Abstract. We describe the design and implementation of an automatic invariant generator for imperative programs. While automatic invariant generation through constraint solving has been extensively studied from a theoretical viewpoint as a classical means of program verification, in practice existing tools do not scale even to moderately sized programs. This is because the constraints that need to be solved even for small programs are already too difficult for the underlying (non-linear) constraint solving engines. To overcome this obstacle, we propose to strengthen static constraint generation with information obtained from static abstract interpretation and dynamic execution of the program. The strengthening comes in the form of additional linear constraints that trigger a series of simplifications in the solver, and make solving more scalable. We demonstrate the practical applicability of the approach by an experimental evaluation on a collection of challenging benchmark programs and comparisons with related tools based on abstract interpretation and software model checking. 1

I n recent years, advances in formal-proof systems and constraint solv-ers have enabled us to dream of a day when all the software we write can be proven correct. Software practi-tioners now must decide whether to persist in using testing to improve confidence in their code or to invest effort

Abstract. Given a set of processes and a set of tests on these processes we show how to define in a natural way three different eyuitalences on processes. ThesP equivalences are applied to a particular language CCS. We give associated complete proof systems and fully abstract models. These models

The majority of work carried out in the formal methods community throughout the last three decades has (for good reasons) been devoted to special languages designed to make it easier to experiment with mechanized formal methods such as theorem provers, proof checkers and model checkers

ABSTRACT Hypotheses are derived from real data, and drive the discovery of new data. A paper in this issue illustrates how this will work in the future, with a real world example of hypothesis preceding experimental findings, and explaining them and expanding their implications.

be proven over concrete programs. As such, explicit test hypotheses establish a logical link between a validation by test and a validation by proof. Since HOL-TestGen generates explicit test hypotheses and makes them amenable to formal proof, the system is in a unique position to explore the relations

This paper shows the first implementation of the methodology developed in [18] to a superscalar state of the art PowerPC implementation[17][16]. The experiment, which is described in detail, includes modeling of parts of that processor in SMV[10], generating abstract tests from the model using CFSM

Abstract not found

formal development using VDM and B and employed a number of techniques for the analysis of the formal texts by animation, test case generation and proof. We assess the effectiveness of methodology and techniques adopted by measuring the introduction and detection of faults.

Abstract. We consider the problem of test generation for Boolean combinational circuits. We use a novel approach based on the idea of treating tests as a proof encoding rather than as a sample of the search space. In our approach, a set of tests is complete for a circuit N, and a property p