G. Del Castillo and K. Winter. Model checking support for the ASM highlevel language. In S. Graf and M. Schwartzbach, editors, 6th International Conference for Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....seem to recall hearing about automated tools for veri cation. A: Most are hand crafted, in part because the intended audience for most proofs is still humans, not machines. Still, there is substantial work being done on supporting mechanical veri cation, using theorem provers or model checkers [34, 39, 15, 17, 37]. Final Thoughts Q: We seem to have reached the end of the waterfall. I suppose that I should start trying these ideas out by constructing a few ASMs. A: Indeed. One often learns best by doing. Q: I d still like to see ASMs applied to a real world example. A: Yes, the examples we covered were ....

G. Del Castillo and K. Winter. Model checking support for the ASM high-level language. In S. Graf and M. Schwartzbach, editors, Proceedings of TACAS 2000.

....decision diagrams which leads to very efficient algorithms. The SMV checks a temporal logic formula against the system specification and outputs a counter example if the system fails to meet the requirement. Secondly, a translation tool from ASM to SMV has been implemented by a group in Germany [2]. We hope the verifier can take the advantage of the existed tool. In the following, let us take a look at the transformation schema from an ASM Model to a SMV model, showing why this schema can be applied to our verifier. Kirsten Winter [12] reported the work about this transformation schema ....

G. D. Castillo, K. Winter. Model Checking Support for the ASM High-Level Language. Technical Report tr-ri-99-209, Universit&t-GH Paderborn, June, 1999.

....whose sole scope is leading the model checker to the generation of desired counter examples. The method consists in several steps. First, we compute for a desired coverage the test predicates set tp . Second, we encode the ASM specification in SMV following the technique described in [Del Castillo and Winter 1999]. Third, we compute for each test predicate tp i the test sequence that covers it by running SMV on the trap property AG( tp i ) or equivalently EF(tp i ) stating that tp i is never true. If SMV finds a state where tp i is true, it stops and prints as counter example the state sequence leading ....

....file ASM 2 SMV EDITOR SMV GENERATOR GENERATOR TEST SUITE trap property test predicates TEST PREDICATES Figure 1: Tool Architecture The component ASM 2 SMV receives the ASM specification and a trap prop erty, and provides their SMV encoding. The ASM to SMV transformation proposed in [Del Castillo and Winter 1999] is used to this purpose. The SMV model checker is used in the way described in [Section 6] to produce, if possible, a test sequence. The counterexample generated is given to the TEST SUITE GENERATOR. The TEST SUITE GENERATOR checks (a) if the sequence covers other test predicates; b) if the ....

Del Castillo, G. and Winter, K. (1999). Model Checking Support for the ASM High-Level Language. Technical Report TR-RI-99-209, Universitat-GH Paderborn.

....able to use such semantics for validation and verification. Indeed, one of the benefits of having an executable semantics such as ASMs Montages is the ability to test the semantics on actual programs and observe the correct (or incorrect) behavior of the system, as discussed above. Other ASM works [8, 21, 24] have shown the utility of interfacing ASM semantics with automated correctness tools. But often, in order to produce output suitable for automated verification, one sacrifices expressiveness or readability. We have chosen to focus on the latter. Norrish (among others) rightly points out certain ....

G. Del Castillo and K. Winter, "Model Checking Support for the ASM High-Level Language ". Technical Report TR-RI-99-209, Universitat-GH Paderborn, June 1999.

....can be expressed and verified. This work can be viewed as an investigation on applying model checking and refinement mapping on ASM models, in the context of hardware design. We analyze the applicability of automatic verification of ASM models using the ASM Workbench and its interface ASM SMV [3]. The used example is a module of an ATM switch fabric, the Timing block [7] on which we show how the validation and verification are performed. A specification and an implementation of the Timing block are first specified in the ASM Workbench language [2] These models are validated separately ....

G. Del Castillo and K. Winter. Model checking support for the ASM high-level language. International Conference for Tools and Algorithms for the Construction and Analysis of Systems, TACAS'2000.

....than the abstract memory model: certain values that can be read by the abstract memory model cannot be read by the protocol. Currently, the ASM methodology has little support for automated veri cation compared to other techniques. Model checking of ASM speci cation is an active area of research [4]. An interesting area of further study for us would be to explore the use of model checking techniques to automate portions of our proof. Another area of future research is to express other weak memory models and see how these models, and their associated protocols, di er compare with our speci ....

G. Del Castillo and K. Winter (2000). Model checking support for the ASM high-level language. In Proceedings of TACAS 2000, S. Graf and M. Schwartzbach (editors), LNCS 1785, Springer-Verlag, 331-346.

....decision diagrams which leads to very efficient algorithms. The SMV checks a temporal logic formula against the system specification and outputs a counter example if the system fails to meet the requirement. Secondly, a translation tool from ASM to SMV has been implemented by a group in Germany [2]. We hope the verifier can take the advantage of the existed tool. In the following, let us take a look at the transformation schema from an ASM Model to a SMV model, showing why this schema can be applied to our verifier. Kirsten Winter [12] reported the work about this transformation schema ....

G. D. Castillo, K. Winter. Model Checking Support for the ASM High-Level Language. Technical Report tr-ri-99-209, Universitat-GH Paderborn, June, 1999.

....of rst order logic for modelling data with the operational view of transition systems for modelling behaviour. Dynamic properties of the resulting ASM models can be easily speci ed using some form of temporal logic (such as CTL) and are amenable to be formally veri ed by modelchecking (see [13]) Furthermore, as ASM models are executable, simulation can be used as a means of validation as well. Finally, in the context of IP based design, an important advantage of ASMs is that they 40 may allow to provide to clients unambiguous and even executable models of components (which clients ....

G. Del Castillo and K. Winter. Model checking support for the ASM high-level language. In Tools and Algorithms for the Construction and Analysis of Systems, TACAS'2000.

.... domains and ranges) are nite (and not too large) and x, i.e. domains and ranges may not be extended by some transition rules, an ASM model can be transformed into a model checker language, e.g. the language of the SMV model checker ( 7] A rst schematic approach is published in [12] In [2] the schema is extended for coping with ASM with n ary functions (n 0) All n ary functions will be unfolded to get 0 ary functions that can be mapped to simple state variables in the SMV model. Of course, model checking as a fully automatic approach is limited with respect to the computational ....

....scenarios for locating errors. 5 Transformation Issues The general approach for the transformation of ASM transition rules into SMV code is already described in [12] The extended transformation algorithm that includes the transformation of n ary dynamic functions (with n 0) can be found in [2]. Based on this foundation we want to add some more general remarks here concerning extensibility and optimisation. In order to make this paper self containing we recall our main ideas of transformation. 5.1 Transformation of ASM into SMV language The basic translation scheme introduced in [12] ....

[Article contains additional citation context not shown here]

G. Del Castillo and K. Winter. Model checking support for the ASM high-level language. In 6th Int. Conference for Tools and Algorithms for the Construction and Analysis of Systems, TACAS 2000. to appear.

No context found.

G. Del Castillo and K. Winter. Model checking support for the ASM highlevel language. In S. Graf and M. Schwartzbach, editors, 6th International Conference for Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2000.

No context found.

G. Del Castillo and K. Winter. Model checking support for the ASM highlevel language. International Conference for Tools and Algorithms for the Construction and Analysis of Systems, TACAS'2000.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC