Program Synthesis is a Game
|
|
- Mae Garrett
- 8 years ago
- Views:
Transcription
1 Program Synthesis is a Game Barbara Jobstmann CNRS/Verimag, Grenoble, France
2 Outline Synthesis using automata- based game theory. MoBvaBon, comparison with MC and LTL. Basics Terminology Reachability/Safety games 3. Büchi/coBüchi, Generalized ReacBvity- games 4. Generalized ReacBvity- approach
3 Analyze, Verify, and Synthesize Synthesis System ImplementaBon Algorithm How VerificaBon SpecificaBon ProperBes Model What Analysis Synthesis translates a high- level system descripbon into an executable implementabon Benefits: implementabon and reward for wribng specs (no double effort) Techniques vary depending on specificabon language and target implementabon. 3
4 Today What systems/programs would we like to synthesize? What specificabons do we assume? Crash- course on how to verify that program (of this type) sabsfies spec Idea of program repair/synthesis using games Basic games 4
5 ReacBve Systems Synthesis Systems (e.g., servers) Interact with environment Infinite durabon (non- terminabng) Finite data (or data abstracbons) Control- oriented VerificaBon Specifica(ons Set of good behaviors (a language) Temporal logic (which includes safety and liveness) data Analysis [Z. Manna and A. Pnueli. The Temporal Logic of ReacBve and Concurrent Systems., 99] [N. Halbwachs. Synchronous Programming of ReacBve Systems. 993] Bme 5
6 Example: Hardware ARM s AMBA AHB bus High performance on- chip bus (connects mulbple devices) Sends data from masters to clients Data, Address, and Control signals Arbiter part of bus (determines control signals) Up to 6 masters and 6 clients 6
7 Examples: AMBA AHB standard
8 Example: Linear- Temporal Logic E.g., When a locked unspecified length burst starts, a new access does not start unbl the current master (i) releases the bus by lowering HBUSREQi. Formal specificabon: E.g., for all masters i: always((hmastlock and HBURST=INCR and START and HMASTER=i) (not START un(l not HBUSREQi)) Time progresses with clock Bck 8
9 Example: Concurrent Sooware unsigned int got_lock = 0; while(*) { if (*) { lock(); got_lock++; if (got_lock!= 0) { unlock(); got_lock--; lock() {LOCK:=; unlock() {LOCK:=0; Specifica(ons P: do not acquire a lock twice P: do not call unlock without holding the lock 9
10 Example: Concurrent Sooware unsigned int got_lock = 0; : while(*) { : if (*) { 3: lock(); 4: got_lock++; 5: if (got_lock!= 0) { 6: unlock(); 7: got_lock--; Time progresses with change of line lock() lock: {LOCK:=; unlock() unlock: {LOCK:=0; Specifica(ons P: do not acquire a lock twice P: do not call unlock without holding the lock P: always( line=lock implies next( line!=lock w- un(l line=unlock )) P: ( line!=unlock w- un(l line=lock )) and always( line=unlock implies next( line!=unlock w- un(l line=lock )) 0
11 How to verify a ReacBve System? Core algorithm for linear- Bme temporal logic:. Source code auto/manual transibon system (FSM). SpecificaBon auto/manual monitor violabons 3. Check if model has a violabng trace product of trans. system and monitor check for exists of a trace in product (empbness)
12 Source Code unsigned int got_lock = 0; : while(*) { : if (*) { 3: lock(); 4: got_lock++; 5: if (got_lock!= 0) { 6: unlock(); 7: got_lock--; lock() lock: {LOCK:=; unlock() unlock: {LOCK:=0;
13 Step : TransiBon System int[0,,] got_lock = 0; : while(*) { : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock++; 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock--; 8:! Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl=0 l=lock,gl=0 l=4, gl=0 l=5, gl=0 l=, gl=. l=5, gl= l=6, gl= l=, gl= l=, gl= l=3, gl= l=lock,gl= l=4, gl= l=5, gl= l=6, gl= l=unlock,gl= l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= l=8, gl=0.. 3
14 SpecificaBon P: do not acquire a lock twice P: do not call unlock without holding the lock P: always( line=lock implies next(line!=lock w- Un(l line=unlock)) P: ( line!=unlock w- un(l line=lock )) and always( line=unlock implies next( line!=unlock w- un(l line=lock )) 4
15 Linear- Time Temporal Logic [Pnueli77] Syntax: Atomic proposibons, e.g., line=, line!=, got_lock=0 Boolean operators: not, and, or, implies, Temporal operators: next (ϕ) ϕ un(l ϕ ϕ holds in the next step ϕ holds unbl at some point ϕ holds Used in industrial spec languages PSL/SVA Can express many interesbng properbes, e.g., mutual exclusion, deadlock freedom, terminabon 5
16 Linear- Time Temporal Logic SemanBcs defined with respect to infinite traces in each step atomic proposibons holds or not E.g., line=, got_lock line= line= got_lock.. Given a finite set of atomic proposition AP, a trace (or word) w over AP is an infinite sequence of truth assignments to AP, i.e., w ( AP ) ω. 6
17 Linear- Time Temporal Logic SemanBcs next (ϕ) ϕ holds in the next step ϕ.. ϕ un(l ϕ ϕ holds unbl at some point ϕ holds ϕ ϕ ϕ ϕ ϕ.... System S sabsfies/models ϕ, if all its behaviors sabsfy ϕ 7
18 Linear- Time Temporal Logic Many useful abbreviabons true = p or not p false = not true eventually(ϕ) = true un(l ϕ always(ϕ) = not (eventually(not ϕ)) ϕ w- un(l ϕ = (ϕ un(l ϕ ) or always(ϕ ) before, release, Other syntax: next:,x, unbl: U, eventually:, F, always:,g, w- unbl: W 8
