Symbolic Execution Based Model Checking of Open Systems with Unbounded Variables.

We also applied our technique to a non software model-checking problem from biology -we used it to analyze and synthesize correct executions from scenario-based requirements in the form of Live Sequence ... Here, we show how to avoid explicit loop unrolling by using the SMT Theory of Lists to model feasible, potentially unbounded program traces. ... the execution of the system. ...

doi:10.1007/978-3-642-20398-5_21 fatcat:t42tptw65zepbc4rvvxassjj2m

A method of automatic abstraction is presented that uses proofs of unsatisfiability derived from SAT-based bounded model checking as a guide to choosing an abstraction for unbounded model checking. ... In almost all cases tested, when bounded model checking succeeded, unbounded model checking of the resulting abstraction also succeeded. ... Tests were performed on a Linux workstation with a 930MHz Pentium III processor and 512MB of available memory. Unbounded symbolic model checking was performed using the Cadence SMV system. ...

doi:10.1007/3-540-36577-x_2 fatcat:e64cd34ovbgwpg3y37aafo5jfe

We then introduce pid quantified constraint, a new symbolic representation that can encode infinite many system states, to verify systems with unbounded and dynamic process instantiations. ... We first show how three different model checking techniques are applied when the number of processes is limited to a predetermined number. ... 0 ( E ¦ V There are two types of model checking techniques, explicit state model checking [17] and symbolic model checking [4] . ...

doi:10.1007/3-540-36189-8_15 fatcat:duunf6ki7bgahd2vd22gs4aziq

behavior), thus giving the effect of working with a fully operational system or an executable model. ... We describe a methodology for executing scenario-based requirements of reactive systems, focusing on "playing-out" the behavior using formal verification techniques for driving the execution. ... In [5] model-checking is used for verifying properties of a state-based model (which is the traditional use of model-checking), while we use model-checking for driving the execution of a scenario-based ...

doi:10.1007/3-540-36126-x_23 fatcat:ud2k5d3lxvhh5gfhx4gqykdcgu

With this work we conceptualize array-typed logic variables ("free arrays"), thus completing the set of types that logic variables can assume in constraint-logic object-oriented programming. ... The ability to use logic variables, constraints, non-deterministic search, and object-oriented programming in an integrated way facilitates the combination of search-related program parts and other business ... Based on this solver, support for arrays was included into Microsoft's test-case generator Pex [17] and into the symbolic code execution mechanism of NASA's Java Pathfinder, a model checker and test-case ...

arXiv:2008.13460v1 fatcat:fegp4rqarvdi3cnfjdbsioq2fi

The new capability is based on symbolic execution that allows us to automatically generate quality test suites based on the system design. ... Symbolic execution is used to generate both user input and test oracles; user input drives the testing of the system implementation, and test oracles ensure that the system behaves as designed. ... SPF is an open source execution engine that symbolically executes Java bytecode. ...

doi:10.1109/icsmc.2011.6083936 dblp:conf/smc/GiannakopoulouRF11 fatcat:l2pwgdu4sneflg5x7olpzhkpqe

Yet, the choices made when designing the specification languages provided by those front-ends differ significantly, in particular with respect to the executability of specifications. ... We emphasize the specific feature of ghost code which turns out to be extremely useful for both static and dynamic verification. ... These issues are extensively discussed by Chalin [7] based on experimental studies with practitioners. Executable features of Why3. ...

doi:10.1007/978-3-319-47166-2_32 fatcat:7lzkiav36ndsrkkhal6phvnwam

Instead of undergoing usual model checking, system requirements are checked only on particular system behaviors which represent a test suite achieving coverage for both the system and the requirements. ... Searching for synergies between these two approaches, this paper proposes a framework to ensure reliability of industrial automation systems by means of hybrid use of model checking and testing. ... Then, it was found that applying BDD-based exact symbolic model checking for test case generation is comparable with usual BDD-based symbolic model checking of the closed-loop system in terms of required ...

arXiv:1907.11895v1 fatcat:we6gq6emjvhm5pfkmvt37mekpi

For any program with a bounded visible heap, meaning that the number of objects reachable from variables at any point of execution is bounded, this abstraction is a finitary representation of its behaviour ... In the presence of recursive procedures and local variables the interactions of a program with the heap can become rather complex, as an unbounded number of objects can be allocated either on the call ... For example, it can be combined with the SAL (Symbolic Analysis Laboratory) model checker [17] that uses unbounded arrays whose sizes vary dynamically to store objects. ...

