I have an asynchronous symmetric ring-shaped protocol with 5 processes that satisfies a given property. I want to prove (or get counterexample) that the property is true for protocols with 6 number of processes and more; that is
∀n.φ(n)
I decided to use assume-guarantee and I’m using nuSMV for model-checking.
I know that former versions of SMV like Cadence could support this feature but is there any way to implement assume-guarantee in nuSMV?
If there is not, could I use other model checkers like SPIN instead?
Thank you.
Related
I'm interested in the implementation of GdH (Glasgow Distributed Haskell).
However, I could not find out which combinations in CAP theorem GdH supports.
Can we choose one of them or do programs in GdH consist of explicit processes like Erlang?
From what I've read it's essentially RMI only you're communicating using Mvars, there in my experience aren't really any limitations that any ecosystem for CAP, so much as in the problems in themselves for example YOU can use more than 5 nodes in ETCD or Zookeeper, but all of the election messages, the fact that the leader commits to all nodes, the request forwarding, the checks you have to make before applying the log, doesn't exactly make it performant well does it.
Nobody should be using RMI for a new application in 2017,honestly you would be better off using an RPC package.
https://hackage.haskell.org/package/courier which is a light weight message passing lib, Zeromq, and Best for last
http://haskell-distributed.github.io/ which is basically the closest thing you get to OTP on haskell.
I've been looking around and can't seem to find an answer to this question. I'm working with snmpd from net-snmp on an embedded project. I have extra code written into snmpd to support GETs and v2 traps, but now I may need to switch over to v3 traps/informs.
So, here's my question:
Assuming I've set up my v3 passwords, encryption, etc., is there a v3 analog to the send_v2trap() function? I can't imagine it's as easy as send_v3trap() but there's got to be a straight forward way.
Also, I'm strictly restricted to C. I imagine this might be easier using net-snmp bindings in other languages, but that's not an option for me.
From netsnmp_trap_api(3):
send_v2trap() uses the supplied list of variable bindings to form an
SNMPv2 trap, which is sent to SNMPv2-capable sinks on the configured
list. An equivalent INFORM is sent to the configuredq list of inform
sinks. Sinks that can only handle SNMPv1 traps are skipped.
This seems to indicate that the same function should be able to send v3 traps as well (since v3 traps are identical to v2 traps).
Furthermore, looking at the code (specifically, agent/agent_trap.c), one can indeed see that your initial guess is correct and that send_v3trap() function exists. There is a comment above the definition, saying:
Similar to send_v2trap(), with the added ability to specify a context. If
the last parameter is NULL, then this call is equivalent to send_v2trap().
Hope this helps.
For the task I'm working on, the signal system of the Elm programming language seems to be an appropriate solution.
But my pure computational functions are implemented in Haskell. Is there a Haskell library that would allow me to construct a signal graph (with my pure functions in the nodes) so that it works like in Elm?
My background
I need to observe intermediate results of a huge computation, on demand, i.e., I don't want to actually format and output each intermediate result, but if it is requested, then I should respond with the most fresh intermediate result (received from the computation signal).
Actually, there are several parallel computations, and some of them use the result of others, so I want several independent output signals for observing them. So I believe I could write an Elm program modeling the system to observe the intermediate results as they are available. (Perhaps, I'm wrong, I should try to write a prototype at least in Elm probably, but I'm also thinking about integrating with my main Haskell code already.)
Helm, which I am currently maintainer of, might be what you are looking for. It does combine the signalling with an SDL window that will always appear. You might be able to hack the render function and still use Helm's Signal without SDL or you could just take inspiration from Helm and write a similar Signal type using Elerea (which Helm uses in the background).
An even better idea might be to modify Helm to allow for use cases where main might not have anything to display and send us a pull-request.
From a comment by
Tekmo
to the announcement of "Elm 0.15: Tasks, Mailboxes, and import
syntax":
The Haskell version of mailboxes is pipes-concurrency. The analog
of Elm's Address is an Output and the analog of a Signal is an
Input.