19 How to verify a ReacBve System? Core algorithm for linear- Bme temporal logic:. Source code auto/manual transibon system (FSM). SpecificaBon auto/manual monitor violabons 3. Check if model has a violabng trace product of trans. system and monitor check for exists of a trace in product (empbness) 9
20 Step : Monitor for ViolaBons P: always( line=lock implies next( line!=lock w- un(l line=unlock )) = not eventually( line=lock and next( line!=unlock un(l line=lock )) line!=unlock line=lock line=lock 3 s: non- determinisbc choice s: no edge with line=unlock Automaton accepts trace/behavior is a blue state is visited infinitely ooen (Büchi ) Why do we track bad and not good behaviors? L(S) L(ϕ): forall w: w L(S) w L(ϕ) exists w: w L(S) w L( ϕ) 0
21 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl=0. l=, gl= l=3, gl= l=lock,gl=0 l=lock,gl= l=4, gl=0 l=4, gl= l=5, gl=0 l=5, gl= l=5, gl= l=6, gl= l=6, gl= l=unlock,gl= l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl=0.. line=lock line=lock 3
22 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl=0. l=, gl= l=3, gl= l=lock,gl=0 l=4, gl=0 l=4, gl=0 l=lock,gl= l=4, gl= l=5, gl=0 l=5, gl= l=5, gl= l=5, gl= l=6, gl= l=6, gl= l=6, gl= unlock, unlock, l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl=0.. line=lock line=lock 3
23 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl= l=, gl=0. l=, gl= l=, gl= l=3, gl= l=3, gl= l=lock,gl=0 l=lock,gl= l=lock,gl= l=4, gl=0 l=4, gl=0 l=4, gl= l=4, gl= l=4, gl= 3 l=5, gl=0 l=5, gl=0 l=5, gl= l=5, gl= l=5, gl= l=6, gl= l=6, gl= l=6, gl= unlock, unlock, l=unlock,gl= l=7, gl=0 l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl=0.. line=lock line=lock 3 Recall, we want to show a violabon: 3
24 Step 3: Product l=, gl=0 l=, gl= l=, gl= l=, gl= l=, gl=0. l=, gl= l=, gl= l=3, gl= l=3, gl= l=lock,gl=0 l=lock,gl= l=lock,gl= l=4, gl=0 l=4, gl=0 l=4, gl= l=4, gl= l=4, gl= 3 l=5, gl=0 l=5, gl=0 l=5, gl= l=5, gl= l=5, gl= l=6, gl= l=6, gl= l=6, gl= unlock, unlock, l=unlock,gl= l=7, gl=0 l=7, gl=0 l=7, gl= l=7, gl= line!=unlock l=8, gl=0.. line=lock line=lock Recall, we want to show a violabon: non- determinism in transibon system and in monitor pull in the same direc(on (both can be used to violate property) 3 4
25 Demo 5
26 Demo line = line = line = 5 line = 7 line = line = line = 3 line = lock line = 4 line = 5 line = 7 line = line = line = 3 line = lock 6
27 Source Code int[0,,] got_lock = 0; : while(*) { : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock++; 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock--; 8:! line = line = line = 5 line = 7 line = line = line = 3 line = lock line = 4 line = 5 line = 7 line = line = line = 3 line = lock 7
28 How to verify a ReacBve System? Core algorithm for linear- Bme temporal logic:. Source code auto/manual transibon system (FSM). SpecificaBon auto/manual monitor violabons 3. Check if model has a violabng trace product of trans. system and monitor check for exists of a trace in product (empbness) But how to repair it? 8
29 How to repair a ReacBve System?. Add freedom (choice for the system, allowed ways to modify system). Source code a/m transibon system (game) 3. SpecificaBon a/m monitor acceptance 4. Check if we can find system choices s.t. model is accepted by monitor product of trans. system and monitor search for winning strategy in game 9
30 Step : Freedom int[0,,] got_lock = 0; int[0,,] freedom; : while(*) { : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom; 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom; 8:! (We can also extend to fault localizabon) 30
31 Step : Game int[0,,] got_lock = 0; int[0,,] freedom; : while(*) { : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom; 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom; 8:! Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl=0 l=lock,gl=0 l=, gl=. l=, gl= l=, gl= l=3, gl= l=lock,gl= l=4, gl=0 f= f=0 l=4, gl= f=0 f= f= l=5, gl=0 l=5, gl= l=6, gl= l=5, gl= l=6, gl= f=0 f= l=unlock,gl= l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= f= l=8, gl=0.. 3
32 Step : Game int[0,,] got_lock = 0; int[0,,] freedom; : while(*) { : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom; 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom; 8:! Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl=0 l=lock,gl=0 l=, gl=. l=, gl= l=, gl= l=3, gl= l=lock,gl= l=4, gl=0 f= f=0 l=4, gl= f=0 f= f= l=5, gl=0 l=5, gl= l=6, gl= l=5, gl= l=6, gl= f=0 f= l=unlock,gl= l=unlock,gl= l=7, gl=0 l=7, gl= l=7, gl= f= l=8, gl=0.. Two types of non- determinism! 3
33 Step : Game int[0,,] got_lock = 0; int[0,,] freedom; : while(*) { : if (*) { 3: lock(); lock: {LOCK:=; 4: got_lock:=freedom; 5: if (got_lock!= 0) { 6: unlock(); unlock: {LOCK:=0; 7: got_lock:=freedom; 8:! Trans. system variables: line (l), got_lock (gl) l=, gl=0 l=, gl=0 l=lock, gl=0 l=4, gl=0 l=7, gl=0 l=8, gl=0 l=, gl=. l=5, gl= l=6, gl= l=unlock, gl= l=7, gl= l=, gl= l=, gl= l=3, gl= l=lock, gl= l=4, gl= f=0 f= f= l=5, gl=0 f=0 f= f= f= f=0 Two types of non- determinism! l=5, gl= l=6, gl= l=unlock, gl= l=7, gl=.. 33
