当前期刊: Formal Methods in System Design Go to current issue    加入关注   
显示样式:        排序: IF: - GO 导出
  • Exact quantitative probabilistic model checking through rational search
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-07-29
    Umang Mathur, Matthew S. Bauer, Rohit Chadha, A. Prasad Sistla, Mahesh Viswanathan

    Model checking systems formalized using probabilistic models such as discrete time Markov chains (DTMCs) and Markov decision processes (MDPs) can be reduced to computing constrained reachability properties. Linear programming methods to compute reachability probabilities for DTMCs and MDPs do not scale to large models. Thus, model checking tools often employ iterative methods to approximate reachability

  • Abstraction refinement and antichains for trace inclusion of infinite state systems
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-07-08
    Lukáš Holík, Radu Iosif, Adam Rogalewicz, Tomáš Vojnar

    A generic register automaton is a finite automaton equipped with variables (which may be viewed as counters or, more generally, registers) ranging over infinite data domains. A trace of a generic register automaton is an alternating sequence of alphabet symbols and values taken by the variables during an execution of the automaton. The problem addressed in this paper is the inclusion between the sets

  • Model checking boot code from AWS data centers
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-04-15
    Byron Cook, Kareem Khazem, Daniel Kroening, Serdar Tasiran, Michael Tautschnig, Mark R. Tuttle

    This paper describes our experience with symbolic model checking in an industrial setting. We have proved that the initial boot code running in data centers at Amazon Web Services is memory safe, an essential step in establishing the security of any data center. Standard static analysis tools cannot be easily used on boot code without modification owing to issues not commonly found in higher-level

  • Correction to: A survey of challenges for runtime verification from advanced application domains (beyond software)
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-15
    César Sánchez, Gerardo Schneider, Wolfgang Ahrendt, Ezio Bartocci, Domenico Bianculli, Christian Colombo, Yliès Falcone, Adrian Francalanza, Srdan Krstić, João M. Lourenço, Dejan Nickovic, Gordon J. Pace, Jose Rufino, Julien Signoles, Dmitriy Traytel, Alexander Weiss

    The correct name of the seventh author is Yliès Falcone.

  • A survey of challenges for runtime verification from advanced application domains (beyond software)
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-11
    César Sánchez, Gerardo Schneider, Wolfgang Ahrendt, Ezio Bartocci, Domenico Bianculli, Christian Colombo, Yliès Falcone, Adrian Francalanza, Srđan Krstić, Joa̋o M. Lourenço, Dejan Nickovic, Gordon J. Pace, Jose Rufino, Julien Signoles, Dmitriy Traytel, Alexander Weiss

    Runtime verification is an area of formal methods that studies the dynamic analysis of execution traces against formal specifications. Typically, the two main activities in runtime verification efforts are the process of creating monitors from specifications, and the algorithms for the evaluation of traces against the generated monitors. Other activities involve the instrumentation of the system to

  • Exploiting partial variable assignment in interpolation-based model checking
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-07
    Pavel Jančík, Jan Kofroň, Leonardo Alt, Grigory Fedyukovich, Antti E. J. Hyvärinen, Natasha Sharygina

    Craig interpolation has been successfully employed in symbolic program verification as a means of abstraction for sets of program states. In this article, we present the partial variable assignment interpolation system, an extension of the labeled interpolation system, enriched by partial variable assignments. It allows for both generation of smaller interpolants as well as for their faster computation

  • From non-preemptive to preemptive scheduling using synchronization synthesis.
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-05-12
    Pavol Černý,Edmund M Clarke,Thomas A Henzinger,Arjun Radhakrishna,Leonid Ryzhyk,Roopsha Samanta,Thorsten Tarrach

    We present a computer-aided programming approach to concurrency. The approach allows programmers to program assuming a friendly, non-preemptive scheduler, and our synthesis procedure inserts synchronization to ensure that the final program works even with a preemptive scheduler. The correctness specification is implicit, inferred from the non-preemptive behavior. Let us consider sequences of calls

  • Under-approximating loops in C programs for fast counterexample detection.
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2016-02-24
    Daniel Kroening,Matt Lewis,Georg Weissenbacher

    Many software model checkers only detect counterexamples with deep loops after exploring numerous spurious and increasingly longer counterexamples. We propose a technique that aims at eliminating this weakness by constructing auxiliary paths that represent the effect of a range of loop iterations. Unlike acceleration, which captures the exact effect of arbitrarily many loop iterations, these auxiliary

