A framework for semiqualitative reasoning in engineering applications

In most cases the models for experimentation, analysis, or design in engineering applications take into account only quantitative knowledge. Sometimes there is a qualitative knowledge that is convenient to consider in order to obtain better conclusions. These qualitative concepts can be labels such as ``high,’ ’ ``very negative,’ ’ ``little acid,’ ’ ``monotonically increasing’ ’ or symbols such as ¾; º, etc. . . Engineers have already used this type of knowledge implicitly in many activities. The framework that we present here lets us express explicitly this knowledge. This work makes the following contributions. First, we identify the most important classes of qualitative concepts in engineering activities. Second, we present a novel methodology to integrate both qualitative and quantitative knowledge. Third, we obtain signi® cant conclusions automatically. It is named semiqualitative reasoning. Qualitative concepts are represented by means of closed real intervals. This approximation is accepted in the area of Arti® cial Intelligence. A modeling language is speci® ed to represent qualitative and quantitative knowledge of the model. A numeric constraint satisfaction problem is obtained by means of corresponding rules of transformation of the semantics of this language. In order to obtain conclusions, we have developed algorithms that treat the problem in a symbolic and numeric way. The interval conclusions obtained are transformed into qualitative labels through a linguistic interpretation. Finally, the capabilities of this methodology are illustrated on different problems

A General Framework for Automatic Termination Analysis of Logic Programs

This paper describes a general framework for automatic termination analysis of logic programs, where we understand by ``termination'' the finitenes s of the LD-tree constructed for the program and a given query. A general property of mappings from a certain subset of the branches of an infinite LD-tree into a finite set is proved. From this result several termination theorems are derived, by using different finite sets. The first two are formulated for the predicate dependency and atom dependency graphs. Then a general result for the case of the query-mapping pairs relevant to a program is proved (cf. \cite{Sagiv,Lindenstrauss:Sagiv}). The correctness of the {\em TermiLog} system described in \cite{Lindenstrauss:Sagiv:Serebrenik} follows from it. In this system it is not possible to prove termination for programs involving arithmetic predicates, since the usual order for the integers is not well-founded. A new method, which can be easily incorporated in {\em TermiLog} or similar systems, is presented, which makes it possible to prove termination for programs involving arithmetic predicates. It is based on combining a finite abstraction of the integers with the technique of the query-mapping pairs, and is essentially capable of dividing a termination proof into several cases, such that a simple termination function suffices for each case. Finally several possible extensions are outlined

Formal methods for test case generation

The invention relates to the use of model checkers to generate efficient test sets for hardware and software systems. The method provides for extending existing tests to reach new coverage targets; searching *to* some or all of the uncovered targets in parallel; searching in parallel *from* some or all of the states reached in previous tests; and slicing the model relative to the current set of coverage targets. The invention provides efficient test case generation and test set formation. Deep regions of the state space can be reached within allotted time and memory. The approach has been applied to use of the model checkers of SRI's SAL system and to model-based designs developed in Stateflow. Stateflow models achieving complete state and transition coverage in a single test case are reported

A Survey of Symbolic Execution Techniques

Many security and software testing applications require checking whether certain properties of a program hold for any possible usage scenario. For instance, a tool for identifying software vulnerabilities may need to rule out the existence of any backdoor to bypass a program's authentication. One approach would be to test the program using different, possibly random inputs. As the backdoor may only be hit for very specific program workloads, automated exploration of the space of possible inputs is of the essence. Symbolic execution provides an elegant solution to the problem, by systematically exploring many possible execution paths at the same time without necessarily requiring concrete inputs. Rather than taking on fully specified input values, the technique abstractly represents them as symbols, resorting to constraint solvers to construct actual instances that would cause property violations. Symbolic execution has been incubated in dozens of tools developed over the last four decades, leading to major practical breakthroughs in a number of prominent software reliability applications. The goal of this survey is to provide an overview of the main ideas, challenges, and solutions developed in the area, distilling them for a broad audience. The present survey has been accepted for publication at ACM Computing Surveys. If you are considering citing this survey, we would appreciate if you could use the following BibTeX entry: http://goo.gl/Hf5FvcComment: This is the authors pre-print copy. If you are considering citing this survey, we would appreciate if you could use the following BibTeX entry: http://goo.gl/Hf5Fv