34 Step 3: Monitor for Acceptance P: always( line=lock implies next( line!=lock w- un(l line=unlock )) line!=lock line=lock line!=lock & line!=unlock line=unlock line=lock Since game has two types of non- determinism, we need to be careful with non- determinism in monitor. 34
35 Problem with Nondeterminism Coffee machine is correct if there is no water or if buwon is pressed machine serves coffee: eventually always(not water) or always(pressed implies eventually coffee) and always(not water implies not coffee) w=0 w= or c=0 p= and (w= or c=0) c=0 or w= OK p=0 and w= or c=0 OK c= and w= (Coffee machine wins if it visits a blue state infinitely ooen) 35
36 Step 3: Det. Monitor for Acceptance P: always( line=lock implies next( line!=lock w- un(l line=unlock )) line!=lock line=lock line!=lock & line!=unlock 3 line=unlock line=lock Classical approach: make it determinisbc (more powerful acceptance required) 36
37 Step 3: Product TS for got_lock in {0, DeterminisBc automaton l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=lock, gl=0 l=lock, gl=0 l!=lock l=lock l!=lock & l!=unlock l=4, gl=0 l=4, gl=0 0 0 l=5, gl=0 l=5, gl= 0 l=6, gl= 0 l=unlock, gl= l=unlock l=lock 3 l=7, gl=0 l=7, gl= l=8, gl=0. 37
38 Step 3: Produce l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=4, gl=0 0 0 l=5, gl=0 0 0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl=.. l=5, gl= l=6, gl= l=unlock, gl= 0 0 l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= 3 l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 38
39 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 39
40 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 40
41 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=4, gl=0 l=4, gl= l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=5, gl=0 l=5, gl= l=6, gl= l=unlock, gl= l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= l!=lock l=lock l=unlock l!=lock & l!=unlock l=lock 3 4
42 Step 4: Winning States l=, gl=0 l=, gl= l=, gl=0 l=lock, gl=0 l=, gl= l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=4, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= 4
43 Step 4: Winning Strategy l=, gl=0 l=, gl= In general: strategy is funcbon of program and monitor state l=, gl=0 l=lock, gl=0 l=4, gl=0 0 l=5, gl=0 0 0 l=7, gl=0 l=, gl= l=lock, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=7, gl= l=4, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= Strategy to Repair: if (l=4 & gl=0 & s=) freedom:=0 if (l=4 & gl= & s=) freedom:= if (l=4 & gl=0 & s=0) freedom:= if (l=7 & gl=0 & s=) freedom:=0 if (l=7 & gl= & s=) freedom:=0.. freedom := f(l,gl,s) if (line=4) freedom := (gl=) (s=) if (line=7) freedom := 0 l=8, gl=0 l=8, gl= What we actually do: merge states before picking the strategy 43
44 Step 4: Winning Strategy l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=, gl=0 l=, gl= l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=lock, gl=0 l=4, gl=0 l=5, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=4, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=4, gl=0 l=4, gl= l=5, gl=0 l=5, gl= 0 0 l=6, gl= l=unlock, gl= l=7, gl=0 l=7, gl= l=7, gl=0 l=7, gl= l=8, gl=0 l=8, gl= l=8, gl=0 l=8, gl= 44
45 Step 4: Winning Strategy l=, gl=0 l=, gl=0 l=, gl= l=, gl= l=lock, gl=0 l=lock, gl=0 (line=4): freedom= (line=7): freedom= 0 l=4, gl=0 l=5, gl=0 0 0 l=7, gl=0 l=4, gl= l=5, gl= l=6, gl= l=unlock, gl= l=7, gl= l=8, gl=0 l=8, gl= 45
46 Repaired Program unsigned int got_lock = 0; : while(*) { : if (*) { 3: lock(); 4: got_lock = ; 5: if (got_lock!= 0) { 6: unlock(); 7: got_lock = 0; lock() lock: {LOCK=; unlock() unlock: {LOCK=0; 46
47 Demo Monitor: FREEDOM: 47
48 Demo 48
49 Program Repair Program Finite- state program Game Game TS: program with freedom Solve game Monitor Monitor TS: Winning condibon (Simple) Strategy SpecificaBon Correct Program with Bloem, Griesmayer, Staber in CAV 005, CHARME 005 (+ext to fault localizabon)
50 Classical Controller Synthesis FSM + freedom + monitor IniBally defined for invariants Game Game TS + winning cond. Solve game (Simple) Strategy Correct Program Ramadge, Wonham 87, Book by Cassandras, Lafortune 99/07
51 Synthesis from Temporal Logics Game Solve game Monitor + interface definibon Monitor TS: Winning condibon (Simple) Strategy SpecificaBon Correct Program Church (96), Büchi/Landweber (969, games), Rabin (97, trees), Pnueli/Rosner (989, LTL)
52 Program Synthesis Program Game FSM + freedom Game TS Solve game Monitor Monitor TS: Winning condibon (Simple) Strategy SpecificaBon Correct Program Modern Controller Synthesis, see overview papers by Walukiewicz et al., Ruwen & Girault,
53 Issues? Program How to abstract? FSM + freedom Game Game TS Size? Solve game How to solve efficiently? How to construct efficiently? How to specify? Monitor SpecificaBon LTL Monitor TS: Winning condibon How expressive? Size? Related research areas: How to map PL, AV, Control Theory, back? Game and Automata Theory (Simple) Strategy QuanBtaBve Program Synthesis Correct Program How to pick a strategy?
54 Issues with Monitor for LTL DeterminizaBon construcbon (Safra s) EXP worst case complexity LTL is very succinct How to construct efficiently? Monitor Monitor TS: Winning condibon How expressive? Size?
