Results 1  10
of
16
On Proving Safety Properties by Integrating Static Analysis, Theorem Proving and Abstraction
 TACAS '99
, 1999
"... We present a new approach for proving safety properties of reactive systems, based on tight interaction between static analysis, theorem proving and abstraction techniques. The method incrementally constructs a proof or finds a counterexample. Every step consists of applying one of the techniques an ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
We present a new approach for proving safety properties of reactive systems, based on tight interaction between static analysis, theorem proving and abstraction techniques. The method incrementally constructs a proof or finds a counterexample. Every step consists of applying one of the techniques and makes constructive use of information obtained from failures in previous steps. The amount of user intervention is limited and is highly guided by the system at each step. We demonstrate the method on three simple examples, and show that by using it one can prove more properties than by using each component as a standalone.
A Broader Class of Trees for Recursive Type Definitions for HOL
 Higher Order Logic Theorem Proving and Its Applications, volume 780 of LNCS
, 1994
"... . In this paper we describe the construction in hol of the inductive type of arbitrarily branching labeled trees. Such a type is characterized by an initiality theorem similar to that for finitely branching labeled trees. We discuss how to use this type to extend the system of simple recursive t ..."
Abstract

Cited by 18 (0 self)
 Add to MetaCart
(Show Context)
. In this paper we describe the construction in hol of the inductive type of arbitrarily branching labeled trees. Such a type is characterized by an initiality theorem similar to that for finitely branching labeled trees. We discuss how to use this type to extend the system of simple recursive type specifications automatically definable in hol to ones including a limited class of functional arguments. The work discussed here is a part of a larger project to expand the recursive types package of hol which is nearing completion. All work described in this paper has been completed. 1 A Broader Class of Recursive Type Definitions The work described in this paper forms the foundation of a project to expand the class of recursive type specifications for which hol is capable of automatically defining the types specified and proving the initiality theorem, which acts as an axiomatization for the defined types. The full class of specifications the project aims to handle are those BNF...
An Approach to Combining B and Alloy
 In Proc. of ZB 2002, volume 2272 of LNCS
, 2002
"... In this paper we propose to combine two software verification approaches, theorem proving and model checking. We focus on the Bmethod and a theorem proving tool associated with it, and the Alloy specification notation and its model checker “Alloy Constraint Analyser”. We consider how software devel ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In this paper we propose to combine two software verification approaches, theorem proving and model checking. We focus on the Bmethod and a theorem proving tool associated with it, and the Alloy specification notation and its model checker “Alloy Constraint Analyser”. We consider how software development in B can be assisted using Alloy and how Alloy can be used for verifying refinement of abstract specifications. We demonstrate our approach with an example. Keywords: Bmethod, Alloy. 1
Combining Tools for the Verification of FaultTolerant Systems
 In: Tools for System Development and Verification, (Workshop Proceedings), BISS Monographs, Shaker
, 1996
"... . In this article, we describe an approach for the toolsupported development and verification of faulttolerant systems according to the invent&verify paradigm. Our method is based on the CSP (Communicating Sequential Processes) specification language. It allows the desired properties of a syst ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
. In this article, we describe an approach for the toolsupported development and verification of faulttolerant systems according to the invent&verify paradigm. Our method is based on the CSP (Communicating Sequential Processes) specification language. It allows the desired properties of a system to be expressed as implicit specifications (assertions about traces and refusals), explicit specifications (CSP process terms), refinement relations or combinations of these three description formalisms. From our experience with industrial verification projects, this possibility to choose between different specification paradigms according to the specific needs of each development step is essential to cope with largescale formal development and verification projects. Each topdown development step according to the invent&verify paradigm introduces a verification obligation whose type depends on the specification techniques applied for the different components involved in the step. We describe...
