Template-based program verification and program synthesis

Program verification is the task of automatically generating proofs for a program’s compliance with a given specification. Program synthesis is the task of automatically generating a program that meets a given specification. Both program verification and program synthesis can be viewed as search problems, for proofs and programs, respectively. For these search problems, we present approaches based on user-provided insights in the form of templates. Templates are hints about the syntactic forms of the invariants and programs, and help guide the search for solutions. We show how to reduce the template-based search problem to satisfiability solving, which permits the use of off-the-shelf solvers to efficiently explore the search space. Template-based approaches have allowed us to verify and synthesize programs outside the abilities of previous verifiers and synthesizers. Our approach can verify and synthesize difficult algorithmic textbook programs (e.g., sorting and dynamic programming-based algorithms) and difficult arithmetic programs.     

Elicitation by critiquing as a cognitive task analysis methodology

This paper describes elicitation by critiquing (EBC) as a cognitive task analysis (CTA) methodology. EBC takes advantage of the ability to analyze another’s task performance, a necessary skill for all domains. This technique can be used to help address some barriers to CTA methods such as domain access restrictions, frequency and predictability of observable and self-reported events, and difficulties in recruiting domain experts to participate. The technique enables controlled presentation of problem stimuli in order to obtain repeated measuring of the same task from multiple participants. To investigate this method, our team performed a CTA of inferential analysis using the EBC technique. Specifically, we observed six expert intelligence analysts critiquing a trainee analyzing the Ariane 501 launch failure. A second trainee was critiqued for reference. The method can be combined with other CTA methods to build knowledge about a domain, can be considered as an addition to participatory design methods, and can be varied depending on the domain being investigated.     

Cognitive simulation as a tool for cognitive task analysis

Cognitive simulations are runnable computer programs that represent models of human cognitive activities. We show how one cognitive simulation built as a model of some of the cognitive processes involved in dynamic fault management can be used in conjunction with small-scale empirical data on human performance to uncover the cognitive demands of a task, to identify where intention errors are likely to occur, and to point to improvements in the person-machine system. The simulation, called Cognitive Environment Simulation or CES, has been exercised on several nuclear power plant accident scenarios. Here we report one case to illustrate how a cognitive simulation tool such as CES can be used to clarify the cognitive demands of a problem-solving situation as part of a cognitive task analysis.     

Philosophical aspects of program verification

A debate over the theoretical capabilities of formal methods in computer science has raged for more than two years now. The function of this paper is to summarize the key elements of this debate and to respond to important criticisms others have advanced by placing these issues within a broader context of philosophical considerations about the nature of hardware and of software and about the kinds of knowledge that we have the capacity to acquire concerning their performance.     

Cognitive simulation as a tool for cognitive task analysis.

Cognitive simulations are runnable computer programs that represent models of human cognitive activities. We show how one cognitive simulation built as a model of some of the cognitive processes involved in dynamic fault management can be used in conjunction with small-scale empirical data on human performance to uncover the cognitive demands of a task, to identify where intention errors are likely to occur, and to point to improvements in the person-machine system. The simulation, called Cognitive Environment Simulation or CES, has been exercised on several nuclear power plant accident scenarios. Here we report one case to illustrate how a cognitive simulation tool such as CES can be used to clarify the cognitive demands of a problem-solving situation as part of a cognitive task analysis.     

CPBPV: a constraint-programming framework for bounded program verification

This paper studies how to verify the conformity of a program with its specification and proposes a novel constraint-programming framework for bounded program verification (CPBPV). The CPBPV framework uses constraint stores to represent both the specification and the program and explores execution paths of bounded length nondeterministically. The CPBPV framework detects non-conformities and provides counter examples when a path of bounded length that refutes some properties exists. The input program is partially correct under the boundness restrictions, if each constraint store so produced implies the post-condition. CPBPV does not explore spurious execution paths, as it incrementally prunes execution paths early by detecting that the constraint store is not consistent. CPBPV uses the rich language of constraint programming to express the constraint store. Finally, CPBPV is parameterized with a list of solvers which are tried in sequence, starting with the least expensive and less general. Experimental results often produce orders of magnitude improvements over earlier approaches, running times being often independent of the size of the variable domains. Moreover, CPBPV was able to detect subtle errors in some programs for which other frameworks based on bounded model checking have failed.     

