Results 11  20
of
28
Functional Qualification of TLM Verification
"... Abstract—The topic will cover the use of functional qualification for measuring the quality of functional verification of TLM models. Functional qualification is based on the theory of mutation analysis but considers a mutation to have been killed only if a testcase fails. A mutation model of TLM b ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract—The topic will cover the use of functional qualification for measuring the quality of functional verification of TLM models. Functional qualification is based on the theory of mutation analysis but considers a mutation to have been killed only if a testcase fails. A mutation model of TLM behaviors is proposed to qualify a verification environment based on both testcases and assertions. The presentation describes at first the theoretic aspects of this topic and then it focuses on its application to real cases by using actual EDA tools, thus showing advantages and limitations of the application of mutation analysis to TLM. I.
Learning to Verify Systems
, 2006
"... Making high quality and reliable software systems remains a difficult problem. One approach to address this problem is automated verification which attempts to demonstrate algorithmically that a software system meets its specification. However, verification of software systems is not easy: such sys ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Making high quality and reliable software systems remains a difficult problem. One approach to address this problem is automated verification which attempts to demonstrate algorithmically that a software system meets its specification. However, verification of software systems is not easy: such systems are often modeled using abstractions of infinite structures such as unbounded integers, infinite memory for allocation, unbounded space for call stack, unrestricted queue sizes and so on. It can be shown that for most classes of such systems, the verification problem is actually undecidable (there exists no algorithm which will always give the correct answer for arbitrary inputs). In spite of this negative theoretical result, techniques have been developed which are successful on some practical examples although they are not guaranteed to always work. This dissertation is in a similar spirit and develops a new paradigm for automated verification of large or infinite state systems. We observe that even if the state space of a system is infinite, for practical examples, the set of reachable states (or other fixpoints needed for verification) is often expressible in a simple representation. Based on this observation, we propose an entirely new approach to verification: the idea is to use techniques from computational learning theory to identify the reachable states (or other fixpoints) and then verify the property of interest. To use learning techniques, we solve key problems of
On the Hardness of Finding Symmetries in Markov Decision Processes
"... In this work we address the question of finding symmetries of a given MDP. We show that the problem is Isomorphism Complete, that is, the problem is polynomially equivalent to verifying whether two graphs are isomorphic. Apart from the theoretical importance of this result it has an important practi ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
In this work we address the question of finding symmetries of a given MDP. We show that the problem is Isomorphism Complete, that is, the problem is polynomially equivalent to verifying whether two graphs are isomorphic. Apart from the theoretical importance of this result it has an important practical application. The reduction presented can be used together with any offtheshelf Graph Isomorphism solver, which performs well in the average case, to find symmetries of an MDP. In fact, we present results of using NAutY (the best Graph Isomorphism solver currently available), to find symmetries of MDPs. 1.
The PolyhedronHitting Problem
"... We consider polyhedral versions of Kannan and Lipton’s Orbit Problem—determining whether a target polyhedron V may be reached from a starting point x under repeated applications of a linear transformation A in an ambient vector space Qm. We present what amounts to a complete characterisation of the ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
(Show Context)
We consider polyhedral versions of Kannan and Lipton’s Orbit Problem—determining whether a target polyhedron V may be reached from a starting point x under repeated applications of a linear transformation A in an ambient vector space Qm. We present what amounts to a complete characterisation of the decidability landscape for this problem, expressed as a function of the dimension m of the ambient space, together with the dimension of the polyhedral target V: more precisely, for each pair of dimensions, we either establish decidability, or show hardness for longstanding open problems. 1
M.: Preorders for reasoning about stability
 In: HSCC’12
, 2012
"... Preorders between processes, like simulation, have played a central role in the verification and analysis of discretestate systems. Logical characterization of such preorders have allowed one to verify the correctness of a system by analyzing an abstraction of the system. In this paper, we invest ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Preorders between processes, like simulation, have played a central role in the verification and analysis of discretestate systems. Logical characterization of such preorders have allowed one to verify the correctness of a system by analyzing an abstraction of the system. In this paper, we investigate whether this approach can be feasibly applied to reason about stability properties of a system. Stability is an important property of systems that have a continuous component in their state space; it stipulates that when a system is started somewhere close to its ideal starting state, its behavior is close to its ideal, desired behavior. In [6], it was shown that stability with respect to equilibrium states is not preserved by bisimulation and hence additional continuity constraints were imposed on the bisimulation re
