• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-10-21
S. Akshay, Supratik Chakraborty, Shubham Goel, Sumith Kulal, Shetal Shah

Given a relational specification between Boolean inputs and outputs, Boolean functional synthesis seeks to synthesize each output as a function of the inputs such that the specification is met. Despite significant algorithmic advances in Boolean functional synthesis over the past few years, there are relatively small specifications that have remained beyond the reach of all state-of-the-art tools.

更新日期：2020-10-26
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-10-21
Philipp Körner, Jens Bendisposto, Jannik Dunkelau, Sebastian Krings, Michael Leuschel

The common formal methods workflow consists of formalising a model followed by applying model checking and proof techniques. Once an appropriate level of certainty is reached, code generators are used in order to gain executable code. In this paper, we propose a different approach: instead of generating code from formal models, it is also possible to embed a model checker or animator into applications

更新日期：2020-10-26
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-10-12
Camille Coti, Laure Petrucci, César Rodríguez, Marcelo Sousa

A dynamic partial order reduction (DPOR) algorithm is optimal when it always explores at most one representative per Mazurkiewicz trace. Existing literature suggests that the reduction obtained by the non-optimal, state-of-the-art Source-DPOR (SDPOR) algorithm is comparable to optimal DPOR. We show the first program with $$\mathop {\mathcal {O}}(n)$$ Mazurkiewicz traces where SDPOR explores $$\mathop 更新日期：2020-10-12 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-09-30 William T. Hallahan, Ennan Zhai, Ruzica Piskac Firewalls are widely deployed to manage enterprise networks. Because enterprise-scale firewalls contain hundreds or thousands of rules, ensuring the correctness of firewalls—that the rules in the firewalls meet the specifications of their administrators—is an important but challenging problem. Although existing firewall diagnosis and verification techniques can identify potentially faulty rules, they 更新日期：2020-09-30 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-09-20 Paul Gainer, Sven Linker, Clare Dixon, Ullrich Hustadt, Michael Fisher Algorithms for the synchronisation of clocks across networks are both common and important within distributed systems. We here address not only the formal modelling of these algorithms, but also the formal verification of their behaviour. Of particular importance is the strong link between the very different levels of abstraction at which the algorithms may be verified. Our contribution is primarily 更新日期：2020-09-21 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-07-29 Umang Mathur, Matthew S. Bauer, Rohit Chadha, A. Prasad Sistla, Mahesh Viswanathan Model checking systems formalized using probabilistic models such as discrete time Markov chains (DTMCs) and Markov decision processes (MDPs) can be reduced to computing constrained reachability properties. Linear programming methods to compute reachability probabilities for DTMCs and MDPs do not scale to large models. Thus, model checking tools often employ iterative methods to approximate reachability 更新日期：2020-07-30 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-07-08 Lukáš Holík, Radu Iosif, Adam Rogalewicz, Tomáš Vojnar A generic register automaton is a finite automaton equipped with variables (which may be viewed as counters or, more generally, registers) ranging over infinite data domains. A trace of a generic register automaton is an alternating sequence of alphabet symbols and values taken by the variables during an execution of the automaton. The problem addressed in this paper is the inclusion between the sets 更新日期：2020-07-08 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2020-04-15 Byron Cook, Kareem Khazem, Daniel Kroening, Serdar Tasiran, Michael Tautschnig, Mark R. Tuttle This paper describes our experience with symbolic model checking in an industrial setting. We have proved that the initial boot code running in data centers at Amazon Web Services is memory safe, an essential step in establishing the security of any data center. Standard static analysis tools cannot be easily used on boot code without modification owing to issues not commonly found in higher-level 更新日期：2020-04-15 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-15 César Sánchez, Gerardo Schneider, Wolfgang Ahrendt, Ezio Bartocci, Domenico Bianculli, Christian Colombo, Yliès Falcone, Adrian Francalanza, Srdan Krstić, João M. Lourenço, Dejan Nickovic, Gordon J. Pace, Jose Rufino, Julien Signoles, Dmitriy Traytel, Alexander Weiss The correct name of the seventh author is Yliès Falcone. 更新日期：2019-11-15 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-11 César Sánchez; Gerardo Schneider; Wolfgang Ahrendt; Ezio Bartocci; Domenico Bianculli; Christian Colombo; Yliès Falcone; Adrian Francalanza; Srđan Krstić; Joa̋o M. Lourenço; Dejan Nickovic; Gordon J. Pace; Jose Rufino; Julien Signoles; Dmitriy Traytel; Alexander Weiss Runtime verification is an area of formal methods that studies the dynamic analysis of execution traces against formal specifications. Typically, the two main activities in runtime verification efforts are the process of creating monitors from specifications, and the algorithms for the evaluation of traces against the generated monitors. Other activities involve the instrumentation of the system to 更新日期：2019-11-11 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-11-07 Pavel Jančík; Jan Kofroň; Leonardo Alt; Grigory Fedyukovich; Antti E. J. Hyvärinen; Natasha Sharygina Craig interpolation has been successfully employed in symbolic program verification as a means of abstraction for sets of program states. In this article, we present the partial variable assignment interpolation system, an extension of the labeled interpolation system, enriched by partial variable assignments. It allows for both generation of smaller interpolants as well as for their faster computation 更新日期：2019-11-07 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-10-14 Roderick Bloem, Goerschwin Fey, Fabian Greif, Robert Könighofer, Ingo Pill, Heinz Riener, Franz Röck Constructing good test cases is difficult and time-consuming, especially if the system under test is still under development and its exact behavior is not yet fixed. We propose a new approach to compute test strategies for reactive systems from a given temporal logic specification using formal methods. The computed strategies are guaranteed to reveal certain simple faults in every realization of the 更新日期：2019-10-14 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-10-09 Zachary Benavides; Keval Vora; Rajiv Gupta; Xiangyu Zhang Studying the relative behavior of an application’s threads is critical to identifying performance bottlenecks and understanding their root causes. We present context-sensitive parallel (CSP) execution profiles, that capture the relative behavior of threads in terms of the user selected code regions they execute. CSPs can be analyzed to compute execution times spent by the application in interesting 更新日期：2019-10-09 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-08-28 Yu Wang; Nima Roohi; Matthew West; Mahesh Viswanathan; Geir E. Dullerud In this work, we study the problem of statistically verifying Probabilistic Computation Tree Logic (PCTL) formulas on discrete-time Markov chains (DTMCs) with stratified and antithetic samples. We show that by properly choosing the representation of the DTMCs, semantically negatively correlated samples can be generated for a fraction of PCTL formulas via the stratified or antithetic sampling techniques 更新日期：2019-08-28 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-08-26 Francesco Ranzato This volume of Formal Methods in System Design (FMSD) features extended and revised versions of a selection of papers presented at the Static Analysis Symposium (SAS) held on 2017 in New York, NY. The series of Static Analysis Symposia serves as a primary venue for the presentation of theoretical, practical, and applicational advances in the area of static analysis of programs and systems. After the 更新日期：2019-08-26 • Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-06-25 Bernd Finkbeiner, Christopher Hahn, Marvin Stenger, Leander Tentrup Hyperproperties, such as non-interference and observational determinism, relate multiple system executions to each other. They are not expressible in standard temporal logics, like LTL, CTL, and CTL*, and thus cannot be monitored with standard runtime verification techniques. \(\text {HyperLTL}$$ extends linear-time temporal logic (LTL) with explicit quantification over traces in order to express hyperproperties

