Results 1  10
of
31
Model Checking Programs
, 2003
"... The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers. In this pape ..."
Abstract

Cited by 474 (61 self)
 Add to MetaCart
The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers. In this paper we will attempt to give convincing arguments for why we believe it is time for the formal methods community to shift some of its attention towards the analysis of programs written in modern programming languages. In keeping with this philosophy we have developed a verification and testing environment for Java, called Java PathFinder (JPF), which integrates model checking, program analysis and testing. Part of this work has consisted of building a new Java Virtual Machine that interprets Java bytecode. JPF uses state compression to handle big states, and partial order and symmetry reduction, slicing, abstraction, and runtime analysis techniques to reduce the state space. JPF has been applied to a realtime avionics operating system developed at Honeywell, illustrating an intricate error, and to a model of a spacecraft controller, illustrating the combination of abstraction, runtime analysis, and slicing with model checking.
Addressing Dynamic Issues of Program Model Checking
 Lecture Notes in Computer Science
"... Model checking real programs has recently become an active research area. Programs however exhibit two characteristics that make model checking difficult: the complexity of their state and the dynamic nature of many programs. Here we address both these issues within the context of the Java PathF ..."
Abstract

Cited by 36 (1 self)
 Add to MetaCart
Model checking real programs has recently become an active research area. Programs however exhibit two characteristics that make model checking difficult: the complexity of their state and the dynamic nature of many programs. Here we address both these issues within the context of the Java PathFinder (JPF) model checker. Firstly, we will show how the state of a Java program can be encoded efficiently and how this encoding can be exploited to improve model checking. Next we show how to use symmetry reductions to alleviate some of the problems introduced by the dynamic nature of Java programs. Lastly, we show how distributed model checking of a dynamic program can be achieved, and furthermore, how dynamic partitions of the state space can improve model checking. We support all our findings with results from applying these techniques within the JPF model checker.
Abstract interpretation based formal methods and future challenges, invited paper
 Informatics — 10 Years Back, 10 Years Ahead, volume 2000 of Lecture Notes in Computer Science
, 2001
"... Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to f ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
Abstract. In order to contribute to the solution of the software reliability problem, tools have been designed to analyze statically the runtime behavior of programs. Because the correctness problem is undecidable, some form of approximation is needed. The purpose of abstract interpretation is to formalize this idea of approximation. We illustrate informally the application of abstraction to the semantics of programming languages as well as to static program analysis. The main point is that in order to reason or compute about a complex system, some information must be lost, that is the observation of executions must be either partial or at a high level of abstraction. In the second part of the paper, we compare static program analysis with deductive methods, modelchecking and type inference. Their foundational ideas are briefly reviewed, and the shortcomings of these four methods are discussed, including when they should be combined. Alternatively, since program debugging is still the main program verification
Dihomotopy as a Tool in State Space Analysis
, 2002
"... Recent geometric methods have been used in concurrency theory for quickly finding deadlocks and unreachable states, see [14] for instance. The reason why these methods are fast is that they contain in germ ingredients for tackling the statespace explosion problem. In this paper we show how this can ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
Recent geometric methods have been used in concurrency theory for quickly finding deadlocks and unreachable states, see [14] for instance. The reason why these methods are fast is that they contain in germ ingredients for tackling the statespace explosion problem. In this paper we show how this can be made formal. We also give some hints about the underlying algorithmics. Finally, we compare with other wellknown methods for coping with the statespace explosion problem.
Symmetry in temporal logic model checking
 ACM Comput. Surv
"... Temporal logic model checking involves checking the statespace of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the statespace. The use of symmetry reduction to increase the efficiency of model checking has i ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Temporal logic model checking involves checking the statespace of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the statespace. The use of symmetry reduction to increase the efficiency of model checking has inspired a wealth of activity in the area of model checking research. We provide a survey of the associated literature.
Exploiting symmetry when modelchecking software. In Formal Methods for Protocol Engineering and Distributed Systems
 FORTE XII / PSTV XIX’99, IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX
, 1999
"... ..."
Formal Verification on the RT Level Computing OneToOne Design Abstractions by Signal Width Reduction
 In IFIP International Conference on Very Large Scale Integration (VLSI'01), Montpellier, 2001
, 2001
"... Digital circuit designs are usually given as RegisterTransfer Level (RTL) specifications, but most of today's hardware verification tools are based on bitlevel methods, using SAT or BDDbased techniques. RTL specifications contain more explicite structural information than bitlevel descripti ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Digital circuit designs are usually given as RegisterTransfer Level (RTL) specifications, but most of today's hardware verification tools are based on bitlevel methods, using SAT or BDDbased techniques. RTL specifications contain more explicite structural information than bitlevel descriptions. This paper presents a new approach to scale down design sizes before verification by exploiting wordlevel information. We introduce a onetoone abstraction technique for RTL property checking, which computes a scaleddown abstract model of a design, in which signal widths are reduced with respect to a property. The property holds for the abstract RTL if and only if it holds for the original RTL. If the property fails, counterexamples for the original design are computed from counterexamples found on the reduced model. The verification task is completely carried out on the scaleddown version of the design; falsenegatives cannot occur. Linear signal width reductions result in exponentially smaller state spaces and have a significant impact on the runtimes of verification tools. Experimental results on large industrial circuits have demonstrated the applicability and efficiency of our method.
Efficient symmetry reduction for an actorbased model
 IN: 2ND INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING AND INTERNET TECHNOLOGY. VOLUME 3816 OF LNCS
, 2005
"... Symmetry reduction is a promising technique for combatting state space explosion in model checking. The problem of finding the equivalence classes, i.e., the socalled orbits, of states under symmetry is a difficult problem known to be as hard as graph isomorphism. In this paper, we show how we can ..."
Abstract

