Phone: +55 84 3215 3814 224 Address: Universidade Federal do Rio Grande do Norte
Centro de Ciencias Exatas e da Terra
Departamento de Informatica e Matematica Aplicada
Campus Universitario
Lagoa Nova
59078-970 NATAL, RN
BRAZIL
Proof obligations of the B method and of Event B use predicates in the Constraints, Sets, Propert... more Proof obligations of the B method and of Event B use predicates in the Constraints, Sets, Properties and Invariant clauses as hypotheses in proof obligations. A contradiction in these predicates results in trivially valid proof obligations and essentially voids the development. A textbook on the B method [3] presents three "existence proof obligations" to show the satisfiability of the Constraints, Properties and Invariant clauses as soon as they are stated in a component. Together with new existence proof obligations for refinement, this prevents the introduction of such contradictions in the refinement chain. This paper presents a detailed formalization of these existence proof obligations, specifying their implementation in Atelier B.
11th International Workshop on Satisfiability Modulo Theories (SMT 2013), Jul 2013
The QF UF category of the SMT-LIB test set contains many formulas with symmetries, and breaking t... more The QF UF category of the SMT-LIB test set contains many formulas with symmetries, and breaking these symmetries results in an important speedup [8]. This paper presents SyMT, a tool to find and report symmetries in SMT formulas. SyMT is based on the reduction of the problem of detecting symmetries in formulas to finding automorphisms in a graph representation of these formulas. The output of SyMT may be used to improve SMT formulas to enforce the SMT solver to examine only one assignment out of many symmetric ones. We show that the classic propositional symmetry breaking technique can be lifted to SMT and yields a generic technique to break the symmetries found by SyMT.
Experiments on a large part of the SMT-LIB show that symmetries are pervasive in most categories.
Latin-American Workshop on Formal Methods (LAFM 2013), Jan 2, 2014
This paper presents BEval, an extension of Atelier B to improve automation in the verification ac... more This paper presents BEval, an extension of Atelier B to improve automation in the verification ac- tivities in the B method or Event-B. It combines a tool for managing and verifying software projects (Atelier B) and a model checker/animator (ProB) so that the verification conditions generated in the former are evaluated with the latter. In our experiments, the two main verification strategies (manual and automatic) showed significant improvement as ProB’s evaluator proves complementary to Ate- lier B built-in provers. We conducted experiments with the B model of a micro-controller instruction set; several verification conditions, that we were not able to discharge automatically or manually with Atelier B’s provers, were automatically verified using BEval.
Formal methods in software and hardware design often generate formulas that need to be validated,... more Formal methods in software and hardware design often generate formulas that need to be validated, either interactively or automatically. Among the automatic tools, SMT (Satisfiability Modulo Theories) solvers are particularly suitable to discharge such proof obligations, as their input language is equational logic with symbols from various useful decidable fragments such as uninterpreted symbols, linear arithmetic, and usual data-structures like arrays or lists. In this paper, we present an approach to combine decision procedures and propositional solvers into an SMT-solver, based not only on the exchange of deducible equalities between decision procedures, but also on the generation of model equalities by decision procedures. This extends nicely the classical Nelson–Oppen combination procedure in a simple platform to smoothly combine convex and non-convex theories. We show the soundness and completeness of this approach using an original abstract framework to represent and reason about SMT-solvers. We then describe an algorithmic translation of this method, implemented in the kernel of the veriT solver (Bouton et al. (2009)) [9].
Abstract Programming provers is a complex task; completeness or even soundness may often be broke... more Abstract Programming provers is a complex task; completeness or even soundness may often be broken by apparently harmless bugs. A good testing platform can contribute in detecting problems early and helping development. This paper presents GridTPT, the distributed platform for testing the veriT SMT solver. Its features are fairly standard, but it allows to easily distribute the task in a cluster. We plan to make this platform available as an open source tool for the community of developers of automated theorem provers.
Abstract. This paper describes an approach to model the functional aspects of the instruction set... more Abstract. This paper describes an approach to model the functional aspects of the instruction set of microcontroller platforms and several details about the representation of elements from microcontrollers. Several models were developed using the notation of the B method. They are used to develop a formally verified software up to the assembly level and allow the simulation of models.
