Results 1 
8 of
8
Evaluating Deadlock Detection Methods for Concurrent Software
 IEEE Transactions on Software Engineering
, 1996
"... Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessi ..."
Abstract

Cited by 132 (6 self)
 Add to MetaCart
Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessing the practical value of a technique and for choosing the best method for a particular problem. In this paper, we carry out an evaluation of three techniques for combating the state explosion problem in deadlock detection: reachability search with a partial order state space reduction, symbolic model checking, and inequality necessary conditions. We justify the method used for the comparison, and carefully analyze several sources of potential bias. The results of our evaluation provide valuable data on the kinds of programs to which each technique might best be applied. Furthermore, we believe that the methodological issues we discuss are of general significance in comparison of analysis te...
Timing Analysis of Ada Tasking Programs
 IEEE transactions on Software Engineering
, 1996
"... Concurrent realtime software is increasingly used in safetycritical embedded systems. Assuring the quality of such software requires the rigor of formal methods. In order to analyze a program formally, we must first construct a mathematical model of its behavior. In this paper, we consider the pro ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
(Show Context)
Concurrent realtime software is increasingly used in safetycritical embedded systems. Assuring the quality of such software requires the rigor of formal methods. In order to analyze a program formally, we must first construct a mathematical model of its behavior. In this paper, we consider the problem of constructing such models for concurrent realtime software. In particular, we provide a method for building mathematical models of realtime Ada tasking programs that are accurate enough to verify interesting timing properties, and yet abstract enough to yield a tractable analysis on nontrivial programs. Our approach differs from schedulability analysis in that we do not assume that the software has a highly restricted structure (e.g., a set of periodic tasks). Also, unlike most abstract models of realtime systems, we account for essential properties of real implementations, such as resource constraints and runtime overhead. Keywords timing analysis, realtime systems, program ...
Partial Order Verification with PEP
 Proc, POMIV'96, Partial Order Methods in Verification. American Mathematical Society
, 1996
"... This paper describes the current status of the verification testbed PEP (Programming Environment based on Petri Nets) from a personal perspective of the author. The paper concentrates on what are perceived as the main highlights and the major shortcomings of PEP. ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
(Show Context)
This paper describes the current status of the verification testbed PEP (Programming Environment based on Petri Nets) from a personal perspective of the author. The paper concentrates on what are perceived as the main highlights and the major shortcomings of PEP.
Automated Derivation of Time Bounds in Uniprocessor Concurrent Systems
 IEEE Transactions on Software Engineering
, 1994
"... The successful development of complex realtime systems depends on analysis techniques that can accurately assess the timing properties of those systems. This paper describes a technique for deriving upper and lower bounds on the time that can elapse between two given events in an execution of a conc ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
(Show Context)
The successful development of complex realtime systems depends on analysis techniques that can accurately assess the timing properties of those systems. This paper describes a technique for deriving upper and lower bounds on the time that can elapse between two given events in an execution of a concurrent software system running on a single processor under arbitrary scheduling. The technique involves generating linear inequalities expressing conditions that must be satisfied by all executions of such a system and using integer programming methods to find appropriate solutions to the inequalities. The technique does not require construction of the state space of the system and its feasibility has been demonstrated by using an extended version of the constrained expression toolset to analyze the timing properties of some concurrent systems with very large state spaces. KeywordsConcurrent systems, Realtime systems, Automated analysis, Timing analysis, Linear inequalities, Integer pro...
Improving the precision of INCA by eliminating solutions with spurious cycles
 IEEE Transactions on Software Engineering
, 2002
"... The Inequality Necessary Condition Analyzer (INCA) is a finitestate verification tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property c ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
(Show Context)
The Inequality Necessary Condition Analyzer (INCA) is a finitestate verification tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property can be violated. There may, however, be integer solutions to the inequalities that do not correspond to an execution violating the property. INCA thus accepts the possibility of an inconclusive result in exchange for greater tractability. We describe here a method for eliminating one of the two main sources of these inconclusive results. Index Terms INCA, finitestate verification, cycles, integer programming
An Empirical Evaluation of Three Methods for Deadlock Analysis of Ada Tasking Programs
 Proceedings of the 1994 International Symposium on Software Testing and Analysis (ISSTA
, 1994
"... Static analysis of Ada tasking programs has been hindered by the well known state explosion problem that arises in the verification of concurrent systems. Many different techniques have been proposed to combat this state explosion. All proposed methods excel on certain kinds of systems, but there is ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
(Show Context)
Static analysis of Ada tasking programs has been hindered by the well known state explosion problem that arises in the verification of concurrent systems. Many different techniques have been proposed to combat this state explosion. All proposed methods excel on certain kinds of systems, but there is little empirical data comparing the performance of the methods. In this paper, we select one representative from each of three very different approaches to the state explosion problem: partialorders (representing statespace reductions), symbolic model checking (representing OBDDbased approaches), and inequality necessary conditions (representing integer programmingbased approaches). We apply the methods to several scalable concurrency examples from the literature and to one real Ada tasking program. The results of these experiments are presented and their significance is discussed. 1 Introduction Ada tasks arm software developers with the power, and dangers, of concurrency. With this p...
Improving the Precision of INCA by Eliminating Solutions with Spurious Cycles Abstract — The Inequality Necessary Condition Analyzer
"... (INCA) is a finitestate verification tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property can be violated. There may, however, be integ ..."
Abstract
 Add to MetaCart
(Show Context)
(INCA) is a finitestate verification tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property can be violated. There may, however, be integer solutions to the inequalities that do not correspond to an execution violating the property. INCA thus accepts the possibility of an inconclusive result in exchange for greater tractability. We describe here a method for eliminating one of the two main sources of these inconclusive results. Index Terms — INCA, finitestate verification, cycles, integer programming
Improving the Precision of INCA by Preventing Spurious Cycles
"... The Inequality Necessary Condition Analyzer (INCA) is a nitestate verication tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property c ..."
Abstract
 Add to MetaCart
(Show Context)
The Inequality Necessary Condition Analyzer (INCA) is a nitestate verication tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property can be violated. There may, however, be integer solutions to the inequalities that do not correspond to an execution violating the property. INCA thus accepts the possibility of an inconclusive result in exchange for greater tractability. We describe here a method for eliminating one of the two main sources of these inconclusive results. Keywords: INCA, nitestate verication, cycles, integer programming 1 Introduction Finitestate verication tools deduce properties of nitestate models of computer systems. They can be used to check such properties as freedom from deadlock, mutually exclusive use of a resource, and eventual response to a request. If the model represents all the ex...