(BTW, this seems to be very close to what I was looking for. Initially, in
previous versions of Elm, the abstractions I actually wanted seem to
have been missing, but tasks and mailboxes might fit my needs
quite well. So, and now I know--thanks to the comment by Tekmo--that
a similar Haskell library is pipes-concurrency.)
I'm speaking specifically of something like
the PLT Scheme make-evaluator.
It will run scheme code, but under certain conditions:
It only uses a definable amount of memory, and will quit execution if the script needs more
It behaves similarly with time
It restricts all IO except for what I specifically allow in the code
Is anyone familiar with anything else that can do this?
Lua lets you easily define sandboxes with as much or as little power you want.
PHP allows something similar with eval - though you would need to set some restrictive values with ini_set before calling it, and they would affect the current script as well.
The Java platform provides fine-grained access control and sandboxing.
This isn't exactly equivalent to make-evaluator but the API allows you to place constraints on arbitrary objects (through the GuardedObject class). You can also restrict permissions of classes loaded from a particular source.
It might be helpful to read the Java Platform Security Architecture spec
Please note that Java APIs can be accessed from most languages on the jvm.
I'm developer of Robocode engine. We would like to make Robocode
multilingual and Scala seems to be good match. We have Scala plugin prototype here.
The problem:
Because users are creative programmers, they may try to win battle
different ways. As well robots are downloaded from online database
where anyone could upload one. So gap in security may lead to security
hole into users computer. Robots written in Java are running in
restricted sandbox. Almost everything is prohibited [network, GUI,
disk (limited), threads (limited), classloaders and reflection]. The
sandbox is similar to browser applet. We use SecurityManager, custom
ClassLoader per robot, etc ...
There are two ways how to host Scala runtime in Robocode:
1) load it together with robot inside of sandbox. Pretty safe for us,
preferred solution. But it will damage Scala runtime abilities because runtime uses reflection. Maybe generates classes at runtime ? Use threads to do some internal cleanup ? Access to JVM/internals ? (I would not like to limit abilities of language)
2) use Scala runtime as trusted code, outside the box, security on
same level as JDK. Visibility to (malicious)
robot. Are the Scala runtime APIs safe ? Do methods they have security
guards ? Is there any safe mode ? Is there any singleton in Scala runtime,
which could be abused to communicate between robots ? Any concurency/threadpool/messaging which could simulate threads ? (Is there any security audit for Scala runtime?)
3) Something in between, some classes of runtime in and some out. Which classes/packages must be visible to robot/which are just private implementation ? (this seems to be future solution)
The question:
Is it possible to enumerate and isolate the parts of runtime which must run in
trusted scope from the rest ? Specific packages and classes ? Or better idea ?
I'm looking for specific answer, which will lead to secure solution. Random thoughts welcome, but not awarded. There is ongoing discussion at scala email group. No specific answer yet.
I think #1 is your best bet and even that is a moving target. As brought up on the mailing list, structural types use reflection. I don't think structural types are common in the standard library, but I don't think anyone keeps track of where they are.
There's also always the possibility that there are other features using reflection behind the scenes. For example, for a while in the 2.8 branch some array functionality was using reflection. I think that's been changed after benchmarking, but there's always the possibility that there's some problem where someone said "Aha! I will use reflection to solve this."
The Scala standard library is filled with singletons. Most of them are immutable, but I know that the Scheduler object in the actors library could be abused for communication because it is essentially a proxy for an actual scheduler so you can plug your own custom scheduler into it.
At this time I don't think Scala requires using a custom class loader and all of its classes are produced at compile time instead of runtime, but then again that's probably a moving target. Scala generates a lot of class files, and there is always talk of making it generate some of them at runtime when they are needed instead of at compile time.
So, in short, I do not think it's possible (within reasonable constraints on effort) to enumerate and isolate the pieces of Scala that can (and should) be trusted.
As you mentioned other J* language implementations which all may make use of reflections, it would be a ban for all those languages as long as reflection is not part of the game.
I guess that would be JVM's problem not to have a way to partition the scope of reflection API, such that you could sort of "sandbox" the part of code that could be reflected within.