Results 1 
9 of
9
Efficient Verification of Sequential and Concurrent C Programs
, 2003
"... There has been considerable progress in the domain of software veri cation over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques like predicate abstraction. However, the state space explosion problem in model c ..."
Abstract

Cited by 27 (11 self)
 Add to MetaCart
There has been considerable progress in the domain of software veri cation over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques like predicate abstraction. However, the state space explosion problem in model checking remains the chief obstacle to the practical veri cation of realworld distributed systems. Even in the case of purely sequential programs, a crucial requirement to make predicate abstraction eective is to use as few predicates as possible. This is because, in the worst case, the state space of the abstraction generated (and consequently the time and memory complexity of the abstraction process) is exponential in the number of predicates involved. In addition, for concurrent programs, the number of reachable states could grow exponentially with the number of components.
Automated Compositional Abstraction Refinement for Concurrent C Programs: A TwoLevel Approach
, 2003
"... The state space explosion problem in model checking remains the chief obstacle to the practical verification of realworld distributed systems. We attempt to address this problem in the context of verifying concurrent (messagepassing) C programs against safety specifications. More specifically, we ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
The state space explosion problem in model checking remains the chief obstacle to the practical verification of realworld distributed systems. We attempt to address this problem in the context of verifying concurrent (messagepassing) C programs against safety specifications. More specifically, we present a fully automated compositional framework which combines two orthogonal abstraction techniques (operating respectively on data and events) within a counterexampleguided abstraction refinement (CEGAR) scheme. In this way, our algorithm incrementally increases the granularity of the abstractions until the specification is either established or refuted. Our explicit use of compositionality delays the onset of state space explosion for as long as possible. To our knowledge, this is the first compositional use of CEGAR in the context of model checking concurrent C programs. We describe our approach in detail, and report on some very encouraging preliminary experimental results obtained with our tool MAGIC.
A logic of events
, 2003
"... There is a wellestablished theory and practice for creating correctbyconstruction functional programs by extracting them from constructive proofs of assertions of the form ∀x: A.∃y: B.R(x, y). There have been several efforts to extend this methodology to concurrent programs, say by using linear l ..."
Abstract

Cited by 10 (7 self)
 Add to MetaCart
There is a wellestablished theory and practice for creating correctbyconstruction functional programs by extracting them from constructive proofs of assertions of the form ∀x: A.∃y: B.R(x, y). There have been several efforts to extend this methodology to concurrent programs, say by using linear logic, but there is no practice and the results are limited. In this paper we define a logic of events that justifies the extraction of correct distributed processes from constructive proofs that system specifications are achievable, and we describe an implementation of an extraction process in the context of constructive type theory. We show that a class of message automata, similar to IO automata and to active objects, are realizers for this logic. We provide a relative consistency result for the logic. We show an example of protocol derivation in this logic, and show how to embed temporal logics such as T LA+ in the event logic. 1
Structure and Hierarchy in RealTime Systems
, 2002
"... The development of digital systems is particularly challenging, if their correctness depends on the right timing of operations. One approach to enhance the reliability of such systems is modelbased development. This allows for a formal analysis throughout all stages of design. Modelbased ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
The development of digital systems is particularly challenging, if their correctness depends on the right timing of operations. One approach to enhance the reliability of such systems is modelbased development. This allows for a formal analysis throughout all stages of design. Modelbased
On the Limitations of Ordered Representations of Functions
, 1997
"... We introduce a lower bound technique that applies to a broad spectrum of functional representations including Binary Decision Diagrams (BDDs), Binary Moment Diagrams (*BMDs), Hybrid Decision Diagrams (HDDs), and their variants. These representations have been widely used for formal verification of ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We introduce a lower bound technique that applies to a broad spectrum of functional representations including Binary Decision Diagrams (BDDs), Binary Moment Diagrams (*BMDs), Hybrid Decision Diagrams (HDDs), and their variants. These representations have been widely used for formal verification of hardware systems, particularly symbolic model checking and digitalsystem design, testing and verification. We define a representation called the Binary Linear Diagram (BLD) that generalizes all these representations and then apply our lower bound technique to show exponential size bounds for a wide range of functions. We also give the first examples of integer functions including integer division, remainder, high/loworder words of multiplication, square root and reciprocal that require exponential size in all these representations. Finally, we show that there is a simple regular language that requires exponential size to be represented by any *BMD, even though BDDs can represent any regul...
Heuristics for Hierarchical Partitioning with Application to Model Checking
 Department of Computer Science, University of Aarhus
, 2000
"... . Given a collection of connected components, it is often desired to cluster together parts of strong correspondence, yielding a hierarchical structure. We address the automation of this process and apply heuristics to battle the combinatorial and computational complexity. We define a cost function ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
. Given a collection of connected components, it is often desired to cluster together parts of strong correspondence, yielding a hierarchical structure. We address the automation of this process and apply heuristics to battle the combinatorial and computational complexity. We define a cost function that captures the quality of a structure relative to the connections and favors shallow structures with a low degree of branching. Finding a structure with minimal cost is NP complete. We present a greedy polynomialtime algorithm that approximates good solutions incrementally by local evaluation of a heuristic function. We argue for a heuristic function based on four criteria: the number of enclosed connections, the number of components, the number of touched connections and the depth of the structure. We report on an application in the context of formal verification, where our algorithm serves as a preprocessor for a temporal scaling technique, called "Next" heuristic [2]. The latter is applicable in reachability analysis and is included in a recent version of the Mocha model checking tool. We demonstrate performance and benefits of our method and use an asynchronous parity computer and an opinion poll protocol as case studies. 1
Analysis and Applications of Receptive Safety Properties in Concurrent Systems
"... : Formal verification for complex concurrent systems is a computationally intensive and, in some cases, intractable process. The complexity is an inherent part of the verification process due to the system complexity that is an exponential function of the sizes of its components. However, some prop ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
: Formal verification for complex concurrent systems is a computationally intensive and, in some cases, intractable process. The complexity is an inherent part of the verification process due to the system complexity that is an exponential function of the sizes of its components. However, some properties can be enforced by automatically synchronizing the components, thus eliminating the need for verification. Moreover, the complexity of the analysis required to enforce the properties grows incrementally with addition of new components and properties that make the system complexity grow exponentially. The properties in question are the receptive safety properties, a subset of safety properties that can only be violated by component actions. The receptive safety properties represent the realizable subset of the general safety properties because a system that satisfies any nonreceptive safety properties must satisfy related receptive safety properties. This implies that any system with...