400 research outputs found
A Metric Encoding for Bounded Model Checking (extended version)
In Bounded Model Checking both the system model and the checked property are
translated into a Boolean formula to be analyzed by a SAT-solver. We introduce
a new encoding technique which is particularly optimized for managing
quantitative future and past metric temporal operators, typically found in
properties of hard real time systems. The encoding is simple and intuitive in
principle, but it is made more complex by the presence, typical of the Bounded
Model Checking technique, of backward and forward loops used to represent an
ultimately periodic infinite domain by a finite structure. We report and
comment on the new encoding technique and on an extensive set of experiments
carried out to assess its feasibility and effectiveness
A lower bound on CNF encodings of the at-most-one constraint
Constraint "at most one" is a basic cardinality constraint which requires
that at most one of its boolean inputs is set to . This constraint is
widely used when translating a problem into a conjunctive normal form (CNF) and
we investigate its CNF encodings suitable for this purpose. An encoding differs
from a CNF representation of a function in that it can use auxiliary variables.
We are especially interested in propagation complete encodings which have the
property that unit propagation is strong enough to enforce consistency on input
variables. We show a lower bound on the number of clauses in any propagation
complete encoding of the "at most one" constraint. The lower bound almost
matches the size of the best known encodings. We also study an important case
of 2-CNF encodings where we show a slightly better lower bound. The lower bound
holds also for a related "exactly one" constraint.Comment: 38 pages, version 3 is significantly reorganized in order to improve
readabilit
Bounded Determinization of Timed Automata with Silent Transitions
Deterministic timed automata are strictly less expressive than their
non-deterministic counterparts, which are again less expressive than those with
silent transitions. As a consequence, timed automata are in general
non-determinizable. This is unfortunate since deterministic automata play a
major role in model-based testing, observability and implementability. However,
by bounding the length of the traces in the automaton, effective
determinization becomes possible. We propose a novel procedure for bounded
determinization of timed automata. The procedure unfolds the automata to
bounded trees, removes all silent transitions and determinizes via disjunction
of guards. The proposed algorithms are optimized to the bounded setting and
thus are more efficient and can handle a larger class of timed automata than
the general algorithms. The approach is implemented in a prototype tool and
evaluated on several examples. To our best knowledge, this is the first
implementation of this type of procedure for timed automata.Comment: 25 page
Generating Non-Linear Interpolants by Semidefinite Programming
Interpolation-based techniques have been widely and successfully applied in
the verification of hardware and software, e.g., in bounded-model check- ing,
CEGAR, SMT, etc., whose hardest part is how to synthesize interpolants. Various
work for discovering interpolants for propositional logic, quantifier-free
fragments of first-order theories and their combinations have been proposed.
However, little work focuses on discovering polynomial interpolants in the
literature. In this paper, we provide an approach for constructing non-linear
interpolants based on semidefinite programming, and show how to apply such
results to the verification of programs by examples.Comment: 22 pages, 4 figure
Synthesizing and tuning chemical reaction networks with specified behaviours
We consider how to generate chemical reaction networks (CRNs) from functional
specifications. We propose a two-stage approach that combines synthesis by
satisfiability modulo theories and Markov chain Monte Carlo based optimisation.
First, we identify candidate CRNs that have the possibility to produce correct
computations for a given finite set of inputs. We then optimise the reaction
rates of each CRN using a combination of stochastic search techniques applied
to the chemical master equation, simultaneously improving the of correct
behaviour and ruling out spurious solutions. In addition, we use techniques
from continuous time Markov chain theory to study the expected termination time
for each CRN. We illustrate our approach by identifying CRNs for majority
decision-making and division computation, which includes the identification of
both known and unknown networks.Comment: 17 pages, 6 figures, appeared the proceedings of the 21st conference
on DNA Computing and Molecular Programming, 201
Assisted coverage closure
Malfunction of safety-critical systems may cause damage to people and the environment. Software within those systems is rigorously designed and verified according to domain specific guidance, such as ISO26262 for automotive safety. This paper describes academic and industrial co-operation in tool development to support one of the most stringent of the requirements --- achieving full code coverage in requirements-driven testing.
