• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-07-29
Umang Mathur, Matthew S. Bauer, Rohit Chadha, A. Prasad Sistla, Mahesh Viswanathan

Model checking systems formalized using probabilistic models such as discrete time Markov chains (DTMCs) and Markov decision processes (MDPs) can be reduced to computing constrained reachability properties. Linear programming methods to compute reachability probabilities for DTMCs and MDPs do not scale to large models. Thus, model checking tools often employ iterative methods to approximate reachability

更新日期：2020-07-30
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-07-08

A generic register automaton is a finite automaton equipped with variables (which may be viewed as counters or, more generally, registers) ranging over infinite data domains. A trace of a generic register automaton is an alternating sequence of alphabet symbols and values taken by the variables during an execution of the automaton. The problem addressed in this paper is the inclusion between the sets

更新日期：2020-07-08
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-04-15
Byron Cook, Kareem Khazem, Daniel Kroening, Serdar Tasiran, Michael Tautschnig, Mark R. Tuttle

This paper describes our experience with symbolic model checking in an industrial setting. We have proved that the initial boot code running in data centers at Amazon Web Services is memory safe, an essential step in establishing the security of any data center. Standard static analysis tools cannot be easily used on boot code without modification owing to issues not commonly found in higher-level

更新日期：2020-04-15
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-15
César Sánchez, Gerardo Schneider, Wolfgang Ahrendt, Ezio Bartocci, Domenico Bianculli, Christian Colombo, Yliès Falcone, Adrian Francalanza, Srdan Krstić, João M. Lourenço, Dejan Nickovic, Gordon J. Pace, Jose Rufino, Julien Signoles, Dmitriy Traytel, Alexander Weiss

The correct name of the seventh author is Yliès Falcone.

更新日期：2019-11-15
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-11
César Sánchez, Gerardo Schneider, Wolfgang Ahrendt, Ezio Bartocci, Domenico Bianculli, Christian Colombo, Yliès Falcone, Adrian Francalanza, Srđan Krstić, Joa̋o M. Lourenço, Dejan Nickovic, Gordon J. Pace, Jose Rufino, Julien Signoles, Dmitriy Traytel, Alexander Weiss

Runtime verification is an area of formal methods that studies the dynamic analysis of execution traces against formal specifications. Typically, the two main activities in runtime verification efforts are the process of creating monitors from specifications, and the algorithms for the evaluation of traces against the generated monitors. Other activities involve the instrumentation of the system to

更新日期：2019-11-11
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-07
Pavel Jančík, Jan Kofroň, Leonardo Alt, Grigory Fedyukovich, Antti E. J. Hyvärinen, Natasha Sharygina

Craig interpolation has been successfully employed in symbolic program verification as a means of abstraction for sets of program states. In this article, we present the partial variable assignment interpolation system, an extension of the labeled interpolation system, enriched by partial variable assignments. It allows for both generation of smaller interpolants as well as for their faster computation

更新日期：2019-11-07
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-05-12
Pavol Černý,Edmund M Clarke,Thomas A Henzinger,Arjun Radhakrishna,Leonid Ryzhyk,Roopsha Samanta,Thorsten Tarrach

We present a computer-aided programming approach to concurrency. The approach allows programmers to program assuming a friendly, non-preemptive scheduler, and our synthesis procedure inserts synchronization to ensure that the final program works even with a preemptive scheduler. The correctness specification is implicit, inferred from the non-preemptive behavior. Let us consider sequences of calls

更新日期：2019-11-01
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2016-02-24
Daniel Kroening,Matt Lewis,Georg Weissenbacher

Many software model checkers only detect counterexamples with deep loops after exploring numerous spurious and increasingly longer counterexamples. We propose a technique that aims at eliminating this weakness by constructing auxiliary paths that represent the effect of a range of loop iterations. Unlike acceleration, which captures the exact effect of arbitrarily many loop iterations, these auxiliary

更新日期：2019-11-01
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2014-01-01
Thomas Reinbacher,Matthias Függer,Jörg Brauer

