of string values that are possibly assigned to a variable. Like for other analysis issues, this is undecidable. Thus a certain degree of approximation is necessary in order to find evidence of bugs and vulnerabilities in string manipulating code. We take advantage of the Abstract Interpretation theory, i.e., a powerful mathematical theory that enables us to define and prove the soundness of approximations. The five main contributions of this thesis are: We introduce a new sophisticated abstract domain for C strings. The way the domain (called M-String) is conceived allows it to be tailored for specific verification tasks (e.g., detection of buffer overflows). We describe the concrete and the abstract semantics of basic string operations and prove their soundness formally. Furthermore, we provide an executable implementation of abstract operations. Using a tool that automatically lifts existing programs into the M-String domain along with an explicit-state model checker, we evaluate the accuracy of the proposed domain experimentally on real-case test programs.
We combine abstract domains resulting from the reduced product between string shape abstraction and string content abstraction, in order to improve the ability to detect inconsistent states leading to program errors without a major impact with respect to efficiency. In particular, the combinations involve some string abstract domains introduced in the literature with the segmentation domain that we instantiate for string analysis.
Completeness, in Abstract Interpretation, ensures that the analysis does not lose information with respect to the property of interest. We provide a systematic and constructive approach for generating the completion of string domains for dynamic languages, and we apply it to the refinement of existing string abstractions. Indeed, for dynamic languages, lack of string analysis completeness is a key security issue, as poorly managed string manipulation code may easily lead to significant security flaws. We also provide an effective procedure to measure the precision improvement obtained when lifting the analysis to complete domains.
Almost all the existing string abstract domains tracks information of single variables in a program (e.g., if a string contains a certain character), without inspecting their relationship with other values, causing the loss of relevant knowledge about their possible values. Thus, we introduce a generic framework that allows to formalize relational string abstract domains based on ordering relationship, and we instantiate such a framework to several domains built upon different well-known string orders (e.g., substring relationships). We implemented the domain based on substring ordering, and we provide an experimental evaluation about its effectiveness on some case studies.
We manipulate string values in the context of relational database watermarking. We propose a semantic-driven watermarking approach of relational textual databases, which marks multi-word textual attributes, exploiting the synonym substitution technique for text watermarking together with notions in semantic similarity analysis, and dealing with the semantic perturbations provoked by the watermark embedding. We show the effectiveness of our approach through an experimental evaluation. We also prove the resilience of our approach with respect to the random synonym substitution attack.
8
Zucchelli, D. "Combination Methods for Software Verification". Doctoral thesis, Università degli Studi di Milano, 2008. http://hdl.handle.net/2434/45877.
Pełny tekst źródłaStreszczenie:
The thesis is devoted to the development of formal methods for software verification. Indeed, two are among the most widespread techniques that allow to rigorously specify the possible executions of a system and check whether it contains bugs. On the one hand, the correctness of a program can be guaranteed by showing the unsatisfiability of a formula modulo a theory which usually axiomatizes the involved datatypes; on the other hand, the model checking techniques are used to certify that every possible run of the system satisfies the desired properties. The contributions of the thesis are the following: First of all, we give a decidability result for the constraint satisfiability problem for interesting extensions of the theory of arrays. Secondly, along the lines of Manna and Pnueli, who have shown how a mixture of first-order logic and linear time temporal logic is sufficient to state the verification problems for the class of reactive systems, we draw on the recent literature about the combination of decision procedures to give decidability and undecidability results for the satisfiability problem for logics that allow to plug reasoning modulo first-order theories into a temporal setting. The results obtained in the case of linear flows of time are then generalized to the temporal and modal logics whose relativized satisfiability problem is decidable. The last contribution is the decidability of the model checking problem for linear flows of time under suitable hypothesis over the first-order theories involved. The proofs of the decidability results suggest that efficient Satisfiability Modulo Theories solvers might be successfully employed in the model checking of infinite-state systems.
9
Domagoj, Babić. "Exploiting structure for scalable software verification". Thesis, University of British Columbia, 2008. http://hdl.handle.net/2429/1502.
Pełny tekst źródłaStreszczenie:
Software bugs are expensive. Recent estimates by the US National Institute of Standards and Technology claim that the cost of software bugs to the US economy alone is approximately 60 billion USD annually. As society becomes increasingly software-dependent, bugs also reduce our productivity and threaten our safety and security. Decreasing these direct and indirect costs represents a significant research challenge as well as an opportunity for businesses.
Automatic software bug-finding and verification tools have a potential to completely revolutionize the software engineering industry by improving reliability and decreasing development costs. Since software analysis is in general undecidable, automatic tools have to use various abstractions to make the analysis computationally tractable. Abstraction is a double-edged sword: coarse abstractions, in general, yield easier verification, but also less precise results.
This thesis focuses on exploiting the structure of software for abstracting away irrelevant behavior. Programmers tend to organize code into objects and functions, which effectively represent natural abstraction boundaries. Humans use such structural abstractions to simplify their mental models of software and for constructing informal explanations of why a piece of code should work. A natural question to ask is: How can automatic bug-finding tools exploit the same natural abstractions? This thesis offers possible answers.
More specifically, I present three novel ways to exploit structure at three different steps of the software analysis process. First, I show how symbolic execution can preserve the data-flow dependencies of the original code while constructing compact symbolic representations of programs. Second, I propose structural abstraction, which exploits the structure preserved by the symbolic execution. Structural abstraction solves a long-standing open problem --- scalable interprocedural path- and context-sensitive program analysis. Finally, I present an automatic tuning approach that exploits the fine-grained structural properties of software (namely, data- and control-dependency) for faster property checking. This novel approach resulted in a 500-fold speedup over the best previous techniques. Automatic tuning not only redefined the limits of automatic software analysis tools, but also has already found its way into other domains (like model checking), demonstrating the generality and applicability of this idea.
10
Hughes, Roger Brett. "Automated interactive software verification and synthesis". Thesis, Brunel University, 1992. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.306741.
Pełny tekst źródła
11
Jackson, David Mark. "Logical verification of reactive software systems". Thesis, University of Oxford, 1992. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.305989.
Pełny tekst źródła
12
Leonardsson, Carl. "Verification of Software under Relaxed Memory". Doctoral thesis, Uppsala universitet, Avdelningen för datorteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:uu:diva-297201.