Abstract. This paper investigates the application of the B method,beyond the classical algorithmi... more Abstract. This paper investigates the application of the B method,beyond the classical algorithmic level provided by the B0 sub-language, and presents re- finements of B models at a level of precision equivalent to assembly language. We claim and justify that this extension provides a more reliable software de- velopment process as it bypasses two of the less trustable steps in
Formal development in Event-B generally requires the validation of a large number of proof obliga... more Formal development in Event-B generally requires the validation of a large number of proof obligations. Some automatic tools exist to automatically discharge a significant part of them, thus augmenting the efficiency of the formal development. We here investigate the use of SMT (Satisfiability Modulo Theories) solvers in addition to the traditional tools, and detail the techniques used for the cooperation between the Rodin platform and SMT solvers.
Methods exploiting problem symmetries have been very successful in several areas including constr... more Methods exploiting problem symmetries have been very successful in several areas including constraint programming and SAT solving. We here recast a technique to enhance the performance of SMT-solvers by detecting symmetries in the input formulas and use them to prune the search space of the SMT algorithm. This technique is based on the concept of (syntactic) invariance by permutation of constants. An algorithm for solving SMT by taking advantage of such symmetries is presented.
Abstract This paper discusses advantages and disadvantages of some possible alternatives for infe... more Abstract This paper discusses advantages and disadvantages of some possible alternatives for inference rules that handle quantifiers in the proof format of the SMT-solver veriT. The quantifier-handling modules in veriT being fairly standard, we hope this will motivate the discussion among the PxTP audience around proof production for quantifier handling. This could generate ideas to help us improve our proof production module, and also benefit the SMT community.
Abstract. This paper describes an approach to model the microcontroller platforms. More specifica... more Abstract. This paper describes an approach to model the microcontroller platforms. More specifically, it shows details about the Z80 model. The model has been developed using the B method; which applies math and logic concepts to describe characteristics from platforms. Therefore, this modelling can be used in platform projects to document, build simulators, verify properties about the model and verify at assembly level software.
Resumo Este trabalho descreve resumidamente a modelagem das plataformas 8051, PIC e Z80. Essas mo... more Resumo Este trabalho descreve resumidamente a modelagem das plataformas 8051, PIC e Z80. Essas modelagens sao construıdas com o método B, o qual aplica conceitos lógicos e matemáticos para descrever as caracterısticas das plataformas. Dessa forma, tais modelagens podem ser utilizadas no projeto de plataformas para documentaçao, construçao de simuladores, verificaçao de sua consistência e ainda na verificaçao de software em nıvel de montagem, ou seja, assembly.
This work describes a model-driven approach to design and develop software from the functional sp... more This work describes a model-driven approach to design and develop software from the functional specification level down to assembly. The proposed approach builds upon the B method and provides a methodology to craft assembly-level software components in a rigorous way. While the B method is conventionally applied to produce algorithmic level software artifacts for safety-critical systems, it was not originally designed to handle the final transformations to source code and then to assembly.
Abstract: Model-driven design of software for safety-critical applications often relies on mathem... more Abstract: Model-driven design of software for safety-critical applications often relies on mathematically grounded techniques such as the B method. Such techniques consist in the successive applications of refinements to derive a concrete implementation from an abstract specification. Refinement theory defines verification conditions to guarantee that such operations preserve the intended behaviour of the abstract specifications.
Résumé: We present the architecture of the oncoming version of the SMT (Satisfiability Modulo The... more Résumé: We present the architecture of the oncoming version of the SMT (Satisfiability Modulo Theories) solver haRVey. haRVey checks the satisfiability of a formula written in a first-order language with interpreted symbols from various theories. Its new architecture is original, first in the sense that it is a combination of reasoners, rather than the traditional combination of decision procedures. Second, one of these reasoners is a full-featured first-order saturation-based prover.
Proof obligations of the B method and of Event B use predicates in the Constraints, Sets, Propert... more Proof obligations of the B method and of Event B use predicates in the Constraints, Sets, Properties and Invariant clauses as hypotheses in proof obligations. A contradiction in these predicates results in trivially valid proof obligations and essentially voids the development. A textbook on the B method [3] presents three "existence proof obligations" to show the satisfiability of the Constraints, Properties and Invariant clauses as soon as they are stated in a component. Together with new existence proof obligations for refinement, this prevents the introduction of such contradictions in the refinement chain. This paper presents a detailed formalization of these existence proof obligations, specifying their implementation in Atelier B.
