A Faithful Semantics for Generalised Symbolic Trajectory Evaluation

Generalised Symbolic Trajectory Evaluation (GSTE) is a high-capacity formal verification technique for hardware. GSTE uses abstraction, meaning that details of the circuit behaviour are removed from the circuit model. A semantics for GSTE can be used to predict and understand why certain circuit properties can or cannot be proven by GSTE. Several semantics have been described for GSTE. These semantics, however, are not faithful to the proving power of GSTE-algorithms, that is, the GSTE-algorithms are incomplete with respect to the semantics. The abstraction used in GSTE makes it hard to understand why a specific property can, or cannot, be proven by GSTE. The semantics mentioned above cannot help the user in doing so. The contribution of this paper is a faithful semantics for GSTE. That is, we give a simple formal theory that deems a property to be true if-and-only-if the property can be proven by a GSTE-model checker. We prove that the GSTE algorithm is sound and complete with respect to this semantics

Applicability of fair simulation

AbstractIn this paper we compare four notions of fair simulation: direct [9], delay [12], game [19], and exists [16]. Our comparison refers to three main aspects: The time complexity of constructing the fair simulation, the ability to use it for minimization, and the relationship between the fair simulations and universal branching-time logics. We developed a practical application that is based on this comparison. The application is a new implementation for the assume-guarantee modular framework presented By Grumberg at al. in [ACM Transactions on Programming Languages and Systems (TOPLAS), 16 (1994) 843]. The new implementation significantly improves the complexity of the framework

3-Valued abstraction: More precision at less cost

AbstractThis paper investigates both the precision and the model checking efficiency of abstract models designed to preserve branching time logics w.r.t. a 3-valued semantics. Current abstract models use ordinary transitions to over approximate the concrete transitions, while they use hyper transitions to under approximate the concrete transitions. In this work, we refer to precision measured w.r.t. the choice of abstract states, independently of the formalism used to describe abstract models. We show that current abstract models do not allow maximal precision. We suggest a new class of models and a construction of an abstract model which is most precise w.r.t. any choice of abstract states. As before, the construction of such models might involve an exponential blowup, which is inherent by the use of hyper transitions. We therefore suggest an efficient algorithm in which the abstract model is constructed during model checking, by need. Our algorithm achieves maximal precision w.r.t. the given property while remaining quadratic in the number of abstract states. To complete the picture, we incorporate it into an abstraction-refinement framework

A Generic Framework for Reasoning about Dynamic Networks of Infinite-State Processes

We propose a framework for reasoning about unbounded dynamic networks of infinite-state processes. We propose Constrained Petri Nets (CPN) as generic models for these networks. They can be seen as Petri nets where tokens (representing occurrences of processes) are colored by values over some potentially infinite data domain such as integers, reals, etc. Furthermore, we define a logic, called CML (colored markings logic), for the description of CPN configurations. CML is a first-order logic over tokens allowing to reason about their locations and their colors. Both CPNs and CML are parametrized by a color logic allowing to express constraints on the colors (data) associated with tokens. We investigate the decidability of the satisfiability problem of CML and its applications in the verification of CPNs. We identify a fragment of CML for which the satisfiability problem is decidable (whenever it is the case for the underlying color logic), and which is closed under the computations of post and pre images for CPNs. These results can be used for several kinds of analysis such as invariance checking, pre-post condition reasoning, and bounded reachability analysis.Comment: 29 pages, 5 tables, 1 figure, extended version of the paper published in the the Proceedings of TACAS 2007, LNCS 442

On The Difficulty of Computing Higher-Twist Corrections

We discuss the evaluation of power corrections to hard scattering and decay processes for which an operator product expansion is applicable. The Wilson coefficient of the leading-twist operator is the difference of two perturbative series, each of which has a renormalon ambiguity of the same order as the power corrections themselves, but which cancel in the difference. We stress the necessity of calculating this coefficient function to sufficiently high orders in perturbation theory so as to make the uncertainty of the same order or smaller than the relevant power corrections. We investigate in some simple examples whether this can be achieved. Our conclusion is that in most of the theoretical calculations which include power corrections, the uncertainties are at least comparable to the power corrections themselves, and that it will be a very difficult task to improve the situation.Comment: 27 pages, uuencoded file containing latex source and axodraw.sty fil