  • Runtime verification of embedded real-time systems.
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2014-01-01
    Thomas Reinbacher,Matthias Függer,Jörg Brauer

    We present a runtime verification framework that allows on-line monitoring of past-time Metric Temporal Logic (ptMTL) specifications in a discrete time setting. We design observer algorithms for the time-bounded modalities of ptMTL, which take advantage of the highly parallel nature of hardware designs. The algorithms can be translated into efficient hardware blocks, which are designed for reconfigurability

  • Algorithmic games for full ground references.
    Form. Methods Syst. Des. (IF 0.673) Pub Date : null
    Andrzej S Murawski,Nikos Tzevelekos

    We present a full classification of decidable and undecidable cases for contextual equivalence in a finitary ML-like language equipped with full ground storage (both integers and reference names can be stored). The simplest undecidable type is unit → unit → unit . At the technical level, our results marry game semantics with automata-theoretic techniques developed to handle infinite alphabets. On the

  • Quantitative monitoring of STL with edit distance.
    Form. Methods Syst. Des. (IF 0.673) Pub Date : null
    Stefan Jakšić,Ezio Bartocci,Radu Grosu,Thang Nguyen,Dejan Ničković

    In cyber-physical systems (CPS), physical behaviors are typically controlled by digital hardware. As a consequence, continuous behaviors are discretized by sampling and quantization prior to their processing. Quantifying the similarity between CPS behaviors and their specification is an important ingredient in evaluating correctness and quality of such systems. We propose a novel procedure for measuring

  • Synthesizing adaptive test strategies from temporal logic specifications
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-10-14
    Roderick Bloem, Goerschwin Fey, Fabian Greif, Robert Könighofer, Ingo Pill, Heinz Riener, Franz Röck

    Constructing good test cases is difficult and time-consuming, especially if the system under test is still under development and its exact behavior is not yet fixed. We propose a new approach to compute test strategies for reactive systems from a given temporal logic specification using formal methods. The computed strategies are guaranteed to reveal certain simple faults in every realization of the

  • Annotation guided collection of context-sensitive parallel execution profiles
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-10-09
    Zachary Benavides, Keval Vora, Rajiv Gupta, Xiangyu Zhang

    Studying the relative behavior of an application’s threads is critical to identifying performance bottlenecks and understanding their root causes. We present context-sensitive parallel (CSP) execution profiles, that capture the relative behavior of threads in terms of the user selected code regions they execute. CSPs can be analyzed to compute execution times spent by the application in interesting

  • Statistical verification of PCTL using antithetic and stratified samples
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-08-28
    Yu Wang, Nima Roohi, Matthew West, Mahesh Viswanathan, Geir E. Dullerud

    In this work, we study the problem of statistically verifying Probabilistic Computation Tree Logic (PCTL) formulas on discrete-time Markov chains (DTMCs) with stratified and antithetic samples. We show that by properly choosing the representation of the DTMCs, semantically negatively correlated samples can be generated for a fraction of PCTL formulas via the stratified or antithetic sampling techniques

  • Foreword to the special issue on the 2017 Static Analysis Symposium
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-08-26
    Francesco Ranzato

    This volume of Formal Methods in System Design (FMSD) features extended and revised versions of a selection of papers presented at the Static Analysis Symposium (SAS) held on 2017 in New York, NY. The series of Static Analysis Symposia serves as a primary venue for the presentation of theoretical, practical, and applicational advances in the area of static analysis of programs and systems. After the

  • Monitoring hyperproperties
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-06-25
    Bernd Finkbeiner, Christopher Hahn, Marvin Stenger, Leander Tentrup

    Hyperproperties, such as non-interference and observational determinism, relate multiple system executions to each other. They are not expressible in standard temporal logics, like LTL, CTL, and CTL*, and thus cannot be monitored with standard runtime verification techniques. \(\text {HyperLTL}\) extends linear-time temporal logic (LTL) with explicit quantification over traces in order to express hyperproperties

  • Probabilistic black-box reachability checking (extended version)
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-05-21
    Bernhard K. Aichernig, Martin Tappler

    Model checking has a long-standing tradition in software verification. Given a system design it checks whether desired properties are satisfied. Unlike testing, it cannot be applied in a black-box setting. To overcome this limitation Peled et al. introduced black-box checking, a combination of testing, model inference and model checking. The technique requires systems to be fully deterministic. For

