TY - GEN
T1 - Coverage of implementations by simulating specifications
AU - Chockler, Hana
AU - Kupferman, Orna
PY - 2002
Y1 - 2002
N2 - In formal verification, we verify that an implementation is correct with respect to a specification. When verification succeeds and the implementation is proven to be correct, there is still a question of how complete the specification is, and whether it really covers all the behaviors of the implementation. In this paper we study coverage for simulation-based formal verification, where both the implementation and the specification are modelled by labeled state-transition graphs, and an implementation I satisfies a specification 5 if S simulates X. Our measure of coverage is based on small modifications we apply to X. A part of J is covered by S if the mutant implementation in which this part is modified is no longer simulated by S. Thus, mutation coverage tells us which parts of the implementation were actually essential for the success of the verification. We describe two algorithms for finding the parts of the implementation that are covered by S. The first algorithm improves a naive algorithm that checks the mutant implementations one by one by exploiting the significant overlaps among the mutant implementations. The second algorithm is symbolic, and it improves a naive symbolic algorithm by reducing the number of variables in the OBDDs involved. In addition, we compare our coverage measure with other approaches for measuring coverage.
AB - In formal verification, we verify that an implementation is correct with respect to a specification. When verification succeeds and the implementation is proven to be correct, there is still a question of how complete the specification is, and whether it really covers all the behaviors of the implementation. In this paper we study coverage for simulation-based formal verification, where both the implementation and the specification are modelled by labeled state-transition graphs, and an implementation I satisfies a specification 5 if S simulates X. Our measure of coverage is based on small modifications we apply to X. A part of J is covered by S if the mutant implementation in which this part is modified is no longer simulated by S. Thus, mutation coverage tells us which parts of the implementation were actually essential for the success of the verification. We describe two algorithms for finding the parts of the implementation that are covered by S. The first algorithm improves a naive algorithm that checks the mutant implementations one by one by exploiting the significant overlaps among the mutant implementations. The second algorithm is symbolic, and it improves a naive symbolic algorithm by reducing the number of variables in the OBDDs involved. In addition, we compare our coverage measure with other approaches for measuring coverage.
KW - Coverage
KW - Model checking
KW - Simulation
UR - http://www.scopus.com/inward/record.url?scp=84891106927&partnerID=8YFLogxK
U2 - 10.1007/978-0-387-35608-2_34
DO - 10.1007/978-0-387-35608-2_34
M3 - ???researchoutput.researchoutputtypes.contributiontobookanthology.conference???
AN - SCOPUS:84891106927
SN - 9781475752755
T3 - IFIP Advances in Information and Communication Technology
SP - 409
EP - 421
BT - Foundations of Information Technology in the Era of Network and Mobile Computing - IFIP 17th World Computer Congress - TC1 Stream / 2nd IFIP Int. Conference on Theoretical Computer Science (TCS 2002)
PB - Springer New York LLC
T2 - IFIP 17th World Computer Congress - TC1 Stream / 2nd IFIP International Conference on Theoretical Computer Science, TCS 2002
Y2 - 25 August 2002 through 30 August 2002
ER -