Software verification using hybrid explicit and symbolic model checking
First Claim
Patent Images
1. A computer-implemented method for verification, comprising:
- defining a specification comprising properties applicable to a target system;
grouping execution sequences of the target system into multiple equivalence classes, each of the equivalence classes containing a respective subset of the execution sequences having a respective common control flow;
identifying one or more of the equivalence classes that contain respective subsets of the execution sequences that are potentially executed by the target system by traversing a graph representing the execution sequences using assignments of representative values to variables; and
for at least one of the identified equivalence classes, simultaneously verifying all the execution sequences in the equivalence class by evaluating a symbolic representation of the equivalence class so as to verify a compliance of the target system with the specification.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer-implemented method for verifying a target system includes defining a specification including properties applicable to the target system. Execution sequences of the target system are identified. A set of the execution sequences is grouped into an equivalence class characterized by a common control flow. A symbolic representation of the equivalence class is evaluated so as to verify a compliance of the set of the execution sequences with one or more of the properties.
25 Citations
21 Claims
-
1. A computer-implemented method for verification, comprising:
-
defining a specification comprising properties applicable to a target system; grouping execution sequences of the target system into multiple equivalence classes, each of the equivalence classes containing a respective subset of the execution sequences having a respective common control flow; identifying one or more of the equivalence classes that contain respective subsets of the execution sequences that are potentially executed by the target system by traversing a graph representing the execution sequences using assignments of representative values to variables; and for at least one of the identified equivalence classes, simultaneously verifying all the execution sequences in the equivalence class by evaluating a symbolic representation of the equivalence class so as to verify a compliance of the target system with the specification. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. Apparatus for verifying a target system, comprising:
-
a memory, which is arranged to hold a model of the target system and a specification comprising properties applicable to the target system; and a processor, which is arranged to group execution sequences of the target system into multiple equivalence classes, each of the equivalence classes containing a respective subset of the execution sequences having a respective common control flow, to identify one or more of the equivalence classes that contain respective subsets of the execution sequences that are potentially executed by the target system by traversing a graph representing the execution sequences using assignments of representative values to variables, and, for at least one of the identified equivalence classes, to simultaneously verify all the execution sequences in the equivalence class by evaluating a symbolic representation of the equivalence class so as to verify a compliance of the target system with the specification. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer software product for verifying a target system, the product comprising a tangible non-transitory computer-readable medium, in which program instructions are stored, which instructions, when read by a computer, cause the computer to accept a model of the target system and a specification comprising properties applicable to the target system, to group execution sequences of the target system into multiple equivalence classes, each of the equivalence classes containing a respective subset of the execution sequences having a respective common control flow, to identify one or more of the equivalence classes that contain respective subsets of the execution sequences that are potentially executed by the target system by traversing a graph representing the execution sequences using assignments of representative values to variables, and, for at least one of the identified equivalence classes, to simultaneously verify all the execution sequences in the equivalence class by evaluating a symbolic representation of the equivalence class so as to verify a compliance of the target system with the specification.
Specification