Hierarchical correctness verification in multiphase real-time software design

A hierarchical approach to correctness verification of real-time software specifications is presented. The verification is distributed into successive steps that correspond to the design phases. The three languages: Rule Charts, LACTATRE (graphical specification) and Communicating Real Time State Machines are used for specification of real-time software within corresponding abstraction levels. The correctness is defined as a coincidence of a system specified in a phase w.r.t. requirements established ing the previous phase. This correctness concept leads to an application of the relative correctness methods (developed in former works) for the verification. The approach is examined in Preliminary and Detailed Design phases for the verification of several types of properties: structure, functions and time constraints.     

基于偶然正确性概率的错误定位技术

基于代码覆盖的错误定位技术是一种常用的错误定位方法,被用来识别与故障相关的程序元素.然而,有研究工作表明基于代码覆盖的错误定位技术的有效性受到了偶然正确性现象的影响.偶然正确性现象是指程序中包含的错误被执行,但没有产生错误结果的情况,它在实际场景中是非常普遍的.在以往的研究工作中,我们提出了一种估算发生偶然正确性现象的概率的方法.该方法从程序运行时内存中值的定义-使用关系出发,对各语句的执行对程序输出的影响进行估计.基于偶然正确性概率,本文对基于代码覆盖的错误定位技术中可疑度的计算方法进行了修正,以消除偶然正确性现象对错误定位技术的影响.本文在Software-artifact Infrastructure Repository （SIR）中提供的西门子测试套件上进行了实验,这也是偶然正确性相关工作中常被使用的目标程序.实验结果表明,相对于基于代码覆盖信息的错误定位技术,本文提出的方法提高或至少维持了原有的安全性,并较好地提高了错误定位的精确度.     

Verifying general safety properties of Ada tasking programs

The isolation approach to symbolic execution of Ada tasking programs provides a basis for automating partial correctness proofs. The strength of this approach lies in its isolation nature; tasks are symbolically executed and verified independently, and then checked for cooperation where interference can occur. This keeps the verification task computationally feasible and enhances its compositionality. Safety, however, is a more appropriate notion of correctness for concurrent programs than partial correctness. The author shows how the isolation approach to symbolic execution of Ada tasking program supports the verification of general safety properties. Specific safety properties that are considered include mutual exclusion, freedom from deadlock, and absence of communication failure. The techniques are illustrated using a solution to the readers and writers problem     

基于Petri网的工作流模型简化

计算状态空间可达图是验证工作流正确性的主要方法,状态空间爆炸是这类方法的主要困难.文章对线性时态逻辑LTL-x描述的正确性提出了一种基于Petri网图形化简的验证方法,证明了所提出化简规则的完备性,并以实例说明了所提方法的有效性.     

Contract-based verification of discrete-time multi-rate Simulink models

This paper presents an approach to modular contract-based verification of discrete-time multi-rate Simulink models. The verification approach uses a translation of Simulink models to sequential programs that can then be verified using traditional software verification techniques. Automatic generation of the proof obligations needed for verification of correctness with respect to contracts, and automatic proofs are also discussed. Furthermore, the paper provides detailed discussions about the correctness of each step in the verification process. The verification approach is demonstrated on a case study involving control software for prevention of pressure peaks in hydraulics systems.     

An abstract programming language and correctness proofs

The realization of an abstract programming language is a good approach for automating the software production process and facilitating the correctness proof of a software system.

This paper introduces a formal language for programming at the abstract level by combining Pascal with VDM (Vienna Development Method). The notation provided by the language obliges programmers to consider the correctness of programs throughout the whole process of programming, and the proof axiom and rules presented in this paper may be used to prove the correctness of programs. A complete example is given to illustrate how to program using APL and how to prove the correctness of programs using the given axiom and rules.     

Theoretical and Empirical Studies of Program Testing

Two approaches to the study of program testing are described. One approach is theoretical and the other empirical. In the theoretical approach situations are characterized in which it is possible to use testing to formally prove the correctness of programs or the correctness of properties of programs. In the empirical approach statistics are collected which record the frequency with which different testing strategies reveal the errors in a collection of programs. A summary of the results of two research projects which investigated these approaches are presented. The differences between the two approaches are discussed and their relative advantages and disadvantages are compared.     

Composition and Correctness

This paper presents an approach to ensure correctness of composed systems. It takes into consideration that correctness can usually be achieved only to a certain degree (except for some small and very mission-critical applications) and complete specifications are usually not practicable. By modelling the parts, the composition activities and the requirements specification we automise the checking procedures using model checking. An important issue hereby is that our approach allows partial modelling and specification.     

Generation of correctness conditions for imperative programs

Verification of imperative programs in the sense of Floyd-Hoare is an approach to proving correctness of programs annotated by preconditions, postconditions, and loop invariants. It is based on generation of correctness conditions. In the structured deterministic case, the problem of generation of correctness conditions seems trivial, since it is solved by a syntax-driven algorithm, the complexity of which linearly depends on the number of control constructs. Vice versa, in the unstructured nondeterministic case, it seems a priori clear that the complexity of generation of the correctness conditions exponentially depends on the number of statements in the program. In the paper, an efficient and complete algorithm for the generation of the correctness conditions is presented and justified. It can be used both in the structured deterministic and unstructured nondeterministic cases. The algorithm complexity linearly depends on the number of control constructs and/or program statements.     