55 Some SoluBons Concentrate on subsets (different types of games) Ramadge, Wonham (Proc IEEE 89) Asarin, Maler, Pnueli, Sifakis (SSC 98) Alur, La Torre (LICS'0) Alur, Madhusudan, Nam (BMC'03, STTT'05) Wallmeier, Hüwer, Thomas (CIAA'03) Harding, Ryan, Schobbens (TACAS'05) Jobstmann, Bloem (CAV 05) Piterman, Pnueli, Sa'ar (VMCAI'06) (base of our work on synthesizing AMBA) OpBmize or avoid determinzabon construcbon Althoff, Thomas, Wallmeier (CIAA'05,TCS'06) Piterman (), Piterman, Henzinger (CSL'06) Kupferman, Vardi (FOCS'05) Kupferman, Piterman, Vardi (CAV'06) Schewe, Finkbeiner (ATVA'07), Filiot, Jin, Raskin (CAV'09) Symbolic representabon (e.g., using BDDs) Safety, Reachability Büchi, co- Büchi Det. generators for several subsets Safety+ using SAT, QBF, and BDDs Request- Response Work with nondet. automaton IdenBfied syntacbc subset Generalized ReacBvity- (GR- ) Implemented Safra Improved Safra, Good- for- game Bounded Synthesis (using co- Büchi)
56 Next Basic of automata- based game theory terminology reachability/safety, Buchi/co- Buchi games InteresBng games for LTL synthesis Generalized Buchi, ReacBvity- games Generalized ReacBvity- (GR- ) games Why is GR- good? (back to synthesis) 56
Reactive Synthesis - Hands-on Exercise
Reactive Synthesis - Hands-on Exercise Lectures: Moshe Vardi Hands-on exercise: Rüdiger Ehlers ExCAPE Expeditions in Computer Augmented Program Engineering 13 th June 2013 Exercise: Rüdiger Ehlers (UCB/Cornell)
More informationAlgorithmic Software Verification
Algorithmic Software Verification (LTL Model Checking) Azadeh Farzan What is Verification Anyway? Proving (in a formal way) that program satisfies a specification written in a logical language. Formal
More informationlogic language, static/dynamic models SAT solvers Verified Software Systems 1 How can we model check of a program or system?
5. LTL, CTL Last part: Alloy logic language, static/dynamic models SAT solvers Today: Temporal Logic (LTL, CTL) Verified Software Systems 1 Overview How can we model check of a program or system? Modeling
More informationModel Checking: An Introduction
Announcements Model Checking: An Introduction Meeting 2 Office hours M 1:30pm-2:30pm W 5:30pm-6:30pm (after class) and by appointment ECOT 621 Moodle problems? Fundamentals of Programming Languages CSCI
More informationDoomsday Equilibria for Games on Graphs
Doomsday Equilibria for Games on Graphs Krishnendu Chatterjee Laurent Doyen IST Austria LSV, ENS Cachan & CNRS Emmanuel Filiot Jean-François Raskin Université Libre de ruxelles U.L.. Two-player games on
More informationT-79.186 Reactive Systems: Introduction and Finite State Automata
T-79.186 Reactive Systems: Introduction and Finite State Automata Timo Latvala 14.1.2004 Reactive Systems: Introduction and Finite State Automata 1-1 Reactive Systems Reactive systems are a class of software
More informationToday s Agenda. Automata and Logic. Quiz 4 Temporal Logic. Introduction Buchi Automata Linear Time Logic Summary
Today s Agenda Quiz 4 Temporal Logic Formal Methods in Software Engineering 1 Automata and Logic Introduction Buchi Automata Linear Time Logic Summary Formal Methods in Software Engineering 2 1 Buchi Automata
More informationFormal Verification by Model Checking
Formal Verification by Model Checking Natasha Sharygina Carnegie Mellon University Guest Lectures at the Analysis of Software Artifacts Class, Spring 2005 1 Outline Lecture 1: Overview of Model Checking
More informationTemporal Logics. Computation Tree Logic
Temporal Logics CTL: definition, relationship between operators, adequate sets, specifying properties, safety/liveness/fairness Modeling: sequential, concurrent systems; maximum parallelism/interleaving
More informationFormal Verification and Linear-time Model Checking
Formal Verification and Linear-time Model Checking Paul Jackson University of Edinburgh Automated Reasoning 21st and 24th October 2013 Why Automated Reasoning? Intellectually stimulating and challenging
More informationSoftware Engineering using Formal Methods
Software Engineering using Formal Methods Model Checking with Temporal Logic Wolfgang Ahrendt 24th September 2013 SEFM: Model Checking with Temporal Logic /GU 130924 1 / 33 Model Checking with Spin model
More informationLecture 9 verifying temporal logic
Basics of advanced software systems Lecture 9 verifying temporal logic formulae with SPIN 21/01/2013 1 Outline for today 1. Introduction: motivations for formal methods, use in industry 2. Developing models
More informationFundamentals of Software Engineering
Fundamentals of Software Engineering Model Checking with Temporal Logic Ina Schaefer Institute for Software Systems Engineering TU Braunschweig, Germany Slides by Wolfgang Ahrendt, Richard Bubel, Reiner
More informationIntroduction to Software Verification
Introduction to Software Verification Orna Grumberg Lectures Material winter 2013-14 Lecture 4 5.11.13 Model Checking Automated formal verification: A different approach to formal verification Model Checking
More informationContext-Bounded Model Checking of LTL Properties for ANSI-C Software. Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole
Context-Bounded Model Checking of LTL Properties for ANSI-C Software Jeremy Morse, Lucas Cordeiro, Bernd Fischer, Denis Nicole Model Checking C Model checking: normally applied to formal state transition
More informationAutomata-based Verification - I
CS3172: Advanced Algorithms Automata-based Verification - I Howard Barringer Room KB2.20: email: howard.barringer@manchester.ac.uk March 2006 Supporting and Background Material Copies of key slides (already
More informationRepair of Boolean Programs with an Application to C
Repair of Boolean Programs with an Application to C Andreas Griesmayer 1, Roderick Bloem 1, and Byron Cook 2 1 Graz University of Technology 2 Microsoft Research Abstract. We show how to find and fix faults