Straight-line program length as a parameter for complexity analysis

A definition is proposed for a size measure to be used as a parameter for algorithm analysis in any algebra. The parameter is simply the straight-line program length in the associated free algebra. This parameter generalizes the usual measures in basic arithmetic and string algebras, as well as some apparently different measures used for data structure algorithms. Another use is illustrated with an introduction to complexity-bounded group theory.     

Temporal strategy and performance during a fatiguing short-cycle repetitive task

This study investigated temporal changes in movement strategy and performance during fatiguing short-cycle work. Eighteen participants performed six 7-min work blocks with repetitive reaching movements at 0.5 Hz, each followed by a 5.5-min rest break for a total duration of 1 h. Electromyography (EMG) was collected continuously from the upper trapezius muscle, the temporal movement strategy and timing errors were obtained on a cycle-to-cycle basis, and perceived fatigue was rated before and after each work block. Clear signs of fatigue according to subjective ratings and EMG manifestations developed within each work block, as well as during the entire hour. For most participants, timing errors gradually increased, as did the waiting time at the near target. Changes in temporal movement strategy were negatively correlated with changes in the level and variability of EMG, suggesting that an adaptive temporal strategy offset the development of unstable motor solutions in this fatiguing, short-cycle work. PRACTITIONER SUMMARY: Sustained performance of operators is essential to maintain competitiveness. In this study of repetitive work, participants gradually changed their temporal movement strategy, for possibly alleviating the effects of fatigue. This suggests that in order to effectively counteract fatigue and sustain performance, industrial production should allow extensive spatial and temporal flexibility.     

Experiments in program verification using Event-B

The Event-B method can be used to model all sorts of discrete event systems, among them sequential programs. In this article we describe our experiences with using Event-B by way of two examples. We present a simple model of a factorial program, explaining the method, and a more intricate model of the Quicksort algorithm, providing some insights into strengths and weaknesses of Event-B. The two models are interspersed with our observations and some suggestions of how, we believe, Event-B could evolve. This evaluation of Event-B is intended to serve for determining directions for the evolution of Event-B and judging progress. It is our hope that the observations and suggestions can also be put to use for similar modelling formalisms, such as Z, ASM or VDM.     

Expressive program verification via structured specifications

Conventional specifications typically have a flat structure that is based primarily on the underlying logic. Such specifications lack structures that could provide better guidance to the verification process. In this work, we propose to add three new structures to a specification framework for separation logic to achieve a more precise and better guided verification for pointer-based programs. The newly introduced structures empower users with more control over the verification process in the following ways: (1) case analysis can be invoked to take advantage of disjointedness conditions in the logic, (2) early, as opposed to late, instantiation can minimise the use of existential quantification and (3) novel formulae structuring can provide better reuse of the verification process. Initial experiments have shown that structured specifications can lead to more precise verification without incurring any performance overhead. To support our proposal, we shall illustrate the usage of structured specifications in the context of proving termination and we will briefly outline the impact of our proposal on a recent development focussed on verifying the FreeRTOS scheduler Ferreira et al. (Int. J. Softw. Tools Technol. Trans. 2014).     

一种验证指针程序的方法

利用形状图逻辑和形状系统来解决指针程序的分析和验证中的困难。该方法要求程序员声明各种递归结构体类型参与构建的数据结构的形状,并声明指针变量所指向的形状,以便程序分析工具能建立各程序点的形状图,并以此来支持程序验证。探讨了在指针相等关系静态可确定的情况下,避免在Hoare逻辑上做复杂扩展的指针程序验证方法。

Abstract：

Analysis and verification of programs dealing with pointers are still difficult problems so far. This paper uses a shape graph logic and a shape system to solve these problems. Using our method, programmers must declare the shapes that the recursive data     

A syntax-directed program that performs a three-dimensional perceptual task

A syntax-directed program that performs a three-dimensional perceptual task is described. The task, in a slightly simpler form, was used originally in a psychological study of mental rotation. ⁽¹⁾ The task consists of determining whether two line drawings portray (different views of) identical objects, mirror image objects, or structurally different objects, where the objects are composed of linear strings of attached cubes. The program is syntax-directed in the sense that it uses a fixed set of syntactic rules to analyze the line drawings. This is the first use of formal syntactic techniques in the analysis of pictures (in this case, line drawings) of three-dimensional objects.