[{"author":[{"full_name":"Thomas Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"last_name":"Jhala","full_name":"Jhala, Ranjit","first_name":"Ranjit"},{"last_name":"Majumdar","full_name":"Majumdar, Ritankar S","first_name":"Ritankar"},{"last_name":"Mcmillan","first_name":"Kenneth","full_name":"McMillan, Kenneth L"}],"publication_status":"published","conference":{"name":"POPL: Principles of Programming Languages"},"month":"04","day":"01","abstract":[{"text":"The success of model checking for large programs depends crucially on the ability to efficiently construct parsimonious abstractions. A predicate abstraction is parsimonious if at each control location, it specifies only relationships between current values of variables, and only those which are required for proving correctness. Previous methods for automatically refining predicate abstractions until sufficient precision is obtained do not systematically construct parsimonious abstractions: predicates usually contain symbolic variables, and are added heuristically and often uniformly to many or all control locations at once. We use Craig interpolation to efficiently construct, from a given abstract error trace which cannot be concretized, a parsominous abstraction that removes the trace. At each location of the trace, we infer the relevant predicates as an interpolant between the two formulas that define the past and the future segment of the trace. Each interpolant is a relationship between current values of program variables, and is relevant only at that particular program location. It can be found by a linear scan of the proof of infeasibility of the trace.We develop our method for programs with arithmetic and pointer expressions, and call-by-value function calls. For function calls, Craig interpolation offers a systematic way of generating relevant predicates that contain only the local variables of the function and the values of the formal parameters when the function was called. We have extended our model checker Blast with predicate discovery by Craig interpolation, and applied it successfully to C programs with more than 130,000 lines of code, which was not possible with approaches that build less parsimonious abstractions.","lang":"eng"}],"publisher":"ACM","type":"conference","status":"public","date_published":"2004-04-01T00:00:00Z","page":"232 - 244","extern":1,"quality_controlled":0,"date_updated":"2021-01-12T07:57:06Z","year":"2004","publist_id":"270","date_created":"2018-12-11T12:08:57Z","title":"Abstractions from proofs","citation":{"chicago":"Henzinger, Thomas A, Ranjit Jhala, Ritankar Majumdar, and Kenneth Mcmillan. “Abstractions from Proofs,” 232–44. ACM, 2004. https://doi.org/10.1145/964001.964021.","mla":"Henzinger, Thomas A., et al. Abstractions from Proofs. ACM, 2004, pp. 232–44, doi:10.1145/964001.964021.","ista":"Henzinger TA, Jhala R, Majumdar R, Mcmillan K. 2004. Abstractions from proofs. POPL: Principles of Programming Languages, 232–244.","short":"T.A. Henzinger, R. Jhala, R. Majumdar, K. Mcmillan, in:, ACM, 2004, pp. 232–244.","ama":"Henzinger TA, Jhala R, Majumdar R, Mcmillan K. Abstractions from proofs. In: ACM; 2004:232-244. doi:10.1145/964001.964021","ieee":"T. A. Henzinger, R. Jhala, R. Majumdar, and K. Mcmillan, “Abstractions from proofs,” presented at the POPL: Principles of Programming Languages, 2004, pp. 232–244.","apa":"Henzinger, T. A., Jhala, R., Majumdar, R., & Mcmillan, K. (2004). Abstractions from proofs (pp. 232–244). Presented at the POPL: Principles of Programming Languages, ACM. https://doi.org/10.1145/964001.964021"},"_id":"4458","doi":"10.1145/964001.964021"},{"author":[{"orcid":"0000−0002−2985−7724","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","full_name":"Thomas Henzinger","first_name":"Thomas A"},{"last_name":"Jhala","full_name":"Jhala, Ranjit","first_name":"Ranjit"},{"last_name":"Majumdar","full_name":"Majumdar, Ritankar S","first_name":"Ritankar"}],"publication_status":"published","month":"06","conference":{"name":"PLDI: Programming Languages Design and Implementation"},"abstract":[{"lang":"eng","text":"Software model checking has been successful for sequential programs, where predicate abstraction offers suitable models, and counterexample-guided abstraction refinement permits the automatic inference of models. When checking concurrent programs, we need to abstract threads as well as the contexts in which they execute. Stateless context models, such as predicates on global variables, prove insufficient for showing the absence of race conditions in many examples. We therefore use richer context models, which combine (1) predicates for abstracting data state, (2) control flow quotients for abstracting control state, and (3) counters for abstracting an unbounded number of threads. We infer suitable context models automatically by a combination of counterexample-guided abstraction refinement, bisimulation minimization, circular assume-guarantee reasoning, and parametric reasoning about an unbounded number of threads. This algorithm, called CIRC, has been implemented in BLAST and succeeds in checking many examples of NESC code for data races. In particular, BLAST proves the absence of races in several cases where previous race checkers give false positives."