56,030 Hits in 7.3 sec

MACE: Model-inference-Assisted Concolic Exploration for Protocol and Vulnerability Discovery

Chia Yuan Cho, Domagoj Babic, Pongsin Poosankam, Kevin Zhijie Chen, Edward XueJun Wu, Dawn Song
2011 USENIX Security Symposium  
Our technique uses a combination of symbolic and concrete execution to build an abstract model of the analyzed application, in the form of a finite-state automaton, and uses the model to guide further  ...  Through exploration, MACE further refines the abstract model. Using the abstract model as a scaffold, our technique wields more control over the search process.  ...  MACE iteratively infers and refines an abstract model of the protocol, as implemented by the program, and exploits the model to explore the program's state-space more effectively.  ... 
dblp:conf/uss/ChoBPCWS11 fatcat:hauhmovrmbcg5lqoss4dkedrx4

BOCoSy: Small but Powerful Symbolic Output-Feedback Control

Bernd Finkbeiner, Kaushik Mallik, Noemi Passing, Malte Schledjewski, Anne-Kathrin Schmuck
2022 25th ACM International Conference on Hybrid Systems: Computation and Control  
behavior from this abstract model until a controller is found.  ...  We present BOCoSy, a tool for Bounded symbolic Output-feedback Controller Synthesis.  ...  In both fields, the straightforward solution of the posed synthesis problem is to construct an abstract symbolic model of all possible behaviors of the symbolic interface dynamics first.  ... 
doi:10.1145/3501710.3519535 fatcat:ot5h2ugqjneoxfnhwbivezpb4u

A symbolic model checking approach to verifying satellite onboard software

Xiang Gan, Jori Dubrovin, Keijo Heljanko
2014 Science of Computer Programming  
A Symbolic Model Checking Approach to Verifying Satellite Onboard Software length called the bound.  ...  These diagrams have been translated to a set of temporal logic properties, allowing the piecewise checking of the system behavior one extended state machine transition at a time.  ...  project has been financially supported by the RECOMP project funded by ARTEMIS-JU, Tekes -Finnish Funding Agency for Technology and Innovation, Conformiq Software, Space Systems Finland, and Academy of  ... 
doi:10.1016/j.scico.2013.03.005 fatcat:cwfmzpxd6ncr5a4r62ofa2wngi

SAL 2 [chapter]

Leonardo de Moura, Sam Owre, Harald Rueß, John Rushby, N. Shankar, Maria Sorea, Ashish Tiwari
2004 Lecture Notes in Computer Science  
SAL 2 augments the specification language and explicit-state model checker of SAL 1 with high-performance symbolic and bounded model checkers, and with novel infinite bounded and witness model checkers  ...  SAL 2 provides a scriptable API for its basic model checking and analysis functions that can be used to extend the system. All four new model checkers are implemented using this interface.  ...  Model Checkers SAL 2 provides high performance symbolic and bounded model checkers (SMC and BMC, respectively) for systems defined over finite state types, and a novel "infinite bounded" model checker  ... 
doi:10.1007/978-3-540-27813-9_45 fatcat:2q6fyqc2zrawxezefviacmmbvm

Checking Asynchronously Communicating Components Using Symbolic Transition Systems [chapter]

Olivier Maréchal, Pascal Poizat, Jean-Claude Royer
2004 Lecture Notes in Computer Science  
Our STS are symbolic transition systems related to an abstract description of a data type. It provides a uniform and general framework to reason and compare different but related state machines.  ...  We have to prove these results and to compare them with model-checking techniques.  ...  In [31] the authors present an algorithm to check boundedness of UML-RT models. It is based on several abstractions and the resolution of linear equations with positive coefficients.  ... 
doi:10.1007/978-3-540-30469-2_42 fatcat:xua2ebffprbnrihtxpinbsk52i

McScM: A General Framework for the Verification of Communicating Machines [chapter]

Alexander Heußner, Tristan Le Gall, Grégoire Sutre
2012 Lecture Notes in Computer Science  
McScM provides tools for the safety verification and controller synthesis of these infinite-state models.  ...  Our verification tool implements several modelchecking techniques: CEGAR with different abstraction-refinement methods, abstract interpretation, abstract regular model checking, and lazy abstraction.  ...  We focus on the safety verification of communicating finite-state machines (CM), an infinite-state formalism that consists of a set of local, finite state machines that communicate via global, asynchronous  ... 
doi:10.1007/978-3-642-28756-5_34 fatcat:n5mqloosaffj5dqnzse6htx7um

Combining Symbolic Model Checking with Uninterpreted Functions for Out-of-Order Processor Verification [chapter]

Sergey Berezin, Armin Biere, Edmund Clarke, Yunshan Zhu
1998 Lecture Notes in Computer Science  
We present a new approach to the verification of hardware systems with data dependencies using temporal logic symbolic model checking.  ...  This significantly reduces the state space and allows the use of highly efficient symbolic model checkers like SMV instead of special decision procedures.  ...  Basic Abstraction Techniques Symbolic model checking techniques [McM93] have proven to be of great value for the verification of reactive systems.  ... 
doi:10.1007/3-540-49519-3_24 fatcat:u2wt3cs2z5bsvbfecqsq33freq