  • Almost event-rate independent monitoring
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-02-06
    David Basin, Bhargav Nagaraja Bhatt, Srđan Krstić, Dmitriy Traytel

    A monitoring algorithm is trace-length independent if its space consumption does not depend on the number of events processed. The analysis of many monitoring algorithms has aimed at establishing their trace-length independence. But a monitor’s space consumption can depend on characteristics of the trace other than its size. We put forward the stronger notion of event-rate independence, where a monitor’s

  • TeLEx: learning signal temporal logic from positive examples using tightness metric
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-23
    Susmit Jha, Ashish Tiwari, Sanjit A. Seshia, Tuhin Sahai, Natarajan Shankar

    We propose a novel passive learning approach, TeLex, to infer signal temporal logic (STL) formulas that characterize the behavior of a dynamical system using only observed signal traces of the system. First, we present a template-driven learning approach that requires two inputs: a set of observed traces and a template STL formula. The unknown parameters in the template can include time-bounds of the

  • Quantitative static analysis of communication protocols using abstract Markov chains
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-17
    Abdelraouf Ouadjaout, Antoine Miné

    In this paper we present a static analysis of probabilistic programs to quantify their performance properties by taking into account both the stochastic aspects of the language and those related to the execution environment. More particularly, we are interested in the analysis of communication protocols in lossy networks and we aim at inferring statically parametric bounds of some important metrics

  • Some complexity results for stateful network verification
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-07
    Kalev Alpernas, Aurojit Panda, Alexander Rabinovich, Mooly Sagiv, Scott Shenker, Sharon Shoham, Yaron Velner

    In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state

  • SAT-based explicit LTL reasoning and its application to satisfiability checking
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-02
    Jianwen Li, Shufang Zhu, Geguang Pu, Lijun Zhang, Moshe Y. Vardi

    We present here a new explicit reasoning framework for linear temporal logic (LTL), which is built on top of propositional satisfiability (SAT) solving. The crux of our approach is a construction of temporal transition system that is based on SAT-solving rather than tableau to construct states and transitions. As a proof-of-concept of this framework, we describe a new LTL satisfiability algorithm.

  • A new abstraction framework for affine transformers
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-10-18
    Tushar Sharma, Thomas Reps

    This paper addresses the problem of abstracting a set of affine transformers \(\overrightarrow{v}' = \overrightarrow{v} \cdot C + \overrightarrow{d}\), where \(\overrightarrow{v}\) and \(\overrightarrow{v}'\) represent the pre-state and post-state, respectively. We introduce a framework to harness any base abstract domain \(\mathcal {B}\) in an abstract domain of affine transformations. Abstract domains

  • Abstract semantic diffing of evolving concurrent programs
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-08-21
    Ahmed Bouajjani, Constantin Enea, Shuvendu K. Lahiri

    We present an approach for comparing two closely related concurrent programs, whose goal is to give feedback about interesting differences without relying on user-provided assertions. This approach compares two programs in terms of cross-thread interferences and data-flow, under a parametrized abstraction which can detect any difference in the limit. We introduce a partial order relation between these

  • Incrementally closing octagons
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-01-24
    Aziem Chawdhary, Ed Robbins, Andy King

    The octagon abstract domain is a widely used numeric abstract domain expressing relational information between variables whilst being both computationally efficient and simple to implement. Each element of the domain is a system of constraints where each constraint takes the restricted form \(\pm \, x_i \pm x_j \le c\). A key family of operations for the octagon domain are closure algorithms, which

  • Refutation-based synthesis in SMT
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-02-16
    Andrew Reynolds, Viktor Kuncak, Cesare Tinelli, Clark Barrett, Morgan Deters

    We introduce the first program synthesis engine implemented inside an SMT solver. We present an approach that extracts solution functions from unsatisfiability proofs of the negated form of synthesis conjectures. We also discuss novel counterexample-guided techniques for quantifier instantiation that we use to make finding such proofs practically feasible. A particularly important class of specifications

  • Alloy*: a general-purpose higher-order relational constraint solver
    Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-01-27
    Aleksandar Milicevic, Joseph P. Near, Eunsuk Kang, Daniel Jackson

    The last decade has seen a dramatic growth in the use of constraint solvers as a computational mechanism, not only for analysis of software, but also at runtime. Solvers are available for a variety of logics but are generally restricted to first-order formulas. Some tasks, however, most notably those involving synthesis, are inherently higher order; these are typically handled by embedding a first-order

Contents have been reproduced by permission of the publishers.