}],"day":"01","type":"conference","status":"public","date_published":"2004-06-01T00:00:00Z","publisher":"ACM","quality_controlled":0,"page":"1 - 13","extern":1,"year":"2004","date_updated":"2021-01-12T07:57:07Z","date_created":"2018-12-11T12:08:57Z","citation":{"apa":"Henzinger, T. A., Jhala, R., & Majumdar, R. (2004). Race checking by context inference (pp. 1–13). Presented at the PLDI: Programming Languages Design and Implementation, ACM. https://doi.org/10.1145/996841.996844","chicago":"Henzinger, Thomas A, Ranjit Jhala, and Ritankar Majumdar. “Race Checking by Context Inference,” 1–13. ACM, 2004. https://doi.org/10.1145/996841.996844.","mla":"Henzinger, Thomas A., et al. Race Checking by Context Inference. ACM, 2004, pp. 1–13, doi:10.1145/996841.996844.","ista":"Henzinger TA, Jhala R, Majumdar R. 2004. Race checking by context inference. PLDI: Programming Languages Design and Implementation, 1–13.","short":"T.A. Henzinger, R. Jhala, R. Majumdar, in:, ACM, 2004, pp. 1–13.","ieee":"T. A. Henzinger, R. Jhala, and R. Majumdar, “Race checking by context inference,” presented at the PLDI: Programming Languages Design and Implementation, 2004, pp. 1–13.","ama":"Henzinger TA, Jhala R, Majumdar R. Race checking by context inference. In: ACM; 2004:1-13. doi:10.1145/996841.996844"},"title":"Race checking by context inference","publist_id":"271","_id":"4459","doi":"10.1145/996841.996844"},{"acknowledgement":"This work was supported in part by the NSF grants CCR-9988172, CCR-0085949, and CCR-0234690, the ONR grant N00014-02-1-0671, the DARPA grant F33615-00-C-1693, and the MARCO grant 98-DT-660. ","date_updated":"2021-01-12T07:57:08Z","year":"2004","date_created":"2018-12-11T12:08:58Z","citation":{"apa":"Henzinger, T. A., Jhala, R., Majumdar, R., & Sanvido, M. (2004). Extreme model checking. In Verification: Theory and Practice (Vol. 2772, pp. 332–358). Springer. https://doi.org/10.1007/978-3-540-39910-0_16","ista":"Henzinger TA, Jhala R, Majumdar R, Sanvido M. 2004.Extreme model checking. In: Verification: Theory and Practice. LNCS, vol. 2772, 332–358.","chicago":"Henzinger, Thomas A, Ranjit Jhala, Ritankar Majumdar, and Marco Sanvido. “Extreme Model Checking.” In Verification: Theory and Practice, 2772:332–58. Springer, 2004. https://doi.org/10.1007/978-3-540-39910-0_16.","mla":"Henzinger, Thomas A., et al. “Extreme Model Checking.” Verification: Theory and Practice, vol. 2772, Springer, 2004, pp. 332–58, doi:10.1007/978-3-540-39910-0_16.","short":"T.A. Henzinger, R. Jhala, R. Majumdar, M. Sanvido, in:, Verification: Theory and Practice, Springer, 2004, pp. 332–358.","ieee":"T. A. Henzinger, R. Jhala, R. Majumdar, and M. Sanvido, “Extreme model checking,” in Verification: Theory and Practice, vol. 2772, Springer, 2004, pp. 332–358.","ama":"Henzinger TA, Jhala R, Majumdar R, Sanvido M. Extreme model checking. In: Verification: Theory and Practice. Vol 2772. Springer; 2004:332-358. doi:10.1007/978-3-540-39910-0_16"},"title":"Extreme model checking","publist_id":"269","intvolume":" 2772","_id":"4461","publication":"Verification: Theory and Practice","doi":"10.1007/978-3-540-39910-0_16","author":[{"full_name":"Thomas Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"full_name":"Jhala, Ranjit","first_name":"Ranjit","last_name":"Jhala"},{"first_name":"Ritankar","full_name":"Majumdar, Ritankar S","last_name":"Majumdar"},{"first_name":"Marco","full_name":"Sanvido, Marco A","last_name":"Sanvido"}],"publication_status":"published","month":"02","day":"24","abstract":[{"lang":"eng","text":"One of the central axioms of extreme programming is the disciplined use of regression testing during stepwise software development. Due to recent progress in software model checking, it has become possible to supplement this process with automatic checks for behavioral safety properties of programs, such as conformance with locking idioms and other programming protocols and patterns. For efficiency reasons, all checks must be incremental, i.e., they must reuse partial results from previous checks in order to avoid all unnecessary repetition of expensive verification tasks. We show that the lazy-abstraction algorithm, and its implementation in Blast, can be extended to support the fully automatic and incremental checking of temporal safety properties during software development."