# Lecture Notes in Computer Science

Commenced Publication in 1973 Founding and Former Series Editors: Gerhard Goos, Juris Hartmanis, and Jan van Leeuwen

#### Editorial Board

David Hutchison Lancaster University, UK Takeo Kanade Carnegie Mellon University, Pittsburgh, PA, USA Josef Kittler University of Surrey, Guildford, UK Jon M. Kleinberg Cornell University, Ithaca, NY, USA Alfred Kobsa University of California, Irvine, CA, USA Friedemann Mattern ETH Zurich, Switzerland John C. Mitchell Stanford University, CA, USA Moni Naor Weizmann Institute of Science, Rehovot, Israel Oscar Nierstrasz University of Bern, Switzerland C. Pandu Rangan Indian Institute of Technology, Madras, India Bernhard Steffen University of Dortmund, Germany Madhu Sudan Massachusetts Institute of Technology, MA, USA Demetri Terzopoulos University of California, Los Angeles, CA, USA Doug Tygar University of California, Berkeley, CA, USA Gerhard Weikum Max-Planck Institute of Computer Science, Saarbruecken, Germany Karen Yorav (Ed.)

# Hardware and Software: Verification and Testing

Third International Haifa Verification Conference, HVC 2007 Haifa, Israel, October 23-25, 2007 Proceedings



Volume Editor

Karen Yorav IBM Haifa Labs Haifa University Campus Mount Carmel, Haifa, 31905, Israel E-mail: yorav@il.ibm.com

Library of Congress Control Number: 2008920255

CR Subject Classification (1998): D.2.4-5, D.2, D.3, F.3

LNCS Sublibrary: SL 2 - Programming and Software Engineering

| ISSN    | 0302-9743                                             |
|---------|-------------------------------------------------------|
| ISBN-10 | 3-540-77964-7 Springer Berlin Heidelberg New York     |
| ISBN-13 | 978-3-540-77964-3 Springer Berlin Heidelberg New York |

This work is subject to copyright. All rights are reserved, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, re-use of illustrations, recitation, broadcasting, reproduction on microfilms or in any other way, and storage in data banks. Duplication of this publication or parts thereof is permitted only under the provisions of the German Copyright Law of September 9, 1965, in its current version, and permission for use must always be obtained from Springer. Violations are liable to prosecution under the German Copyright Law.

Springer is a part of Springer Science+Business Media

springer.com

© Springer-Verlag Berlin Heidelberg 2008 Printed in Germany

Typesetting: Camera-ready by author, data conversion by Scientific Publishing Services, Chennai, India Printed on acid-free paper SPIN: 12225194 06/3180 543210

# Preface

This volume contains the proceedings of the 3rd Haifa Verification Conference (HVC 2007), which took place in Haifa during October 2007. HVC is a forum for researchers from both industry and academia to share and advance knowledge in the verification of hardware and software systems.

Academic research in verification is generally divided into two paradigms – formal verification and dynamic verification (testing). Within each paradigm, different algorithms and techniques are used for hardware and software systems. Yet, at their core, all of these techniques aim to achieve the same goal of ensuring the correct functionality of a complicated system. HVC is the only conference that brings together researchers from all four fields, thereby encouraging the migration of methods and ideas between domains.

With this goal in mind we established the HVC Award. This award recognizes a promising contribution to verification published in the last few years. It is aimed at developments that significantly advance the state of the art in verification technology and show potential for future impact on different verification paradigms. The winners of the HVC Award are chosen by an independent committee with experts from all fields of verification – both formal and dynamic, software and hardware. The winners of the 2007 HVC Award were Corina Păsăreanu and Willem Visser, for their work on combining static and dynamic analysis.

This year we received 32 submissions, out of which 15 were accepted after a thorough review conducted by the Program Committee (PC) and additional reviewers. Each paper was reviewed by at least three reviewers, sometimes more. PC members who submitted papers were not involved in any way in the review, discussion, or decision regarding their paper. The chosen papers were presented during the 3-day conference, along with keynote and invited presentations. These proceedings include reviewed papers as well as the extended abstracts of invited talks. In addition, we held a full-day tutorial titled: "Verification 101—The Basics of Hardware Verification and Software Testing." The tutorial was designed for non-experts who want to know what verification is all about and for people with knowledge in one aspect of verification (e.g., software testing) who wanted to become familiar with other aspects (e.g., formal verification). The goal was to supply the non-expert with the tools needed to better understand the talks that were later presented at the conference. The tutorial was hosted by our sponsor, the Caesarea Rothschild Institute (CRI) at the University of Haifa.

Attendance at the conference was very high, with more than 250 participants from 12 countries (Austria, Canada, Czech Republic, France, Germany, India, Israel, The Netherlands, Russia, Switzerland, UK, and USA). Thanks to sponsorship from Cadence Israel, we were able to offer student travel grants, thus enabling PhD students to travel to the conference to present their work. I would like to thank the Organizing Committee, the HVC Award Committee, the Program Committee, and the authors of all submitted papers for their contribution to the high quality of this year's event. Thank you to the invited speakers who travelled from afar and made the conference that much more interesting: Bob Bentley, Aarti Gupta, Alan Hu, Bob Kurshan, Corina Păsăreanu, Wolfgang Roesner, and Andreas Zeller. Many thanks to Avi Ziv, Cindy Eisner, and Shmuel Ur for the excellent tutorial. Special thanks to Vered Aharon for doing an excellent job with the logistics of the conference and to all the people at IBM who put in time and energy to make this event a success: Tamar Dekel, Ephrat Elgarisi, Ruth Elnekave, Ettie Gilead, Yair Harry, Yael Hay-Karesenty, Chani Sacharen. Last but not least, I would like to thank our generous sponsors, and especially Amos Ziv from Cadence Israel and Martin Golumbic from CRI for all their help.

October 2007

Karen Yorav

# Organization

# Conference and Program Chair

Karen Yorav

IBM Haifa Research Lab, Israel

# **Organizing Committee**

| IBM Haifa Research Lab, Israel |
|--------------------------------|
| IBM Haifa Research Lab, Israel |
|                                |

# HVC Award Committee

#### Chair

Roderick Bloem, Graz University of Technology, Austria

#### Committee

| Johannes Kepler University, Linz, Austria |
|-------------------------------------------|
| Cadence Berkeley Labs                     |
| Cadence, Israel                           |
| Università degli Studi di Milano Bicocca, |
| University of Lugano, Italy               |
| University College London, UK             |
| IBM Haifa Research Lab, Israel            |
|                                           |

# Program Committee

| IBM Haifa Research Lab, Israel         |
|----------------------------------------|
| STMicroelectronics, France             |
| IBM Haifa Research Lab, Israel         |
| Graz University of Technology, Austria |
| Samsung Electronics, Korea             |
| IRST, Italy                            |
| University of Bristol, UK              |
| Universität des Saarlandes, Germany    |
|                                        |

Limor Fix Intel. USA Laurent Fournier IBM Haifa Research Lab, Israel Orna Grumberg Technion. Israel Aarti Gupta NEC Labs America, USA Klaus Havelund NASA's Jet Propulsion Laboratory, Columbus Tech. Alan Hu Univ. of British Columbia, Canada Warren Hunt University of Texas, Austin, USA Daniel Kroening ETH Zürich, Switzerland Tsvi Kuflik University of Haifa, Israel Orna Kupferman Hebrew University, Israel Mark Last Ben-Gurion University of the Negev, Israel João Lourenco Universidade Nova de Lisboa, Portugal Sharad Malik Princeton University, USA Erich Marschner Cadence, USA Ken McMillan Cadence, USA Amos Nov Cadence, Israel Viresh Paruthi IBM, USA Carl Pixlev Synopsys, USA Andrew Piziali USA Wolfgang Roesner IBM Austin, USA Padmanabhan (Peter) Santhanam IBM Hawthorne, USA Fabio Somenzi University of Colorado, USA Scott D. Stoller Stony Brook University, USA Ofer Strichman Technion, Israel University of Queensland, Australia Paul Strooper Serdar Tasiran Koc University, Turkey Shmuel Ur IBM Haifa Research Lab, Israel Willem Visser SEVEN Networks, USA Tao Xie North Carolina State University, USA Karen Yorav IBM Haifa Research Lab, Israel Avi Ziv IBM Haifa Research Lab, Israel