11th International Workshop on Satisfiability Modulo Theories (SMT 2013), Jul 2013
The QF UF category of the SMT-LIB test set contains many formulas with symmetries, and breaking t... more The QF UF category of the SMT-LIB test set contains many formulas with symmetries, and breaking these symmetries results in an important speedup [8]. This paper presents SyMT, a tool to find and report symmetries in SMT formulas. SyMT is based on the reduction of the problem of detecting symmetries in formulas to finding automorphisms in a graph representation of these formulas. The output of SyMT may be used to improve SMT formulas to enforce the SMT solver to examine only one assignment out of many symmetric ones. We show that the classic propositional symmetry breaking technique can be lifted to SMT and yields a generic technique to break the symmetries found by SyMT.
Experiments on a large part of the SMT-LIB show that symmetries are pervasive in most categories.
Latin-American Workshop on Formal Methods (LAFM 2013), Jan 2, 2014
This paper presents BEval, an extension of Atelier B to improve automation in the verification ac... more This paper presents BEval, an extension of Atelier B to improve automation in the verification ac- tivities in the B method or Event-B. It combines a tool for managing and verifying software projects (Atelier B) and a model checker/animator (ProB) so that the verification conditions generated in the former are evaluated with the latter. In our experiments, the two main verification strategies (manual and automatic) showed significant improvement as ProB’s evaluator proves complementary to Ate- lier B built-in provers. We conducted experiments with the B model of a micro-controller instruction set; several verification conditions, that we were not able to discharge automatically or manually with Atelier B’s provers, were automatically verified using BEval.
Formal methods in software and hardware design often generate formulas that need to be validated,... more Formal methods in software and hardware design often generate formulas that need to be validated, either interactively or automatically. Among the automatic tools, SMT (Satisfiability Modulo Theories) solvers are particularly suitable to discharge such proof obligations, as their input language is equational logic with symbols from various useful decidable fragments such as uninterpreted symbols, linear arithmetic, and usual data-structures like arrays or lists. In this paper, we present an approach to combine decision procedures and propositional solvers into an SMT-solver, based not only on the exchange of deducible equalities between decision procedures, but also on the generation of model equalities by decision procedures. This extends nicely the classical Nelson–Oppen combination procedure in a simple platform to smoothly combine convex and non-convex theories. We show the soundness and completeness of this approach using an original abstract framework to represent and reason about SMT-solvers. We then describe an algorithmic translation of this method, implemented in the kernel of the veriT solver (Bouton et al. (2009)) [9].
Abstract Programming provers is a complex task; completeness or even soundness may often be broke... more Abstract Programming provers is a complex task; completeness or even soundness may often be broken by apparently harmless bugs. A good testing platform can contribute in detecting problems early and helping development. This paper presents GridTPT, the distributed platform for testing the veriT SMT solver. Its features are fairly standard, but it allows to easily distribute the task in a cluster. We plan to make this platform available as an open source tool for the community of developers of automated theorem provers.
Abstract. This paper describes an approach to model the functional aspects of the instruction set... more Abstract. This paper describes an approach to model the functional aspects of the instruction set of microcontroller platforms and several details about the representation of elements from microcontrollers. Several models were developed using the notation of the B method. They are used to develop a formally verified software up to the assembly level and allow the simulation of models.
Abstract. This paper investigates the application of the B method,beyond the classical algorithmi... more Abstract. This paper investigates the application of the B method,beyond the classical algorithmic level provided by the B0 sub-language, and presents re- finements of B models at a level of precision equivalent to assembly language. We claim and justify that this extension provides a more reliable software de- velopment process as it bypasses two of the less trustable steps in
Formal development in Event-B generally requires the validation of a large number of proof obliga... more Formal development in Event-B generally requires the validation of a large number of proof obligations. Some automatic tools exist to automatically discharge a significant part of them, thus augmenting the efficiency of the formal development. We here investigate the use of SMT (Satisfiability Modulo Theories) solvers in addition to the traditional tools, and detail the techniques used for the cooperation between the Rodin platform and SMT solvers.
Methods exploiting problem symmetries have been very successful in several areas including constr... more Methods exploiting problem symmetries have been very successful in several areas including constraint programming and SAT solving. We here recast a technique to enhance the performance of SMT-solvers by detecting symmetries in the input formulas and use them to prune the search space of the SMT algorithm. This technique is based on the concept of (syntactic) invariance by permutation of constants. An algorithm for solving SMT by taking advantage of such symmetries is presented.