更新日期：2019-06-25
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-05-21
Bernhard K. Aichernig; Martin Tappler

Model checking has a long-standing tradition in software verification. Given a system design it checks whether desired properties are satisfied. Unlike testing, it cannot be applied in a black-box setting. To overcome this limitation Peled et al. introduced black-box checking, a combination of testing, model inference and model checking. The technique requires systems to be fully deterministic. For

更新日期：2019-05-21
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-02-06
David Basin; Bhargav Nagaraja Bhatt; Srđan Krstić; Dmitriy Traytel

A monitoring algorithm is trace-length independent if its space consumption does not depend on the number of events processed. The analysis of many monitoring algorithms has aimed at establishing their trace-length independence. But a monitor’s space consumption can depend on characteristics of the trace other than its size. We put forward the stronger notion of event-rate independence, where a monitor’s

更新日期：2019-02-06
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-23
Susmit Jha; Ashish Tiwari; Sanjit A. Seshia; Tuhin Sahai; Natarajan Shankar

We propose a novel passive learning approach, TeLex, to infer signal temporal logic (STL) formulas that characterize the behavior of a dynamical system using only observed signal traces of the system. First, we present a template-driven learning approach that requires two inputs: a set of observed traces and a template STL formula. The unknown parameters in the template can include time-bounds of the