Pełny tekst źródłaStreszczenie:
The work covered in this thesis concerns automatic analysis of correctness of parallel programs running under relaxed memory models. When a parallel program is compiled and executed on a modern architecture, various optimizations may cause it to behave in unexpected ways. In particular, accesses to the shared memory may appear in the execution in the opposite order to how they appear in the control flow of the original program source code. The memory model determines which memory accesses can be reordered in a program on a given system. Any memory model that allows some observable memory access reordering is called a relaxed memory model. The reorderings may cause bugs and make the production of parallel programs more difficult. In this work, we consider three main approaches to analysis of correctness of programs running under relaxed memory models. An exact analysis for finite state programs running under the TSO memory model (Paper I). This technique is based on the well quasi ordering framework. An over-approximate analysis for integer programs running under TSO (Paper II), based on predicate abstraction combined with a buffer abstraction. Two under-approximate analysis techniques for programs running under the TSO, PSO or POWER memory models (Papers III and IV). The latter two techniques are based on stateless model checking and dynamic partial order reduction. In addition to determining whether a program is correct under a given memory model, the problem of automatic fence synthesis is also considered. A memory fence is an instruction that can be inserted into a program in order to locally disable some memory access reorderings. The fence synthesis problem is the problem of automatically inferring a minimal set of memory fences which restores sufficient order in a given program to ensure its correctness.UPMARC
13
Tagore, Aditi. "Techniques to Improve Automated Software Verification". The Ohio State University, 2014. http://rave.ohiolink.edu/etdc/view?acc_num=osu1397661277.
Pełny tekst źródła
14
Ballis, Demis. "Rule-Based Software Verification and Correction". Doctoral thesis, Universitat Politècnica de València, 2008. http://hdl.handle.net/10251/1948.
Pełny tekst źródłaStreszczenie:
The increasing complexity of software systems has led to the development of sophisticated formal Methodologies for verifying and correcting data and programs. In general, establishing whether a program behaves correctly w.r.t. the original programmer s intention or checking the consistency and the correctness of a large set of data are not trivial tasks as witnessed by many case studies which occur in the literature.
In this dissertation, we face two challenging problems of verification and correction. Specifically, verification and correction of declarative programs, and the verification and correction of Web sites (i.e. large collections of semistructured data).
Firstly, we propose a general correction scheme for automatically correcting declarative, rule-based programs which exploits a combination of bottom-up as well as topdown inductive learning techniques. Our hybrid hodology is able to infer program corrections that are hard, or even impossible, to obtain with a simpler,automatic top-down or bottom-up learner. Moreover, the scheme will be also particularized to some well-known declarative programming paradigm: that is, the functional logic and the functional programming paradigm.
Secondly, we formalize a framework for the automated verification of Web sites which can be used to specify integrity conditions for a given Web site, and then automatically check whether these conditions are fulfilled. We provide a rule-based, formal specification language which allows us to define syntactic as well as semantic
properties of the Web site. Then, we formalize a verification technique which detects both incorrect/forbidden patterns as well as lack of information, that is, incomplete/missing Web pages. Useful information is gathered during the verification process which can be used to repair the Web site. So, after a verification phase, one
can also infer semi-automatically some possible corrections in order to fix theWeb site.
The methodology is based on a novel rewritBallis, D. (2005). Rule-Based Software Verification and Correction [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/1948
Palancia
15
Addy, Edward A. "Verification and validation in software product line engineering". Morgantown, W. Va. : [West Virginia University Libraries], 1999. http://etd.wvu.edu/templates/showETD.cfm?recnum=1068.
Pełny tekst źródłaStreszczenie:
Thesis (Ph. D.)--West Virginia University, 1999.Title from document title page. Document formatted into pages; contains vi, 75 p. : ill. (some col.). Includes abstract. Includes bibliographical references (p. 35-39).
16
Powell, Daniel, i n/a. "Formal Methods For Verification Based Software Inspection". Griffith University. School of Computing and Information Technology, 2003. http://www4.gu.edu.au:8080/adt-root/public/adt-QGU20030925.154706.
Pełny tekst źródłaStreszczenie:
Useful processes, that are independently repeatable, are utilised in all branches of science and traditional engineering disciplines but seldom in software engineering. This is particularly so with processes used for detection and correction of defects in software systems. Code inspection, as introduced by Michael Fagan at IBM in the mid 1970's is widely recognised as an effective technique for finding defects in software. Despite its reputation, code inspection, as it is currently practiced, is not a strictly repeatable process. This is due to the problems faced by inspectors when they attempt to paraphrase the complicated semantics of a unit of computer code. Verification based software inspection, as advocated by the cleanroom software engineering community, requires that arguments of correctness be formulated with the code and its specification. These arguments rely on the reader being able to extract the semantics from the code. This thesis addresses the requirement for an independently repeatable, scalable and substantially automated method for yielding semantics from computer code in a complete, unambiguous and consistent manner in order to facilitate, and make repeatable, verification based code inspection. Current literature regarding the use of code inspection for verification of software is surveyed. Empirical studies are referenced, comparing inspection to software testing and program proof. Current uses of formal methods in software engineering will be discussed, with particular reference to formal method applications in verification. Forming the basis of the presented method is a systematic, and hence repeatable, approach to the derivation of program semantics. The theories and techniques proposed for deriving semantics from program code extend current algorithmic and heuristic techniques for deriving invariants. Additionally, the techniques introduced yield weaker forms of invariant information which are also useful for verification, defect detection and correction. Methods for using these weaker invariant forms, and tools to support these methods, are introduced. Algorithmic and heuristic techniques for investigating loop progress and termination are also introduced. Some of these techniques have been automated in supporting tools, and hence, the resulting defects can be repeatably identified. Throughout this thesis a strong emphasis is placed on describing implementable algorithms to realise the derivation techniques discussed. A number of these algorithms are implemented in a tool to support the application of the verification methods presented. The techniques and tools presented in this thesis are well suited, but not limited to, supporting rigorous methods of defect detection as well as formal and semi-formal reasoning of correctness. The automation of these techniques in tools to support practical, formal code reading and correctness argument will assist in addressing the needs of trusted component technologies and the general requirement for quality in software.
17
Powell, Daniel. "Formal Methods For Verification Based Software Inspection". Thesis, Griffith University, 2003. http://hdl.handle.net/10072/366466.
