-
SmartML: Towards a Modeling Language for Smart Contracts
Authors:
Adele Veschetti,
Richard Bubel,
Reiner Hähnle
Abstract:
Smart contracts codify real-world transactions and automatically execute the terms of the contract when predefined conditions are met. This paper proposes SmartML, a modeling language for smart contracts that is platform independent and easy to comprehend. We detail its formal semantics and type system with a focus on its role in addressing security vulnerabilities. We show along a case study, how…
▽ More
Smart contracts codify real-world transactions and automatically execute the terms of the contract when predefined conditions are met. This paper proposes SmartML, a modeling language for smart contracts that is platform independent and easy to comprehend. We detail its formal semantics and type system with a focus on its role in addressing security vulnerabilities. We show along a case study, how SmartML contributes to the prevention of reentrancy attacks, illustrating its efficacy in reinforcing the reliability and security of smart contracts within decentralized systems.
△ Less
Submitted 28 June, 2024; v1 submitted 11 March, 2024;
originally announced March 2024.
-
Provably Fair Cooperative Scheduling
Authors:
Reiner Hähnle,
Ludovic Henrio
Abstract:
The context of this work is cooperative scheduling, a concurrency paradigm, where task execution is not arbitrarily preempted. Instead, language constructs exist that let a task voluntarily yield the right to execute to another task.
The inquiry is the design of provably fair schedulers and suitable notions of fairness for cooperative scheduling languages. To the best of our knowledge, this prob…
▽ More
The context of this work is cooperative scheduling, a concurrency paradigm, where task execution is not arbitrarily preempted. Instead, language constructs exist that let a task voluntarily yield the right to execute to another task.
The inquiry is the design of provably fair schedulers and suitable notions of fairness for cooperative scheduling languages. To the best of our knowledge, this problem has not been addressed so far.
Our approach is to study fairness independently from syntactic constructs or environments, purely from the point of view of the semantics of programming languages, i.e., we consider fairness criteria using the formal definition of a program execution. We develop our concepts for classic structural operational semantics (SOS) as well as for the recent locally abstract, globally concrete (LAGC) semantics. The latter is a highly modular approach to semantics ensuring the separation of concerns between local statement evaluation and scheduling decisions.
The new knowledge contributed by our work is threefold: first, we show that a new fairness notion, called quiescent fairness, is needed to characterize fairness adequately in the context of cooperative scheduling; second, we define a provably fair scheduler for cooperative scheduling languages; third, a qualitative comparison between the SOS and LAGC versions yields that the latter, while taking higher initial effort, is more amenable to proving fairness and scales better under language extensions than SOS.
The grounding of our work is a detailed formal proof of quiescent fairness for the scheduler defined in LAGC semantics.
The importance of our work is that it provides a formal foundation for the implementation of fair schedulers for cooperative scheduling languages, an increasingly popular paradigm (for example: akka/Scala, JavaScript, async Rust). Being based solely on semantics, our ideas are widely applicable. Further, our work makes clear that the standard notion of fairness in concurrent languages needs to be adapted for cooperative scheduling and, more generally, for any language that combines atomic execution sequences with some form of preemption.
△ Less
Submitted 28 December, 2023;
originally announced December 2023.
-
Context, Composition, Automation, and Communication -- The C2AC Roadmap for Modeling and Simulation
Authors:
Adelinde Uhrmacher,
Peter Frazier,
Reiner Hähnle,
Franziska Klügl,
Fabian Lorig,
Bertram Ludäscher,
Laura Nenzi,
Cristina Ruiz-Martin,
Bernhard Rumpe,
Claudia Szabo,
Gabriel A. Wainer,
Pia Wilsdorf
Abstract:
Simulation has become, in many application areas, a sine-qua-non. Most recently, COVID-19 has underlined the importance of simulation studies and limitations in current practices and methods. We identify four goals of methodological work for addressing these limitations. The first is to provide better support for capturing, representing, and evaluating the context of simulation studies, including…
▽ More
Simulation has become, in many application areas, a sine-qua-non. Most recently, COVID-19 has underlined the importance of simulation studies and limitations in current practices and methods. We identify four goals of methodological work for addressing these limitations. The first is to provide better support for capturing, representing, and evaluating the context of simulation studies, including research questions, assumptions, requirements, and activities contributing to a simulation study. In addition, the composition of simulation models and other simulation studies' products must be supported beyond syntactical coherence, including aspects of semantics and purpose, enabling their effective reuse. A higher degree of automating simulation studies will contribute to more systematic, standardized simulation studies and their efficiency. Finally, it is essential to invest increased effort into effectively communicating results and the processes involved in simulation studies to enable their use in research and decision-making. These goals are not pursued independently of each other, but they will benefit from and sometimes even rely on advances in other subfields. In the present paper, we explore the basis and interdependencies evident in current research and practice and delineate future research directions based on these considerations.