## Additional Reviewers

Jason Baumgartner Domagoj Babic Nicolas Blanc Angelo Brillout Hana Chockler Klaus Dräger Steven German Naghmeh Ghafari Dan Goldwasser

John Havlicek Robert L. Kanzelman Jean Christophe Madre Yehuda Naveh Sergey Novikov Rotem Oshman Hans-Jörg Peter Zvonimir Rakamaric Smruti R. Sarangi Sven Schewe Avik Sinha Jörn Guy Süß Michael Veksler Georg Weissenbacher Christoph M. Wintersteiger Margaret Wojcicki Cemal Yilmaz

## Sponsors

The Organizing Committee of HVC2007 gratefully acknowledges the generous financial support of:

IBM Haifa Research Lab

Cadence Israel

CRI—The Caesarea Edmond Benjamin de Rothschild Foundation Institute for Interdisciplinary Applications of Computer Science.

# Table of Contents

# Invited Talks

| Simulation vs. Formal: Absorb What Is Useful; Reject What Is<br>Useless                     | 1  |
|---------------------------------------------------------------------------------------------|----|
| Scaling Commercial Verification to Larger Systems<br>Robert Kurshan                         | 8  |
| From Hardware Verification to Software Verification: Re-use and<br>Re-learn                 | 14 |
| Where Do Bugs Come from? (Abstract)<br>Andreas Zeller                                       | 16 |
| HVC Award                                                                                   |    |
| Symbolic Execution and Model Checking for Testing<br>Corina S. Păsăreanu and Willem Visser  | 17 |
| Hardware Verification                                                                       |    |
| On the Characterization of Until as a Fixed Point Under Clocked<br>Semantics<br>Dana Fisman | 19 |
| Desetivity in System C. Thenge stion Level Medels                                           | 94 |

# Model Checking

| Verifying Parametrised Hardware Designs Via Counter Automata | 51 |
|--------------------------------------------------------------|----|
| Ales Smrčka and Tomás Vojnar                                 |    |
|                                                              |    |
| How Fast and Fat Is Your Probabilistic Model Checker? An     |    |
| Experimental Performance Comparison                          | 69 |
| David N. Jansen, Joost-Pieter Katoen, Marcel Oldenkamp,      |    |
| Mariëlle Stoelinga, and Ivan Zapreev                         |    |

# Dynamic Hardware Verification

| Constraint Patterns and Search Procedures for CP-Based Random Test |     |
|--------------------------------------------------------------------|-----|
| Generation                                                         | 86  |
| Anna Moss                                                          |     |
| Using Virtual Coverage to Hit Hard-To-Reach Events                 | 104 |
| Laurent Fournier and Avi Ziv                                       |     |

# Merging Formal and Testing

| Test Case Generation for Ultimately Periodic Paths     | 120 |
|--------------------------------------------------------|-----|
| Saddek Bensalem, Doron Peled, Hongyang Qu,             |     |
| Stavros Tripakis, and Lenore Zuck                      |     |
| Dynamic Testing Via Automata Learning                  | 136 |
| Harald Raffelt, Bernhard Steffen, and Tiziana Margaria |     |

# Formal Verification for Software

| On the Architecture of System Verification Environments<br>Mark A. Hillebrand and Wolfgang J. Paul | 153 |
|----------------------------------------------------------------------------------------------------|-----|
| Exploiting Shared Structure in Software Verification Conditions<br>Domagoj Babić and Alan J. Hu    | 169 |
| Delayed Nondeterminism in Model Checking Embedded Systems<br>Assembly Code                         | 185 |
| A Complete Bounded Model Checking Algorithm for Pushdown<br>Systems                                | 202 |

# Software Testing

| Locating Regression Bugs<br>Dor Nir, Shmuel Tyszberowicz, and Amiram Yehudai                                                                                                           | 218 |
|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----|
| The Advantages of Post-Link Code Coverage<br>Orna Raz, Moshe Klausner, Nitzan Peleg, Gad Haber,<br>Eitan Farchi, Shachar Fienblit, Yakov Filiarsky, Shay Gammer, and<br>Sergey Novikov | 235 |
| GenUTest: A Unit Test and Mock Aspect Generation Tool<br>Benny Pasternak, Shmuel Tyszberowicz, and Amiram Yehudai                                                                      | 252 |
| Author Index                                                                                                                                                                           | 267 |