Pełny tekst źródłaStreszczenie:
Useful processes, that are independently repeatable, are utilised in all branches of science and traditional engineering disciplines but seldom in software engineering. This is particularly so with processes used for detection and correction of defects in software systems. Code inspection, as introduced by Michael Fagan at IBM in the mid 1970's is widely recognised as an effective technique for finding defects in software. Despite its reputation, code inspection, as it is currently practiced, is not a strictly repeatable process. This is due to the problems faced by inspectors when they attempt to paraphrase the complicated semantics of a unit of computer code. Verification based software inspection, as advocated by the cleanroom software engineering community, requires that arguments of correctness be formulated with the code and its specification. These arguments rely on the reader being able to extract the semantics from the code. This thesis addresses the requirement for an independently repeatable, scalable and substantially automated method for yielding semantics from computer code in a complete, unambiguous and consistent manner in order to facilitate, and make repeatable, verification based code inspection. Current literature regarding the use of code inspection for verification of software is surveyed. Empirical studies are referenced, comparing inspection to software testing and program proof. Current uses of formal methods in software engineering will be discussed, with particular reference to formal method applications in verification. Forming the basis of the presented method is a systematic, and hence repeatable, approach to the derivation of program semantics. The theories and techniques proposed for deriving semantics from program code extend current algorithmic and heuristic techniques for deriving invariants. Additionally, the techniques introduced yield weaker forms of invariant information which are also useful for verification, defect detection and correction. Methods for using these weaker invariant forms, and tools to support these methods, are introduced. Algorithmic and heuristic techniques for investigating loop progress and termination are also introduced. Some of these techniques have been automated in supporting tools, and hence, the resulting defects can be repeatably identified. Throughout this thesis a strong emphasis is placed on describing implementable algorithms to realise the derivation techniques discussed. A number of these algorithms are implemented in a tool to support the application of the verification methods presented. The techniques and tools presented in this thesis are well suited, but not limited to, supporting rigorous methods of defect detection as well as formal and semi-formal reasoning of correctness. The automation of these techniques in tools to support practical, formal code reading and correctness argument will assist in addressing the needs of trusted component technologies and the general requirement for quality in software.Thesis (PhD Doctorate)
Doctor of Philosophy (PhD)
School of Computing and Information Technology
Full Text
18
Johnsen, Andreas. "Architecture-Based Verification of Software-Intensive Systems". Thesis, Mälardalen University, School of Innovation, Design and Engineering, 2010. http://urn.kb.se/resolve?urn=urn:nbn:se:mdh:diva-8917.
Pełny tekst źródłaStreszczenie:
Development of software-intensive systems such as embedded systems for telecommunications, avionics and automotives occurs under severe quality, schedule and budget constraints. As the size and complexity of software-intensive systems increase dramatically, the problems originating from the design and specification of the system architecture becomes increasingly significant. Architecture-based development approaches promise to improve the efficiency of software-intensive system development processes by reducing costs and time, while increasing quality. This paradox is partially explained by the fact that the system architecture abstracts away unnecessary details, so that developers can concentrate both on the system as a whole, and on its individual pieces, whether it's the components, the components' interfaces, or connections among components. The use of architecture description languages (ADLs) provides an important basis for verification since it describes how the system should behave, in a high level view and in a form where automated tests can be generated. Analysis and testing based on architecture specifications allow detection of problems and faults early in the development process, even before the implementation phase, thereby reducing a significant amount of costs and time. Furthermore, tests derived from the architecture specification can later be applied to the implementation to see the conformance of the implementation with respect to the specification. This thesis extends the knowledge base in the area of architecture-based verification. In this thesis report, an airplane control system is specified using the Architecture Analysis and Description Language (AADL). This specification will serve as a starting point of a system development process where developed architecture-based verification algorithms are applied.
19
Dimovski, Aleksandar. "Compositional software verification based on game semantics". Thesis, University of Warwick, 2007. http://wrap.warwick.ac.uk/2398/.
Pełny tekst źródłaStreszczenie:
One of the major challenges in computer science is to put programming on a firmer mathematical basis, in order to improve the correctness of computer programs. Automatic program verification is acknowledged to be a very hard problem, but current work is reaching the point where at least the foundational�· aspects of the problem can be addressed and it is becoming a part of industrial software development. This thesis presents a semantic framework for verifying safety properties of open sequ;ptial programs. The presentation is focused on an Algol-like programming language that embodies many of the core ingredients of imperative and functional languages and incorporates data abstraction in its syntax. Game semantics is used to obtain a compositional, incremental way of generating accurate models of programs. Model-checking is made possible by giving certain kinds of concrete automata-theoretic representations of the model. A data-abstraction refinement procedure is developed for model-checking safety properties of programs with infinite integer types. The procedure starts by model-checking the most abstract version of the program. If no counterexample, or a genuine one, is found, the procedure terminates. Otherwise, it uses a spurious counterexample to refine the abstraction for the next iteration. Abstraction refinement, assume-guarantee reasoning and the L* algorithm for learning regular languages are combined to yield a procedure for compositional verification. Construction of a global model is avoided using assume-guarantee reasoning and the L* algorithm, by learning assumptions for arbitrary subprograms. An implementation based on the FDR model checker for the CSP process algebra demonstrates practicality of the methods.
20
von, Spakovsky Alexis P., Reffela Davidson, Ashley Mathis i David Patterson. "Software Independent Verification and Validation (SIVandV) simplified". Monterey, California. Naval Postgraduate School, 2006. http://hdl.handle.net/10945/10063.
Pełny tekst źródłaStreszczenie:
Joint Applied ProjectSIVandV has been in existence for some 40 years, and many people still know little about its existence. Software IVandV certifies the quality of the software and independently validates and verifies that it meets or exceeds the customer[alpha]s expectations. Independent VandV for component or element software development activities encompasses the following: 1) review and thorough evaluations of the software development, 2) review and comment on software documentation, 3) participation in all software requirements and design reviews, and 4) participation in software integration and testing for each software build. This thesis will explore and explain the benefits and rationale for Software Independent Verification and Validation. It will identify SIVandV processes that are used to support acquisition weapon systems. [beta]SIVandV Simplified[gamma] will translate, into understandable terms, why SIVandV is considered [beta]Cheap Insurance[gamma] and why it is needed. Additionally, this thesis serves as a tutorial, providing suggested policy and guidance, suggested software Computer-Aided Software Engineering (CASE) tools, criteria, and lessons learned for implementing a successful SIVandV program.
21
Arno, Matthew G. (Matthew Gordon). "Verification and validation of safety related software". Thesis, Massachusetts Institute of Technology, 1994. http://hdl.handle.net/1721.1/33517.
Pełny tekst źródła
22
Barquin, Murguia Alberto Isaac. "SmallSat Payload Simulation for Onboard-Software Verification". Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2016. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-59928.
Pełny tekst źródłaStreszczenie:
This work presents the advancements in the development of simulation models of spacecraft components as part of a testbench for verification of onboard flight software. The satellite and its mission are briefly described as to give an idea of the conditions where the simulation has to run. The simulation environment, SimTG, is also introduced and a description of the developed models is presented. The models required interaction between different simulation environments, real hardware and simulated hardware, and also some data processing was necessary in order to filter undesired information. Finally, the performance of the models was tested and verified and a sensible improvement of the state of the testbench on the simulation side was achieved, although a considerable amount of work still lies ahead before a complete onboard software verification tool is ready.
23
Getir, Yaman Sinem. "Quantitative Modeling and Verification of Evolving Software". Doctoral thesis, Humboldt-Universität zu Berlin, 2021. http://dx.doi.org/10.18452/23310.
Pełny tekst źródłaStreszczenie:
Mit der steigenden Nachfrage nach Innovationen spielt Software in verschiedenenWirtschaftsbereichen
eine wichtige Rolle, wie z.B. in der Automobilindustrie, bei intelligenten Systemen als auch bei Kommunikationssystemen. Daher ist die
Qualität für die Softwareentwicklung von großer Bedeutung.
