This paper shows how analysis of programs in terms of pre- and post- conditions can be improved using a generalisation of conditioned program slicing called pre/post conditioned slicing. Such conditions play an important role in program comprehension, reuse, verification and reengineering. Fully automated analysis is impossible because of the inherent undecidability of pre- and post- conditions. The method presented here reformulates the problem to circumvent this. The reformulation is constructed so that programs which respect the pre- and post-conditions applied to them have empty slices. For those which do not respect the conditions, the slice contains statements which could potentially break the conditions. This separates the automatable part of the analysis from the human analysis.

Abstract. Due to the significant progress in automated verification, there are often several techniques for a particular verification problem. In many circumstances different techniques are complementary — each technique works well for different type of input instances. Unfortunately, it is not clear how to choose an appropriate technique for a specific instance of a problem. In this work we argue that this problem, selection of a technique and tuning its parameter values, should be considered as a standalone problem (a verification meta-search). We propose several classifications of models of asynchronous system and discuss applications of these classifications in the context of explicit finite state model checking. 1

Abstract. In order to apply formal methods in practice, the practitioner has to comprehend a vast amount of research literature and realistically evaluate practical merits of different approaches. In this paper we focus on explicit finite state model checking and study this area from practitioner’s point of view. We provide a systematic overview of techniques for fighting state space explosion and we analyse trends in the research. We also report on our own experience with practical performance of techniques. Our main conclusion and recommendation for practitioner is the following: be critical to claims of dramatic improvement brought by a single sophisticated technique, rather use many different simple techniques and combine them. 1

Given a model M, consisting of communicating nite state machines (CFSMs), that represents the required behaviour of an implementation I, it is important totestI against M. This paper considers part of the testing process: checking the transition structure of I against that of M. One possible approach, to checking the transition structure of I, is to generate the product machine from M and then test the global transitions using standard nite state machine test techniques. This approach may, however, su er from a combinatorial explosion. Instead, this paper introduces approaches that may allow local states and transitions of I to be checked without the generation of the product machine. The paper then considers the extension of these approaches to the checking of global states.

Simultaneous reachability analysis (SRA) is a recently proposed approach to alleviating the state space explosion problem in reachability analysis of concurrent systems. The concept of SRA is to allow a global transition in a reachability graph to contain a set of transitions of different processes such that the state reached by the global transition is independent of the execution order of the associated process transitions.

State explosion is well-known to be the principle limitation in protocol verification. In this paper, we propose a verification technique called leaping reachability analysis (LRA) to tackle state explosion. We advocate LRA as a uniform and property-driven relief strategy for verifying general progress properties of protocols modeled as networks of communicating finite state machines (CFSMs). Unlike most existing relief strategies in the CFSM model, LRA does not confine any of the protocol attributes and still proves to be adequate for detecting all deadlocks, all nonexecutable transitions, all unspecified receptions and all buffer overflows in a protocol. We show by experiments that LRA can largely relieve the state explosion problem by reducing significantly the amount of storage space and execution time required for verification. Keywords Communication protocols, protocol verification, communicating finite state machines, state space exploration, state explosion, relief strategies,...

This paper proposes rules for the automated construction of deadlock-free designs of communication protocols from the execution histories of existing systems, defines the properties of the constructed designs and identifies the conditions for a constructed design to be equivalent to the presumed design implied by the given set of global observations

In [18], Peled describes a partial-order reduction method to alleviate the state-explosion problem for LTL model-checking, i.e. for verifying that concurrent programs satisfy their linear temporal logic specifications. We present an approach that improves the method in [18] by enabling a further reduction of the space and time required for LTL model-checking. Keywords Concurrency, program correctness, model-checking, partial-order reduction, temporal logic 1 Introduction Partial-order reduction methods [1-3, 6, 8, 17, 18, 21-23] form a collection of state exploration techniques set to relieve the state-explosion problem in concurrent program verification. The main observation underlying these methods is that in many cases the properties verified are insensitive to the interleaving order of concurrent program operations. Therefore, fixing some arbitrary order among concurrent operations provides a means for reducing the size of the state space that needs to be analyzed. Partial-order ...

Partial-order reduction methods form a collection of state exploration techniques set to relieve the stateexplosion problem in concurrent program verification. One such method is implemented in the verification tool SPIN. Its use often reduces significantly the memory and time needed for verifying local and termination properties of concurrent programs and, moreover, for verifying that concurrent programs satisfy their linear temporal logic specifications (i.e. for LTL model-checking). This paper builds on SPIN's partial-order reduction method to yield an approach which enables further reductions in space and time for verifying concurrent programs. Keywords Concurrency, program correctness, model-checking, partial-order reduction, temporal logic 1 Introduction Partial-order reduction methods [3-5, 8, 11, 20, 21, 25-27] form a collection of state exploration techniques set to relieve the state-explosion problem in concurrent program verification. The main observation underlying these ...

State explosion is well-known as the principle limitation in verifying progress properties of communication protocols. This paper proposes a technique called leaping reachability analysis (LRA) as a relief strategy for verifying deadlock-freedom of protocols modeled as networks of communicating finite state machines (CFSMs). Unlike most existing relief strategies in the CFSM model, LRA does not restrain the number of state machines and their attributes, nor the topological structure of a protocol. Analytically, we prove that LRA has the power to detect all deadlocks in a protocol. Experimentally, we show that LRA substantially relieves the state explosion problem: it requires much less storage space and execution time than conventional reachability analysis. 1 Introduction The communicating finite state machine (CFSM) model [2] is one of the most widely used models for the specification and verification of communication protocols. In this model, a protocol is defined as a network of n...