更新日期：2019-01-23
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-17

In this paper we present a static analysis of probabilistic programs to quantify their performance properties by taking into account both the stochastic aspects of the language and those related to the execution environment. More particularly, we are interested in the analysis of communication protocols in lossy networks and we aim at inferring statically parametric bounds of some important metrics

更新日期：2019-01-17
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-07
Kalev Alpernas; Aurojit Panda; Alexander Rabinovich; Mooly Sagiv; Scott Shenker; Sharon Shoham; Yaron Velner

In modern networks, forwarding of packets often depends on the history of previously transmitted traffic. Such networks contain stateful middleboxes, whose forwarding behaviour depends on a mutable internal state. Firewalls and load balancers are typical examples of stateful middleboxes. This work addresses the complexity of verifying safety properties, such as isolation, in networks with finite-state

更新日期：2019-01-07
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2019-01-02
Jianwen Li; Shufang Zhu; Geguang Pu; Lijun Zhang; Moshe Y. Vardi

We present here a new explicit reasoning framework for linear temporal logic (LTL), which is built on top of propositional satisfiability (SAT) solving. The crux of our approach is a construction of temporal transition system that is based on SAT-solving rather than tableau to construct states and transitions. As a proof-of-concept of this framework, we describe a new LTL satisfiability algorithm.

更新日期：2019-01-02
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-10-18
Tushar Sharma; Thomas Reps

This paper addresses the problem of abstracting a set of affine transformers $$\overrightarrow{v}' = \overrightarrow{v} \cdot C + \overrightarrow{d}$$, where $$\overrightarrow{v}$$ and $$\overrightarrow{v}'$$ represent the pre-state and post-state, respectively. We introduce a framework to harness any base abstract domain $$\mathcal {B}$$ in an abstract domain of affine transformations. Abstract domains

更新日期：2018-10-18
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-09-04
Jessica Gronski; Mohamed-Amin Ben Sassi; Stephen Becker; Sriram Sankaranarayanan

In this paper, we study the template polyhedral abstract domain using connections to bilinear optimization techniques. The connections between abstract interpretation and convex optimization approaches have been studied for nearly a decade now. Specifically, data flow constraints for numerical domains such as polyhedra can be expressed in terms of bilinear constraints. Algorithms such as policy and

更新日期：2018-09-04
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-08-21
Ahmed Bouajjani; Constantin Enea; Shuvendu K. Lahiri

We present an approach for comparing two closely related concurrent programs, whose goal is to give feedback about interesting differences without relying on user-provided assertions. This approach compares two programs in terms of cross-thread interferences and data-flow, under a parametrized abstraction which can detect any difference in the limit. We introduce a partial order relation between these

更新日期：2018-08-21
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-06-26
Grigore Roşu

Linear temporal logic (LTL) is suitable not only for infinite-trace systems, but also for finite-trace systems. In particular, LTL with finite-trace semantics is frequently used as a specification formalism in runtime verification, in artificial intelligence, and in business process modeling. The satisfiability of LTL with finite-trace semantics, a known PSPACE-complete problem, has been recently studied

更新日期：2018-06-26
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-06-21
Yliès Falcone; César Sánchez

This article introduces the extended versions of selected papers from the refereed proceedings of the 16th International Conference on Runtime Verification (RV 2016) held in Madrid, Spain, in September 2016. Runtime verification encompasses all aspects of monitoring and analysis of hardware, software, and system executions in general. Runtime verification techniques are lightweight dynamic techniques

更新日期：2018-06-21
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-03-27
Stefan Jakšić,Ezio Bartocci,Radu Grosu,Thang Nguyen,Dejan Ničković

In cyber-physical systems (CPS), physical behaviors are typically controlled by digital hardware. As a consequence, continuous behaviors are discretized by sampling and quantization prior to their processing. Quantifying the similarity between CPS behaviors and their specification is an important ingredient in evaluating correctness and quality of such systems. We propose a novel procedure for measuring

更新日期：2018-03-27
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-02-27
Sean Kauffman; Klaus Havelund; Rajeev Joshi; Sebastian Fischmeister

We propose a formalism for specifying event stream abstractions for use in spacecraft telemetry processing. Our work is motivated by the need to quickly process streams with millions of events generated e.g. by the Curiosity rover on Mars. The approach builds a hierarchy of event abstractions for telemetry visualization and querying to aid human comprehension. Such abstractions can also be used as

