Results 1  10
of
37
Model Checking Programs
, 2003
"... The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers. In this pape ..."
Abstract

Cited by 555 (63 self)
 Add to MetaCart
The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers. In this paper we will attempt to give convincing arguments for why we believe it is time for the formal methods community to shift some of its attention towards the analysis of programs written in modern programming languages. In keeping with this philosophy we have developed a verification and testing environment for Java, called Java PathFinder (JPF), which integrates model checking, program analysis and testing. Part of this work has consisted of building a new Java Virtual Machine that interprets Java bytecode. JPF uses state compression to handle big states, and partial order and symmetry reduction, slicing, abstraction, and runtime analysis techniques to reduce the state space. JPF has been applied to a realtime avionics operating system developed at Honeywell, illustrating an intricate error, and to a model of a spacecraft controller, illustrating the combination of abstraction, runtime analysis, and slicing with model checking.
Addressing Dynamic Issues of Program Model Checking
 Lecture Notes in Computer Science
"... Model checking real programs has recently become an active research area. Programs however exhibit two characteristics that make model checking difficult: the complexity of their state and the dynamic nature of many programs. Here we address both these issues within the context of the Java PathF ..."
Abstract

Cited by 40 (1 self)
 Add to MetaCart
(Show Context)
Model checking real programs has recently become an active research area. Programs however exhibit two characteristics that make model checking difficult: the complexity of their state and the dynamic nature of many programs. Here we address both these issues within the context of the Java PathFinder (JPF) model checker. Firstly, we will show how the state of a Java program can be encoded efficiently and how this encoding can be exploited to improve model checking. Next we show how to use symmetry reductions to alleviate some of the problems introduced by the dynamic nature of Java programs. Lastly, we show how distributed model checking of a dynamic program can be achieved, and furthermore, how dynamic partitions of the state space can improve model checking. We support all our findings with results from applying these techniques within the JPF model checker.
Abstract interpretation based formal methods and future challenges, invited paper
 Informatics — 10 Years Back, 10 Years Ahead, volume 2000 of Lecture Notes in Computer Science
, 2001
"... Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to f ..."
Abstract