More informationA Logic Approach for LTL System Modification
A Logic Approach for LTL System Modification Yulin Ding and Yan Zhang School of Computing & Information Technology University of Western Sydney Kingswood, N.S.W. 1797, Australia email: {yding,yan}@cit.uws.edu.au
More informationOn the Modeling and Verification of Security-Aware and Process-Aware Information Systems
On the Modeling and Verification of Security-Aware and Process-Aware Information Systems 29 August 2011 What are workflows to us? Plans or schedules that map users or resources to tasks Such mappings may
More informationintroduction to program monitoring
introduction to program monitoring CS 119 part II beyond assert and print course website http://www.runtime-verification.org/course09 action standing order: sell when price drops more than 2% within 1
More informationFormal Verification Coverage: Computing the Coverage Gap between Temporal Specifications
Formal Verification Coverage: Computing the Coverage Gap between Temporal Specifications Sayantan Das Prasenjit Basu Ansuman Banerjee Pallab Dasgupta P.P. Chakrabarti Department of Computer Science & Engineering
More informationOn Recognizable Timed Languages FOSSACS 2004
On Recognizable Timed Languages Oded Maler VERIMAG Grenoble France Amir Pnueli NYU and Weizmann New York and Rehovot USA FOSSACS 2004 Nutrition Facts Classical (Untimed) Recognizability Timed Languages
More informationModel Checking II Temporal Logic Model Checking
1/32 Model Checking II Temporal Logic Model Checking Edmund M Clarke, Jr School of Computer Science Carnegie Mellon University Pittsburgh, PA 15213 2/32 Temporal Logic Model Checking Specification Language:
More informationFormal Specification and Verification
Formal Specification and Verification Stefan Ratschan Katedra číslicového návrhu Fakulta informačních technologíı České vysoké učení technické v Praze 2. 5. 2011 Stefan Ratschan (FIT ČVUT) PI-PSC 4 2.
More informationModel Checking based Software Verification
Model Checking based Software Verification 18.5-2006 Keijo Heljanko Keijo.Heljanko@tkk.fi Department of Computer Science and Engineering Helsinki University of Technology http://www.tcs.tkk.fi/~kepa/ 1/24
More informationFormal Verification of Software
Formal Verification of Software Sabine Broda Department of Computer Science/FCUP 12 de Novembro de 2014 Sabine Broda (DCC-FCUP) Formal Verification of Software 12 de Novembro de 2014 1 / 26 Formal Verification
More informationThe Model Checker SPIN
The Model Checker SPIN Author: Gerard J. Holzmann Presented By: Maulik Patel Outline Introduction Structure Foundation Algorithms Memory management Example/Demo SPIN-Introduction Introduction SPIN (Simple(
More informationFabio Patrizi DIS Sapienza - University of Rome
Fabio Patrizi DIS Sapienza - University of Rome Overview Introduction to Services The Composition Problem Two frameworks for composition: Non data-aware services Data-aware services Conclusion & Research
More informationBeyond Hyper-Minimisation Minimising DBAs and DPAs is NP-Complete
Beyond Hyper-Minimisation Minimising DBAs and DPAs is NP-Complete Sven Schewe University of Liverpool Abstract In this paper we study the problem of minimising deterministic automata over finite and infinite
More informationMechanizing the Powerset Construction for Restricted Classes of ω-automata
Mechanizing the Powerset Construction for Restricted Classes of ω-automata Christian Dax 1, Jochen Eisinger 2, Felix Klaedtke 1 1 ETH Zurich 2 Albert-Ludwigs-University of Freiburg ATVA 2007 Motivation
More informationModel Checking of Software
Model Checking of Software Patrice Godefroid Bell Laboratories, Lucent Technologies SpecNCheck Page 1 August 2001 A Brief History of Model Checking Prehistory: transformational programs and theorem proving
More informationDevelopment of global specification for dynamically adaptive software
Development of global specification for dynamically adaptive software Yongwang Zhao School of Computer Science & Engineering Beihang University zhaoyw@act.buaa.edu.cn 22/02/2013 1 2 About me Assistant
More informationOn Omega-Languages Defined by Mean-Payoff Conditions
On Omega-Languages Defined by Mean-Payoff Conditions Rajeev Alur 1, Aldric Degorre 2, Oded Maler 2, Gera Weiss 1 1 Dept. of Computer and Information Science, University of Pennsylvania, USA {alur, gera}@cis.upenn.edu
More informationFormal verification of contracts for synchronous software components using NuSMV
Formal verification of contracts for synchronous software components using NuSMV Tobias Polzer Lehrstuhl für Informatik 8 Bachelorarbeit 13.05.2014 1 / 19 Problem description and goals Problem description
More informationAnalysis of Boolean Programs
Analysis of Boolean Programs Patrice Godefroid 1 Mihalis Yannakakis 2 1 Microsoft Research, pg@microsoft.com 2 Columbia University, mihalis@cs.columbia.edu Abstract. Boolean programs are a popular abstract
More informationtutorial: hardware and software model checking
tutorial: hardware and software model checking gerard holzmann and anuj puri { gerard anuj } @research.bell-labs.com Bell Labs, USA outline introduction (15 mins) theory and algorithms system modeling
More informationVerification of hybrid dynamical systems
Verification of hybrid dynamical systems Jüri Vain Tallinn Technical University/Institute of Cybernetics vain@ioc.ee Outline What are Hybrid Systems? Hybrid automata Verification of hybrid systems Verification
More informationSpecification and Analysis of Contracts Lecture 1 Introduction
Specification and Analysis of Contracts Lecture 1 Introduction Gerardo Schneider gerardo@ifi.uio.no http://folk.uio.no/gerardo/ Department of Informatics, University of Oslo SEFM School, Oct. 27 - Nov.