更新日期：2018-02-27
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-02-19
Hernán Ponce de León; Andrey Mokhov

Partial orders are a fundamental mathematical structure capable of representing concurrency and causality on a set of atomic events. In many applications it is essential to consider multiple partial orders, each representing a particular behavioral scenario or an operating mode of a system. With the exploding growth of the complexity of systems that software and hardware engineers design today, it

更新日期：2018-02-19
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-02-12
Matthieu Journault; Antoine Miné

We present a new static analysis by abstract interpretation to prove automatically the functional correctness of algorithms implementing matrix operations, such as matrix addition, multiplication, general matrix multiplication, inversion, or more generally Basic Linear Algebra Subprograms. In order to do so, we introduce a family of abstract domains parameterized by a set of matrix predicates as well

更新日期：2018-02-12
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-01-31
Massimo Benerecetti; Daniele Dell’Erba; Fabio Mogavero

We consider parity games, a special form of two-player infinite-duration games on numerically labeled graphs, whose winning condition requires that the maximal value of a label occurring infinitely often during a play be of some specific parity. The problem of identifying the corresponding winning regions has a rather intriguing status from a complexity theoretic viewpoint, since it belongs to the

更新日期：2018-01-31
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-01-24
Aziem Chawdhary; Ed Robbins; Andy King

The octagon abstract domain is a widely used numeric abstract domain expressing relational information between variables whilst being both computationally efficient and simple to implement. Each element of the domain is a system of constraints where each constraint takes the restricted form $$\pm \, x_i \pm x_j \le c$$. A key family of operations for the octagon domain are closure algorithms, which

更新日期：2018-01-24
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-01-15
Chaoqiang Deng; Kedar S. Namjoshi

A compiler optimization may be correct and yet be insecure. This work focuses on the common optimization that removes dead (i.e., useless) store instructions from a program. This operation may introduce new information leaks, weakening security while preserving functional equivalence. This work presents a polynomial-time algorithm for securely removing dead stores. The algorithm is necessarily approximate

更新日期：2018-01-15
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2018-01-03
Alessandro Cimatti; Ramiro Demasi; Stefano Tonetta

Contract-based design is an emerging paradigm for correct-by-construction hierarchical systems: components are associated with assumptions and guarantees expressed as formal properties; the architecture is analyzed by verifying that each contract of composite components is correctly refined by the contracts of its subcomponents. The approach is very efficient, because the overall correctness proof

更新日期：2018-01-03
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-12-09
Rémy Boutonnet; Nicolas Halbwachs

The classical method for program analysis by abstract interpretation consists in computing first an increasing sequence using an extrapolation operation, called widening, to correctly approximate the limit of the sequence. Then, this approximation is improved by computing a decreasing sequence without widening, the terms of which are all correct, more and more precise approximations. It is generally

更新日期：2017-12-09
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-11-27
Jinghao Shi; Shuvendu K. Lahiri; Ranveer Chandra; Geoffrey Challen

Runtime validation of wireless protocol implementations cannot always employ direct instrumentation of the device under test (DUT). The DUT may not implement the required instrumentation, or the instrumentation may alter the DUT’s behavior when enabled. Wireless sniffers can monitor the DUT’s behavior without instrumentation, but they introduce new validation challenges. Losses caused by wireless propagation

更新日期：2017-11-27
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-11-25
Manfred Broy

This paper addresses the specification of and reasoning about interactive real-time systems, their interfaces, and architectures as well as their properties in terms of assumptions and commitments. Specifications are structured into assumptions restricting the behavior of the operational context of systems and commitments about the system behavior (also called rely/guarantee or assumption/promise specification

更新日期：2017-11-25
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-11-21
Kihong Heo; Hakjoo Oh; Hongseok Yang

We present a method for automatically learning an effective strategy for clustering variables for the Octagon analysis from a given codebase. This learned strategy works as a preprocessor of Octagon. Given a program to be analyzed, the strategy is first applied to the program and clusters variables in it. We then run a partial variant of the Octagon analysis that tracks relationships among variables

更新日期：2017-11-21
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-11-11
Adrien Le Coënt; Julien Alexandre dit Sandretto; Alexandre Chapoutot; Laurent Fribourg

A novel algorithm for the control synthesis for nonlinear switched systems is presented in this paper. Based on an existing procedure of state-space bisection and made available for nonlinear systems with the help of guaranteed integration, the algorithm has been improved to be able to consider longer patterns of modes with a better pruning approach. Moreover, the use of guaranteed integration also