}],"publisher":"Springer","alternative_title":["LNCS"],"date_published":"2004-02-24T00:00:00Z","status":"public","type":"book_chapter","extern":1,"page":"332 - 358","quality_controlled":0,"volume":2772},{"doi":"10.1007/978-3-540-24743-2_24","_id":"4525","intvolume":" 2993","publist_id":"200","date_created":"2018-12-11T12:09:18Z","title":"Event-driven programming with logical execution times","citation":{"chicago":"Ghosal, Arkadeb, Thomas A Henzinger, Christoph Kirsch, and Marco Sanvido. “Event-Driven Programming with Logical Execution Times,” 2993:167–70. Springer, 2004. https://doi.org/10.1007/978-3-540-24743-2_24.","mla":"Ghosal, Arkadeb, et al. Event-Driven Programming with Logical Execution Times. Vol. 2993, Springer, 2004, pp. 167–70, doi:10.1007/978-3-540-24743-2_24.","ista":"Ghosal A, Henzinger TA, Kirsch C, Sanvido M. 2004. Event-driven programming with logical execution times. HSCC: Hybrid Systems - Computation and Control, LNCS, vol. 2993, 167–170.","ama":"Ghosal A, Henzinger TA, Kirsch C, Sanvido M. Event-driven programming with logical execution times. In: Vol 2993. Springer; 2004:167-170. doi:10.1007/978-3-540-24743-2_24","ieee":"A. Ghosal, T. A. Henzinger, C. Kirsch, and M. Sanvido, “Event-driven programming with logical execution times,” presented at the HSCC: Hybrid Systems - Computation and Control, 2004, vol. 2993, pp. 167–170.","short":"A. Ghosal, T.A. Henzinger, C. Kirsch, M. Sanvido, in:, Springer, 2004, pp. 167–170.","apa":"Ghosal, A., Henzinger, T. A., Kirsch, C., & Sanvido, M. (2004). Event-driven programming with logical execution times (Vol. 2993, pp. 167–170). Presented at the HSCC: Hybrid Systems - Computation and Control, Springer. https://doi.org/10.1007/978-3-540-24743-2_24"},"date_updated":"2021-01-12T07:59:26Z","acknowledgement":"This research is supported by the AFOSR MURI grant F49620-00-1-0327, the DARPA SEC grant F33615-C-98-3614, the MARCO GSRC grant 98-DT-660, and the NSF grants CCR-0208875 and CCR-0225610.","year":"2004","extern":1,"page":"167 - 170","volume":2993,"quality_controlled":0,"publisher":"Springer","alternative_title":["LNCS"],"type":"conference","date_published":"2004-03-12T00:00:00Z","status":"public","day":"12","abstract":[{"text":"We present a new high-level programming language, called xGiotto, for programming applications with hard real-time constraints. Like its predecessor, xGiotto is based on the LET (logical execution time) assumption: the programmer specifies when the outputs of a task become available, and the compiler checks if the specification can be implemented on a given platform. However, while the predecessor language xGiotto was purely time-triggered, xGiotto accommodates also asynchronous events. Indeed, through a mechanism called event scoping, events are the main structuring principle of the new language. The xGiotto compiler and run-time system implement event scoping through a tree-based event filter. The compiler also checks programs for determinism (absence of race conditions).","lang":"eng"}],"conference":{"name":"HSCC: Hybrid Systems - Computation and Control"},"month":"03","author":[{"full_name":"Ghosal, Arkadeb","first_name":"Arkadeb","last_name":"Ghosal"},{"full_name":"Thomas Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"first_name":"Christoph","full_name":"Kirsch, Christoph M","last_name":"Kirsch"},{"last_name":"Sanvido","first_name":"Marco","full_name":"Sanvido, Marco A"}],"publication_status":"published"},{"_id":"4555","doi":"10.1109/QEST.2004.10051","date_updated":"2021-01-12T07:59:40Z","year":"2004","citation":{"ista":"Chatterjee K, De Alfaro L, Henzinger TA. 2004. Trading memory for randomness. QEST: Quantitative Evaluation of Systems, 206–217.","mla":"Chatterjee, Krishnendu, et al. Trading Memory for Randomness. IEEE, 2004, pp. 206–17, doi:10.1109/QEST.2004.10051.","chicago":"Chatterjee, Krishnendu, Luca De Alfaro, and Thomas A Henzinger. “Trading Memory for Randomness,” 206–17. IEEE, 2004. https://doi.org/10.1109/QEST.2004.10051.","ieee":"K. Chatterjee, L. De Alfaro, and T. A. Henzinger, “Trading memory for randomness,” presented at the QEST: Quantitative Evaluation of Systems, 2004, pp. 206–217.","ama":"Chatterjee K, De Alfaro L, Henzinger TA. Trading memory for randomness. In: IEEE; 2004:206-217. doi:10.1109/QEST.2004.10051","short":"K. Chatterjee, L. De Alfaro, T.A. Henzinger, in:, IEEE, 2004, pp. 206–217.","apa":"Chatterjee, K., De Alfaro, L., & Henzinger, T. A. (2004). Trading memory for randomness (pp. 206–217). Presented at the QEST: Quantitative Evaluation of Systems, IEEE. https://doi.org/10.1109/QEST.2004.10051"},"date_created":"2018-12-11T12:09:27Z","title":"Trading memory for randomness","publist_id":"155","publisher":"IEEE","type":"conference","status":"public","date_published":"2004-09-30T00:00:00Z","extern":1,"page":"206 - 217","quality_controlled":0,"publication_status":"published","author":[{"orcid":"0000-0002-4561-241X","id":"2E5DCA20-F248-11E8-B48F-1D18A9856A87","last_name":"Chatterjee","full_name":"Krishnendu Chatterjee","first_name":"Krishnendu"},{"last_name":"De Alfaro","full_name":"de Alfaro, Luca","first_name":"Luca"},{"first_name":"Thomas A","full_name":"Thomas Henzinger","orcid":"0000−0002−2985−7724","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"}],"conference":{"name":"QEST: Quantitative Evaluation of Systems"},"month":"09","day":"30","abstract":[{"lang":"eng","text":"Strategies in repeated games can be classified as to whether or not they use memory and/or randomization. We consider Markov decision processes and 2-player graph games, both of the deterministic and probabilistic varieties. We characterize when memory and/or randomization are required for winning with respect to various classes of w-regular objectives, noting particularly when the use of memory can be traded for the use of randomization. In particular, we show that Markov decision processes allow randomized memoryless optimal strategies for all M?ller objectives. Furthermore, we show that 2-player probabilistic graph games allow randomized memoryless strategies for winning with probability 1 those M?ller objectives which are upward-closed. Upward-closure means that if a set α of infinitely repeating vertices is winning, then all supersets of α are also winning."}]},{"publisher":"Elsevier","type":"journal_article","date_published":"2004-08-11T00:00:00Z","status":"public","page":"144 - 174","extern":1,"quality_controlled":0,"volume":194,"month":"08","day":"11","abstract":[{"lang":"eng","text":"We study the problem of determining stack boundedness and the exact maximum stack size for three classes of interrupt-driven programs. Interrupt-driven programs are used in many real-time applications that require responsive interrupt handling. In order to ensure responsiveness, programmers often enable interrupt processing in the body of lower-priority interrupt handlers. In such programs a programming error can allow interrupt handlers to be interrupted in a cyclic fashion to lead to an unbounded stack, causing the system to crash. For a restricted class of interrupt-driven programs, we show that there is a polynomial-time procedure to check stack boundedness, while determining the exact maximum stack size is PSPACE-complete. For a larger class of programs, the two problems are both PSPACE-complete, and for the largest class of programs we consider, the two problems are PSPACE-hard and can be solved in exponential time. While the complexities are high, our algorithms are exponential only in the number of handlers, and polynomial in the size of the program."}],"author":[{"orcid":"0000-0002-4561-241X","id":"2E5DCA20-F248-11E8-B48F-1D18A9856A87","last_name":"Chatterjee","full_name":"Krishnendu Chatterjee","first_name":"Krishnendu"},{"first_name":"Di","full_name":"Ma, Di","last_name":"Ma"},{"full_name":"Majumdar, Ritankar S","first_name":"Ritankar","last_name":"Majumdar"},{"first_name":"Tian","full_name":"Zhao, Tian","last_name":"Zhao"},{"full_name":"Thomas Henzinger","first_name":"Thomas A","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724"},{"last_name":"Palsberg","full_name":"Palsberg, Jens","first_name":"Jens"}],"publication_status":"published","publication":"Information and Computation","doi":"10.1016/j.ic.2004.06.001","_id":"4556","intvolume":" 194","date_updated":"2021-01-12T07:59:40Z","issue":"2","year":"2004","citation":{"apa":"Chatterjee, K., Ma, D., Majumdar, R., Zhao, T., Henzinger, T. A., & Palsberg, J. (2004). Stack size analysis for interrupt-driven programs. Information and Computation. Elsevier. https://doi.org/10.1016/j.ic.2004.06.001","ieee":"K. Chatterjee, D. Ma, R. Majumdar, T. Zhao, T. A. Henzinger, and J. Palsberg, “Stack size analysis for interrupt-driven programs,” Information and Computation, vol. 194, no. 2. Elsevier, pp. 144–174, 2004.","ama":"Chatterjee K, Ma D, Majumdar R, Zhao T, Henzinger TA, Palsberg J. Stack size analysis for interrupt-driven programs. Information and Computation. 2004;194(2):144-174. doi:10.1016/j.ic.2004.06.001","short":"K. Chatterjee, D. Ma, R. Majumdar, T. Zhao, T.A. Henzinger, J. Palsberg, Information and Computation 194 (2004) 144–174.","chicago":"Chatterjee, Krishnendu, Di Ma, Ritankar Majumdar, Tian Zhao, Thomas A Henzinger, and Jens Palsberg. “Stack Size Analysis for Interrupt-Driven Programs.” Information and Computation. Elsevier, 2004. https://doi.org/10.1016/j.ic.2004.06.001.","ista":"Chatterjee K, Ma D, Majumdar R, Zhao T, Henzinger TA, Palsberg J. 2004. Stack size analysis for interrupt-driven programs. Information and Computation. 194(2), 144–174.","mla":"Chatterjee, Krishnendu, et al. “Stack Size Analysis for Interrupt-Driven Programs.” Information and Computation, vol. 194, no. 2, Elsevier, 2004, pp. 144–74, doi:10.1016/j.ic.2004.06.001."},"title":"Stack size analysis for interrupt-driven programs","date_created":"2018-12-11T12:09:28Z","publist_id":"156"},{"publisher":"SIAM","date_published":"2004-01-01T00:00:00Z","type":"conference","status":"public","page":"121 - 130","extern":1,"quality_controlled":0,"author":[{"full_name":"Krishnendu Chatterjee","first_name":"Krishnendu","orcid":"0000-0002-4561-241X","last_name":"Chatterjee","id":"2E5DCA20-F248-11E8-B48F-1D18A9856A87"},{"last_name":"Jurdziński","first_name":"Marcin","full_name":"Jurdziński, Marcin"},{"id":"40876CD8-F248-11E8-B48F-1D18A9856A87","last_name":"Henzinger","orcid":"0000−0002−2985−7724","full_name":"Thomas Henzinger","first_name":"Thomas A"}],"publication_status":"published","conference":{"name":"SODA: Symposium on Discrete Algorithms"},"month":"01","day":"01","abstract":[{"text":"We study perfect-information stochastic parity games. These are two-player nonterminating games which are played on a graph with turn-based probabilistic transitions. A play results in an infinite path and the conflicting goals of the two players are ω-regular path properties, formalized as parity winning conditions. The qualitative solution of such a game amounts to computing the set of vertices from which a player has a strategy to win with probability 1 (or with positive probability). The quantitative solution amounts to computing the value of the game in every vertex, i.e., the highest probability with which a player can guarantee satisfaction of his own objective in a play that starts from the vertex.For the important special case of one-player stochastic parity games (parity Markov decision processes) we give polynomial-time algorithms both for the qualitative and the quantitative solution. The running time of the qualitative solution is O(d · m3/2) for graphs with m edges and d priorities. The quantitative solution is based on a linear-programming formulation.For the two-player case, we establish the existence of optimal pure memoryless strategies. This has several important ramifications. First, it implies that the values of the games are rational. This is in contrast to the concurrent stochastic parity games of de Alfaro et al.; there, values are in general algebraic numbers, optimal strategies do not exist, and ε-optimal strategies have to be mixed and with infinite memory. Second, the existence of optimal pure memoryless strategies together with the polynomial-time solution forone-player case implies that the quantitative two-player stochastic parity game problem is in NP ∩ co-NP. This generalizes a result of Condon for stochastic games with reachability objectives. It also constitutes an exponential improvement over the best previous algorithm, which is based on a doubly exponential procedure of de Alfaro and Majumdar for concurrent stochastic parity games and provides only ε-approximations of the values.","lang":"eng"}],"_id":"4558","date_updated":"2021-01-12T07:59:41Z","year":"2004","date_created":"2018-12-11T12:09:28Z","title":"Quantitative stochastic parity games","publist_id":"153","citation":{"apa":"Chatterjee, K., Jurdziński, M., & Henzinger, T. A. (2004). Quantitative stochastic parity games (pp. 121–130). Presented at the SODA: Symposium on Discrete Algorithms, SIAM.","short":"K. Chatterjee, M. Jurdziński, T.A. Henzinger, in:, SIAM, 2004, pp. 121–130.","ama":"Chatterjee K, Jurdziński M, Henzinger TA. Quantitative stochastic parity games. In: SIAM; 2004:121-130.","ieee":"K. Chatterjee, M. Jurdziński, and T. A. Henzinger, “Quantitative stochastic parity games,” presented at the SODA: Symposium on Discrete Algorithms, 2004, pp. 121–130.","mla":"Chatterjee, Krishnendu, et al. Quantitative Stochastic Parity Games. SIAM, 2004, pp. 121–30.","chicago":"Chatterjee, Krishnendu, Marcin Jurdziński, and Thomas A Henzinger. “Quantitative Stochastic Parity Games,” 121–30. SIAM, 2004.","ista":"Chatterjee K, Jurdziński M, Henzinger TA. 2004. Quantitative stochastic parity games. SODA: Symposium on Discrete Algorithms, 121–130."}},{"day":"12","abstract":[{"text":"While model checking has been successful in uncovering subtle bugs in code, its adoption in software engineering practice has been hampered by the absence of a simple interface to the programmer in an integrated development environment. We describe an integration of the software model checker BLAST into the Eclipse development environment. We provide a verification interface for practical solutions for some typical program analysis problems - assertion checking, reachability analysis, dead code analysis, and test generation - directly on the source code. The analysis is completely automatic, and assumes no knowledge of model checking or formal notation. Moreover, the interface supports incremental program verification to support incremental design and evolution of code.","lang":"eng"}],"conference":{"name":"IWPC: Program Comprehension"},"month":"07","publication_status":"published","author":[{"full_name":"Beyer, Dirk","first_name":"Dirk","last_name":"Beyer"},{"first_name":"Thomas A","full_name":"Thomas Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","last_name":"Henzinger","orcid":"0000−0002−2985−7724"},{"last_name":"Jhala","full_name":"Jhala, Ranjit","first_name":"Ranjit"},{"full_name":"Majumdar, Ritankar S","first_name":"Ritankar","last_name":"Majumdar"}],"page":"251 - 255","extern":1,"quality_controlled":0,"publisher":"IEEE","type":"conference","status":"public","date_published":"2004-07-12T00:00:00Z","date_created":"2018-12-11T12:09:34Z","citation":{"ista":"Beyer D, Henzinger TA, Jhala R, Majumdar R. 2004. An eclipse plug-in for model checking. IWPC: Program Comprehension, 251–255.","chicago":"Beyer, Dirk, Thomas A Henzinger, Ranjit Jhala, and Ritankar Majumdar. “An Eclipse Plug-in for Model Checking,” 251–55. IEEE, 2004. https://doi.org/10.1109/WPC.2004.1311069 .","mla":"Beyer, Dirk, et al. An Eclipse Plug-in for Model Checking. IEEE, 2004, pp. 251–55, doi:10.1109/WPC.2004.1311069 .","short":"D. Beyer, T.A. Henzinger, R. Jhala, R. Majumdar, in:, IEEE, 2004, pp. 251–255.","ieee":"D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar, “An eclipse plug-in for model checking,” presented at the IWPC: Program Comprehension, 2004, pp. 251–255.","ama":"Beyer D, Henzinger TA, Jhala R, Majumdar R. An eclipse plug-in for model checking. In: IEEE; 2004:251-255. doi:10.1109/WPC.2004.1311069 ","apa":"Beyer, D., Henzinger, T. A., Jhala, R., & Majumdar, R. (2004). An eclipse plug-in for model checking (pp. 251–255). Presented at the IWPC: Program Comprehension, IEEE. https://doi.org/10.1109/WPC.2004.1311069 "},"publist_id":"129","title":"An eclipse plug-in for model checking","date_updated":"2021-01-12T07:59:50Z","acknowledgement":"This research was supported in part by the NSF grants CCR-0085949, CCR-0234690, and ITR-0326577.","year":"2004","doi":"10.1109/WPC.2004.1311069 ","_id":"4577"},{"day":"17","abstract":[{"text":"BLAST is an automatic verification tool for checking temporal safety properties of C programs. Blast is based on lazy predicate abstraction driven by interpolation-based predicate discovery. In this paper, we present the Blast specification language. The language specifies program properties at two levels of precision. At the lower level, monitor automata are used to specify temporal safety properties of program executions (traces). At the higher level, relational reachability queries over program locations are used to combine lower-level trace properties. The two-level specification language can be used to break down a verification task into several independent calls of the model-checking engine. In this way, each call to the model checker may have to analyze only part of the program, or part of the specification, and may thus succeed in a reduction of the number of predicates needed for the analysis. In addition, the two-level specification language provides a means for structuring and maintaining specifications. ","lang":"eng"}],"conference":{"name":"SAS: Static Analysis Symposium"},"month":"08","publication_status":"published","author":[{"full_name":"Beyer, Dirk","first_name":"Dirk","last_name":"Beyer"},{"last_name":"Chlipala","first_name":"Adam","full_name":"Chlipala, Adam J"},{"orcid":"0000−0002−2985−7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","last_name":"Henzinger","first_name":"Thomas A","full_name":"Thomas Henzinger"},{"full_name":"Jhala, Ranjit","first_name":"Ranjit","last_name":"Jhala"},{"last_name":"Majumdar","full_name":"Majumdar, Ritankar S","first_name":"Ritankar"}],"extern":1,"page":"2 - 18","volume":3148,"quality_controlled":0,"publisher":"Springer","alternative_title":["LNCS"],"date_published":"2004-08-17T00:00:00Z","status":"public","type":"conference","intvolume":" 3148","date_created":"2018-12-11T12:09:34Z","title":"The BLAST query language for software verification","citation":{"ista":"Beyer D, Chlipala A, Henzinger TA, Jhala R, Majumdar R. 2004. The BLAST query language for software verification. SAS: Static Analysis Symposium, LNCS, vol. 3148, 2–18.","chicago":"Beyer, Dirk, Adam Chlipala, Thomas A Henzinger, Ranjit Jhala, and Ritankar Majumdar. “The BLAST Query Language for Software Verification,” 3148:2–18. Springer, 2004. https://doi.org/10.1007/978-3-540-27864-1_2.","mla":"Beyer, Dirk, et al. The BLAST Query Language for Software Verification. Vol. 3148, Springer, 2004, pp. 2–18, doi:10.1007/978-3-540-27864-1_2.","short":"D. Beyer, A. Chlipala, T.A. Henzinger, R. Jhala, R. Majumdar, in:, Springer, 2004, pp. 2–18.","ieee":"D. Beyer, A. Chlipala, T. A. Henzinger, R. Jhala, and R. Majumdar, “The BLAST query language for software verification,” presented at the SAS: Static Analysis Symposium, 2004, vol. 3148, pp. 2–18.","ama":"Beyer D, Chlipala A, Henzinger TA, Jhala R, Majumdar R. The BLAST query language for software verification. In: Vol 3148. Springer; 2004:2-18. doi:10.1007/978-3-540-27864-1_2","apa":"Beyer, D., Chlipala, A., Henzinger, T. A., Jhala, R., & Majumdar, R. (2004). The BLAST query language for software verification (Vol. 3148, pp. 2–18). Presented at the SAS: Static Analysis Symposium, Springer. https://doi.org/10.1007/978-3-540-27864-1_2"},"publist_id":"130","date_updated":"2021-01-12T07:59:50Z","acknowledgement":"This research was supported in part by the NSF grants CCR-0085949, CCR-0234690, and ITR-0326577.","year":"2004","doi":"10.1007/978-3-540-27864-1_2","_id":"4578"},{"author":[{"full_name":"Beyer, Dirk","first_name":"Dirk","last_name":"Beyer"},{"last_name":"Chlipala","first_name":"Adam","full_name":"Chlipala, Adam J"},{"full_name":"Thomas Henzinger","first_name":"Thomas A","orcid":"0000−0002−2985−7724","last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"first_name":"Ranjit","full_name":"Jhala, Ranjit","last_name":"Jhala"},{"first_name":"Ritankar","full_name":"Majumdar, Ritankar S","last_name":"Majumdar"}],"publication_status":"published","month":"07","conference":{"name":"ICSE: Software Engineering"},"abstract":[{"lang":"eng","text":"We have extended the software model checker BLAST to automatically generate test suites that guarantee full coverage with respect to a given predicate. More precisely, given a C program and a target predicate p, BLAST determines the set L of program locations which program execution can reach with p true, and automatically generates a set of test vectors that exhibit the truth of p at all locations in L. We have used BLAST to generate test suites and to detect dead code in C programs with up to 30 K lines of code. The analysis and test vector generation is fully automatic (no user intervention) and exact (no false positives)."}],"day":"26","status":"public","date_published":"2004-07-26T00:00:00Z","type":"conference","publisher":"IEEE","quality_controlled":0,"page":"326 - 335","extern":1,"year":"2004","date_updated":"2021-01-12T07:59:52Z","citation":{"apa":"Beyer, D., Chlipala, A., Henzinger, T. A., Jhala, R., & Majumdar, R. (2004). Generating tests from counterexamples (pp. 326–335). Presented at the ICSE: Software Engineering, IEEE. https://doi.org/10.1109/ICSE.2004.1317455","chicago":"Beyer, Dirk, Adam Chlipala, Thomas A Henzinger, Ranjit Jhala, and Ritankar Majumdar. “Generating Tests from Counterexamples,” 326–35. IEEE, 2004. https://doi.org/10.1109/ICSE.2004.1317455.","ista":"Beyer D, Chlipala A, Henzinger TA, Jhala R, Majumdar R. 2004. Generating tests from counterexamples. ICSE: Software Engineering, 326–335.","mla":"Beyer, Dirk, et al. Generating Tests from Counterexamples. IEEE, 2004, pp. 326–35, doi:10.1109/ICSE.2004.1317455.","short":"D. Beyer, A. Chlipala, T.A. Henzinger, R. Jhala, R. Majumdar, in:, IEEE, 2004, pp. 326–335.","ama":"Beyer D, Chlipala A, Henzinger TA, Jhala R, Majumdar R. Generating tests from counterexamples. In: IEEE; 2004:326-335. doi:10.1109/ICSE.2004.1317455","ieee":"D. Beyer, A. Chlipala, T. A. Henzinger, R. Jhala, and R. Majumdar, “Generating tests from counterexamples,” presented at the ICSE: Software Engineering, 2004, pp. 326–335."},"publist_id":"128","title":"Generating tests from counterexamples","date_created":"2018-12-11T12:09:35Z","_id":"4581","doi":"10.1109/ICSE.2004.1317455"},{"intvolume":" 2988","year":"2004","date_updated":"2021-01-12T08:00:38Z","acknowledgement":"This research was supported in part by the AFOSR MURI grant F49620-00-1-0327, the ONR grant N00014-02-1-0671, and the NSF grants CCR-0132780, CCR-9988172, CCR-0225610, and CCR-0234690.","publist_id":"79","title":"Model checking discounted temporal properties","date_created":"2018-12-11T12:09:50Z","citation":{"ieee":"L. De Alfaro, M. Faella, T. A. Henzinger, R. Majumdar, and M. Stoelinga, “Model checking discounted temporal properties,” presented at the TACAS: Tools and Algorithms for the Construction and Analysis of Systems, 2004, vol. 2988, pp. 77–92.","ama":"De Alfaro L, Faella M, Henzinger TA, Majumdar R, Stoelinga M. Model checking discounted temporal properties. In: Vol 2988. Springer; 2004:77-92. doi:10.1007/978-3-540-24730-2_6","short":"L. De Alfaro, M. Faella, T.A. Henzinger, R. Majumdar, M. Stoelinga, in:, Springer, 2004, pp. 77–92.","chicago":"De Alfaro, Luca, Marco Faella, Thomas A Henzinger, Ritankar Majumdar, and Mariëlle Stoelinga. “Model Checking Discounted Temporal Properties,” 2988:77–92. Springer, 2004. https://doi.org/10.1007/978-3-540-24730-2_6.","ista":"De Alfaro L, Faella M, Henzinger TA, Majumdar R, Stoelinga M. 2004. Model checking discounted temporal properties. TACAS: Tools and Algorithms for the Construction and Analysis of Systems, LNCS, vol. 2988, 77–92.","mla":"De Alfaro, Luca, et al. Model Checking Discounted Temporal Properties. Vol. 2988, Springer, 2004, pp. 77–92, doi:10.1007/978-3-540-24730-2_6.","apa":"De Alfaro, L., Faella, M., Henzinger, T. A., Majumdar, R., & Stoelinga, M. (2004). Model checking discounted temporal properties (Vol. 2988, pp. 77–92). Presented at the TACAS: Tools and Algorithms for the Construction and Analysis of Systems, Springer. https://doi.org/10.1007/978-3-540-24730-2_6"},"doi":"10.1007/978-3-540-24730-2_6","_id":"4629","month":"03","conference":{"name":"TACAS: Tools and Algorithms for the Construction and Analysis of Systems"},"abstract":[{"text":"Temporal logic is two-valued: a property is either true or false. When applied to the analysis of stochastic systems, or systems with imprecise formal models, temporal logic is therefore fragile: even small changes in the model can lead to opposite truth values for a specification. We present a generalization of the branching-time logic Ctl which achieves robustness with respect to model perturbations by giving a quantitative interpretation to predicates and logical operators, and by discounting the importance of events according to how late they occur. In every state, the value of a formula is a real number in the interval [0,1], where 1 corresponds to truth and 0 to falsehood. The boolean operators and and or are replaced by min and max, the path quantifiers ∃ and ∀ determine sup and inf over all paths from a given state, and the temporal operators and □ specify sup and inf over a given path; a new operator averages all values along a path. Furthermore, all path operators are discounted by a parameter that can be chosen to give more weight to states that are closer to the beginning of the path. We interpret the resulting logic Dctl over transition systems, Markov chains, and Markov decision processes. We present two semantics for Dctl: a path semantics, inspired by the standard interpretation of state and path formulas in CTL, and a fixpoint semantics, inspired by the μ-calculus evaluation of CTL formulas. We show that, while these semantics coincide for CTL, they differ for Dctl, and we provide model-checking algorithms for both semantics.","lang":"eng"}],"day":"18","publication_status":"published","author":[{"last_name":"De Alfaro","full_name":"de Alfaro, Luca","first_name":"Luca"},{"first_name":"Marco","full_name":"Faella, Marco","last_name":"Faella"},{"last_name":"Henzinger","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000−0002−2985−7724","full_name":"Thomas Henzinger","first_name":"Thomas A"},{"last_name":"Majumdar","full_name":"Majumdar, Ritankar S","first_name":"Ritankar"},{"last_name":"Stoelinga","full_name":"Stoelinga, Mariëlle","first_name":"Mariëlle"}],"status":"public","type":"conference","date_published":"2004-03-18T00:00:00Z","publisher":"Springer","alternative_title":["LNCS"],"volume":2988,"quality_controlled":0,"extern":1,"page":"77 - 92"}]