More informationSoftware Model Checking: Theory and Practice
Software Model Checking: Theory and Practice Lecture: Specification Checking - LTL Model Checking Copyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course are
More informationBüchi Complementation Made Tighter
International Journal of Foundations of Computer Science c World Scientific Publishing Company Büchi Complementation Made Tighter Ehud Friedgut Hebrew University, Institute of Mathematics, Jerusalem 91904,
More informationModel Checking LTL Properties over C Programs with Bounded Traces
Noname manuscript No. (will be inserted by the editor) Model Checking LTL Properties over C Programs with Bounded Traces Jeremy Morse 1, Lucas Cordeiro 2, Denis Nicole 1, Bernd Fischer 1,3 1 Electronics
More informationSoftware Model Checking: Theory and Practice
Software Model Checking: Theory and Practice Lecture: Secification Checking - Temoral Logic Coyright 2004, Matt Dwyer, John Hatcliff, and Robby. The syllabus and all lectures for this course are coyrighted
More informationDevelopment of dynamically evolving and self-adaptive software. 1. Background
Development of dynamically evolving and self-adaptive software 1. Background LASER 2013 Isola d Elba, September 2013 Carlo Ghezzi Politecnico di Milano Deep-SE Group @ DEIB 1 Requirements Functional requirements
More informationhttp://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86
Atlantic Electronic http://aejm.ca Journal of Mathematics http://rema.ca Volume 1, Number 1, Summer 2006 pp. 69 86 AUTOMATED RECOGNITION OF STUTTER INVARIANCE OF LTL FORMULAS Jeffrey Dallien 1 and Wendy
More informationPETRI NET BASED SUPERVISORY CONTROL OF FLEXIBLE BATCH PLANTS. G. Mušič and D. Matko
PETRI NET BASED SUPERVISORY CONTROL OF FLEXIBLE BATCH PLANTS G. Mušič and D. Matko Faculty of Electrical Engineering, University of Ljubljana, Slovenia. E-mail: gasper.music@fe.uni-lj.si Abstract: The
More informationSoftware Modeling and Verification
Software Modeling and Verification Alessandro Aldini DiSBeF - Sezione STI University of Urbino Carlo Bo Italy 3-4 February 2015 Algorithmic verification Correctness problem Is the software/hardware system
More informationUsing Patterns and Composite Propositions to Automate the Generation of Complex LTL
University of Texas at El Paso DigitalCommons@UTEP Departmental Technical Reports (CS) Department of Computer Science 8-1-2007 Using Patterns and Composite Propositions to Automate the Generation of Complex
More informationRuntime Verification for LTL and TLTL
Runtime Verification for LTL and TLTL ANDREAS BAUER NICTA and Australian National University MARTIN LEUCKER Technische Universität München and CHRISTIAN SCHALLHART Technische Universität Darmstadt This
More informationOverview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification
Introduction Overview Motivating Examples Interleaving Model Semantics of Correctness Testing, Debugging, and Verification Advanced Topics in Software Engineering 1 Concurrent Programs Characterized by
More informationOptimization-based Trajectory Generation with Linear Temporal Logic Specifications
Optimization-based Trajectory Generation with Linear Temporal Logic Specifications Eric M. Wolff, Ufuk Topcu, and Richard M. Murray Abstract We present a mathematical programming-based method for optimal
More informationFeature Specification and Automated Conflict Detection
Feature Specification and Automated Conflict Detection AMY P. FELTY University of Ottawa and KEDAR S. NAMJOSHI Bell Laboratories Large software systems, especially in the telecommunications field, are
More informationAutomata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund
Automata-Based Verification of Temporal Properties on Running Programs Dimitra Giannakopoulou Klaus Havelund RIACS Technical Report 01.21 August 2001 Presented at the 16 th IEEE International Conference
More informationMetaGame: An Animation Tool for Model-Checking Games
MetaGame: An Animation Tool for Model-Checking Games Markus Müller-Olm 1 and Haiseung Yoo 2 1 FernUniversität in Hagen, Fachbereich Informatik, LG PI 5 Universitätsstr. 1, 58097 Hagen, Germany mmo@ls5.informatik.uni-dortmund.de
More informationINF5140: Specification and Verification of Parallel Systems
Motivation INF5140: Specification and Verification of Parallel Systems Lecture 1 Introduction: Formal Methods Gerardo Schneider Department of Informatics University of Oslo INF5140, Spring 2009 Outline
More informationNon-Intrusive Repair of Reactive Programs
Non-Intrusive Repair of Reactive Programs David Harel, Guy Katz, Assaf Marron Dept. of Computer Science and Applied Mathematics Weizmann Institute of Science Rehovot, Israel Email: firstname.lastname@weizmann.ac.il
More informationThe Course. http://www.cse.unsw.edu.au/~cs3153/
The Course http://www.cse.unsw.edu.au/~cs3153/ Lecturers Dr Peter Höfner NICTA L5 building Prof Rob van Glabbeek NICTA L5 building Dr Ralf Huuck NICTA ATP building 2 Plan/Schedule (1) Where and When Tuesday,
More informationTesting LTL Formula Translation into Büchi Automata
Testing LTL Formula Translation into Büchi Automata Heikki Tauriainen and Keijo Heljanko Helsinki University of Technology, Laboratory for Theoretical Computer Science, P. O. Box 5400, FIN-02015 HUT, Finland
More informationDigital Design Verification
Digital Design Verification Course Instructor: Debdeep Mukhopadhyay Dept of Computer Sc. and Engg. Indian Institute of Technology Madras, Even Semester Course No: CS 676 1 Verification??? What is meant
More informationModel Checking Distributed Software
Model Checking Distributed Software Sagar Chaki September 19, 2014 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Model Checking and Me 1997 : Ed visits IIT Kharagpur Just
More informationRuntime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection
Runtime Verification - Monitor-oriented Programming - Monitor-based Runtime Reflection Martin Leucker Technische Universität München (joint work with Andreas Bauer, Christian Schallhart et. al) FLACOS
More informationConstructing Automata from Temporal Logic Formulas : A Tutorial
Constructing Automata from Temporal Logic Formulas : A Tutorial Pierre Wolper Université de Liège, Institut Montefiore, B28, 4000 Liège, Belgium pw@montefiore.ulg.ac.be, http://www.montefiore.ulg.ac.be/~pw/
