Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679392
S. Conchon, A. Goel, S. Krstic, A. Mebsout, Fatiha Zaïdi
Verification of safety properties of concurrent programs with an arbitrary numbers of processes is an old challenge. In particular, complex parameterized protocols like FLASH are still out of the scope of state-of-the-art model checkers. In this paper, we describe a new algorithm, called BRAB, that is able to automatically infer invariants strong enough to prove a protocol like FLASH. BRAB computes over-approximations of backward reachable states that are checked to be unreachable in a finite instance of the system. These approximations (candidate invariants) are then model checked together with the original safety properties. Completeness of the approach is ensured by a mechanism for backtracking on spurious traces introduced by too coarse approximations.
{"title":"Invariants for finite instances and beyond","authors":"S. Conchon, A. Goel, S. Krstic, A. Mebsout, Fatiha Zaïdi","doi":"10.1109/FMCAD.2013.6679392","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679392","url":null,"abstract":"Verification of safety properties of concurrent programs with an arbitrary numbers of processes is an old challenge. In particular, complex parameterized protocols like FLASH are still out of the scope of state-of-the-art model checkers. In this paper, we describe a new algorithm, called BRAB, that is able to automatically infer invariants strong enough to prove a protocol like FLASH. BRAB computes over-approximations of backward reachable states that are checked to be unreachable in a finite instance of the system. These approximations (candidate invariants) are then model checked together with the original safety properties. Completeness of the approach is ensured by a mechanism for backtracking on spurious traces introduced by too coarse approximations.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"2 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133320298","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679407
Gadi Aleksandrowicz, J. Baumgartner, A. Ivrii, Ziv Nevo
We consider generalized counterexamples in the context of liveness property checking. A generalized counterexample comprises only a subset of values necessary to establish the existence of a concrete counterexample. While useful in various ways even for safety properties, the length of a generalized liveness counterexample may be exponentially shorter than that of a concrete counterexample, entailing significant potential algorithmic benefits. One application of this concept extends the k-LIVENESS proof technique of [1] to enable failure detection. The resulting algorithm is simple, and poses negligible overhead to k-LIVENESS in practice. We additionally propose dedicated algorithms to search for generalized liveness counterexamples, and to manipulate generalized counterexamples to and from concrete ones. Experiments confirm the capability of these techniques to detect failures more efficiently than existing techniques for various benchmarks.
{"title":"Generalized counterexamples to liveness properties","authors":"Gadi Aleksandrowicz, J. Baumgartner, A. Ivrii, Ziv Nevo","doi":"10.1109/FMCAD.2013.6679407","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679407","url":null,"abstract":"We consider generalized counterexamples in the context of liveness property checking. A generalized counterexample comprises only a subset of values necessary to establish the existence of a concrete counterexample. While useful in various ways even for safety properties, the length of a generalized liveness counterexample may be exponentially shorter than that of a concrete counterexample, entailing significant potential algorithmic benefits. One application of this concept extends the k-LIVENESS proof technique of [1] to enable failure detection. The resulting algorithm is simple, and poses negligible overhead to k-LIVENESS in practice. We additionally propose dedicated algorithms to search for generalized liveness counterexamples, and to manipulate generalized counterexamples to and from concrete ones. Experiments confirm the capability of these techniques to detect failures more efficiently than existing techniques for various benchmarks.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133637790","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679390
D. Déharbe, P. Fontaine, Daniel Le Berre, Bertrand Mazure
Model checking and counter-example guided abstraction refinement are examples of applications of SAT solving requiring the production of models for satisfiable formulas. Better than giving a truth value to every variable, one can provide an implicant, i.e. a partial assignment of the variables such that every full extension is a model for the formula. An implicant is prime if every assignment is necessary. Since prime implicants contain no literal irrelevant for the satisfiability of the formula, they are considered as highly refined information. We here propose a novel algorithm that uses data structures found in modern CDCL SAT solvers to efficiently compute prime implicants starting from an existing model. The original aspects are (1) the algorithm is based on watched literals and a form of propagation of required literals, adapted to CDCL solvers (2) the algorithm works not only on clauses, but also on generalized constraints (3) for clauses and, more generally for cardinality constraints, the algorithm complexity is linear in the size of the constraints found. We implemented and evaluated the algorithm with the Sat4j library.
