Results 1  10
of
12
On verification modelling of embedded systems
, 2004
"... Computeraided verification of embedded systems hinges on the availability of good verification models of the systems at hand. Because of the combinatorial complexities that are inherent in any process of verification, such models generally are only abstractions of the full design model or system sp ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Computeraided verification of embedded systems hinges on the availability of good verification models of the systems at hand. Because of the combinatorial complexities that are inherent in any process of verification, such models generally are only abstractions of the full design model or system specification. As they must both be small enough to be effectively verifiable and preserve the properties under verification, the development of verification models usually requires the experience, intuition and creativity of an expert. We argue that there is a great need for systematic methods for the construction of verification models to move on, and leave the current stage that can be characterised as that of “model hacking”. The adhoc construction of verification models obscures the relationship between models and the systems that they represent, and undermines the reliability and relevance of the verification results that are obtained. We propose some ingredients for a solution to this problem.
A Compositional Behavioral Modeling Framework for
 Embedded System Design and Conformance Checking. International Journal of Parallel Programming
"... We propose a framework based on a synchronous multiclocked model of computation to support the inductive and compositional construction of scalable behavioral models of embedded systems engineered with de facto standard design and programming languages. Behavioral modeling is seen under the paradig ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
We propose a framework based on a synchronous multiclocked model of computation to support the inductive and compositional construction of scalable behavioral models of embedded systems engineered with de facto standard design and programming languages. Behavioral modeling is seen under the paradigm of type inference. The aim of the proposed type system is to capture the behavior of a system under design and to refactor it by performing global optimizing and architecturesensitive transformations on it. It allows to modularly express a wide spectrum of static and dynamic behavioral properties and automatically or manually scale the desired degree of abstraction of these properties for efficient verification. The type system is presented using a generic and languageindependent static single assignment intermediate representation. KEY WORDS: Embedded system design; formal methods; models of computation; program transformation; verification.
ContextBounded Translations for Concurrent Software: An Empirical Evaluation ⋆
"... Abstract. ContextBounded Analysis has emerged as a practical automatic formal analysis technique for finegrained, sharedmemory concurrent software. Two recent papers (in CAV 2008 and 2009) have proposed ingenious translation approaches that promise much better scalability, backed by compelling, b ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Abstract. ContextBounded Analysis has emerged as a practical automatic formal analysis technique for finegrained, sharedmemory concurrent software. Two recent papers (in CAV 2008 and 2009) have proposed ingenious translation approaches that promise much better scalability, backed by compelling, but differing, theoretical and conceptual advantages. Empirical evidence comparing the translations, however, has been lacking. Furthermore, these papers focused exclusively on Boolean model checking, ignoring the also widely used paradigm of verificationcondition checking. In this paper, we undertake a methodical, empirical evaluation of the three main sourcetosource translations for contextbounded analysis of concurrent software, in a verificationconditionchecking paradigm. We evaluate their scalability under a wide range of experimental conditions. Our results show: (1) The newest, CAV 2009 translation is the clear loser, with the CAV 2008 translation the best in most instances, but the oldest, bruteforce translation doing surprisingly well. Clearly, previous results for Boolean model checking do not apply to verificationcondition checking. (2) Disturbingly, confounding factors in the experimental design can change the relative performance of the translations, highlighting the importance of extensive and thorough experiments. For example, using a different (slower) SMT solver changes the relative ranking of the translations, potentially misleading researchers and practitioners to use an inferior translation. (3) SMT runtimes grow exponentially with verificationcondition length, but different translations and parameters give different exponential curves. This suggests that the practical scalability of a translation scheme might be estimated by combining the size of the queries with an empirical or theoretical measure of the complexity of solving that class of query. 1
Partial Order Reductions using Compositional Confluence Detection
 16TH INTERNATIONAL SYMPOSIUM ON FORMAL METHODS FM'2009
, 2009
"... Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, wh ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, which happens when the graph is too large to be stored in the available computer memory. Several techniques can be used to palliate state explosion, such as onthefly verification, compositional verification, and partial order reductions. In this paper, we propose a new technique of partial order reductions based on compositional confluence detection (Ccd), which can be combined with the techniques mentioned above. Ccd is based upon a generalization of the notion of confluence defined by Milner and exploits the fact that synchronizing transitions that are confluent in the individual processes yield a confluent transition in the system graph. It thus consists of analysing the transitions of the individual process graphs and the synchronization structure to identify such confluent transitions compositionally. Under some additional conditions, the confluent transitions can be given priority over the other transitions, thus enabling graph reductions. We propose two such additional conditions: one ensuring that the generated graph is equivalent to the original system graph modulo branching bisimulation, and one ensuring that the generated graph contains the same deadlock states as the original system graph. We also describe how Ccdbased reductions were implemented in the Cadp toolbox, and present examples and a case study in which adding Ccd improves reductions with respect to compositional verification and other partial order reductions.