More informationModel checking test models. Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl
Model checking test models Author: Kevin de Berk Supervisors: Prof. dr. Wan Fokkink, dr. ir. Machiel van der Bijl February 14, 2014 Abstract This thesis is about model checking testing models. These testing
More informationProgram Monitoring with LTL in EAGLE
Howard Barringer University of Manchester, England Program Monitoring with LTL in EAGLE Allen Goldberg, Klaus Havelund Kestrel Technology, NASA Ames Research Center, USA Koushik Sen University of Illinois,
More informationAutomatic Conversion Software for the Safety Verification of Goal-based Control Programs
Automatic Conversion Software for the Safety Verification of Goal-based Control Programs Julia M. B. Braman and Richard M. Murray Abstract Fault tolerance and safety verification of control systems are
More informationSoftware Reliability: Runtime Verification
Software Reliability: Runtime Verification Martin Leucker and the whole ISP team Institute for Software Engineering Universität zu Lübeck Riga, 21.07. 04.08.14 Martin Leucker Basoti, 2014 1/117 Runtime
More informationOnline testing of LTL properties for Java code
Online testing of LTL properties for Java code Paolo Arcaini 1, Angelo Gargantini 2, and Elvinia Riccobene 1 1 Dipartimento di Informatica, Università degli Studi di Milano, Italy {paolo.arcaini,elvinia.riccobene}@unimi.it
More informationModular Verification of Dynamically Adaptive Systems
Modular Verification of Dynamically Adaptive Systems Ji Zhang, Heather J. Goldsby, and Betty H.C. Cheng Department of Computer Science and Engineering, Michigan State University East Lansing, Michigan,
More informationLARVA Safer Monitoring of Real-Time Java Programs (Tool Paper)
LARVA Safer Monitoring of Real-Time Java Programs (Tool Paper) Christian Colombo Department of Computer Science University of Malta, Malta Email: christian.colombo@um.edu.mt Gordon J. Pace Department of
More informationIntroduction to Promela and SPIN. LACL, Université Paris 12
Introduction to Promela and SPIN LACL, Université Paris 12 Promela = Process Meta Language A specification language! No programming language! Used for system description : Specify an abstraction of the
More informationCombining Software and Hardware Verification Techniques
Formal Methods in System Design, 21, 251 280, 2002 c 2002 Kluwer Academic Publishers. Manufactured in The Netherlands. Combining Software and Hardware Verification Techniques ROBERT P. KURSHAN VLADIMIR
More informationBounded LTL Model Checking with Stable Models
Under consideration for publication in Theory and Practice of Logic Programming 1 Bounded LTL Model Checking with Stable Models KEIJO HELJANKO and ILKKA NIEMELÄ Helsinki University of Technology Department
More informationIntroduction to Formal Methods. Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm
Introduction to Formal Methods Các Phương Pháp Hình Thức Cho Phát Triển Phần Mềm Outline Introduction Formal Specification Formal Verification Model Checking Theorem Proving Introduction Good papers to
More informationModeling and Validation of a Data Process Unit Control for Space Applications
Modeling and Validation of a Data Process Unit Control for Space Applications Wan Hai, Huang Chongdi, Wang Yuhui, He Fei and Gu Ming Key Lab of ISS of MOE, TNList, School of Software, Tsinghua University,
More informationAn Introduction to Hybrid Automata
An Introduction to Hybrid Automata Jean-François Raskin, email: jraskin@ulb.ac.be Computer Science Department University of Brussels Belgium 1 Introduction Hybrid systems are digital real-time systems
More informationA Classification of Model Checking-based Verification Approaches for Software Models
A Classification of Model Checking-based Verification Approaches for Software Models Petra Brosch, Sebastian Gabmeyer, Martina Seidl Sebastian Gabmeyer Business Informatics Group Institute of Software
More informationRegular Linear Temporal Logic with Past
Regular Linear Temporal Logic with Past César Sánchez 1,2 and Martin Leucker 3 1 Madrid Institute for Advanced Studies (IMDEA Software), Spain 2 Spanish Council for Scientific Research (CSIC), Spain 3
More informationA Modular ROS package for Linear Temporal Logic based Motion Planning. Parth Pandya
A Modular ROS package for Linear Temporal Logic based Motion Planning by Parth Pandya A Thesis Presented in Partial Fulfillment of the Requirements for the Degree Master of Science Approved February 2013
More informationEnforcing Security Policies. Rahul Gera
Enforcing Security Policies Rahul Gera Brief overview Security policies and Execution Monitoring. Policies that can be enforced using EM. An automata based formalism for specifying those security policies.
More informationAn Overview of the Runtime Verification Tool Java PathExplorer
An Overview of the Runtime Verification Tool Java PathExplorer Klaus Havelund Kestrel Technology NASA Ames Research Center California, USA http://ase.arc.nasa.gov/havelund Grigore Roşu Department of Computer
More informationDecentralised diagnosis of discrete-event systems: application to telecommunication network
Decentralised diagnosis of discrete-event systems: application to telecommunication network Yannick Pencolé CSL, Yannick.Pencole@anu.edu.au in collaboration with M.-O. Cordier and L. Rozé CSL Seminar 1
More informationTwo-Way Traceability and Conflict Debugging for AspectLTL Programs
Two-Way Traceability and Conflict Debugging for AspectLTL Programs Shahar Maoz RWTH Aachen University, Germany maoz@se-rwth.de Yaniv Sa ar Weizmann Institute of Science, Israel yaniv.saar@weizmann.ac.il
More informationFormal Verification of Computer Systems - (INFO-F-412)
Formal Verification of Computer Systems - (INFO-F-412) Thierry Massart Université Libre de Bruxelles Département d Informatique February 2013 Acknowledgment I want to thank Edmund Clarke, Keijo Heljanko,
More informationHow To Prove That A Program Is Terminating
I N F O R M A T I K Software Model Checking of Liveness Properties via Transition Invariants Andreas Podelski Andrey Rybalchenko MPI I 2003 2 004 December 2003 FORSCHUNGSBERICHT RESEARCH REPORT M A X -
More informationhttps://sites.google.com/a/asu.edu/cse-522-spring-12/ sensors and actuators? How do we handle the errors introduced due to noise, quantization etc?