We present a runtime verification framework that allows on-line monitoring of past-time Metric Temporal Logic (ptMTL) specifications in a discrete time setting. We design observer algorithms for the time-bounded modalities of ptMTL, which take advantage of the highly parallel nature of hardware designs. The algorithms can be translated into efficient hardware blocks, which are designed for reconfigurability

更新日期：2019-11-01
• Form. Methods Syst. Des. (IF 0.673) Pub Date : null
Andrzej S Murawski,Nikos Tzevelekos

We present a full classification of decidable and undecidable cases for contextual equivalence in a finitary ML-like language equipped with full ground storage (both integers and reference names can be stored). The simplest undecidable type is unit → unit → unit . At the technical level, our results marry game semantics with automata-theoretic techniques developed to handle infinite alphabets. On the

更新日期：2019-11-01
• Form. Methods Syst. Des. (IF 0.673) Pub Date : null
Stefan Jakšić,Ezio Bartocci,Radu Grosu,Thang Nguyen,Dejan Ničković

In cyber-physical systems (CPS), physical behaviors are typically controlled by digital hardware. As a consequence, continuous behaviors are discretized by sampling and quantization prior to their processing. Quantifying the similarity between CPS behaviors and their specification is an important ingredient in evaluating correctness and quality of such systems. We propose a novel procedure for measuring

更新日期：2019-11-01
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-10-14
Roderick Bloem, Goerschwin Fey, Fabian Greif, Robert Könighofer, Ingo Pill, Heinz Riener, Franz Röck

Constructing good test cases is difficult and time-consuming, especially if the system under test is still under development and its exact behavior is not yet fixed. We propose a new approach to compute test strategies for reactive systems from a given temporal logic specification using formal methods. The computed strategies are guaranteed to reveal certain simple faults in every realization of the

更新日期：2019-10-14
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-10-09
Zachary Benavides, Keval Vora, Rajiv Gupta, Xiangyu Zhang

Studying the relative behavior of an application’s threads is critical to identifying performance bottlenecks and understanding their root causes. We present context-sensitive parallel (CSP) execution profiles, that capture the relative behavior of threads in terms of the user selected code regions they execute. CSPs can be analyzed to compute execution times spent by the application in interesting

更新日期：2019-10-09
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-08-28
Yu Wang, Nima Roohi, Matthew West, Mahesh Viswanathan, Geir E. Dullerud

In this work, we study the problem of statistically verifying Probabilistic Computation Tree Logic (PCTL) formulas on discrete-time Markov chains (DTMCs) with stratified and antithetic samples. We show that by properly choosing the representation of the DTMCs, semantically negatively correlated samples can be generated for a fraction of PCTL formulas via the stratified or antithetic sampling techniques

更新日期：2019-08-28
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-08-26
Francesco Ranzato

This volume of Formal Methods in System Design (FMSD) features extended and revised versions of a selection of papers presented at the Static Analysis Symposium (SAS) held on 2017 in New York, NY. The series of Static Analysis Symposia serves as a primary venue for the presentation of theoretical, practical, and applicational advances in the area of static analysis of programs and systems. After the

更新日期：2019-08-26
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-06-25
Bernd Finkbeiner, Christopher Hahn, Marvin Stenger, Leander Tentrup

Hyperproperties, such as non-interference and observational determinism, relate multiple system executions to each other. They are not expressible in standard temporal logics, like LTL, CTL, and CTL*, and thus cannot be monitored with standard runtime verification techniques. $$\text {HyperLTL}$$ extends linear-time temporal logic (LTL) with explicit quantification over traces in order to express hyperproperties

更新日期：2019-06-25
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-05-21
Bernhard K. Aichernig, Martin Tappler

Model checking has a long-standing tradition in software verification. Given a system design it checks whether desired properties are satisfied. Unlike testing, it cannot be applied in a black-box setting. To overcome this limitation Peled et al. introduced black-box checking, a combination of testing, model inference and model checking. The technique requires systems to be fully deterministic. For

更新日期：2019-05-21
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-02-06
David Basin, Bhargav Nagaraja Bhatt, Srđan Krstić, Dmitriy Traytel