{"title":"Computing prime implicants","authors":"D. Déharbe, P. Fontaine, Daniel Le Berre, Bertrand Mazure","doi":"10.1109/FMCAD.2013.6679390","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679390","url":null,"abstract":"Model checking and counter-example guided abstraction refinement are examples of applications of SAT solving requiring the production of models for satisfiable formulas. Better than giving a truth value to every variable, one can provide an implicant, i.e. a partial assignment of the variables such that every full extension is a model for the formula. An implicant is prime if every assignment is necessary. Since prime implicants contain no literal irrelevant for the satisfiability of the formula, they are considered as highly refined information. We here propose a novel algorithm that uses data structures found in modern CDCL SAT solvers to efficiently compute prime implicants starting from an existing model. The original aspects are (1) the algorithm is based on watched literals and a form of propagation of required literals, adapted to CDCL solvers (2) the algorithm works not only on clauses, but also on generalized constraints (3) for clauses and, more generally for cardinality constraints, the algorithm complexity is linear in the size of the constraints found. We implemented and evaluated the algorithm with the Sat4j library.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131307407","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679386
K. Chatterjee, T. Henzinger, J. Otop, Andreas Pavlogiannis
We consider the distributed synthesis problem for temporal logic specifications. Traditionally, the problem has been studied for LTL, and the previous results show that the problem is decidable iff there is no information fork in the architecture. We consider the problem for fragments of LTL and our main results are as follows: (1) We show that the problem is undecidable for architectures with information forks even for the fragment of LTL with temporal operators restricted to next and eventually. (2) For specifications restricted to globally along with non-nested next operators, we establish decidability (in EXPSPACE) for star architectures where the processes receive disjoint inputs, whereas we establish undecidability for architectures containing an information fork-meet structure. (3) Finally, we consider LTL without the next operator, and establish decidability (NEXPTIME-complete) for all architectures for a fragment that consists of a set of safety assumptions, and a set of guarantees where each guarantee is a safety, reachability, or liveness condition.
{"title":"Distributed synthesis for LTL fragments","authors":"K. Chatterjee, T. Henzinger, J. Otop, Andreas Pavlogiannis","doi":"10.1109/FMCAD.2013.6679386","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679386","url":null,"abstract":"We consider the distributed synthesis problem for temporal logic specifications. Traditionally, the problem has been studied for LTL, and the previous results show that the problem is decidable iff there is no information fork in the architecture. We consider the problem for fragments of LTL and our main results are as follows: (1) We show that the problem is undecidable for architectures with information forks even for the fragment of LTL with temporal operators restricted to next and eventually. (2) For specifications restricted to globally along with non-nested next operators, we establish decidability (in EXPSPACE) for star architectures where the processes receive disjoint inputs, whereas we establish undecidability for architectures containing an information fork-meet structure. (3) Finally, we consider LTL without the next operator, and establish decidability (NEXPTIME-complete) for all architectures for a fragment that consists of a set of safety assumptions, and a set of guarantees where each guarantee is a safety, reachability, or liveness condition.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"49 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128013119","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679409
Tim King, Clark W. Barrett, B. Dutertre
The de facto standard for state-of-the-art real and integer linear reasoning within Satisfiability Modulo Theories (SMT) solvers is the Simplex for DPLL(T) algorithm given by Dutertre and de Moura. This algorithm works by performing a sequence of local optimization operations. While the algorithm is generally efficient in practice, its local pivoting heuristics lead to slow convergence on some problems. More traditional Simplex algorithms minimize a global criterion to determine the feasibility of the input constraints. We present a novel Simplex-based decision procedure for use in SMT that minimizes the sum of infeasibilities of the constraints. Experimental results show that this new algorithm is comparable with or outperforms Simplex for DPLL(T) on a broad set of benchmarks.
{"title":"Simplex with sum of infeasibilities for SMT","authors":"Tim King, Clark W. Barrett, B. Dutertre","doi":"10.1109/FMCAD.2013.6679409","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679409","url":null,"abstract":"The de facto standard for state-of-the-art real and integer linear reasoning within Satisfiability Modulo Theories (SMT) solvers is the Simplex for DPLL(T) algorithm given by Dutertre and de Moura. This algorithm works by performing a sequence of local optimization operations. While the algorithm is generally efficient in practice, its local pivoting heuristics lead to slow convergence on some problems. More traditional Simplex algorithms minimize a global criterion to determine the feasibility of the input constraints. We present a novel Simplex-based decision procedure for use in SMT that minimizes the sum of infeasibilities of the constraints. Experimental results show that this new algorithm is comparable with or outperforms Simplex for DPLL(T) on a broad set of benchmarks.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133891382","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679396
Viktor Kunčak, Régis Blanc
Synthesis procedures compile relational specifications into functions. In addition to bounded domains, synthesis procedures are applicable to domains such as mathematical integers, where the domain and range of relations and synthesized code is unbounded. Previous work presented synthesis procedures that generate self-contained code and do not require components as inputs. The advantage of this approach is that it requires only specifications as user input. On the other hand, in some cases it can be desirable to require that the synthesized system reuses existing components. This paper describes a technique to automatically synthesize systems from components. It is also applicable to repair scenarios where the desired sub-component of the system should be replaced to satisfy the overall specification. The technique is sound, and it is complete for constraints for which an interpolation procedure exists, which includes e.g. propositional logic, bitvectors, linear integer arithmetic, recursive structures, finite sets, and extensions of the theory of arrays.
