Results 1  10
of
129
ProB: A Model Checker for B
 FME 2003: FORMAL METHODS, LNCS 2805
, 2003
"... We present ProB, an animation and model checking tool for the B method. ProB's animation facilities allow users to gain confidence in their specifications, and unlike the animator provided by the BToolkit, the user does not have to guess the right values for the operation arguments or choi ..."
Abstract

Cited by 136 (40 self)
 Add to MetaCart
We present ProB, an animation and model checking tool for the B method. ProB's animation facilities allow users to gain confidence in their specifications, and unlike the animator provided by the BToolkit, the user does not have to guess the right values for the operation arguments or choice variables. ProB contains a model checker and a constraintbased checker, both of which can be used to detect various errors in B specifications. We present our first experiences in using ProB on several case studies, highlighting that ProB enables users to uncover errors that are not easily discovered by existing tools.
Infinite state model checking by abstract interpretation and program specialisation
 LogicBased Program Synthesis and Transformation. Proceedings of LOPSTR’99, LNCS 1817
, 2000
"... Abstract. We illustrate the use of logic programming techniques for finite model checking of CTL formulae. We present a technique for infinite state model checking of safety properties based upon logic program specialisation and analysis techniques. The power of the approach is illustrated on severa ..."
Abstract

Cited by 67 (27 self)
 Add to MetaCart
(Show Context)
Abstract. We illustrate the use of logic programming techniques for finite model checking of CTL formulae. We present a technique for infinite state model checking of safety properties based upon logic program specialisation and analysis techniques. The power of the approach is illustrated on several examples. For that, the efficient tools logen and ecce are used. We discuss how this approach has to be extended to handle more complicated infinite state systems and to handle arbitrary CTL formulae. 1
ModelBased Analysis of Configuration Vulnerabilities
 JOURNAL OF COMPUTER SECURITY
"... Vulnerability analysis is concerned with the problem of identifying weaknesses in computer systems that can be exploited to compromise their security. In this paper we describe a new approach to vulnerability analysis based on model checking. Our approach involves: Formal specification of desire ..."
Abstract

Cited by 55 (2 self)
 Add to MetaCart
Vulnerability analysis is concerned with the problem of identifying weaknesses in computer systems that can be exploited to compromise their security. In this paper we describe a new approach to vulnerability analysis based on model checking. Our approach involves: Formal specification of desired security properties. An example of such a property is "no ordinary user can overwrite system log files." An abstract model of the system that captures its securityrelated behaviors. This model is obtained by composing models of system components such as the file system, privileged processes, etc.
Efficient Access Mechanisms For Tabled Logic Programs
, 1999
"... This article describes the design, implementation, and experimental evaluation of data structures and algorithms for highperformance table access. Our approach uses tries as the basis for tables. Tries, a variant of discrimination nets, provide complete discrimination for terms, and permit a lookup ..."
Abstract

Cited by 48 (16 self)
 Add to MetaCart
This article describes the design, implementation, and experimental evaluation of data structures and algorithms for highperformance table access. Our approach uses tries as the basis for tables. Tries, a variant of discrimination nets, provide complete discrimination for terms, and permit a lookup and possible insertion to be performed in a single pass through a term. In addition, a novel technique of substitution factoring is proposed. When substitution factoring is used, the access cost for answers is proportional to the size of the answer substitution, rather than to the size of the answer itself. Answer tries can be implemented both as interpreted structures and as compiled WAMlike code. When they are compiled, the speed of computing substitutions through answer tries is competitive with the speed of unit facts compiled or asserted as WAM code. Because answer tries can also be created an order of magnitude more quickly than asserted code, they form a promising alternative for representing certain types of dynamic code, even in Prolog systems without tabling. / Address correspondence to I.V. Ramakrishnan, D.S. Warren, Dept. of Computer Science, State University of New York at Stony Brook, Stony Brook, NY 117944400, U.S.A., email: fram,warreng@cs.sunysb.edu; P. Rao, Bellcore, 445 South Street, Morristown, NJ 079606438, U.S.A., email: prasadr@bellcore.com; K. Sagonas, Dept. of Computer Science, Katholieke Universiteit Leuven, Celestijnenlaan 200A, B3001, Heverlee, Belgium, email:
Synthesizing software verifiers from proof rules
 IN PLDI
, 2012
"... Automatically generated tools can significantly improve programmer productivity. For example, parsers and dataflow analyzers can be automatically generated from declarative specifications in the form of grammars, which tremendously simplifies the task of implementing a compiler. In this paper, we pr ..."
Abstract