Simple Network Protocol Simulation within Maude
"... On the one hand network and... In this paper we present the specification of a network model in Maude and some primitives for de ning simulation strategies. The use of the model is illustrated with a simple HELLO subprotocol taken from the IETF PIMDM (Protocol Independent MultiCastDense Mode) RFC ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
On the one hand network and... In this paper we present the specification of a network model in Maude and some primitives for de ning simulation strategies. The use of the model is illustrated with a simple HELLO subprotocol taken from the IETF PIMDM (Protocol Independent MultiCastDense Mode) RFC [6], and based on a pseudocode specification [21]. The network model we present reflects the key aspects of the infrastructure on which typical communication protocols run. The model is designed so that we may execute isolated protocols as well as develop techniques for composing subprotocols, to model the more complex protocols used in practice. The long term goal is to support simulation and formal analysis at many levels of detail...
On Commutativity Based Edge Lean Search
"... Abstract. Exploring a graph through search is one of the most basic building blocks of various applications. In a setting with a huge state space, such as in testing and verification, optimizing the search may be crucial. We consider the problem of visiting all states in a graph where edges are gene ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Abstract. Exploring a graph through search is one of the most basic building blocks of various applications. In a setting with a huge state space, such as in testing and verification, optimizing the search may be crucial. We consider the problem of visiting all states in a graph where edges are generated by actions and the (reachable) states are not known in advance. Some of the actions may commute, i.e., they result in the same state for every order in which they are taken (this is the case when the actions are performed independently by different processes). We show how to use commutativity to achieve full coverage of the states traversing considerably fewer edges. 1
Minimization of counterexamples in SPIN
 In SPIN Workshop on Model Checking of Software
, 2004
"... We propose an algorithm to find a counterexample to some property in a finite state program. This algorithm is derived from SPIN's one, but it finds a counterexample faster than SPIN does. In particular it still works in linear time. Compared with SPIN's algorithm, it requires only one additiona ..."
Abstract
 Add to MetaCart
We propose an algorithm to find a counterexample to some property in a finite state program. This algorithm is derived from SPIN's one, but it finds a counterexample faster than SPIN does. In particular it still works in linear time. Compared with SPIN's algorithm, it requires only one additional bit per state stored. We further propose another algorithm to compute a counterexample of minimal size. Again, this algorithm does not use more memory than SPIN does to approximate a minimal counterexample. The cost to find a counterexample of minimal size is that one has to revisit more states than SPIN. We provide an implementation and discuss experimental results.
Specification and verification of selected intrusion tolerance properties using CSP and FDR
, 2003
"... MAFTIA Workpackage 6 is concerned with the rigorous definition of the basic MAFTIA concepts, and the verification and assessment of the work on dependable middleware. ..."
Abstract
 Add to MetaCart
MAFTIA Workpackage 6 is concerned with the rigorous definition of the basic MAFTIA concepts, and the verification and assessment of the work on dependable middleware.
(Unterschrift der Bearbeiterin)
, 2007
"... Fragestellungen als auch in Fragen nach dem „Zusammenpassen “ von Komponenten auftauchen. Um eine frühe Einschätzung von Kompatibilität durch Modellierung des untersuchten Systems zu ermöglichen, wurde die (Unified) Compatibility Modelling Language ((U)CML) an der Technischen Universität München ent ..."
Abstract
 Add to MetaCart
Fragestellungen als auch in Fragen nach dem „Zusammenpassen “ von Komponenten auftauchen. Um eine frühe Einschätzung von Kompatibilität durch Modellierung des untersuchten Systems zu ermöglichen, wurde die (Unified) Compatibility Modelling Language ((U)CML) an der Technischen Universität München entwickelt. Bisher ist (U)CML als vordergründig statisches Modell definiert worden. Die Nützlichkeit der Modellierung von Kompatibilität auch auf Kommunikation zwischen Komponenten auszudehnen ist Thema dieser Arbeit. Dafür wird der weit verbreitete Standard der Message Sequence Charts (MSC) mit einer an die Modellierung
Automated verification of resource requirements in multiagent systems using abstraction ⋆
"... Abstract. We describe a framework for the automated verification of multiagent systems which do distributed problem solving, e.g., query answering. Each reasoner uses facts, messages and Horn clause rules to derive new information. We show how to verify correctness of distributed problem solving un ..."
Abstract
 Add to MetaCart
Abstract. We describe a framework for the automated verification of multiagent systems which do distributed problem solving, e.g., query answering. Each reasoner uses facts, messages and Horn clause rules to derive new information. We show how to verify correctness of distributed problem solving under resource constraints, such as the time required to answer queries and the number of messages exchanged by the agents. The framework allows the use of abstract specifications consisting of Linear Time Temporal Logic (LTL) formulas to specify some of the agents in the system. We illustrate the use of the framework on a simple example. 1