Cited by 4 (4 self)
 Add to MetaCart
Symmetry reduction is a promising technique for combatting state space explosion in model checking. The problem of finding the equivalence classes, i.e., the socalled orbits, of states under symmetry is a difficult problem known to be as hard as graph isomorphism. In this paper, we show how we can automatically find the orbits in an actorbased model, called Rebeca, without enforcing any restriction on the modeler. The proposed algorithm solves the orbit problem for Rebeca models in polynomial time. As a result, the simple actorbased Rebeca language can be utilized efficiently for modeling and verification of systems, without involving the modeler with the details of the verification technique implemented.
Verification of Embedded Software: Problems and Perspectives
 Proceedings of the 1st International Workshop on Embedded Software (EMSOFT), USA. LNCS 2211, SpringerVerlag
, 2001
"... Computer aided formal methods have been very successful for the verification or at least enhanced debugging of hardware. The cost of correction of a hardware bug is huge enough to justify high investments in alternatives to testing such as correctness verification. This is not the case for software ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Computer aided formal methods have been very successful for the verification or at least enhanced debugging of hardware. The cost of correction of a hardware bug is huge enough to justify high investments in alternatives to testing such as correctness verification. This is not the case for software for which bugs are a quite common situation which can be easily handled through online updates. However in the area of embedded software, errors are hardly tolerable. Such embedded software is often safetycritical, so that a software failure might create a safety hazard in the equipment and put human life in danger. Thus embedded software verification is a research area of growing importance. Present day software verification technology can certainly be useful but is yet too limited to cope with the formidable challenge of complete software verification. We highlight some of the problems to be solved and envision possible abstract interpretation based static analysis solutions.
A Computational Group Theoretic Symmetry Reduction Package for the SPIN Model Checker
"... Abstract. Symmetry reduced model checking is hindered by two problems: how to identify state space symmetry when systems are not fully symmetric, and how to determine equivalence of states during search. We present TopSPIN, a fully automatic symmetry reduction package for the SPIN model checker. Top ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Abstract. Symmetry reduced model checking is hindered by two problems: how to identify state space symmetry when systems are not fully symmetric, and how to determine equivalence of states during search. We present TopSPIN, a fully automatic symmetry reduction package for the SPIN model checker. TopSPIN uses the GAP computational algebra system to effectively detect state space symmetry from the associated Promela specification, and to choose an efficient symmetry reduction strategy by classifying automorphism groups as a disjoint/wreath product of subgroups. We present encouraging experimental results for a variety of Promela examples. 1