We present a verification workflow supported by a tool that integrates the coverage measurement tool RapiCover with the test-vector generator FShell. The tool assists closing the coverage gap by providing the engineer with test vectors that help in debugging coverage-related code quality issues and creating new test cases, as well as justifying the presence of unreachable parts of the code in order to finally achieve full effective coverage according to the required criteria. We illustrate the tool's practical utility on automotive industry benchmarks. It generates 8 times more MC/DC coverage than random search
Evaluating QBF Solvers: Quantifier Alternations Matter
We present an experimental study of the effects of quantifier alternations on
the evaluation of quantified Boolean formula (QBF) solvers. The number of
quantifier alternations in a QBF in prenex conjunctive normal form (PCNF) is
directly related to the theoretical hardness of the respective QBF
satisfiability problem in the polynomial hierarchy. We show empirically that
the performance of solvers based on different solving paradigms substantially
varies depending on the numbers of alternations in PCNFs. In related
theoretical work, quantifier alternations have become the focus of
understanding the strengths and weaknesses of various QBF proof systems
implemented in solvers. Our results motivate the development of methods to
evaluate orthogonal solving paradigms by taking quantifier alternations into
account. This is necessary to showcase the broad range of existing QBF solving
paradigms for practical QBF applications. Moreover, we highlight the potential
of combining different approaches and QBF proof systems in solvers.Comment: preprint of a paper to be published at CP 2018, LNCS, Springer,
including appendi
Understanding and Extending Incremental Determinization for 2QBF
Incremental determinization is a recently proposed algorithm for solving
quantified Boolean formulas with one quantifier alternation. In this paper, we
formalize incremental determinization as a set of inference rules to help
understand the design space of similar algorithms. We then present additional
inference rules that extend incremental determinization in two ways. The first
extension integrates the popular CEGAR principle and the second extension
allows us to analyze different cases in isolation. The experimental evaluation
demonstrates that the extensions significantly improve the performance
Approximate probabilistic verification of hybrid systems
Hybrid systems whose mode dynamics are governed by non-linear ordinary
differential equations (ODEs) are often a natural model for biological
processes. However such models are difficult to analyze. To address this, we
develop a probabilistic analysis method by approximating the mode transitions
as stochastic events. We assume that the probability of making a mode
transition is proportional to the measure of the set of pairs of time points
and value states at which the mode transition is enabled. To ensure a sound
mathematical basis, we impose a natural continuity property on the non-linear
ODEs. We also assume that the states of the system are observed at discrete
time points but that the mode transitions may take place at any time between
two successive discrete time points. This leads to a discrete time Markov chain
as a probabilistic approximation of the hybrid system. We then show that for
BLTL (bounded linear time temporal logic) specifications the hybrid system
meets a specification iff its Markov chain approximation meets the same
specification with probability . Based on this, we formulate a sequential
hypothesis testing procedure for verifying -approximately- that the Markov
chain meets a BLTL specification with high probability. Our case studies on
cardiac cell dynamics and the circadian rhythm indicate that our scheme can be
applied in a number of realistic settings
Automatic Abstraction in SMT-Based Unbounded Software Model Checking
Software model checkers based on under-approximations and SMT solvers are
very successful at verifying safety (i.e. reachability) properties. They
combine two key ideas -- (a) "concreteness": a counterexample in an
under-approximation is a counterexample in the original program as well, and
(b) "generalization": a proof of safety of an under-approximation, produced by
an SMT solver, are generalizable to proofs of safety of the original program.
In this paper, we present a combination of "automatic abstraction" with the
under-approximation-driven framework. We explore two iterative approaches for
obtaining and refining abstractions -- "proof based" and "counterexample based"
-- and show how they can be combined into a unified algorithm. To the best of
our knowledge, this is the first application of Proof-Based Abstraction,
primarily used to verify hardware, to Software Verification. We have
implemented a prototype of the framework using Z3, and evaluate it on many
benchmarks from the Software Verification Competition. We show experimentally
that our combination is quite effective on hard instances.Comment: Extended version of a paper in the proceedings of CAV 201
- …