Symbolic state traversal for WCET analysis

Stephan Wilhelm, Björn Wachter
2009 Proceedings of the seventh ACM international conference on Embedded software - EMSOFT '09  
We present a novel symbolic method for WCET analysis based on abstract pipeline models which produces sound results and is scalable in terms of the considered hardware states.  ...  For complex processors, task-level execution time bounds are obtained by a state exploration which involves the abstract model and the program. Partial state space exploration is not sound.  ...  We thank Daniel Kästner and Reinhard Wilhelm for proof-reading preliminary versions of this paper.  ... 
doi:10.1145/1629335.1629354 dblp:conf/emsoft/WilhelmW09 fatcat:c4m4ckvhr5ednl65jxk74nruae

Linear-Time Limited Automata [chapter]

Bruno Guillon, Luca Prigioniero
2018 Lecture Notes in Computer Science  
We also obtain polynomial transformations into related models, including weight-reducing Hennie machines, and we show exponential gaps for converse transformations in the deterministic case.  ...  The time complexity of 1-limited automata is investigated from a descriptional complexity view point.  ...  It is possible to implement A n with a number of states linear in n and #Σ +1 working symbols.  ... 
doi:10.1007/978-3-319-94631-3_11 fatcat:gizq3nh5nrel5cee6m7vuga2ba

Verification of Deployed Artifact Systems via Data Abstraction [chapter]

Francesco Belardinelli, Alessio Lomuscio, Fabio Patrizi
2011 Lecture Notes in Computer Science  
We exploit this fact to develop an abstraction technique that enables us to verify deployed artifact systems by model checking their bounded abstraction.  ...  However, when artifact systems are deployed, their states can contain only a bounded number of elements.  ...  model checking of finite-state systems.  ... 
doi:10.1007/978-3-642-25535-9_10 fatcat:i6q72nqj7bddvidclrcgr53ivu

Lessons Learned from Model Checking a NASA Robot Controller

Natasha Sharygina, James Browne, Fei Xie, Robert Kurshan, Vladimir Levin
2004 Formal methods in system design  
Twenty two of the thirty seven properties were successfully model checked. Several significant flaws in the original software system were identified and corrected during the model checking process.  ...  This paper reports as a case study an attempt to model check the control subsystem of an operational NASA robotics system.  ...  Symbolic model checking.  ... 
doi:10.1023/b:form.0000040029.73127.85 fatcat:tldbgaqcrjfkdopkmirpl2zcwi

Hippocratic binary instrumentation: First do no harm

Meera Sridhar, Richard Wartell, Kevin W. Hamlen
2014 Science of Computer Programming  
In-lined Reference Monitors (IRMs) cure binary software of security violations by instrumenting them with runtime security checks.  ...  This paper shows how recent approaches for machine-verifying the policycompliance (soundness) of IRMs can be extended to also formally verify IRM preservation of policy-compliant behaviors (transparency  ...  All opinions and conclusions expressed are those of the authors and not necessarily of the NSF or ONR.  ... 
doi:10.1016/j.scico.2014.02.024 fatcat:tdrsx7wurrgwln5un43axr6wly

Combining Model Checking and Testing [chapter]

Patrice Godefroid, Koushik Sen
2018 Handbook of Model Checking  
Over the last two decades, significant progress has been made on how to broaden the scope of model checking from finite-state abstractions to actual software implementations.  ...  This chapter presents an overview of this strand of software model checking.  ...  Classical Model Checking Traditional model checking checks properties of a system modeled in some modeling language, typically some kind of notation for communicating finite-state machines.  ... 
doi:10.1007/978-3-319-10575-8_19 fatcat:o7z7rus4ebesdlatlvgockypjy

Improving active Mealy machine learning for protocol conformance testing

Fides Aarts, Harco Kuppens, Jan Tretmans, Frits Vaandrager, Sicco Verwer
2013 Machine Learning  
Using active learning, we learn a model M R of reference implementation R, which serves as input for a model based testing tool that checks conformance of implementation I to M R .  ...  speed up conformance checking.  ...  Acknowledgements We thank Colin de la Higuera and Bernard Steffen for suggesting to use the learned reference model for answering equivalence queries, and Axel Belinfante for assisting us with JTorx.  ... 
doi:10.1007/s10994-013-5405-0 fatcat:ktmh6inwcfag7c7butm4ijnmbm

Model Checking Parameterized Asynchronous Shared-Memory Systems [chapter]

Antoine Durand-Gasselin, Javier Esparza, Pierre Ganty, Rupak Majumdar
2015 Lecture Notes in Computer Science  
We analyze the case in which processes are modeled by finite-state machines or pushdown machines and the property is given by a Büchi automaton over the alphabet of read and write actions of the leader  ...  For finite-state machines, our proofs characterize infinite behaviors using existential abstraction and semilinear constraints.  ...  We then prove that the behaviors of a pushdown machine with a bounded effective stack height can be simulated by an exponentially larger finite-state machine. Related Work.  ... 
doi:10.1007/978-3-319-21690-4_5 fatcat:rdyvec6mnnfodaacgmez3eycwy
« Previous Showing results 1 — 15 out of 56,030 results