Cited by 45 (10 self)
 Add to MetaCart
(Show Context)
Automatically generated tools can significantly improve programmer productivity. For example, parsers and dataflow analyzers can be automatically generated from declarative specifications in the form of grammars, which tremendously simplifies the task of implementing a compiler. In this paper, we present a method for the automatic synthesis of software verification tools. Our synthesis procedure takes as input a description of the employed proof rule, e.g., program safety checking via inductive invariants, and produces a tool that automatically discovers the auxiliary assertions required by the proof rule, e.g., inductive loop invariants and procedure summaries. We rely on a (standard) representation of proof rules using recursive equations over the auxiliary assertions. The discovery of auxiliary assertions, i.e., solving the equations, is based on an iterative process that extrapolates solutions obtained for finitary unrollings of equations. We show how our method synthesizes automatic safety and liveness verifiers for programs with procedures, multithreaded programs, and functional programs. Our experimental comparison of the resulting verifiers with existing stateoftheart verification tools confirms the practicality of the approach.
Logic Programming and Model Checking
 PROCEEDINGS OF PLIP/ALP'98
, 1998
"... We report on the current status of the LMC project, which seeks to deploy the latest developments in logicprogramming technology to advance the state of the art of system specification and verification. In particular, the XMC model checker for valuepassing CCS and the modal mucalculus is disc ..."
Abstract

Cited by 37 (6 self)
 Add to MetaCart
We report on the current status of the LMC project, which seeks to deploy the latest developments in logicprogramming technology to advance the state of the art of system specification and verification. In particular, the XMC model checker for valuepassing CCS and the modal mucalculus is discussed, as well as the XSB tabled logic programming system, on which XMC is based. Additionally,several ongoing efforts aimed at extending the LMC approachbeyond traditional finitestate model checking are considered, including compositional model checking, the use of explicit induction techniques to model check parameterized systems, and the model checking of realtime systems. Finally, after a brief conclusion, future research directions are identified.
ProB: An Automated Analysis Toolset for the B Method
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
, 2007
"... We present ProB, a validation toolset for the B method. ProB’s automated animation facilities allow users to gain confidence in their specifications. ProB also contains a model checker and a refinement checker, both of which can be used to detect various errors in B specifications. We describe the u ..."
Abstract

Cited by 36 (12 self)
 Add to MetaCart
We present ProB, a validation toolset for the B method. ProB’s automated animation facilities allow users to gain confidence in their specifications. ProB also contains a model checker and a refinement checker, both of which can be used to detect various errors in B specifications. We describe the underlying methodology of ProB, and present the important aspects of the implementation. We also present empirical evaluations as well as several case studies, highlighting that ProB enables users to uncover errors that are not easily discovered by existing tools.
A Process Calculus for Mobile Ad Hoc Networks
"... Abstract. We present the ωcalculus, a process calculus for formally modeling and reasoning about Mobile Ad Hoc Wireless Networks (MANETs) and their protocols. The ωcalculus naturally captures essential characteristics of MANETs, including the ability of a MANET node to broadcast a message to any o ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We present the ωcalculus, a process calculus for formally modeling and reasoning about Mobile Ad Hoc Wireless Networks (MANETs) and their protocols. The ωcalculus naturally captures essential characteristics of MANETs, including the ability of a MANET node to broadcast a message to any other node within its physical transmission range (and no others), and to move in and out of the transmission range of other nodes in the network. A key feature of the ωcalculus is the separation of a node’s communication and computational behavior, described by an ωprocess, from the description of its physical transmission range, referred to as an ωprocess interface. Our main technical results are as follows. We give a formal operational semantics of the ωcalculus in terms of labeled transition systems and show that the state reachability problem is decidable for finitecontrol ωprocesses. We also prove that the ωcalculus is a conservative extension of the πcalculus, and that late bisimulation (appropriately lifted from the πcalculus to the ωcalculus) is a congruence. Congruence results are also established for a weak version of late bisimulation, which abstracts away from two types of internal actions: τactions, as in the πcalculus, and µactions, signaling node movement. Finally, we illustrate the practical utility of the calculus by developing and analyzing a formal model of a leaderelection protocol for MANETs. 1
XMC: A LogicProgrammingBased Verification Toolset
 In Computer Aided Verification (CAV
, 2000
"... Introduction XMC is a toolset for specifying and verifying concurrent systems. Its main mode of verification is temporallogic model checking [CES86], although equivalence checkers have also been implemented. In its current form, temporal properties are specified in the alternationfree fragment ..."
Abstract

Cited by 32 (11 self)
 Add to MetaCart
Introduction XMC is a toolset for specifying and verifying concurrent systems. Its main mode of verification is temporallogic model checking [CES86], although equivalence checkers have also been implemented. In its current form, temporal properties are specified in the alternationfree fragment of the modal mucalculus [Koz83], and system models are specified in XL, a valuepassing language based on CCS [Mil89]. The core computational components of the XMC system, such as those for compiling the specification language, model checking, etc., are built on top of the XSB tabled logicprogramming system [XSB99]. A distinguishing aspect of XMC is that model checking is carried out as query evaluation, by building proof trees using tabled resolution. The main advantage to making prooftree construction central to XMC is the resultant flexibility and extensibility of the system. For example, XMC provides the foundation for the XMCRT [DRS99] model checker for realtime systems, and for