Results 1  10
of
338
Slicing Software for Model Construction
 Higherorder and Symbolic Computation
, 1999
"... Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very cos ..."
Abstract

Cited by 105 (18 self)
 Add to MetaCart
Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very costly, thus it is necessary to reduce the size of the transition system as much as possible. In fact, it is often the case that much of a program's source code is irrelevant for verifying a given correctness property. In this paper, we apply program slicing techniques to remove automatically such irrelevant code and thus reduce the size of the corresponding transition system models. We give a simple extension of the classical slicing definition, and prove its safety with respect to model checking of linear temporal logic (LTL) formulae. We discuss how this slicing strategy fits into a general methodology for deriving effective software models using abstractionbased program specializati...
Implementation of Symbolic Model Checking for Probabilistic Systems
, 2002
"... In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilist ..."
Abstract

Cited by 70 (21 self)
 Add to MetaCart
In this thesis, we present ecient implementation techniques for probabilistic model checking, a method which can be used to analyse probabilistic systems such as randomised distributed algorithms, faulttolerant processes and communication networks. A probabilistic model checker inputs a probabilistic model and a speci cation, such as \the message will be delivered with probability 1", \the probability of shutdown occurring is at most 0.02" or \the probability of a leader being elected within 5 rounds is at least 0.98", and can automatically verify if the speci cation is true in the model.
MultiValued Symbolic ModelChecking
 ACM TRANSACTIONS ON SOFTWARE ENGINEERING AND METHODOLOGY
, 2003
"... This paper introduces the concept and the general theory of multivalued model checking, and describes a multivalued symbolic modelchecker \Chi Chek. Multivalued ..."
Abstract

Cited by 68 (17 self)
 Add to MetaCart
This paper introduces the concept and the general theory of multivalued model checking, and describes a multivalued symbolic modelchecker \Chi Chek. Multivalued
Semantics of Types for Mutable State
, 2004
"... Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For in ..."
Abstract

Cited by 60 (4 self)
 Add to MetaCart
(Show Context)
Proofcarrying code (PCC) is a framework for mechanically verifying the safety of machine language programs. A program that is successfully verified by a PCC system is guaranteed to be safe to execute, but this safety guarantee is contingent upon the correctness of various trusted components. For instance, in traditional PCC systems the trusted computing base includes a large set of lowlevel typing rules. Foundational PCC systems seek to minimize the size of the trusted computing base. In particular, they eliminate the need to trust complex, lowlevel type systems by providing machinecheckable proofs of type soundness for real machine languages. In this thesis, I demonstrate the use of logical relations for proving the soundness of type systems for mutable state. Specifically, I focus on type systems that ensure the safe allocation, update, and reuse of memory. For each type in the language, I define logical relations that explain the meaning of the type in terms of the operational semantics of the language. Using this model of types, I prove each typing rule as a lemma. The major contribution is a model of System F with general references — that is, mutable cells that can hold values of any closed type including other references, functions, recursive types, and impredicative quantified types. The model is based on ideas from both possible worlds and the indexed model of Appel and McAllester. I show how the model of mutable references is encoded in higherorder logic. I also show how to construct an indexed possibleworlds model for a von Neumann machine. The latter is used in the Princeton Foundational PCC system to prove type safety for a fullfledged lowlevel typed assembly language. Finally, I present a semantic model for a region calculus that supports typeinvariant references as well as memory reuse. iii
Synthesising verified access control systems
 in XACML. In FMSE ’04
, 2004
"... sy? H? J TU? EQ? R B V FD1E V^Z ®¯R>)Z FD jk B V no E> []#C)B V J TUV R> [^[rH l ..."
Abstract

Cited by 46 (5 self)
 Add to MetaCart
sy? H? J TU? EQ? R B V FD1E V^Z ®¯R>)Z FD jk B V no E> []#C)B V J TUV R> [^[rH l
Test generation based on symbolic specifications
 FATES 2004, number 3395 in LNCS
, 2005
"... Abstract. Classical stateoriented testing approaches are based on simple machine models such as Labelled Transition Systems (LTSs), in which data is represented by concrete values. To implement these theories, data types which have infinite universes have to be cut down to finite variants, which ar ..."
Abstract

