30,349 research outputs found
Formal Verification of an Iterative Low-Power x86 Floating-Point Multiplier with Redundant Feedback
We present the formal verification of a low-power x86 floating-point
multiplier. The multiplier operates iteratively and feeds back intermediate
results in redundant representation. It supports x87 and SSE instructions in
various precisions and can block the issuing of new instructions. The design
has been optimized for low-power operation and has not been constrained by the
formal verification effort. Additional improvements for the implementation were
identified through formal verification. The formal verification of the design
also incorporates the implementation of clock-gating and control logic. The
core of the verification effort was based on ACL2 theorem proving.
Additionally, model checking has been used to verify some properties of the
floating-point scheduler that are relevant for the correct operation of the
unit.Comment: In Proceedings ACL2 2011, arXiv:1110.447
Trusting Computations: a Mechanized Proof from Partial Differential Equations to Actual Program
Computer programs may go wrong due to exceptional behaviors, out-of-bound
array accesses, or simply coding errors. Thus, they cannot be blindly trusted.
Scientific computing programs make no exception in that respect, and even bring
specific accuracy issues due to their massive use of floating-point
computations. Yet, it is uncommon to guarantee their correctness. Indeed, we
had to extend existing methods and tools for proving the correct behavior of
programs to verify an existing numerical analysis program. This C program
implements the second-order centered finite difference explicit scheme for
solving the 1D wave equation. In fact, we have gone much further as we have
mechanically verified the convergence of the numerical scheme in order to get a
complete formal proof covering all aspects from partial differential equations
to actual numerical results. To the best of our knowledge, this is the first
time such a comprehensive proof is achieved.Comment: N° RR-8197 (2012). arXiv admin note: text overlap with
arXiv:1112.179
Semantic mutation testing
This is the Pre-print version of the Article. The official published version can be obtained from the link below - Copyright @ 2011 ElsevierMutation testing is a powerful and flexible test technique. Traditional mutation testing makes a small change to the syntax of a description (usually a program) in order to create a mutant. A test suite is considered to be good if it distinguishes between the original description and all of the (functionally non-equivalent) mutants. These mutants can be seen as representing potential small slips and thus mutation testing aims to produce a test suite that is good at finding such slips. It has also been argued that a test suite that finds such small changes is likely to find larger changes. This paper describes a new approach to mutation testing, called semantic mutation testing. Rather than mutate the description, semantic mutation testing mutates the semantics of the language in which the description is written. The mutations of the semantics of the language represent possible misunderstandings of the description language and thus capture a different class of faults. Since the likely misunderstandings are highly context dependent, this context should be used to determine which semantic mutants should be produced. The approach is illustrated through examples with statecharts and C code. The paper also describes a semantic mutation testing tool for C and the results of experiments that investigated the nature of some semantic mutation operators for C
Workshop on Verification and Theorem Proving for Continuous Systems (NetCA Workshop 2005)
Oxford, UK, 26 August 200
The AutoProof Verifier: Usability by Non-Experts and on Standard Code
Formal verification tools are often developed by experts for experts; as a
result, their usability by programmers with little formal methods experience
may be severely limited. In this paper, we discuss this general phenomenon with
reference to AutoProof: a tool that can verify the full functional correctness
of object-oriented software. In particular, we present our experiences of using
AutoProof in two contrasting contexts representative of non-expert usage.
First, we discuss its usability by students in a graduate course on software
verification, who were tasked with verifying implementations of various sorting
algorithms. Second, we evaluate its usability in verifying code developed for
programming assignments of an undergraduate course. The first scenario
represents usability by serious non-experts; the second represents usability on
"standard code", developed without full functional verification in mind. We
report our experiences and lessons learnt, from which we derive some general
suggestions for furthering the development of verification tools with respect
to improving their usability.Comment: In Proceedings F-IDE 2015, arXiv:1508.0338
Avoiding coincidental correctness in boundary value analysis
In partition analysis we divide the input domain to form subdomains on which the system's behaviour should be uniform. Boundary value analysis produces test inputs near each subdomain's boundaries to find failures caused by incorrect implementation of the boundaries. However, boundary value analysis can be adversely affected by coincidental correctness---the system produces the expected output, but for the wrong reason. This article shows how boundary value analysis can be adapted in order to reduce the likelihood of coincidental correctness. The main contribution is to cases of automated test data generation in which we cannot rely on the expertise of a tester
- ā¦