△ Less
Submitted 27 March, 2024; v1 submitted 9 October, 2023;
originally announced October 2023.
-
Context-aware Trace Contracts
Authors:
Reiner Hähnle,
Eduard Kamburjan,
Marco Scaletta
Abstract:
The behavior of concurrent, asynchronous procedures depends in general on the call context, because of the global protocol that governs scheduling. This context cannot be specified with the state-based Hoare-style contracts common in deductive verification. Recent work generalized state-based to trace contracts, which permit to specify the internal behavior of a procedure, such as calls or state c…
▽ More
The behavior of concurrent, asynchronous procedures depends in general on the call context, because of the global protocol that governs scheduling. This context cannot be specified with the state-based Hoare-style contracts common in deductive verification. Recent work generalized state-based to trace contracts, which permit to specify the internal behavior of a procedure, such as calls or state changes, but not its call context. In this article we propose a program logic of context-aware trace contracts for specifying global behavior of asynchronous programs. We also provide a sound proof system that addresses two challenges: To observe the program state not merely at the end points of a procedure, we introduce the novel concept of an observation quantifier. And to combat combinatorial explosion of possible call sequences of procedures, we transfer Liskov's principle of behavioral subty** to the analysis of asynchronous procedures.
△ Less
Submitted 6 October, 2023;
originally announced October 2023.
-
Towards Trace-based Deductive Verification (Tech Report)
Authors:
Richard Bubel,
Dilian Gurov,
Reiner Hähnle,
Marco Scaletta
Abstract:
Contracts specifying a procedure's behavior in terms of pre- and postconditions are essential for scalable software verification, but cannot express any constraints on the events occurring during execution of the procedure. This necessitates to annotate code with intermediate assertions, preventing full specification abstraction.
We propose a logic over symbolic traces able to specify recursive…
▽ More
Contracts specifying a procedure's behavior in terms of pre- and postconditions are essential for scalable software verification, but cannot express any constraints on the events occurring during execution of the procedure. This necessitates to annotate code with intermediate assertions, preventing full specification abstraction.
We propose a logic over symbolic traces able to specify recursive procedures in a modular manner that refers to specified programs only in terms of events. We also provide a deduction system based on symbolic execution and induction that we prove to be sound relative to a trace semantics.
Our work generalizes contract-based to trace-based deductive verification.
△ Less
Submitted 21 November, 2022; v1 submitted 17 November, 2022;
originally announced November 2022.
-
LAGC Semantics of Concurrent Programming Languages
Authors:
Crystal Chang Din,
Reiner Hähnle,
Ludovic Henrio,
Einar Broch Johnsen,
Violet Ka I Pun,
Silvia Lizeth Tapia Tarifa
Abstract:
Formal, mathematically rigorous programming language semantics are the essential prerequisite for the design of logics and calculi that permit automated reasoning about concurrent programs. We propose a novel modular semantics designed to align smoothly with program logics used in deductive verification and formal specification of concurrent programs. Our semantics separates local evaluation of ex…
▽ More
Formal, mathematically rigorous programming language semantics are the essential prerequisite for the design of logics and calculi that permit automated reasoning about concurrent programs. We propose a novel modular semantics designed to align smoothly with program logics used in deductive verification and formal specification of concurrent programs. Our semantics separates local evaluation of expressions and statements performed in an abstract, symbolic environment from their composition into global computations, at which point they are concretised. This makes incremental addition of new language concepts possible, without the need to revise the framework. The basis is a generalisation of the notion of a program trace as a sequence of evolving states that we enrich with event descriptors and trailing continuation markers. This allows to postpone scheduling constraints from the level of local evaluation to the global composition stage, where well-formedness predicates over the event structure declaratively characterise a wide range of concurrency models. We also illustrate how a sound program logic and calculus can be defined for this semantics.