Allerdings ändern sich die probabilistische Modelle (die Qualitätsbewertungsmodelle)
angesichts der dynamischen Natur moderner Softwaresysteme. Dies führt dazu,
dass ihre Übergangswahrscheinlichkeiten im Laufe der Zeit schwanken, welches zu
erheblichen Problemen führt.
Dahingehend werden probabilistische
Modelle im Hinblick auf ihre Laufzeit kontinuierlich aktualisiert. Eine fortdauernde
Neubewertung komplexer Wahrscheinlichkeitsmodelle ist jedoch teuer. In
letzter Zeit haben sich inkrementelle Ansätze als vielversprechend für die Verifikation
von adaptiven Systemen erwiesen. Trotzdem wurden bei der Bewertung struktureller
Änderungen im Modell noch keine wesentlichen Verbesserungen erzielt. Wahrscheinlichkeitssysteme
werden als Automaten modelliert, wie
bei Markov-Modellen. Solche Modelle können in
Matrixform dargestellt werden, um die Gleichungen basierend auf Zuständen und
Übergangswahrscheinlichkeiten zu lösen.
Laufzeitmodelle wie Matrizen sind nicht signifikant,
um die Auswirkungen von Modellveränderungen erkennen zu können.
In dieser Arbeit wird ein Framework unter Verwendung stochastischer Bäume mit
regulären Ausdrücken entwickelt, welches modular aufgebaut ist und eine aktionshaltige
sowie probabilistische Logik im Kontext der Modellprüfung aufweist. Ein solches
modulares Framework ermöglicht dem Menschen die Entwicklung der Änderungsoperationen
für die inkrementelle Berechnung lokaler Änderungen, die im Modell auftreten
können. Darüber hinaus werden probabilistische Änderungsmuster beschrieben,
um eine effiziente inkrementelle Verifizierung, unter Verwendung von Bäumen mit regulären
Ausdrücken, anwenden zu können. Durch die Bewertung der Ergebnisse wird
der Vorgang abgeschlossen.Software plays an innovative role in many different domains, such as car industry, autonomous and smart systems, and communication. Hence, the quality of the software is of utmost importance and needs to be properly addressed during software evolution. Several approaches have been developed to evaluate systems’ quality attributes, such as reliability, safety, and performance of software. Due to the dynamic nature of modern software systems, probabilistic models representing the quality of the software and their transition probabilities change over time and fluctuate, leading to a significant problem that needs to be solved to obtain correct evaluation results of quantitative properties. Probabilistic models need to be continually updated at run-time to solve this issue. However, continuous re-evaluation of complex probabilistic models is expensive. Recently, incremental approaches have been found to be promising for the verification of evolving and self-adaptive systems. Nevertheless, substantial improvements have not yet been achieved for evaluating structural changes in the model. Probabilistic systems are usually represented in a matrix form to solve the equations based on states and transition probabilities. On the other side, evolutionary changes can create various effects on theese models and force them to re-verify the whole system. Run-time models, such as matrices or graph representations, lack the expressiveness to identify the change effect on the model. In this thesis, we develop a framework using stochastic regular expression trees, which are modular, with action-based probabilistic logic in the model checking context. Such a modular framework enables us to develop change operations for the incremental computation of local changes that can occur in the model. Furthermore, we describe probabilistic change patterns to apply efficient incremental quantitative verification using stochastic regular expression trees and evaluate our results.
24
Zhang, Lu. "Runtime Verification and Debugging of Concurrent Software". Diss., Virginia Tech, 2016. http://hdl.handle.net/10919/71882.
Pełny tekst źródłaStreszczenie:
Our reliance on software has been growing fast over the past decades as the pervasive use of computer and software penetrated not only our daily life but also many critical applications. As the computational power of multi-core processors and other parallel hardware keeps increasing, concurrent software that exploit these parallel computing hardware become crucial for achieving high performance. However, developing correct and efficient concurrent software is a difficult
task for programmers due to the inherent nondeterminism in their executions. As a result, concurrency related software bugs are among the most troublesome in practice and have caused severe problems in recent years.
In this dissertation, I propose a series of new and fully automated methods for verifying and debugging concurrent software. They cover the detection, prevention, classification, and repair of some important types of bugs in the implementation of concurrent data structures and client-side web applications. These methods can be adopted at various stages of the software development life cycle, to help programmers write concurrent software correctly as well as efficiently.Ph. D.
25
Krone, Joan. "The role of verification in software reusability /". The Ohio State University, 1988. http://rave.ohiolink.edu/etdc/view?acc_num=osu1487594970650373.
Pełny tekst źródła
26
SPINOSO, SERENA. "Verification and Configuration of Software-based Networks". Doctoral thesis, Politecnico di Torino, 2017. http://hdl.handle.net/11583/2676611.
Pełny tekst źródłaStreszczenie:
The innovative trends of Network Function Virtualization (NFV) and Software Defined Networking (SDN) have posed never experienced opportunities in productive environments, like data centers. While NFV decouples software implementation of the network functions (e.g., DPI and NAT) from their physical counterparts, SDN is in charge of dynamically changing those functions to create network paths. One new opportunity of such Software-based networks is to make the network service-provisioning models more flexible, by enabling users to build their own service graphs: users can select the Virtual Network Functions (VNFs) to use and can specify how packets have to be processed and forwarded in their networks. In particular, this PhD thesis spans mostly topics related to the verification and configuration of service graphs.
For what concerns the challenges of network verification, our aim is to explore strategies that overcome the limitations of traditional techniques, which generally exploit complex modelling approaches and takes considerable verification times.
Thus we envision for verification techniques that are based on non-complex modelling approaches in order to be much more efficient than existing proposals. Under these conditions, such novel approaches may work at run-time and, in particular, may be performed before deploying the service graphs, in order to avoid unexpected network behaviours and detect errors as early as possible.
Another requirement is that verification should take a reasonable amount of time from a VNF Orchestrator point of view, with fair processing resources (e.g. CPU, memory and so on). This is because we are in the context of flexible services, where the reconfiguration of network functions can be frequently triggered, both in case of user request and in case of management events.
The first contribution of this thesis lays on the service graphs specification by means of forwarding policies (i.e, a high-level specification of how packet flows are forwarded). While the majority of the SDN verification tools operate on OpenFlow configurations, we have defined a formal model to detect a set of anomalies in forwarding policies (i.e., erroneous specifications that may cause misleading network conditions and states). The key factors that distinguish our work from existing approaches are both an early detection of policies anomalies (i.e., before translating such policies into OpenFlow entries), in order to speed up the fixing phase, without even starting service deployment, and a scalable approach that achieves verification times in the order of milliseconds for medium- large- sized networks.