{"title":"Interpolation for synthesis on unbounded domains","authors":"Viktor Kunčak, Régis Blanc","doi":"10.1109/FMCAD.2013.6679396","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679396","url":null,"abstract":"Synthesis procedures compile relational specifications into functions. In addition to bounded domains, synthesis procedures are applicable to domains such as mathematical integers, where the domain and range of relations and synthesized code is unbounded. Previous work presented synthesis procedures that generate self-contained code and do not require components as inputs. The advantage of this approach is that it requires only specifications as user input. On the other hand, in some cases it can be desirable to require that the synthesized system reuses existing components. This paper describes a technique to automatically synthesize systems from components. It is also applicable to repair scenarios where the desired sub-component of the system should be replaced to satisfy the overall specification. The technique is sound, and it is complete for constraints for which an interpolation procedure exists, which includes e.g. propositional logic, bitvectors, linear integer arithmetic, recursive structures, finite sets, and extensions of the theory of arrays.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130916983","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679412
Björn Wachter, D. Kroening, J. Ouaknine
Lazy abstraction with interpolants, also known as the Impact algorithm, is en vogue as a state-of-the-art software model-checking technique for sequential programs. However, a direct extension of the Impact algorithm to concurrent programs is bound to be inefficient as it has to explore all thread interleavings, which leads to control-state explosion. To this end, we present a new algorithm that combines a new, symbolic form of partial-order reduction with Impact. Our algorithm carries out the dependence analysis on-the-fly while constructing the abstraction and is thus able to deal precisely with dynamic dependencies arising from accesses to tables or pointers - a setting where classical static partial-order reduction techniques struggle. We have implemented the algorithm in a prototype tool that analyses concurrent C program with POSIX threads and evaluated it on a number of benchmark programs. To our knowledge, this is the first application of an Impact-like algorithm to concurrent programs.
{"title":"Verifying multi-threaded software with impact","authors":"Björn Wachter, D. Kroening, J. Ouaknine","doi":"10.1109/FMCAD.2013.6679412","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679412","url":null,"abstract":"Lazy abstraction with interpolants, also known as the Impact algorithm, is en vogue as a state-of-the-art software model-checking technique for sequential programs. However, a direct extension of the Impact algorithm to concurrent programs is bound to be inefficient as it has to explore all thread interleavings, which leads to control-state explosion. To this end, we present a new algorithm that combines a new, symbolic form of partial-order reduction with Impact. Our algorithm carries out the dependence analysis on-the-fly while constructing the abstraction and is thus able to deal precisely with dynamic dependencies arising from accesses to tables or pointers - a setting where classical static partial-order reduction techniques struggle. We have implemented the algorithm in a prototype tool that analyses concurrent C program with POSIX threads and evaluated it on a number of benchmark programs. To our knowledge, this is the first application of an Impact-like algorithm to concurrent programs.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122282716","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679405
Zyad Hassan, Aaron R. Bradley, F. Somenzi
An improved clause generalization procedure for IC3 is presented. Whereas standard generalization extracts a relatively inductive clause from a single state, called a counterexample to induction (CTI), the new procedure also extracts such clauses from other states, called counterexamples to generalization (CTG), that interfere with the primary generalization attempt. The motivation is to enable IC3 to explore states farther from the error states than are CTIs while remaining property-focused. CTGs are strong candidates for being farther but still backward reachable. Significant reductions in the maximum depth reached by IC3's priority queue-directed explicit backward search indicate that this intention is achieved in practice. The effectiveness of the new procedure is established in two independent implementations of IC3, which demonstrate an increase of 17 and 27, respectively, in the number of solved HWMCC benchmarks.