△ Less
Submitted 24 February, 2022;
originally announced February 2022.
-
Analysis of SLA Compliance in the Cloud -- An Automated, Model-based Approach
Authors:
Frank S. de Boer,
Elena Giachino,
Stijn de Gouw,
Reiner Hähnle,
Einar Broch Johnsen,
Cosimo Laneve,
Ka I Pun,
Gianluigi Zavattaro
Abstract:
Service Level Agreements (SLA) are commonly used to specify the quality attributes between cloud service providers and the customers. A violation of SLAs can result in high penalties. To allow the analysis of SLA compliance before the services are deployed, we describe in this paper an approach for SLA-aware deployment of services on the cloud, and illustrate its workflow by means of a case study.…
▽ More
Service Level Agreements (SLA) are commonly used to specify the quality attributes between cloud service providers and the customers. A violation of SLAs can result in high penalties. To allow the analysis of SLA compliance before the services are deployed, we describe in this paper an approach for SLA-aware deployment of services on the cloud, and illustrate its workflow by means of a case study. The approach is based on formal models combined with static analysis tools and generated runtime monitors. As such, it fits well within a methodology combining software development with information technology operations (DevOps).
△ Less
Submitted 27 August, 2019;
originally announced August 2019.
-
Modeling and Verifying Cyber-Physical Systems with Hybrid Active Objects
Authors:
Eduard Kamburjan,
Stefan Mitsch,
Martina Kettenbach,
Reiner Hähnle
Abstract:
Formal modeling of cyber-physical systems (CPS) is hard, because they pose the double challenge of combined discrete-continuous dynamics and concurrent behavior. Existing formal specification and verification languages for CPS are designed on top of their underlying proof search technology. They lack high-level structuring elements. In addition, they are not efficiently executable. This makes form…
▽ More
Formal modeling of cyber-physical systems (CPS) is hard, because they pose the double challenge of combined discrete-continuous dynamics and concurrent behavior. Existing formal specification and verification languages for CPS are designed on top of their underlying proof search technology. They lack high-level structuring elements. In addition, they are not efficiently executable. This makes formal CPS models hard to understand and to validate, hence impairs their usability. Instead, we suggest to model CPS in an Active Objects (AO) language designed for concise, intuitive modeling of concurrent systems. To this end, we extend the AO language ABS and its runtime environment with Hybrid Active Objects (HAO). CPS models and requirements formalized in HAO must follow certain communication patterns that permit automatic translation into differential dynamic logic, a sequential hybrid program logic. Verification is achieved by discharging the resulting formulas with the theorem prover KeYmaera X. We demonstrate the practicality of our approach with case studies.
△ Less
Submitted 13 June, 2019;
originally announced June 2019.
-
Prototy** Formal System Models with Active Objects
Authors:
Eduard Kamburjan,
Reiner Hähnle
Abstract:
We propose active object languages as a development tool for formal system models of distributed systems. Additionally to a formalization based on a term rewriting system, we use established Software Engineering concepts, including software product lines and object orientation that come with extensive tool support. We illustrate our modeling approach by prototy** a weak memory model. The result…
▽ More
We propose active object languages as a development tool for formal system models of distributed systems. Additionally to a formalization based on a term rewriting system, we use established Software Engineering concepts, including software product lines and object orientation that come with extensive tool support. We illustrate our modeling approach by prototy** a weak memory model. The resulting executable model is modular and has clear interfaces between communicating participants through object-oriented modeling. Relaxations of the basic memory model are expressed as self-contained variants of a software product line. As a modeling language we use the formal active object language ABS which comes with an extensive tool set. This permits rapid formalization of core ideas, early validity checks in terms of formal invariant proofs, and debugging support by executing test runs. Hence, our approach supports the prototy** of formal system models with early feedback.
△ Less
Submitted 4 October, 2018;
originally announced October 2018.