Another advancement in network verification has been the possibility to verify networks including stateful VNFs, which are functions that may dynamically change the forwarding path of a traffic flow according to their local algorithms and states (e.g., IDSs). Our second contribution is thus a verification approach that models the network and the involved (possibly stateful) VNFs as a set of FOL formulas. Those formulas are passed to the off-the-shelf SMT (Satisfiability Modulo Theory) solver Z3 in order to verify some reachability-based properties. In particular, the proposed solution has been implemented in a tool released under the AGPLv3 license, named VeriGraph, which takes the functional configurations of all deployed VNFs (e.g., filtering rules on firewalls) into account to check the network. The adopted approach achieves verification times in the order of milliseconds, which is compliant with the timing limitations needed by a VNF Orchestrator.
Finally, for what concerns the configuration of VNFs, service graph deployment should include a strategy to deploy VNF configurations in order to fix bugs in case of verification failures. Here, we have to face several challenges like the different ways a network function may require for being configured (REST API, CLI, etc...) and the configuration semantic that depends on the function itself (e.g., router parameters are clearly different from firewall ones).
We conclude this thesis by proposing a model-based configuration approach, which means defining a representation of the main configuration parameters of a VNF. This VNF model is then automatically processed by further software modules in the VNF architecture to translate the configuration parameters into a particular format required by a VNF and to deliver the produced configuration into the VNF following one of the configuration strategies (e.g., REST, configuration file, etc.) already supported by the function. The achieved results of this last work, w.r.t. the current state of the art, are the exploitation of a model-driven approach that achieves a higher flexibility and the insertion of non-VNF-specific software modules to avoid changes in the VNF implementation.
27
Yan, Weiwei. "Software-hardware Cooperative Embedded Verification System Fusing Fingerprint Verification and Shared-key Authentication". Thesis, KTH, Skolan för informations- och kommunikationsteknik (ICT), 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-66677.
Pełny tekst źródłaStreszczenie:
In order to protect the security of the commercial information, personnel information, military information, governmental information on the Internet, the claimed identity should be authenticated. Now there are three main security authentication methods: first: using user PIN, such as password; second: using physical key, such as USBKey; third: using biological authentication technology, such as fingerprint, iris, voice and palm prints, etc. Because of the uniqueness, invariance, and ubiquity properties of biometric authentication, biometric authentication is becoming popular, especially fingerprint recognition. However, when the fingerprint recognition information is transported on the public channel, it may be attacked, such as the fingerprint information is stolen. So a cryptology mechanism is needed to protect the fingerprint recognition information. In the field of embedded security authentication system, the traditional hardware implementation mechanism, such as ASIC, can satisfy requires of functions and performances, but it is not configurable, flexible, and easy to expand; the traditional software implementation mechanism, such as general purpose processor, is flexible, but the cost and the power consumption are higher than hardware implementation. In order to take the advantages of biometrics, cryptology, hardware implementation, and software implementation, a hardware-software cooperating embedded authentication system based on shared-key authentication and fingerprint verification is proposed. First, this system authenticates the identities of client and server by shared-key authentication, creates the current encrypt key and hash key, and then authenticates the identity of them via fingerprint recognition. During fingerprint recognition, the information of fingerprint is not needed to transmit over the public channel, so the security of fingerprint is increased. Theoretic analysis and experiments show that, this system reach very high authentication rate and security. This system can resist replay attack, server template attack, device template attack, effectively.
28
Lewis, Matt. "Precise verification of C programs". Thesis, University of Oxford, 2014. http://ora.ox.ac.uk/objects/uuid:34b5ed5a-160b-4e2c-8dac-eab62a24f78c.
Pełny tekst źródłaStreszczenie:
Most current approaches to software verification are one-sided -- a safety prover will try to prove that a program is safe, while a bug-finding tool will try to find bugs. It is rare to find an analyser that is optimised for both tasks, which is problematic since it is hard to know in advance whether a program you wish to analyse is safe or not. The result of taking a one-sided approach to verification is false alarms: safety provers will often claim that safe programs have errors, while bug-finders will often be unable to find errors in unsafe programs. Orthogonally, many software verifiers are designed for reasoning about idealised programming languages that may not have widespread use. A common assumption made by verification tools is that program variables can take arbitrary integer values, while programs in most common languages use fixed-width bitvectors for their variables. This can have a real impact on the verification, leading to incorrect claims by the verifier. In this thesis we will show that it is possible to analyse C programs without generating false alarms, even if they contain unbounded loops, use non-linear arithmetic and have integer overflows. To do this, we will present two classes of analysis based on underapproximate loop acceleration and second-order satisfiability respectively. Underapproximate loop acceleration addresses the problem of finding deep bugs. By finding closed forms for loops, we show that deep bugs can be detected without unwinding the program and that this can be done without introducing false positives or masking errors. We then show that programs accelerated in this way can be optimised by inlining trace automata to reduce their reachability diameter. This inlining allows acceleration to be used as a viable technique for proving safety, as well as finding bugs. In the second part of the thesis, we focus on using second-order logic for program analysis. We begin by defining second-order SAT: an extension of propositional SAT that allows quantification over functions. We show that this problem is NEXPTIME-complete, and that it is polynomial time reducible to finite-state program synthesis. We then present a fully automatic, sound and complete algorithm for synthesising C programs from a specification written in C. Our approach uses a combination of bounded model checking, explicit-state model checking and genetic programming to achieve surprisingly good performance for a problem with such high complexity. We conclude by using second-order SAT to precisely and directly encode several program analysis problems including superoptimisation, de-obfuscation, safety and termination for programs using bitvector arithmetic and dynamically allocated lists.
29
Latham, J. T. "Abstraction in program verification". Thesis, University of Manchester, 1985. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.372026.
Pełny tekst źródła
30
Woo, Yan, i 胡昕. "A dynamic integrity verification scheme for tamper-resistancesoftware". Thesis, The University of Hong Kong (Pokfulam, Hong Kong), 2005. http://hub.hku.hk/bib/B34740478.
Pełny tekst źródła
31
Garner, Scott A. "Metrics directed verification of UML designs". Virtual Press, 2005. http://liblink.bsu.edu/uhtbin/catkey/1328113.
Pełny tekst źródłaStreszczenie:
The goal of this research is to validate the methodology used while investigating metrics directed verification of Unified Modeling Language (UML) based designs. This document is organized into five distinct sections. The topics discussed include an introduction to the UML, a discussion of available software metrics, a tutorial regarding the nature of design metrics, a discussion of available UML metrics, and the empirical study results. The empirical study presents detailed information regarding how UML class diagrams can be mapped to design metrics, a discussion on how the data was collected and verified, the results obtained during this study, what conclusions were drawn from the data, and recommendations for future research topics. Preliminary findings indicate that a correlation does exist between the external design complexity measure and the UML class diagrams.Department of Computer Science
32
Wickerson, John Peter. "Concurrent verification for sequential programs". Thesis, University of Cambridge, 2013. https://www.repository.cam.ac.uk/handle/1810/265613.
