338 research outputs found
Recommended from our members
Using formal methods to support testing
Formal methods and testing are two important approaches that assist in the development of high quality software. While traditionally these approaches have been seen as rivals, in recent
years a new consensus has developed in which they are seen as complementary. This article reviews the state of the art regarding ways in which the presence of a formal specification can be used to assist testing
Constraint-Based Heuristic On-line Test Generation from Non-deterministic I/O EFSMs
We are investigating on-line model-based test generation from
non-deterministic output-observable Input/Output Extended Finite State Machine
(I/O EFSM) models of Systems Under Test (SUTs). We propose a novel
constraint-based heuristic approach (Heuristic Reactive Planning Tester (xRPT))
for on-line conformance testing non-deterministic SUTs. An indicative feature
of xRPT is the capability of making reasonable decisions for achieving the test
goals in the on-line testing process by using the results of off-line bounded
static reachability analysis based on the SUT model and test goal
specification. We present xRPT in detail and make performance comparison with
other existing search strategies and approaches on examples with varying
complexity.Comment: In Proceedings MBT 2012, arXiv:1202.582
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Extracting Protocol Format as State Machine via Controlled Static Loop Analysis
Reverse engineering of protocol message formats is critical for many security
applications. Mainstream techniques use dynamic analysis and inherit its
low-coverage problem -- the inferred message formats only reflect the features
of their inputs. To achieve high coverage, we choose to use static analysis to
infer message formats from the implementation of protocol parsers. In this
work, we focus on a class of extremely challenging protocols whose formats are
described via constraint-enhanced regular expressions and parsed using
finite-state machines. Such state machines are often implemented as complicated
parsing loops, which are inherently difficult to analyze via conventional
static analysis. Our new technique extracts a state machine by regarding each
loop iteration as a state and the dependency between loop iterations as state
transitions. To achieve high, i.e., path-sensitive, precision but avoid path
explosion, the analysis is controlled to merge as many paths as possible based
on carefully-designed rules. The evaluation results show that we can infer a
state machine and, thus, the message formats, in five minutes with over 90%
precision and recall, far better than state of the art. We also applied the
state machines to enhance protocol fuzzers, which are improved by 20% to 230%
in terms of coverage and detect ten more zero-days compared to baselines
Efficient state reduction methods for PLA-based sequential circuits
Experiences with heuristics for the state reduction of finite-state machines are presented and two new heuristic algorithms described in detail. Results on machines from the literature and from the MCNC benchmark set are shown. The area of the PLA implementation of the combinational component and the design time are used as figures of merit. The comparison of such parameters, when the state reduction step is included in the design process and when it is not, suggests that fast state-reduction heuristics should be implemented within FSM automatic synthesis systems
AUTSEG: Automatic Test Set Generator for Embedded Reactive Systems
Part 2: Tools and FrameworksInternational audienceOne of the biggest challenges in hardware and software design is to ensure that a system is error-free. Small errors in reactive embedded systems can have disastrous and costly consequences for a project. Preventing such errors by identifying the most probable cases of erratic system behavior is quite challenging. In this paper, we introduce an automatic test set generator called AUTSEG. Its input is a generic model of the target system, generated using the synchronous approach. Our tool finds the optimal preconditions for restricting the state space of the model. It only works locally on significant subspaces. Our approach exhibits a simpler and efficient quasi-flattening algorithm than existing techniques and a useful compiled form to check security properties and reduce the combinatorial explosion problem of state space. To illustrate our approach, AUTSEG was applied to the case of a transportation contactless card
Doctor of Philosophy
dissertationFormal verification of hardware designs has become an essential component of the overall system design flow. The designs are generally modeled as finite state machines, on which property and equivalence checking problems are solved for verification. Reachability analysis forms the core of these techniques. However, increasing size and complexity of the circuits causes the state explosion problem. Abstraction is the key to tackling the scalability challenges. This dissertation presents new techniques for word-level abstraction with applications in sequential design verification. By bundling together k bit-level state-variables into one word-level constraint expression, the state-space is construed as solutions (variety) to a set of polynomial constraints (ideal), modeled over the finite (Galois) field of 2^k elements. Subsequently, techniques from algebraic geometry -- notably, Groebner basis theory and technology -- are researched to perform reachability analysis and verification of sequential circuits. This approach adds a "word-level dimension" to state-space abstraction and verification to make the process more efficient. While algebraic geometry provides powerful abstraction and reasoning capabilities, the algorithms exhibit high computational complexity. In the dissertation, we show that by analyzing the constraints, it is possible to obtain more insights about the polynomial ideals, which can be exploited to overcome the complexity. Using our algorithm design and implementations, we demonstrate how to perform reachability analysis of finite-state machines purely at the word level. Using this concept, we perform scalable verification of sequential arithmetic circuits. As contemporary approaches make use of resolution proofs and unsatisfiable cores for state-space abstraction, we introduce the algebraic geometry analog of unsatisfiable cores, and present algorithms to extract and refine unsatisfiable cores of polynomial ideals. Experiments are performed to demonstrate the efficacy of our approaches
- …