Correctbyconstruction generation of device drivers based on rtl testbenches
 In Design, Automation and Test in Europe, DATE 2009
, 2009
"... Abstract—The generation of device drivers is a very time consuming and error prone activity. All the strategies proposed up to now to simplify this operation require a manual, even formal, specification of the device driver functionalities. In the systemlevel design, IP functionalities are tested ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract—The generation of device drivers is a very time consuming and error prone activity. All the strategies proposed up to now to simplify this operation require a manual, even formal, specification of the device driver functionalities. In the systemlevel design, IP functionalities are tested by using testbenches, implemented to contain the communication protocols to correctly interact with the device. The aim of this paper is to present a methodology to automatically generate device drivers from the testbench of any RTL IP. The only manual step required is to tag the states corresponding to the different device functionalities. The Extended Finite State Machines (EFSMs) are then used to create a correctbyconstruction twolevel device driver: the lower level deals with architectural choices, while the higher one is derived from the EFSMs and it implements the communication protocols. The effectiveness of this methodology has been proved by applying it to a platform provided by STMicroelectronics. I.
A Enablednessbased Program Abstractions for Behaviour Validation
"... Code artefacts that have nontrivial requirements with respect to the ordering in which their methods or procedures ought to be called are common and appear, for instance, in the form of API implementations and objects. This work addresses the problem of validating if API implementations provide the ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Code artefacts that have nontrivial requirements with respect to the ordering in which their methods or procedures ought to be called are common and appear, for instance, in the form of API implementations and objects. This work addresses the problem of validating if API implementations provide their intended behaviour when descriptions of this behaviour are informal, partial or nonexistent. The proposed approach addresses this problem by generating abstract behaviour models which resemble typestates. These models are statically computed and encode all admissible sequences of method calls. The level of abstraction at which such models are constructed has shown to be useful for validating code artefacts and identifying findings which led to the discovery of bugs, adjustment of the requirements expected by the engineer to the requirements implicit in the code, and the improvement of available documentation.
Model checking of systems employing commutative functions
 6th International Conference on Verification, Model Checking and Abstract Interpretation, Lecture Notes in Computer Science
, 2005
"... Abstract. The paper presents methods for model checking a class of possibly infinite state concurrent programs using various types of bisimulation reductions. The proposed methods work for the class of programs in which the functions that update the variables are mutually commutative. A number of b ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. The paper presents methods for model checking a class of possibly infinite state concurrent programs using various types of bisimulation reductions. The proposed methods work for the class of programs in which the functions that update the variables are mutually commutative. A number of bisimulation relations are presented for such systems. Explicit state model checking methods that employ onthefly reductions with respect to these bisimulations are given. Some of these methods have been implemented and have been used to verify some well known protocols that employ integer variables. Various applications of the methods and optimization techniques for special cases are also given in appendix. 1 Introduction Two of the bottlenecks that hinder wider applicability of model checking approach is the state explosion problem and its less effectiveness in handling infinite state systems. In this paper, we present an approach for model checking that works for certain classes of infinite state systems and that can also be used to contain the state explosion problem. One standard model checking method, employed often, is to construct the reachability graph of the given program and then check the correctness property against this graph. One way of reducing the size of the explored graph is to employ a reduction with respect to a bisimulation relation U on the states of the reachability graph. Such a relation U is either known a priori through an implicit representation or has been computed by other means.
Could we have chosen a better Loop Invariant or Method Contract?
"... Abstract. The method contract and loop invariant rules (contract rules) are an important software verification technique for handling method invocations and loops. However, if a verification condition resulting from using a contract rule turns out to be falsifiable, then the user does not know if sh ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The method contract and loop invariant rules (contract rules) are an important software verification technique for handling method invocations and loops. However, if a verification condition resulting from using a contract rule turns out to be falsifiable, then the user does not know if she could have chosen a stronger contract to verify the program or if the program is not verifiable due to a software bug. We approach this problem and present a novel technique that unifies verification and software bug detection. 1