Pełny tekst źródłaStreszczenie:
This dissertation makes two contributions to the field of software verification. The first explains how verification techniques originally developed for concurrency can be usefully applied to sequential programs. The second describes how sequential programs can be verified using diagrams that have a parallel nature. The first contribution involves a new treatment of stability in verification methods based on rely-guarantee. When an assertion made in one thread of a concurrent system cannot be invalidated by the actions of other threads, that assertion is said to be 'stable'. Stability is normally enforced through side-conditions on rely-guarantee proof rules. This dissertation proposes instead to encode stability information into the syntactic form of the assertion. This approach, which we call explicit stabilisation, brings several benefits. First, we empower rely-guarantee with the ability to reason about library code for the first time. Second, when the rely-guarantee method is redepleyed in a sequential setting, explicit stabilisation allows more details of a module's implementation to be hidden when verifying clients. Third, explicit stabilisation brings a more nuanced understanding of the important issue of stability in concurrent and sequential verification; such an understanding grows ever more important as verification techniques grow ever more complex. The second contribution is a new method of presenting program proofs conducted in separation logic. Building on work by Jules Bean, the ribbon proof is a diagrammatic alternative to the standard 'proof outline'. By emphasising the structure of a proof, ribbon proofs are intelligible and hence useful pedagogically. Because they contain less redundancy than proof outlines, and allow each proof step to be checked locally, they are highly scalable; this we illustrate with a ribbon proof of the Version 7 Unix memory manager. Where proof outlines are cumbersome to modify, ribbon proofs can be visually manoeuvred to yield proofs of variant programs. We describe the ribbon proof system, prove its soundness and completeness, and outline a prototype tool for mechanically checking the diagrams it produ1res.
33
Batten, Ian Gilbert. "Trusted execution : applications and verification". Thesis, University of Birmingham, 2016. http://etheses.bham.ac.uk//id/eprint/6684/.
Pełny tekst źródłaStreszczenie:
Useful security properties arise from sealing data to specific units of code. Modern processors featuring Intel’s TXT and AMD’s SVM achieve this by a process of measured and trusted execution. Only code which has the correct measurement can access the data, and this code runs in an environment trusted from observation and interference. We discuss the history of attempts to provide security for hardware platforms, and review the literature in the field. We propose some applications which would benefit from use of trusted execution, and discuss functionality enabled by trusted execution. We present in more detail a novel variation on Diffie-Hellman key exchange which removes some reliance on random number generation. We present a modelling language with primitives for trusted execution, along with its semantics. We characterise an attacker who has access to all the capabilities of the hardware. In order to achieve automatic analysis of systems using trusted execution without attempting to search a potentially infinite state space, we define transformations that reduce the number of times the attacker needs to use trusted execution to a pre-determined bound. Given reasonable assumptions we prove the soundness of the transformation: no secrecy attacks are lost by applying it. We then describe using the StatVerif extensions to ProVerif to model the bounded invocations of trusted execution. We show the analysis of realistic systems, for which we provide case studies.
34
Woo, Yan. "A dynamic integrity verification scheme for tamper-resistance software". Click to view the E-thesis via HKUTO, 2005. http://sunzi.lib.hku.hk/hkuto/record/B34740478.
Pełny tekst źródła
35
Wahab, Matthew. "Object code verification". Thesis, University of Warwick, 1998. http://wrap.warwick.ac.uk/61068/.
Pełny tekst źródłaStreszczenie:
Object code is a program of a processor language and can be directly executed on a machine. Program verification constructs a formal proof that a program correctly implements its specification. Verifying object code therefore ensures that the program which is to be executed on a machine is correct. However, the nature of processor languages makes it difficult to specify and reason about object code programs in a formal system of logic. Furthermore, a proof of the correctness of an object code program will often be too large to construct manually because of the size of object code programs. The presence of pointers and computed jumps in object code programs constrains the use of automated tools to simplify object code verification. This thesis develops an abstract language which is expressive enough to describe any sequential object code program. The abstract language supports the definition of program logics in which to specify and verify object code programs. This allows the object code programs of any processor language to be verified in a single system of logic. The abstract language is expressive enough that a single command is enough to describe the behaviour of any processor instruction. An object code program can therefore be translated to the abstract language by replacing each instruction with the equivalent command of the abstract language. This ensures that the use of the abstract language does not increase the difficulty of verifying an object code program. The verification of an object code program can be simplified by constructing an abstraction of the program and showing that the abstraction correctly implements the program specification. Methods for abstracting programs of the abstract language are developed which consider only the text of a program. These methods are based on describing a finite sequence of commands as a single, equivalent, command of the abstract language. This is used to define transformations which abstract a program by replacing groups of program commands with a single command. The abstraction of a program formed in this way can be verified in the same system of logic as the original program. Because the transformations consider only the program text, they are suitable for efficient mechanisation in an automated proof tool. By reducing the number of commands which must be considered, these methods can reduce the manual work needed to verify a program. The use of an abstract language allows object code programs to be specified and verified in a system of logic while the use of abstraction to simplify programs makes verification practical. As examples, object code programs for two different processors are modelled, abstracted and verified in terms of the abstract language. Features of processor languages and of object code programs which affect verification and abstraction are also summarised.
36
Flobakk, Rune. "Automated verification of design adherence in software implementation". Thesis, Norwegian University of Science and Technology, Department of Computer and Information Science, 2007. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-8808.
Pełny tekst źródłaStreszczenie:
Software design and architecture specify how a system should be implemented to achieve the required quality attributes. Being able to automatically verify the design adherence during implementation will continuously assure that the system realizes the quality attributes, as well as over time does not drift away from them. This thesis investigates how a software design can be used to automatically verify and enforce rules for implementation. The current tool support for automatic design enforcement is assessed and reviewed. In addition, a prototype contribution to this practice, a plug-in for the Maven software project management system, is presented.
37
Freitas, Arthur. "Hardware/Software Co-Verification Using the SystemVerilog DPI". Universitätsbibliothek Chemnitz, 2007. http://nbn-resolving.de/urn:nbn:de:swb:ch1-200700941.
Pełny tekst źródłaStreszczenie:
During the design and verification of the Hyperstone S5 flash memory controller, we
developed a highly effective way to use the SystemVerilog direct programming interface
(DPI) to integrate an instruction set simulator (ISS) and a software debugger in logic
simulation. The processor simulation was performed by the ISS, while all other hardware
components were simulated in the logic simulator. The ISS integration allowed us to filter
many of the bus accesses out of the logic simulation, accelerating runtime drastically. The
software debugger integration freed both hardware and software engineers to work in their
chosen development environments. Other benefits of this approach include testing and
integrating code earlier in the design cycle and more easily reproducing, in simulation,
problems found in FPGA prototypes.
38
Ulu, Cemil. "Specification And Verification Of Confidentiality In Software Architectures". Phd thesis, METU, 2004. http://etd.lib.metu.edu.tr/upload/12604809/index.pdf.
Pełny tekst źródłaStreszczenie:
This dissertation addresses the confidentiality aspect of the information security problem from the viewpoint of the software architecture. It presents a new approach to secure system design in which the desired security properties, in particular, confidentiality, of the system are proven to hold at the architectural level. The architecture description language Wright is extended so that confidentiality authorizations can be specified. An architectural description in Wright/c, the extended language, assigns clearance to the ports of the components and treats security labels as a part of data type information. The security labels are declared along with clearance assignments in an access control lattice model, also expressed in Wright/c. This enables the static analysis of data flow over the architecture subject to confidentiality requirements as per Bell-LaPadula principles. An algorithm takes the Wright/c description and the lattice model as inputs, and checks if there is a potential violation of the Bell-LaPadula principles. The algorithm also detects excess privileges. A software tool, which features an XML-based front-end to the algorithm is constructed. Finally, the algorithm is analyzed for its soundness, completeness and computational complexity.
39
Traub, Johannes [Verfasser]. "Formal Verification of Concurrent Embedded Software / Johannes Traub". Kiel : Universitätsbibliothek Kiel, 2016. http://d-nb.info/1105472175/34.
Pełny tekst źródła
40
Argote, Garcia Gonzalo. "Formal verification and testing of software architectural models". FIU Digital Commons, 2009. http://digitalcommons.fiu.edu/etd/1308.
Pełny tekst źródłaStreszczenie:
Ensuring the correctness of software has been the major motivation in software research, constituting a Grand Challenge. Due to its impact in the final implementation, one critical aspect of software is its architectural design. By guaranteeing a correct architectural design, major and costly flaws can be caught early on in the development cycle. Software architecture design has received a lot of attention in the past years, with several methods, techniques and tools developed. However, there is still more to be done, such as providing adequate formal analysis of software architectures. On these regards, a framework to ensure system dependability from design to implementation has been developed at FIU (Florida International University). This framework is based on SAM (Software Architecture Model), an ADL (Architecture Description Language), that allows hierarchical compositions of components and connectors, defines an architectural modeling language for the behavior of components and connectors, and provides a specification language for the behavioral properties. The behavioral model of a SAM model is expressed in the form of Petri nets and the properties in first order linear temporal logic.
This dissertation presents a formal verification and testing approach to guarantee the correctness of Software Architectures. The Software Architectures studied are expressed in SAM. For the formal verification approach, the technique applied was model checking and the model checker of choice was Spin. As part of the approach, a SAM model is formally translated to a model in the input language of Spin and verified for its correctness with respect to temporal properties. In terms of testing, a testing approach for SAM architectures was defined which includes the evaluation of test cases based on Petri net testing theory to be used in the testing process at the design level. Additionally, the information at the design level is used to derive test cases for the implementation level. Finally, a modeling and analysis tool (SAM tool) was implemented to help support the design and analysis of SAM models. The results show the applicability of the approach to testing and verification of SAM models with the aid of the SAM tool.
41
Moturu, Krishna Priya Darsini. "Application of reinforcement learning algorithms to software verification". Master's thesis, Québec : Université Laval, 2006. http://www.theses.ulaval.ca/2006/23583/23583.pdf.
Pełny tekst źródła
42
Roth, Andreas. "Specification and verification of object oriented software components". Karlsruhe : Univ.-Verl. Karlsruhe, 2006. http://www.uvka.de/univerlag/volltexte/2006/130/.
Pełny tekst źródła
43
Rakamarić, Zvonimir. "Modular verification of shared-memory concurrent system software". Thesis, University of British Columbia, 2011. http://hdl.handle.net/2429/32572.
Pełny tekst źródłaStreszczenie:
Software is large, complex, and error-prone. According to the US National Institute of Standards and Technology, software bugs cost the US economy an estimated $60 billion each year. The trend in hardware design of switching to multi-core architectures makes software development even more complex. Cutting software development costs and ensuring higher reliability of software is of global interest and a grand challenge. This is especially true of the system software that is the foundation beneath all general-purpose application programs.
The verification of system software poses particular challenges: system software is typically written in a low-level programming language with dynamic memory allocation and pointer manipulation, and system software is also highly concurrent, with shared-memory communication being the main concurrent programming paradigm. Available verification tools usually perform poorly when dealing with the aforementioned challenges. This thesis addresses these problems by enabling precise and scalable verification of low-level, shared-memory, concurrent programs. The main contributions are about the interrelated concepts of memory, modularity, and concurrency.
First, because programs use huge amounts of memory, the memory is usually modeled very imprecisely in order to scale to big programs. This imprecise modeling renders most tools almost useless in the memory-intensive parts of code. This thesis describes a scalable, yet precise, memory model that offers on-demand precision only when necessary.
Second, modularity is the key to scalability, but it often comes with a price --- a user must manually provide module specifications, making the verification process more tedious. This thesis proposes a light-weight technique for automatically inferring an important family of specifications to make the verification process more automatic.
Third, the number of program behaviors explodes in the presence of concurrency, thereby greatly increasing the complexity of the verification task. This explosion is especially true of shared-memory concurrency. The thesis presents a static context-bounded analysis that combines a number of techniques to successfully solve this problem.
We have implemented the above contributions in the verification tools developed as a part of this thesis. We have applied the tools on real-life system software, and we are already finding critical, previously undiscovered bugs.
44
Dietsch, Daniel [Verfasser], i Andreas [Akademischer Betreuer] Podelski. "Automated verification of system requirements and software specifications". Freiburg : Universität, 2016. http://d-nb.info/112274286X/34.
Pełny tekst źródła
45
Ellis, William James. "An integrated approach to high integrity software verification". Thesis, Heriot-Watt University, 2010. http://hdl.handle.net/10399/2353.
Pełny tekst źródłaStreszczenie:
Computer software is developed through software engineering. At its most precise, software engineering involves mathematical rigour as formal methods. High integrity software is associated with safety critical and security critical applications, where failure would bring significant costs. The development of high integrity software is subject to stringent standards, prescribing best practises to increase quality. Typically, these standards will strongly encourage or enforce the application of formal methods. The application of formal methods can entail a significant amount of mathematical reasoning. Thus, the development of automated techniques is an active area of research. The trend is to deliver increased automation through two complementary approaches. Firstly, lightweight formal methods are adopted, sacrificing expressive power, breadth of coverage, or both in favour of tractability. Secondly, integrated solutions are sought, exploiting the strengths of different technologies to increase automation. The objective of this thesis is to support the production of high integrity software by automating an aspect of formal methods. To develop tractable techniques we focus on the niche activity of verifying exception freedom. To increase effectiveness, we integrate the complementary technologies of proof planning and program analysis. Our approach is investigated by enhancing the SPARK Approach, as developed by Altran Praxis Limited. Our approach is implemented and evaluated as the SPADEase system. The key contributions of the thesis are summarised below: • Configurable and Sound - Present a configurable and justifiably sound approach to software verification. • Cooperative Integration - Demonstrate that more targeted and effective automation can be achieved through the cooperative integration of distinct technologies. • Proof Discovery - Present proof plans that support the verification of exception freedom. • Invariant Discovery - Present invariant discovery heuristics that support the verification of exception freedom. • Implementation as SPADEase - Implement our approach as SPADEase. • Industrial Evaluation - Evaluate SPADEase against both textbook and industrial subprograms.
46
Swart, Riaan. "A language to support verification of embedded software". Thesis, Stellenbosch : Stellenbosch University, 2004. http://hdl.handle.net/10019.1/49823.
Pełny tekst źródłaStreszczenie:
Thesis (MSc)--University of Stellenbosch, 2004.ENGLISH ABSTRACT: Embedded computer systems form part of larger systems such as aircraft or chemical processing facilities. Although testing and debugging of such systems are difficult, reliability is often essential. Development of embedded software can be simplified by an environment that limits opportunities for making errors and provides facilities for detection of errors. We implemented a language and compiler that can serve as basis for such an experimental environment. Both are designed to make verification of implementations feasible. Correctness and safety were given highest priority, but without sacrificing efficiency wherever possible. The language is concurrent and includes measures for protecting the address spaces of concurrently running processes. This eliminates the need for expensive run-time memory protection and will benefit resource-strapped embedded systems. The target hardware is assumed to provide no special support for concurrency. The language is designed to be small, simple and intuitive, and to promote compile-time detection of errors. Facilities for abstraction, such as modules and abstract data types support implementation and testing of bigger systems. We have opted for model checking as verification technique, so our implementation language is similar in design to a modelling language for a widely used model checker. Because of this, the implementation code can be used as input for a model checker. However, since the compiler can still contain errors, there might be discrepancies between the implementation code written in our language and the executable code produced by the compiler. Therefore we are attempting to make verification of executable code feasible. To achieve this, our compiler generates code in a special format, comprising a transition system of uninterruptible actions. The actions limit the scheduling points present in processes and reduce the different interleavings of process code possible in a concurrent system. Requirements that conventional hardware places on this form of code are discussed, as well as how the format influences efficiency and responsiveness.
AFRIKAANSE OPSOMMING: Ingebedde rekenaarstelsels maak deel uit van groter stelsels soos vliegtuie of chemiese prosesseerfasiliteite. Hoewel toetsing en ontfouting van sulke stelsels moeilik is, is betroubaarheid dikwels onontbeerlik. Ontwikkeling van ingebedde sagteware kan makliker gemaak word met 'n ontwikkelingsomgewing wat geleenthede vir foutmaak beperk en fasiliteite vir foutbespeuring verskaf. Ons het 'n programmeertaal en vertaler geïmplementeer wat as basis kan dien vir so 'n eksperimentele omgewing. Beide is ontwerp om verifikasie van implementasies haalbaar te maak. Korrektheid en veiligheid het die hoogste prioriteit geniet, maar sonder om effektiwiteit prys te gee, waar moontlik. Die taal is gelyklopend en bevat maatreëls om die adresruimtes van gelyklopende prosesse te beskerm. Dit maak duur looptyd-geheuebeskerming onnodig, tot voordeel van ingebedde stelsels met 'n tekort aan hulpbronne. Daar word aangeneem dat die teikenhardeware geen spesiale ondersteuning vir gelyklopendheid bevat nie. Die programmeertaal is ontwerp om klein, eenvoudig en intuïtief te wees, en om vertaaltyd-opsporing van foute te bevorder. Fasiliteite vir abstraksie, byvoorbeeld modules en abstrakte datatipes, ondersteun implementering en toetsing van groter stelsels. Ons het modeltoetsing as verifikasietegniek gekies, dus is die ontwerp van ons programmeertaal soortgelyk aan dié van 'n modelleertaal vir 'n modeltoetser wat algemeen gebruik word. As gevolg hiervan kan die implementasiekode as toevoer vir 'n modeltoetser gebruik word. Omdat die vertaler egter steeds foute kan bevat, mag daar teenstrydighede bestaan tussen die implementasie geskryf in ons implementasietaal, en die uitvoerbare masjienkode wat deur die vertaler gelewer word. Daarom poog ons om verifikasie van die uitvoerbare masjienkode haalbaar te maak. Om hierdie doelwit te bereik, is ons vertaler ontwerp om 'n spesiale formaat masjienkode te genereer bestaande uit 'n oorgangstelsel wat ononderbreekbare (atomiese) aksies bevat. Die aksies beperk die skeduleerpunte in prosesse en verminder sodoende die aantal interpaginasies van proseskode wat moontlik is in 'n gelyklopende stelsel. Die vereistes wat konvensionele hardeware aan dié spesifieke formaat kode stel, word bespreek, asook hoe die formaat effektiwiteit en reageerbaarheid van die stelsel beïnvloed.
47
Traub, Johannes Frederik Jesper [Verfasser]. "Formal Verification of Concurrent Embedded Software / Johannes Traub". Kiel : Universitätsbibliothek Kiel, 2016. http://nbn-resolving.de/urn:nbn:de:gbv:8-diss-186183.
Pełny tekst źródła
48
Antti, William. "Virtualized Functional Verification of Cross-Platform Software Applications". Thesis, Luleå tekniska universitet, Institutionen för system- och rymdteknik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:ltu:diva-74599.
Pełny tekst źródłaStreszczenie:
With so many developers writing code, so many choose to become a developer every day, using tools to aid in the work process is needed. With all the testing being done for multiple different devices and sources there is a need to make it better and more efficient. In this thesis connecting the variety of different tools such as version control, project management, issue tracking and test systems is explored as a possible solution. A possible solution was implemented and then analyzed through a questionnaire that were answered by developers. For an example results as high as 75\% answering 5 if they liked the connection between the issue tracking system and the test results. 75\% also gave a 5 when asked about if they liked the way the test results were presented. The answers they gave about the implementation made it possible to conclude that it is possible to achieve a solution that can solve some of the presented problems. A better way to connect various tools to present and analyze the test results coming from multiple different sources.
49
Ubhayakar, Sonali S. "Evalutation of program specification and verification systems". Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2003. http://library.nps.navy.mil/uhtbin/hyperion-image/03Jun%5FUbhayakar.pdf.
Pełny tekst źródła
50
Wang, Xuan. "Verification of digital controller implementations /". Diss., CLICK HERE for online access, 2005. http://contentdm.lib.byu.edu/ETD/image/etd1073.pdf.
Pełny tekst źródła