Cited by 42 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Classical stateoriented testing approaches are based on simple machine models such as Labelled Transition Systems (LTSs), in which data is represented by concrete values. To implement these theories, data types which have infinite universes have to be cut down to finite variants, which are subsequently enumerated to fit in the model. This leads to an explosion of the state space. Moreover, exploiting the syntactical and/or semantical information of the involved data types is nontrivial after enumeration. To overcome these problems, we lift the family of testing relations iocoF to the level of Symbolic Transition Systems (STSs). We present an algorithm based on STSs, which generates and executes tests onthefly on a given system. It is sound and complete for the iocoF testing relations. 1
Comparing semantics of logics for multiagent systems
 Synthese
"... Abstract. We draw parallels between several closely related logics that combine { in dierent proportions { elements of game theory, computation tree logics, and epistemic logics to reason about agents and their abilities. These are: the coalition game logics CL and ECL introduced by Pauly in 2000, t ..."
Abstract

Cited by 40 (14 self)
 Add to MetaCart
Abstract. We draw parallels between several closely related logics that combine { in dierent proportions { elements of game theory, computation tree logics, and epistemic logics to reason about agents and their abilities. These are: the coalition game logics CL and ECL introduced by Pauly in 2000, the alternatingtime temporal logic ATL developed by Alur, Henzinger and Kupferman between 1997 and 2002, and the alternatingtime temporal epistemic logic ATEL by van der Hoek and Wooldridge (2002). In particular, we establish some subsumption and equivalence results for their semantics, as well as interpretation of the alternatingtime temporal epistemic logic into ATL. The focus in this paper is on models: alternating transition systems, multiplayer game models (alias concurrent game structures) and coalition eectivity models turn out to be intimately related, while alternating epistemic transition systems share much of their philosophical and formal apparatus. Our approach is constructive: we present ways to transform between dierent types of models and languages.
Receding Horizon Temporal Logic Planning for Dynamical Systems
 In 48th IEEE Conference on Decision and Control (CDC) 2009
, 2009
"... Abstract—This paper bridges the advances in computer science and control to allow automatic synthesis of complex dynamical systems which are guaranteed, by construction, to satisfy the desired properties even in the presence of adversary. The desired properties are expressed in the language of tempo ..."
Abstract

Cited by 33 (6 self)
 Add to MetaCart
(Show Context)
Abstract—This paper bridges the advances in computer science and control to allow automatic synthesis of complex dynamical systems which are guaranteed, by construction, to satisfy the desired properties even in the presence of adversary. The desired properties are expressed in the language of temporal logic. With its expressive power, a wider class of properties than safety and stability can be specified. The resulting system consists of a discrete planner which plans, in the abstracted discrete domain, a set of transitions of the system to ensure the correct behaviors and a continuous controller which continuously implements the plan. For a system with certain structure, we present an approach, based on a receding horizon scheme, to overcome computational difficulties in the synthesis of a discrete planner and allow more complex problems to be solved. I.
A Stratified Semantics of General References Embeddable in HigherOrder Logic (Extended Abstract)
, 2002
"... Amal J. Ahmed Andrew W. Appel # Roberto Virga Princeton University {amal,appel,rvirga}@cs.princeton.edu Abstract We demonstrate a semantic model of general references  that is, mutable memory cells that may contain values of any (staticallychecked) closed type, including other references. Our mo ..."
Abstract

Cited by 33 (8 self)
 Add to MetaCart
Amal J. Ahmed Andrew W. Appel # Roberto Virga Princeton University {amal,appel,rvirga}@cs.princeton.edu Abstract We demonstrate a semantic model of general references  that is, mutable memory cells that may contain values of any (staticallychecked) closed type, including other references. Our model is in terms of execution sequences on a von Neumann machine