更新日期：2017-11-11
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-10-28
J. A. Makowsky; A. Zamansky

In this paper we argue that the traditional syllabus of logic courses for computer science is outdated and missing its purposes, therefore contributing to the gradual relegation of logic from the computing curricula. We further provide some practical recommendations and directions that need to be considered in the adaptation of the logic course syllabi to the needs of modern computing practitioners

更新日期：2017-10-28
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-10-28
Jean Goubault-Larrecq; Jean-Philippe Lachance

Modern monitoring tools such as our intrusion detection tool Orchids work by firing new monitor instances dynamically. Given an Orchids signature (a.k.a. a rule, a specification), what is the complexity of checking that specification, that signature? In other words, let f(n) be the maximum number of monitor instances that can be fired on a sequence of n events: we design an algorithm that decides whether

更新日期：2017-10-28
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-10-14
Pierre Roux; Yuen-Lam Voronin; Sriram Sankaranarayanan

Semidefinite programming (SDP) solvers are increasingly used as primitives in many program verification tasks to synthesize and verify polynomial invariants for a variety of systems including programs, hybrid systems and stochastic models. On one hand, they provide a tractable alternative to reasoning about semi-algebraic constraints. However, the results are often unreliable due to “numerical issues”

更新日期：2017-10-14
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-10-02
Aina Niemetz; Mathias Preiner; Armin Biere

Many applications of computer-aided verification require bit-precise reasoning as provided by satisfiability modulo theories (SMT) solvers for the theory of quantifier-free fixed-size bit-vectors. The current state-of-the-art in solving bit-vector formulas in SMT relies on bit-blasting, where a given formula is eagerly translated into propositional logic (SAT) and handed to an underlying SAT solver

更新日期：2017-10-02
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-09-25
Bettina Könighofer; Mohammed Alshiekh; Roderick Bloem; Laura Humphrey; Robert Könighofer; Ufuk Topcu; Chao Wang

Shield synthesis is an approach to enforce safety properties at runtime. A shield monitors the system and corrects any erroneous output values instantaneously. The shield deviates from the given outputs as little as it can and recovers to hand back control to the system as soon as possible. In the first part of this paper, we consider shield synthesis for reactive hardware systems. First, we define

更新日期：2017-09-25
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-09-20
Igor Konnov; Marijana Lazić; Helmut Veith; Josef Widder

Automatic verification of threshold-based fault-tolerant distributed algorithms (FTDA) is challenging: FTDAs have multiple parameters that are restricted by arithmetic conditions, the number of processes and faults is parameterized, and the algorithm code is parameterized due to conditions counting the number of received messages. Recently, we introduced a technique that first applies data and counter

更新日期：2017-09-20
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-09-19
Frederic Doucet; Robert Kurshan

High-level verification and synthesis of SystemC models has become increasingly popular as a means to reduce the high RTL verification cost of today’s complex designs. However, the saving derived from performing verification at a higher level of abstraction is largely negated if the RTL then must be completely reverified. We demonstrate how global (system-level) properties may be verified at a behavioral

更新日期：2017-09-19
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-09-19
Carlos Moreno; Sebastian Fischmeister

The increasing complexity and connectivity of modern embedded systems highlight the importance of runtime monitoring to ensure correctness and security. This poses a significant challenge, since monitoring tools can break extra-functional requirements such as timing constraints. Non-intrusive program tracing through side-channel analysis techniques have recently appeared in the literature and constitute

更新日期：2017-09-19
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-09-16
William R. Harris; Somesh Jha; Thomas W. Reps; Sanjit A. Seshia

Developing practical but secure programs remains an important and open problem. Recently, the operating-system and architecture communities have proposed novel systems, which we refer to as interactive-security systems. They provide primitives that a program can use to perform security-critical operations, such as reading from and writing to system storage by restricting some modules to execute with

更新日期：2017-09-16
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-09-14
Niklas Büscher; Martin Franz; Andreas Holzer; Helmut Veith; Stefan Katzenbeisser

Secure multi-party computation (MPC) allows two or more distrusting parties to jointly evaluate a function over private inputs. For a long time considered to be a purely theoretical concept, MPC transitioned into a practical and powerful tool to build privacy-enhancing technologies. However, the practicality of MPC is hindered by the difficulty to implement applications on top of the underlying cryptographic