doi:10.4204/eptcs.104.9 fatcat:q633v4o5cbaznnyy3mkhrdbesa

DOAJ Multiple Versions

These include Dagstuhl Seminar 13021 "Symbolic Methods in Testing"; Dagstuhl ... This report documents the program and the outcomes of Dagstuhl Seminar 16201 "Synergies among Testing, Verification, and Repair for Concurrent Programs". ... These specifications can be composed, so that end-to-end behaviours of parts of a system can be summarised and reasoned about modularly. ...

doi:10.4230/dagrep.6.5.56 dblp:journals/dagstuhl-reports/DolbyGMT16 fatcat:3ou6mdvytrfnfhjf542sbpn6lm

We show that our implementation can better mitigate the path-explosion problem than symbolic execution without abstraction, by comparing the performance to the state-of-the-art Klee-based symbolic-execution ... We present CPA-SymExec, a tool for symbolic execution that is implemented in the open-source, configurable verification framework CPAchecker. ... We thank the contributors of the CPAchecker project (http://cpachecker.sosy-lab.org/acknow.php); CPA-SymExec is based on many standard components of this framework. ...

doi:10.1145/3238147.3240478 dblp:conf/kbse/0001018 fatcat:x764necan5b2hkv7hb4tu3a5uu

Rewriting modulo SMT is ideally suited to model and analyze infinite-state open systems, i.e., systems that interact with a non-deterministic environment. ... This paper proposes rewriting modulo SMT, a new technique that combines the power of SMT solving, rewriting modulo theories, and model checking. ... The first author would like to thank the National Institute of Aerospace for a short visit supported by the Assurance of Flight Critical System's project of NASA's Aviation Safety Program at Langley Research ...

doi:10.1007/978-3-319-12904-4_14 fatcat:v4r2osetzjekpmx2bxnrvazf3y

A methodology and automated tool flow have been developed for verifying systems of timed asynchronous circuits through compositional model checking of formal models with symbolic methods. ... The results show that the capability of previous methods is enhanced to enable the hierarchical verification of substantially larger timed systems. ... CONCLUSION A symbolic model checking CAD tool flow for verifying systems of timed asynchronous protocols with BDD and SAT methods is presented. ...

doi:10.1109/isvlsi.2013.6654650 dblp:conf/isvlsi/DesaiSO13 fatcat:bd3xxuhzdreqxi4eahq53icctq

To this end we complement model checking techniques with symbolic reasoning methods and show that, under certain circumstances, code fragments do not a®ect the validity of underlying properties. ... Keywords: model checking, Java PathFinder, symbolic reasoning, instrumentation, monitoring, invariant strengthening. ... Willem Visser for inviting me to NASA Ames in the summer of 2002, when this work was mainly carried out, and discussing topics on model checking and symbolic methods. Thanks to Dr. ...

doaj:bebeacb132e24e3aaaf74ed586223b5d fatcat:zeg26ybownewzl366xhvelmi44

DOAJ OJS

From this step combined with the untimed model-checking step, the user obtains a sufficient set of timing parameter constraints under which the system executes correctly with respect to a given safety ... Then, by using ordinary untimed model-checking, the user examines whether a discretized system model in which all timing constraints are abstracted away satisfies a desirable safety property under the ... I also thank anonymous reviewers of a conference version of this paper for their helpful comments. ...

doi:10.1145/1450058.1450060 dblp:conf/emsoft/Umeno08 fatcat:rzo2t4xfhjcjhcobybj5jy52y4

Model Checking Using SMT and Theory of Lists [chapter]

Preserved Fulltext

Automatic Abstraction without Counterexamples [chapter]

Preserved Fulltext

Formal Verification of e-Services and Workflows [chapter]

Preserved Fulltext

Smart Play-out of Behavioral Requirements [chapter]

Preserved Fulltext

Constraint-Logic Object-Oriented Programming with Free Arrays [article]

Preserved Fulltext

Automated test case generation for an autopilot requirement prototype

Preserved Fulltext

Static versus Dynamic Verification in Why3, Frama-C and SPARK 2014 [chapter]

Preserved Fulltext

Combining closed-loop test generation and execution by means of model checking [article]

Preserved Fulltext

Interacting via the Heap in the Presence of Recursion

Preserved Fulltext

Synergies among Testing, Verification, and Repair for Concurrent Programs (Dagstuhl Seminar 16201)

Preserved Fulltext

CPA-SymExec: efficient symbolic execution in CPAchecker

Preserved Fulltext

Rewriting Modulo SMT and Open System Analysis [chapter]

Preserved Fulltext

Symbolic verification of timed asynchronous hardware protocols

Preserved Fulltext

Combining symbolic execution and model checking to reduce dynamic program analysis overhead

Preserved Fulltext

Event order abstraction for parametric real-time system verification

Preserved Fulltext