Formal verification of programs in the functional data-flow parallel language

The article is devoted to the methods of proving parallel programs correctness, that are based on the axiomatic approach. Formal system for functional data-flow parallel programming language Pifagor is described. On the basis of this system programs correctness could be proved.     

Mechanical certification of systolic algorithms

We present in this paper an approach for mechanically certifying the correctness of systolic algorithms and detail the correctness proof of a systolic algorithm for a dynamic programming (optimal parenthesization) problem.     

基于可达图的Web服务组合验证

针对基于Petri网的Web服务组合形式化建模,给出了Web服务网的正确性定义和可达图的构造算法.采用可达图作为分析工具,对Web服务网的可达性、有界性、安全性和活性等特性进行分析,给出验证Web服务组合正确性的方法,并举例说明了这种方法的应用.     

A Methodology for Evaluating Arabic Machine Translation Systems

This paper presents a methodology for evaluating Arabic Machine Translation (MT) systems. We are specifically interested in evaluating lexical coverage, grammatical coverage, semantic correctness and pronoun resolution correctness. The methodology presented is statistical and is based on earlier work on evaluating MT lexicons in which the idea of the importance of a specific word sense to a given application domain and how its presence or absence in the lexicon affects the MT system’s lexical quality, which in turn will affect the overall system output quality. The same idea is used in this paper and generalized so as to apply to grammatical coverage, semantic correctness and correctness of pronoun resolution. The approach adopted in this paper has been implemented and applied to evaluating four English-Arabic commercial MT systems. The results of the evaluation of these systems are presented for the domain of the Internet and Arabization.     

A structured approach to static semantics correctness

An approach to the correctness proof of static semantics with respect to the standard semantics of a programming language is presented, where correctness means that the properties of the language described by the static semantics, such as type checking, are consistent with the standard semantics. The standard and static semantics are given in a denotational style in terms of some basic domains and domain constructors, which, together with suitable operations, are used to describe fundamental semantic concepts. The domains have different meaning in the two semantics and the static semantics correctness proof is carried out by devising a set of suitable functions between them. We show that the correctness proof can be greatly simplified by structuring the semantics definitions, and we illustrate that by applying the methodology to a simple imperative language. In the example the derivation of a static checking algorithm from the static semantics is described.     

A Loosely Coordinated Model for Heap-Based Priority Queues in Multicore Environments

Heap-based priority queues are very common dynamical data structures used in several fields, ranging from operating systems to scientific applications. However, the rise of new multicore CPUs introduced new challenges in the process of design of these data structures: in addition to traditional requirements like correctness and progress, the scalability is of paramount importance. It is a common opinion that these two demands are partially in conflict each other, so that in these computational environments it is necessary to relax the requirements of correctness and linearizability to achieve high performances. In this paper we introduce a loosely coordinated approach for the management of heap based priority queues on multicore CPUs, with the aim to realize a tradeoff between efficiency and sequential correctness. The approach is based on a sharing of information among only a small number of cores, so that to improve performance without completely losing the features of the data structure. The results obtained on a scientific problem show significant benefits both in terms of parallel efficiency, as well as in term of numerical accuracy.     

A framework for superscalar microprocessor correctness statements

Most verifications of superscalar, out-of-order microprocessors compare state-machine-based implementations and specifications, where the specification is based on the instruction-set architecture. The different efforts use a variety of correctness statements, implementations, and verification approaches. We present a framework for classifying correctness statements about safety properties of superscalar microprocessors. Our framework is independent of the implementation representation and verification approach, and is parameterized by the width of the processor. We characterize the relationships between the correctness statements of many different efforts and also illustrate how classical approaches to microprocessor verification fit within our framework. Published online: 17 December 2002     

随机模型检测连续时间Markov过程

功能正确和性能可满足是复杂系统可信要求非常重要的两个方面。从定性验证和定量分析相结合的角度,对复杂并发系统进行功能验证和性能分析,统一地评估系统是否可信。连续时间Markov决策过程CTMDP(Continuous time Markov decision process)能够统一刻画复杂系统的概率选择、随机时间及不确定性等重要特征。提出用CTMDP作为系统定性验证和定量分析模型,将复杂系统的功能验证和性能分析转化为CTMDP中的可达概率求解,并证明验证过程的正确性,最终借助模型检测器MRMC(Markov Reward Model Chcckcr)实现模型检测。理论分析表明,提出的针对CI'MDP模型的验证需求是必要的,验证思路和方法具有可行性。     

Measurement of refinement and correctness

The purpose of this paper is to introduce a measurement approach of refinement and correctness of probabilistic programs. That is, we define the refinement degree and the correctness degree by the weakest precondition transformers. This kind of measurement indicates the degree that a program is refined by another and the degree that a program is correct with respect to a pair of precondition and postcondition. Some properties of this measurement, for example continuity, are discussed.