更新日期：2017-09-14
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-09-13
Jonas Westman; Mattias Nyberg

A general, compositional, and component-based contract theory is proposed for modeling and specifying heterogeneous systems, characterized by consisting of parts from different domains, e.g. software, electrical and mechanical. Given a contract consisting of assumptions and a guarantee, clearly separated conditions on a component and its environment are presented where the conditions ensure that the

更新日期：2017-09-13
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-08-31
Vladimir Klebanov; Philipp Rümmer; Mattias Ulbrich

Regression verification is an approach complementing regression testing with formal verification. The goal is to formally prove that two versions of a program behave either equally or differently in a precisely specified way. In this paper, we present a novel automated approach for regression verification that reduces the equivalence of two related imperative pointer programs to constrained Horn clauses

更新日期：2017-08-31
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-08-09
Andrzej S Murawski,Nikos Tzevelekos

We present a full classification of decidable and undecidable cases for contextual equivalence in a finitary ML-like language equipped with full ground storage (both integers and reference names can be stored). The simplest undecidable type is $$\mathsf {unit}\rightarrow \mathsf {unit}\rightarrow \mathsf {unit}$$. At the technical level, our results marry game semantics with automata-theoretic techniques

更新日期：2017-08-09
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-08-07
Francesco Ranzato

Supermodular games are a well known class of noncooperative games which find significant applications in a variety of models, especially in operations research and economic applications. Supermodular games always have Nash equilibria which are characterized as fixed points of multivalued functions on complete lattices. Abstract interpretation is here applied to set up an approximation framework for

更新日期：2017-08-07
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-08-03
Constantin Enea; Ondřej Lengál; Mihaela Sighireanu; Tomáš Vojnar

We present a decision procedure for checking entailment between separation logic formulas with inductive predicates specifying complex data structures corresponding to finite nesting of various kinds of singly linked lists: acyclic or cyclic, nested lists, skip lists, etc. The decision procedure is compositional in the sense that it reduces the problem of checking entailment between two arbitrary formulas

更新日期：2017-08-03
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-08-03
Andrew Reynolds; Tim King; Viktor Kuncak

This paper presents a framework to derive instantiation-based decision procedures for satisfiability of quantified formulas in first-order theories, including its correctness, implementation, and evaluation. Using this framework we derive decision procedures for linear real arithmetic and linear integer arithmetic formulas with one quantifier alternation. We discuss extensions of these techniques for

更新日期：2017-08-03
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-08-03
Stefan Schulze Frielinghaus; Helmut Seidl; Ralf Vogler

Interprocedural analysis by means of partial tabulation of summary functions may not terminate when the same procedure is analyzed for infinitely many abstract calling contexts or when the abstract domain has infinite strictly ascending chains. As a remedy, we present a novel local solver for general abstract equation systems, be they monotonic or not, and prove that this solver fails to terminate

更新日期：2017-08-03
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-07-27
Jyotirmoy V. Deshmukh; Alexandre Donzé; Shromona Ghosh; Xiaoqing Jin; Garvit Juniwal; Sanjit A. Seshia

Signal temporal logic (STL) is a formalism used to rigorously specify requirements of cyberphysical systems (CPS), i.e., systems mixing digital or discrete components in interaction with a continuous environment or analog components. STL is naturally equipped with a quantitative semantics which can be used for various purposes: from assessing the robustness of a specification to guiding searches over

更新日期：2017-07-27
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-07-24
Benedikt Bollig; Manuela-Lidia Grindei; Peter Habermehl

We study the realizability problem for concurrent recursive programs: given a distributed system architecture and a sequential specification over words, find a distributed automata implementation that is equivalent to the specification. This problem is well-studied as far as finite-state processes are concerned, and it has a solution in terms of Zielonka’s Theorem. We lift Zielonka’s Theorem to the

更新日期：2017-07-24
• Form. Methods Syst. Des. (IF 0.673) Pub Date : 2017-07-18
Ezio Bartocci; Rupak Majumdar

Runtime verification (RV) consists of a broad collection of light-weight scalable analysis techniques to verify and to guarantee at runtime important properties such as correctness, safety, reliability, security, and robustness. The papers in this special issue address some of the RV core problems providing an overview of a wide range of application domains where RV tools and techniques are currently

更新日期：2017-07-18
Contents have been reproduced by permission of the publishers.

down
wechat
bug