Martin Strecker

Verification of the Schorr-Waite algorithm - from trees to graphs

This article proposes a method for proving the correctness of graph algorithms by manipulating their spanning trees enriched with additional references. We illustrate this concept with a proof of the correctness of a (pseudo-)imperative version of the Schorr-Waite algorithm by refinement of a functional one working on trees. It is composed of two orthogonal steps of refinement - functional to imperative and tree to graph - finally merged to obtain the result. Our imperative specifications use monadic constructs and syntax sugar, making them close to common imperative languages. This work has been realized within the Isabelle/HOL proof assistant.

Rule-Level Verification of Graph Transformations for Invariants Based on Edges' Transitive Closure

This paper develops methods to reason about graph transformation rules for proving the preservation of structural properties, especially global properties on reachability. We characterize a graph transformation rule with an applicability condition specifying the matching conditions of the rule on a host graph as well as the properties to be preserved during the transformation. Our previous work has demonstrated the possibility to reason about a graph transformation at rulelevel with applicability conditions restricted to Boolean combinations of edge expressions. We now extend the approach to handle the applicability conditions containing transitive closure of edges, which implicitly refer to an unbounded number of nodes. We show how these can be internalized into a finite pattern graph in order to enable verification of global properties on paths instead of local properties on edges only.

Locality in reasoning about graph transformations

This paper explores how to reason locally about global properties of graph transformations, in particular properties involving transitive closure of the edge relations of the graph. We show under which conditions we can soundly reduce reasoning about all nodes in the graph to reasoning about a finite set of nodes. We then give an effective procedure to turn this reduced problem into a Boolean satisfiability problem.

PANDA: a proof assistant in natural deduction for all. a Gentzen style proof assistant for undergraduate students

We present a proof assistant in Natural Deduction for undergraduate students. The system is interactive: you can combine, delete, modify proofs with a easy-to-use graphical interface. We discuss the pedagogical benefit of this tool.

Proving Correctness of Logically Decorated Graph Rewriting Systems

We first introduce the notion of logically decorated rewriting systems where the left-hand sides are endowed with logical formulas which help to express positive as well as negative application conditions, in addition to classical pattern-matching. These systems are defined using graph structures and an extension of combinatory propositional dynamic logic, CPDL, with restricted universal programs, called C2PDL. In a second step, we tackle the problem of proving the correctness of logically decorated graph rewriting systems by using a Hoare-like calculus. We introduce a notion of specification defined as a tuple (Pre, Post, R, S) with Pre and Post being formulas of C2PDL, R a rewriting system and S a rewriting strategy. We provide a sound calculus which infers proof obligations of the considered specifications and establish the decidability of the verification problem of the (partial) correctness of the considered specifications.

A Hoare-Like Calculus Using the SROIQ σ Logic on Transformations of Graphs

We tackle the problem of partial correctness of programs processing structures defined as graphs. We introduce a kernel imperative programming language endowed with atomic actions that participate in the transformation of graph structures and provide a decidable logic for reasoning about these transformations in a Hoare-style calculus. The logic for reasoning about the transformations (baptized \({\cal SROIQ}^\sigma\)) is an extension of the Description Logic (DL) \(\mathcal{SROIQ}\), and the graph structures manipulated by the programs are models of this logic. The programming language is non-standard in that it has an instruction set targeted at graph manipulations (such as insertion and deletion of arcs), and its conditional statements (in loops and selections) are \({\cal SROIQ}^\sigma\) formulas. The main challenge solved in this paper is to show that the resulting proof problems are decidable.

Abstraction and Verification of Properties of a Real-Time Java

We present a tool for analysing resource sharing conflicts in multithreaded Java programs. Java programs are translated to timed automata models verified afterwards by the Uppaal model checker. Analysed programs are annotated with timing information indicating the execution duration of a particular statement. Based on the timing information, the analysis of execution paths is performed, which gives an answer whether resource sharing conflicts are possible in a multithreaded Java program. If the analysis succeeds, resource locks may be eliminated from the Java program.

Ensuring Correctness of Model Transformations While Remaining Decidable

This paper is concerned with the interplay of the expressiveness of model and graph transformation languages, of assertion formalisms making correctness statements about transformations, and the decidability of the resulting verification problems. We put a particular focus on transformations arising in graph-based knowledge bases and model-driven engineering. We then identify requirements that should be satisfied by logics dedicated to reasoning about model transformations, and investigate two promising instances which are decidable fragments of first-order logic.

Combining Dynamic and Static Analysis to Help Develop Correct Graph Transformations

Developing provably correct graph transformations is not a trivial task. Besides writing the code, a developer must as well specify the pre- and post-conditions. The objective of our work is to assist developers in producing such a Hoare triple in order to submit it to a formal verification tool. By combining static and dynamic analysis, we aim at providing more useful feedback to developers. Dynamic analysis helps identify inconsistencies between the code and its specifications. Static analysis facilitates extracting the pre- and post-conditions from the code. Based on this proposal, we implemented a prototype that allows running, testing and proving graph transformations written in small-\( \text{t}_{\mathcal{ALC}} \), our own transformation language.

Integrating a formal development for DSLs into meta-modeling

Formal methods (such as interactive provers) are increasingly used in software engineering. They offer a formal frame that guarantees the correctness of developments. Nevertheless, they use complex notations that might be difficult to understand for unaccustomed users. On the contrary, visual specification languages use intuitive notations and allow to specify and understand software systems. Moreover, they permit to easily generate graphical interfaces or editors for Domain Specific Languages (DSLs) starting from a meta-model. However, they suffer from a lack of precise semantics. We are interested in combining these two complementary technologies by mapping the elements of the one into the other. In this paper, we present a generic transformation process from functional data structures, commonly used in proof assistants, to Ecore models and vice-versa. This translation method is based on Model-Driven Engineering and defined by a set of bidirectional transformation rules. These rules are presented with an illustrating example, along with an implementation in the Eclipse environment.