Abstract This paper discusses advantages and disadvantages of some possible alternatives for infe... more Abstract This paper discusses advantages and disadvantages of some possible alternatives for inference rules that handle quantifiers in the proof format of the SMT-solver veriT. The quantifier-handling modules in veriT being fairly standard, we hope this will motivate the discussion among the PxTP audience around proof production for quantifier handling. This could generate ideas to help us improve our proof production module, and also benefit the SMT community.
Abstract. This paper describes an approach to model the microcontroller platforms. More specifica... more Abstract. This paper describes an approach to model the microcontroller platforms. More specifically, it shows details about the Z80 model. The model has been developed using the B method; which applies math and logic concepts to describe characteristics from platforms. Therefore, this modelling can be used in platform projects to document, build simulators, verify properties about the model and verify at assembly level software.
Resumo Este trabalho descreve resumidamente a modelagem das plataformas 8051, PIC e Z80. Essas mo... more Resumo Este trabalho descreve resumidamente a modelagem das plataformas 8051, PIC e Z80. Essas modelagens sao construıdas com o método B, o qual aplica conceitos lógicos e matemáticos para descrever as caracterısticas das plataformas. Dessa forma, tais modelagens podem ser utilizadas no projeto de plataformas para documentaçao, construçao de simuladores, verificaçao de sua consistência e ainda na verificaçao de software em nıvel de montagem, ou seja, assembly.
This work describes a model-driven approach to design and develop software from the functional sp... more This work describes a model-driven approach to design and develop software from the functional specification level down to assembly. The proposed approach builds upon the B method and provides a methodology to craft assembly-level software components in a rigorous way. While the B method is conventionally applied to produce algorithmic level software artifacts for safety-critical systems, it was not originally designed to handle the final transformations to source code and then to assembly.
Abstract: Model-driven design of software for safety-critical applications often relies on mathem... more Abstract: Model-driven design of software for safety-critical applications often relies on mathematically grounded techniques such as the B method. Such techniques consist in the successive applications of refinements to derive a concrete implementation from an abstract specification. Refinement theory defines verification conditions to guarantee that such operations preserve the intended behaviour of the abstract specifications.
Résumé: We present the architecture of the oncoming version of the SMT (Satisfiability Modulo The... more Résumé: We present the architecture of the oncoming version of the SMT (Satisfiability Modulo Theories) solver haRVey. haRVey checks the satisfiability of a formula written in a first-order language with interpreted symbols from various theories. Its new architecture is original, first in the sense that it is a combination of reasoners, rather than the traditional combination of decision procedures. Second, one of these reasoners is a full-featured first-order saturation-based prover.
Uma breve introdução aos conceitos das classes dos problemas P, NP, NP-completos, e NP-árduos. Pr... more Uma breve introdução aos conceitos das classes dos problemas P, NP, NP-completos, e NP-árduos. Problemas de decisão. Problemas e linguagens. Redução entre problemas.
Conceitos básicos. Aplicação: percurso em tabuleiro, multiplicação de uma sequência de matrizes, ... more Conceitos básicos. Aplicação: percurso em tabuleiro, multiplicação de uma sequência de matrizes, subsequência de soma nula, problema da mochila 0-1.
Árvores de busca balanceadas: árvores rubro-negra. Introdução, propriedades, operações de busca, ... more Árvores de busca balanceadas: árvores rubro-negra. Introdução, propriedades, operações de busca, inserção e remoção.
Tabelas de indexação direta. Tabelas de espalhamento com encadeamento externo. Funções de espalha... more Tabelas de indexação direta. Tabelas de espalhamento com encadeamento externo. Funções de espalhamento: divisão, multiplicação, universal. Endereçamento aberto: linear, quadrático, duplo.
Este documento apresenta uma solução ao problema "Colorindo", oriundo da segunda fase da Olimpíad... more Este documento apresenta uma solução ao problema "Colorindo", oriundo da segunda fase da Olimpíada Brasileira de Informática de 2011, nível Programação 1.
Uma breve introdução aos principais comandos do sistema operacional UNIX, também utilizados em Li... more Uma breve introdução aos principais comandos do sistema operacional UNIX, também utilizados em Linux, OS X, e outros.
A partir de um problema computacional simples, apresentamos os primeiros conceitos de programação... more A partir de um problema computacional simples, apresentamos os primeiros conceitos de programação de computadores, com base a linguagem C: entradas e saídas, programas, variáveis, atribuição.
Uploads
Papers by David Déharbe
Experiments on a large part of the SMT-LIB show that symmetries are pervasive in most categories.
Experiments on a large part of the SMT-LIB show that symmetries are pervasive in most categories.