Cited by 33 (6 self)
 Add to MetaCart
(Show Context)
Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to formalize this idea of approximation. We illustrate informally the application of abstraction to the semantics of programming languages as well as to static program analysis. The main point is that in order to reason or compute about a complex system, some information must be lost, that is the observation of executions must be either partial or at a high level of abstraction. In the second part of the paper, we compare static program analysis with deductive methods, modelchecking and type inference. Their foundational ideas are briefly reviewed, and the shortcomings of these four methods are discussed, including when they should be combined. Alternatively, since program debugging is still the main program verification
Dihomotopy as a Tool in State Space Analysis
, 2002
"... Recent geometric methods have been used in concurrency theory for quickly finding deadlocks and unreachable states, see [14] for instance. The reason why these methods are fast is that they contain in germ ingredients for tackling the statespace explosion problem. In this paper we show how this can ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
Recent geometric methods have been used in concurrency theory for quickly finding deadlocks and unreachable states, see [14] for instance. The reason why these methods are fast is that they contain in germ ingredients for tackling the statespace explosion problem. In this paper we show how this can be made formal. We also give some hints about the underlying algorithmics. Finally, we compare with other wellknown methods for coping with the statespace explosion problem.
Symmetry in temporal logic model checking
 ACM Comput. Surv
"... Temporal logic model checking involves checking the statespace of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the statespace. The use of symmetry reduction to increase the efficiency of model checking has i ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
Temporal logic model checking involves checking the statespace of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the statespace. The use of symmetry reduction to increase the efficiency of model checking has inspired a wealth of activity in the area of model checking research. We provide a survey of the associated literature.
A.: Symmetry reduction for probabilistic model checking using generic representatives. In: Automated Technology for Verification and Analysis
, 2006
"... Abstract. Generic representatives have been proposed for the effective combination of symmetry reduction and symbolic representation with BDDs in nonprobabilistic model checking. This approach involves the translation of a symmetric source program into a reduced program, in which counters are used ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Generic representatives have been proposed for the effective combination of symmetry reduction and symbolic representation with BDDs in nonprobabilistic model checking. This approach involves the translation of a symmetric source program into a reduced program, in which counters are used to generically represent states of the original model. Symmetric properties of the original program can also be translated, and checked directly over the reduced program. We extend this approach to apply to probabilistic systems with Markov decision process or discrete time Markov chain semantics, represented as MTBDDs. We have implemented a prototype tool, GRIP, which converts a symmetric PRISM program and PCTL property into reduced form. Model checking results for the original program can then be inferred by applying PRISM, unchanged, to the smaller model underlying the reduced program. We present encouraging experimental results for two case studies. 1
Exploiting symmetry when modelchecking software
 In Formal Methods for Networked and Distributed Systems (FORTE
, 1999
"... ..."
Formal Verification on the RT Level Computing OneToOne Design Abstractions by Signal Width Reduction
 In IFIP International Conference on Very Large Scale Integration (VLSI'01), Montpellier, 2001
, 2001
"... Digital circuit designs are usually given as RegisterTransfer Level (RTL) specifications, but most of today's hardware verification tools are based on bitlevel methods, using SAT or BDDbased techniques. RTL specifications contain more explicite structural information than bitlevel descripti ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
(Show Context)
Digital circuit designs are usually given as RegisterTransfer Level (RTL) specifications, but most of today's hardware verification tools are based on bitlevel methods, using SAT or BDDbased techniques. RTL specifications contain more explicite structural information than bitlevel descriptions. This paper presents a new approach to scale down design sizes before verification by exploiting wordlevel information. We introduce a onetoone abstraction technique for RTL property checking, which computes a scaleddown abstract model of a design, in which signal widths are reduced with respect to a property. The property holds for the abstract RTL if and only if it holds for the original RTL. If the property fails, counterexamples for the original design are computed from counterexamples found on the reduced model. The verification task is completely carried out on the scaleddown version of the design; falsenegatives cannot occur. Linear signal width reductions result in exponentially smaller state spaces and have a significant impact on the runtimes of verification tools. Experimental results on large industrial circuits have demonstrated the applicability and efficiency of our method.
A Computational Group Theoretic Symmetry Reduction Package for the SPIN Model Checker
"... Abstract. Symmetry reduced model checking is hindered by two problems: how to identify state space symmetry when systems are not fully symmetric, and how to determine equivalence of states during search. We present TopSPIN, a fully automatic symmetry reduction package for the SPIN model checker. Top ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Symmetry reduced model checking is hindered by two problems: how to identify state space symmetry when systems are not fully symmetric, and how to determine equivalence of states during search. We present TopSPIN, a fully automatic symmetry reduction package for the SPIN model checker. TopSPIN uses the GAP computational algebra system to effectively detect state space symmetry from the associated Promela specification, and to choose an efficient symmetry reduction strategy by classifying automorphism groups as a disjoint/wreath product of subgroups. We present encouraging experimental results for a variety of Promela examples. 1
Efficient symmetry reduction for an actorbased model
 IN: 2ND INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING AND INTERNET TECHNOLOGY. VOLUME 3816 OF LNCS
, 2005
"... Symmetry reduction is a promising technique for combatting state space explosion in model checking. The problem of finding the equivalence classes, i.e., the socalled orbits, of states under symmetry is a difficult problem known to be as hard as graph isomorphism. In this paper, we show how we can ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
Symmetry reduction is a promising technique for combatting state space explosion in model checking. The problem of finding the equivalence classes, i.e., the socalled orbits, of states under symmetry is a difficult problem known to be as hard as graph isomorphism. In this paper, we show how we can automatically find the orbits in an actorbased model, called Rebeca, without enforcing any restriction on the modeler. The proposed algorithm solves the orbit problem for Rebeca models in polynomial time. As a result, the simple actorbased Rebeca language can be utilized efficiently for modeling and verification of systems, without involving the modeler with the details of the verification technique implemented.