CSE 522 Spring 12 https://sites.google.com/a/asu.edu/cse-522-spring-12/ 1 of 3 5/29/2012 16:56 CSE 522 Spring 12 Navigation CSE522: Real-Time Embedded Systems The Schedule Sitemap CSE522: Real-Time Embedded
More informationValidated Templates for Specification of Complex LTL Formulas
Validated Templates for Specification of Complex LTL Formulas Salamah Salamah Department of Electrical, computer, Software, and Systems Engineering Embry Riddle Aeronautical University 600 S. Clyde Morris
More informationReliability Guarantees in Automata Based Scheduling for Embedded Control Software
1 Reliability Guarantees in Automata Based Scheduling for Embedded Control Software Santhosh Prabhu, Aritra Hazra, Pallab Dasgupta Department of CSE, IIT Kharagpur West Bengal, India - 721302. Email: {santhosh.prabhu,
More informationAlgorithms for Monitoring Real-time Properties
Algorithms for Monitoring Real-time Properties David Basin, Felix Klaedtke, and Eugen Zălinescu Computer Science Department, ETH Zurich, Switzerland Abstract. We present and analyze monitoring algorithms
More informationOptimal Scheduling. Kim G. Larsen DENMARK
Priced Timed Automata Optimal Scheduling Kim G. Larsen Aalborg University it DENMARK Overview Timed Automata Scheduling Priced Timed Automata Optimal Reachability Optimal Infinite Scheduling Multi Objectives
More informationLTL Model Checking with Logic Based Petri Nets
LTL Model Checking with Logic Based Petri Nets Tristan M. Behrens and Jürgen Dix IfI Technical Report Series IfI-07-04 Impressum Publisher: Institut für Informatik, Technische Universität Clausthal Julius-Albert
More informationModel Based Testing for Security Checking. Wissam Mallouli and Prof. Ana Cavalli National Institute of Telecommunications, France November 21, 2007
Model Based Testing for Security Checking Wissam Mallouli and Prof. Ana Cavalli National Institute of Telecommunications, France November 21, 2007 Outline Introduction Active/Passive Testing Active Testing
More informationApplying Run-Time Monitoring to the Deep-Impact Fault Protection Engine
Applying Run-Time Monitoring to the Deep-Impact Fault Protection Engine Doron Drusinsky Time Rover, Inc. Cupertino, CA, USA www.time-rover.com Garth Watney NASA JPL Pasadena, CA, USA Garth.J.Watney@jpl.nasa.gov
More informationFair Model Checking with Process Counter Abstraction
Fair Model Checking with Process Counter Abstraction Jun Sun, Yang Liu, Abhik Roychoudhury, Shanshan Liu and Jin Song Dong School of Computing, National University of Singapore {sunj,liuyang,abhik,liushans,dongjs}@comp.nus.edu.sg
More informationInformatique Fondamentale IMA S8
Informatique Fondamentale IMA S8 Cours 1 - Intro + schedule + finite state machines Laure Gonnord http://laure.gonnord.org/pro/teaching/ Laure.Gonnord@polytech-lille.fr Université Lille 1 - Polytech Lille
More informationTest Case Generation for Ultimately Periodic Paths Joint work with Saddek Bensalem Hongyang Qu Stavros Tripakis Lenore Zuck Accepted to HVC 2007 How to find the condition to execute a path? (weakest precondition
More informationω-automata Automata that accept (or reject) words of infinite length. Languages of infinite words appear:
ω-automata ω-automata Automata that accept (or reject) words of infinite length. Languages of infinite words appear: in verification, as encodings of non-terminating executions of a program. in arithmetic,
More informationAutomated Route Planning for Milk-Run Transport Logistics with the NuSMV Model Checker
IEICE TRANS. INF. & SYST., VOL.E96 D, NO.12 DECEMBER 2013 2555 PAPER Special Section on Parallel and Distributed Computing and Networking Automated Route Planning for Milk-Run Transport Logistics with
More informationUsing Strategy Objectives for Network Security Analysis
Using Strategy Objectives for Network Security Analysis Elie Bursztein 1 and John C. Mitchell 2 {elie mitchell}@cs.stanford.edu 1 Stanford University and LSV, ENS Cachan, INRIA, CNRS 2 Stanford University
More informationIntroduction to SPIN. Acknowledgments. Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck. Features PROMELA/SPIN
Acknowledgments Introduction to SPIN Parts of the slides are based on an earlier lecture by Radu Iosif, Verimag. Ralf Huuck Ralf Huuck COMP 4152 1 Ralf Huuck COMP 4152 2 PROMELA/SPIN PROMELA (PROcess MEta
More informationA Scala DSL for Rete-based Runtime Verification
A Scala DSL for Rete-based Runtime Verification Klaus Havelund Jet Propulsion Laboratory California Institute of Technology, California, USA Abstract. Runtime verification (RV) consists in part of checking
More informationBusiness Process Verification: The Application of Model Checking and Timed Automata
Business Process Verification: The Application of Model Checking and Timed Automata Luis E. Mendoza Morales Processes and Systems Department, Simón Bolívar University, P.O. box 89000, Baruta, Venezuela,
More information