More Scalable LTL Model Checking via Discovering Design-Space Dependencies (D3)

Modern system design often requires comparing several models over a large design space. Different models arise out of a need to weigh different design choices, to check core capabilities of versions with varying features, or to analyze a future version against previous ones. Model checking can compare different models; however, applying model checking off-the-shelf may not scale due to the large size of the design space for today’s complex systems. We exploit relationships between different models of the same (or related) systems to optimize the model-checking search. Our algorithm, D3 , preprocesses the design space and checks fewer model-checking instances, e.g., using nuXmv. It automatically prunes the search space by reducing both the number of models to check, and the number of LTL properties that need to be checked for each model in order to provide the complete model-checking verdict for every individual model-property pair. We formalize heuristics that improve the performance of D3 . We demonstrate the scalability of D3 by extensive experimental evaluation, e.g., by checking 1,620 real-life models for NASA’s NextGen air traffic control system. Compared to checking each model-property pair individually, D3 is up to 9.4 × faster

Pasquale del Pezzo, Duke of Caianello, Neapolitan mathematician

This article is dedicated to a reconstruction of some events and achievements, both personal and scientific, in the life of the Neapolitan mathematician Pasquale del Pezzo, Duke of Caianello

On Teaching Applied Formal Methods in Aerospace Engineering

As formal methods come into broad industrial use for verification of safety-critical hardware, software, and cyber-physical systems, there is an increasing need to teach practical skills in applying formal methods at both the undergraduate and graduate levels. In the aerospace industry, flight certification requirements like the FAA’s DO-178B, DO-178C, DO-333, and DO-254, along with a series of high-profile accidents, have helped turn knowledge of formal methods into a desirable job skill for a wide range of engineering positions. We approach the question of verification from a safety-case perspective: the primary teaching goal is to impart students with the ability to look at a verification question and identify what formal methods are applicable, which tools are available, what the outputs from those tools will say about the system, and what they will not, e.g., what parts of the safety case need to be provided by other means. We overview the lectures, exercises, exams, and student projects in a mixed-level (undergraduate/graduate) Applied Formal Methods course (Additional materials are available on the course website: http://temporallogic.org/courses/AppliedFormalMethods/) taught in an Aerospace Engineering department. We highlight the approach, tools, and techniques aimed at imparting a good sense of both the state of the art and the state of the practice of formal methods in an effort to effectively prepare students headed for jobs in an increasingly formal world

Segre, Castelnuovo, Enriques: Missing Links

At the end of the 1880s, Segre guided Castelnuovo\u2019s research towards the geometry of algebraic curves, introducing Castelnuovo, whose earlier studies had been focused on n-dimensional projective geometry, to birational geometry, which is the starting point of the Italian school of algebraic geometry. After graduating and attending one post-graduate year at the University of Pisa, Enriques got in touch with Segre, aiming to spend one year in Turin. He was attracted by the reputation of the young master and, perhaps, by the mathematical environment of Turin University, which was particularly lively in those years. Contrary to his expectations, Enriques was sent to Rome, where in the meantime Castelnuovo had moved. He began to study the birational geometry of algebraic surfaces under Castelnuovo\u2019s direct supervision. Segre followed Enriques\u2019s first results but he was committed to finding a rigorous proof of the theorem of resolution of singularities of algebraic surfaces. His article on singularities was concluded in December 1896 and in the following year his student Beppo Levi completed the proof of the resolution theorem. Meanwhile, Enriques had laid the foundations of the general theory of linear systems of curves on algebraic surfaces and Castelnuovo had proved his famous rationality criterion. The link between Segre, Castelnuovo and Enriques could have turned into a scientific partnership: at the end of 1896, the three geometers planned to collect their results in a general treatise on the theory of algebraic varieties. However, this treatise was never realised