{"title":"Better generalization in IC3","authors":"Zyad Hassan, Aaron R. Bradley, F. Somenzi","doi":"10.1109/FMCAD.2013.6679405","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679405","url":null,"abstract":"An improved clause generalization procedure for IC3 is presented. Whereas standard generalization extracts a relatively inductive clause from a single state, called a counterexample to induction (CTI), the new procedure also extracts such clauses from other states, called counterexamples to generalization (CTG), that interfere with the primary generalization attempt. The motivation is to enable IC3 to explore states farther from the error states than are CTIs while remaining property-focused. CTGs are strong candidates for being farther but still backward reachable. Significant reductions in the maximum depth reached by IC3's priority queue-directed explicit backward search indicate that this intention is achieved in practice. The effectiveness of the new procedure is established in two independent implementations of IC3, which demonstrate an increase of 17 and 27, respectively, in the number of solved HWMCC benchmarks.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127041430","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679395
E. Goldberg, P. Manolios
We consider the problem of existential quantifier elimination for Boolean formulas in conjunctive normal form. Recently we presented a new method for solving this problem based on the machinery of Dependency sequents (D-sequents). The essence of this method is to add to the quantified formula implied clauses until all the clauses with quantified variables become redundant. A D-sequent is a record of the fact that a set of quantified variables is redundant in some subspace. In this paper, we introduce a quantifier elimination algorithm based on a new type of D-sequents called clause D-sequents that express redundancy of clauses rather than variables. Clause D-sequents significantly extend our ability to introduce and algorithmically exploit redundancy, as our experimental results show.
{"title":"Quantifier elimination via clause redundancy","authors":"E. Goldberg, P. Manolios","doi":"10.1109/FMCAD.2013.6679395","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679395","url":null,"abstract":"We consider the problem of existential quantifier elimination for Boolean formulas in conjunctive normal form. Recently we presented a new method for solving this problem based on the machinery of Dependency sequents (D-sequents). The essence of this method is to add to the quantified formula implied clauses until all the clauses with quantified variables become redundant. A D-sequent is a record of the fact that a set of quantified variables is redundant in some subspace. In this paper, we introduce a quantifier elimination algorithm based on a new type of D-sequents called clause D-sequents that express redundancy of clauses rather than variables. Clause D-sequents significantly extend our ability to introduce and algorithmically exploit redundancy, as our experimental results show.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"21 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126491992","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2013-12-11DOI: 10.1109/FMCAD.2013.6679400
Alex Horn, Michael Tautschnig, C. G. Val, Lihao Liang, T. Melham, J. Grundy, D. Kroening
Today's microelectronics industry is increasingly confronted with the challenge of developing and validating software that closely interacts with hardware. These interactions make it difficult to design and validate the hardware and software separately; instead, a verifiable co-design is required that takes them into account. This paper demonstrates a new approach to co-validation of hardware/software interfaces by formal, symbolic co-execution of an executable hardware model combined with the software that interacts with it. We illustrate and evaluate our technique on three realistic benchmarks in which software I/O is subject to hardware-specific protocol rules: a real-time clock, a temperature sensor on an I2C bus, and an Ethernet MAC. We provide experimental results that show our approach is both feasible as a bug-finding technique and scales to handle a significant degree of concurrency in the combined hardware/software model.
{"title":"Formal co-validation of low-level hardware/software interfaces","authors":"Alex Horn, Michael Tautschnig, C. G. Val, Lihao Liang, T. Melham, J. Grundy, D. Kroening","doi":"10.1109/FMCAD.2013.6679400","DOIUrl":"https://doi.org/10.1109/FMCAD.2013.6679400","url":null,"abstract":"Today's microelectronics industry is increasingly confronted with the challenge of developing and validating software that closely interacts with hardware. These interactions make it difficult to design and validate the hardware and software separately; instead, a verifiable co-design is required that takes them into account. This paper demonstrates a new approach to co-validation of hardware/software interfaces by formal, symbolic co-execution of an executable hardware model combined with the software that interacts with it. We illustrate and evaluate our technique on three realistic benchmarks in which software I/O is subject to hardware-specific protocol rules: a real-time clock, a temperature sensor on an I2C bus, and an Ethernet MAC. We provide experimental results that show our approach is both feasible as a bug-finding technique and scales to handle a significant degree of concurrency in the combined hardware/software model.","PeriodicalId":346097,"journal":{"name":"2013 Formal Methods in Computer-Aided Design","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2013-12-11","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123800419","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: