Reasoning about static and dynamic properties in alloy

Frias, Marcelo F.; Pombo, Carlos Gustavo López; Baum, Gabriel; Aguirre, Nazareno; Maibaum, Tom

doi:10.1145/1101815.1101819

Cited by 15 publications

(5 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Related works include, for instance, SAT-based analysis of partial correctness assertions [11,12], SAT-based proof of safety properties by using induction [21], conservative abstraction with counter example guided refinement [9], and interpolation based transition relation approximation for generating facts relevant with respect to given properties [14]. Proving simple liveness properties based on SAT was also considered in [1].…”

Section: Discussionmentioning

confidence: 99%

Model Checking with SAT-Based Characterization of ACTL Formulas

Zhang

2007

Formal Methods and Software Engineering

View full text Add to dashboard Cite

Abstract. Bounded semantics of LTL with existential interpretation and that of ECTL (the existential fragment of CTL), and the characterization of these existentially interpreted properties have been studied and used as the theoretical basis for SAT-based bounded model checking [2,18]. This has led to a lot of successful work with respect to error detection in the checking of LTL and ACTL (the universal fragment of CTL) properties by satisfiability testing. Bounded semantics of LTL with the universal interpretation and that of ACTL, and the characterization of such properties by propositional formulas have not been successfully established and this hinders practical verification of valid universal properties by satisfiability checking. This paper studies this problem and the contribution is a bounded semantics for ACTL and a characterization of ACTL properties by propositional formulas. Firstly, we provide a simple bounded semantics for ACTL without considering the practical aspect of the semantics, based on converting a Kripke model to a model (called a k-model) in which the transition relation is captured by a set of k-paths (each path with k transitions). This bounded semantics is not practically useful for the evaluation of a formula, since it involves too many paths in the k-model. Then the technique is to divide the k-model into submodels with a limited number of k-paths (which depends on k and the ACTL property to be verified) such that if an ACTL property is true in every such model, then it is true in the k-model as well. This characterization can then be used as the basis for practical verification of valid ACTL properties by satisfiability checking. A simple case study is provided to show the use of this approach for both verification and error detection of an abstract two-process program written as a first order transition system.

show abstract

Section: Discussionmentioning

confidence: 99%

Model Checking with SAT-Based Characterization of ACTL Formulas

Zhang

2007

Formal Methods and Software Engineering

View full text Add to dashboard Cite

show abstract

“…DynAlloy [10] is an extension to Alloy to express state change in specifications. The authors make the same observations as we do about the intentional reading of predicates, but choose to alter the language to reflect this explicitly.…”

Section: Synthesismentioning

confidence: 99%

Alchemy

Krishnamurthi

Fisler²,

Dougherty³

et al. 2008

Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of Software Engineering

View full text Add to dashboard Cite

Alloy specifications are used to define lightweight models of systems. We present Alchemy, which compiles Alloy specifications into implementations that execute against persistent databases. Alchemy translates a subset of Alloy predicates into imperative update operations, and it converts facts into database integrity constraints that it maintains automatically in the face of these imperative actions.In addition to presenting the semantics and an algorithm for this compilation, we present the tool and outline its application to a non-trivial specification. We also discuss lessons learned about the relationship between Alloy specifications and imperative implementations.

show abstract

“…It was first presented in Frias et al [2005b] as a formalism suitable for dealing with properties of executions of operations specified in Alloy. In addition to the automated analysis approach we propose in this article, DynAlloy admits deductive (equational) reasoning via a complete relational calculus, as was shown in Frias et al [2005b]. So, one can reason about DynAlloy assertions using an automated theorem prover such as PVS [Owre et al 2001].…”

Section: Dynalloy: Adding Partial Correctness Assertions To Alloymentioning

confidence: 99%

Efficient Analysis of DynAlloy Specifications

Frias

Pombo

Galeotti

et al. 2007

ACM Trans. Softw. Eng. Methodol.

Self Cite

View full text Add to dashboard Cite

DynAlloy is an extension of Alloy to support the definition of actions and the specification of assertions regarding execution traces. In this article we show how we can extend the Alloy tool so that DynAlloy specifications can be automatically analyzed in an efficient way. We also demonstrate that DynAlloy's semantics allows for a sound technique that we call program atomization, which improves the analyzability of properties regarding execution traces by considering certain programs as atomic steps in a trace.We present the foundations, case studies, and empirical results indicating that the analysis of DynAlloy specifications can be performed efficiently.

show abstract

Reasoning about static and dynamic properties in alloy

Cited by 15 publications

References 12 publications

Model Checking with SAT-Based Characterization of ACTL Formulas

Model Checking with SAT-Based Characterization of ACTL Formulas

Alchemy

Efficient Analysis of DynAlloy Specifications

Contact Info

Product

Resources

About