A monitoring algorithm is trace-length independent if its space consumption does not depend on the number of events processed. The analysis of many monitoring algorithms has aimed at establishing their trace-length independence. But a monitor’s space consumption can depend on characteristics of the trace other than its size. We put forward the stronger notion of event-rate independence, where a monitor’s

更新日期：2019-02-06
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-23
Susmit Jha, Ashish Tiwari, Sanjit A. Seshia, Tuhin Sahai, Natarajan Shankar

We propose a novel passive learning approach, TeLex, to infer signal temporal logic (STL) formulas that characterize the behavior of a dynamical system using only observed signal traces of the system. First, we present a template-driven learning approach that requires two inputs: a set of observed traces and a template STL formula. The unknown parameters in the template can include time-bounds of the

更新日期：2019-01-23
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-17

In this paper we present a static analysis of probabilistic programs to quantify their performance properties by taking into account both the stochastic aspects of the language and those related to the execution environment. More particularly, we are interested in the analysis of communication protocols in lossy networks and we aim at inferring statically parametric bounds of some important metrics

更新日期：2019-01-17
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-07
Kalev Alpernas, Aurojit Panda, Alexander Rabinovich, Mooly Sagiv, Scott Shenker, Sharon Shoham, Yaron Velner

In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state

更新日期：2019-01-07
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-02
Jianwen Li, Shufang Zhu, Geguang Pu, Lijun Zhang, Moshe Y. Vardi

We present here a new explicit reasoning framework for linear temporal logic (LTL), which is built on top of propositional satisfiability (SAT) solving. The crux of our approach is a construction of temporal transition system that is based on SAT-solving rather than tableau to construct states and transitions. As a proof-of-concept of this framework, we describe a new LTL satisfiability algorithm.

更新日期：2019-01-02
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-10-18
Tushar Sharma, Thomas Reps

This paper addresses the problem of abstracting a set of affine transformers $$\overrightarrow{v}' = \overrightarrow{v} \cdot C + \overrightarrow{d}$$, where $$\overrightarrow{v}$$ and $$\overrightarrow{v}'$$ represent the pre-state and post-state, respectively. We introduce a framework to harness any base abstract domain $$\mathcal {B}$$ in an abstract domain of affine transformations. Abstract domains

更新日期：2018-10-18
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-08-21
Ahmed Bouajjani, Constantin Enea, Shuvendu K. Lahiri

We present an approach for comparing two closely related concurrent programs, whose goal is to give feedback about interesting differences without relying on user-provided assertions. This approach compares two programs in terms of cross-thread interferences and data-flow, under a parametrized abstraction which can detect any difference in the limit. We introduce a partial order relation between these

更新日期：2018-08-21
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-01-24
Aziem Chawdhary, Ed Robbins, Andy King

The octagon abstract domain is a widely used numeric abstract domain expressing relational information between variables whilst being both computationally efficient and simple to implement. Each element of the domain is a system of constraints where each constraint takes the restricted form $$\pm \, x_i \pm x_j \le c$$. A key family of operations for the octagon domain are closure algorithms, which

更新日期：2018-01-24
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-02-16
Andrew Reynolds, Viktor Kuncak, Cesare Tinelli, Clark Barrett, Morgan Deters

We introduce the first program synthesis engine implemented inside an SMT solver. We present an approach that extracts solution functions from unsatisfiability proofs of the negated form of synthesis conjectures. We also discuss novel counterexample-guided techniques for quantifier instantiation that we use to make finding such proofs practically feasible. A particularly important class of specifications

更新日期：2017-02-16
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-01-27
Aleksandar Milicevic, Joseph P. Near, Eunsuk Kang, Daniel Jackson

The last decade has seen a dramatic growth in the use of constraint solvers as a computational mechanism, not only for analysis of software, but also at runtime. Solvers are available for a variety of logics but are generally restricted to first-order formulas. Some tasks, however, most notably those involving synthesis, are inherently higher order; these are typically handled by embedding a first-order

更新日期：2017-01-27
Contents have been reproduced by permission of the publishers.

down
wechat
bug