Learning to Verify Systems
, 2006
"... Making high quality and reliable software systems remains a difficult problem. One approach to address this problem is automated verification which attempts to demonstrate algorithmically that a software system meets its specification. However, verification of software systems is not easy: such sys ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Making high quality and reliable software systems remains a difficult problem. One approach to address this problem is automated verification which attempts to demonstrate algorithmically that a software system meets its specification. However, verification of software systems is not easy: such systems are often modeled using abstractions of infinite structures such as unbounded integers, infinite memory for allocation, unbounded space for call stack, unrestricted queue sizes and so on. It can be shown that for most classes of such systems, the verification problem is actually undecidable (there exists no algorithm which will always give the correct answer for arbitrary inputs). In spite of this negative theoretical result, techniques have been developed which are successful on some practical examples although they are not guaranteed to always work. This dissertation is in a similar spirit and develops a new paradigm for automated verification of large or infinite state systems. We observe that even if the state space of a system is infinite, for practical examples, the set of reachable states (or other fixpoints needed for verification) is often expressible in a simple representation. Based on this observation, we propose an entirely new approach to verification: the idea is to use techniques from computational learning theory to identify the reachable states (or other fixpoints) and then verify the property of interest. To use learning techniques, we solve key problems of
Variations on an Alloycentric ToolChain in Verifying a Journaled File System Model
, 2010
"... Tool interoperability is among the main goals of the international Grand Challenge initiative. In the context of the Verifiable File System minichallenge put forward by Joshi and Holzmann, our work has been focused on the integration of different formal methods and tools in a toolchain for modelli ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
Tool interoperability is among the main goals of the international Grand Challenge initiative. In the context of the Verifiable File System minichallenge put forward by Joshi and Holzmann, our work has been focused on the integration of different formal methods and tools in a toolchain for modelling and verification. The current paper shows how to adapt such a toolchain to the task in hands, aiming at reducing tool integration costs. The refinement of an abstract file store model into a journaled (flash) data model catering for wear leveling and recovery from power loss is taken as case study. This shows that refinement steps can be carried out within a shorter, reduced lifecycle where model checking in Alloy goes hand in hand with manual proofs carried out in the (pointfree) algebra of binary relations. This provides ample evidence of the positive impact of Alloy’s lemma ’everything is a relation’ on software verification, in particular in carrying out inductionfree proofs about data structures such as finite maps and lists.
A Theorem Proving Abstraction of Model Checking
, 1995
"... ion of Model Checking Rachel CardellOliver and Chris Southon Department of Computer Science University of Essex October 1995 Abstract This paper presents a new approach to the verification of temporal requirements for realtime systems which combines the benefits of abstraction in theorem prov ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
ion of Model Checking Rachel CardellOliver and Chris Southon Department of Computer Science University of Essex October 1995 Abstract This paper presents a new approach to the verification of temporal requirements for realtime systems which combines the benefits of abstraction in theorem proving and automation in model checking. Previous work combining these paradigms has provided a uniform interface to two different methods whereas here model checking is represented by proof rules and procedures within the theorem proving paradigm. Logical expressions are used to represent (possibly infinite) classes of states. Logical deduction and an operational semantics are used to evaluate the possible behaviours of specifications. Sound inductive proof rules evaluate the truth of temporal propositions over these behaviours. The theory has been embedded in the HOL system providing a tool for automatic verification which has been tested on a number of examples. 1 Introduction One way to ma...
Linking Notations and Theories in a Proof Tool
, 1995
"... The formal development of nontrivial, realtime systems can be made more manageable by using several complementary formal methods for different aspects of the development. In this paper we show how sound interfaces between different methods can be defined formally in the HOL theorem proving sys ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
The formal development of nontrivial, realtime systems can be made more manageable by using several complementary formal methods for different aspects of the development. In this paper we show how sound interfaces between different methods can be defined formally in the HOL theorem proving system and how we have used such links to solve a variety of problems. Our motivation for linking theories is pragmatic. In a number of case studies different theories have been linked in order to make specification and verification more manageable and even to make it feasible. This paper offers a formal framework for defining and implementing links between theories. Because both object language and meta language are visible in the HOL system, and the system itself can communicate with other systems, it is possible to define explicitly and formally links of different "weight".
Correctness Proofs for Device Drivers in Embedded Systems
"... Computer systems do not exist in isolation: they must interact with the world through I/O devices. Our work, which focuses on constrained embedded systems, provides a framework for verifying device driver software at the machine code level. We created an abstract device model that can be plugged int ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Computer systems do not exist in isolation: they must interact with the world through I/O devices. Our work, which focuses on constrained embedded systems, provides a framework for verifying device driver software at the machine code level. We created an abstract device model that can be plugged into an existing formal semantics for an instruction set architecture. We have instantiated the abstract model with a model for the serial port for a real embedded processor, and we have verified the full functional correctness of the transmit and receive functions from an opensource driver for this device. 1