Presentation is loading. Please wait.

Presentation is loading. Please wait.

Model Checking Software Using The Bogor Framework

Published byIra Stephens Modified over 5 years ago

Similar presentations

Presentation on theme: "Model Checking Software Using The Bogor Framework"— Presentation transcript:

1 Model Checking Software Using The Bogor Framework
SAnToS Laboratory, Kansas State University, USA Matthew B. Dwyer John Hatcliff Robby [45sec] Session I: Bogor Overview Support US Army Research Office (ARO) US National Science Foundation (NSF) US Department of Defense Advanced Research Projects Agency (DARPA) Boeing Honeywell Technology Center IBM Intel Lockheed Martin NASA Langley Rockwell-Collins ATC Sun Microsystems

2 Research Context Aiming for robust tools
SAnToS Laboratory, Kansas State University Aiming for robust tools open source, commercial quality (or close to it) Trying to build on lessons learned working on next generation of Bandera, etc. Integration into development process ease of use and scalability sometimes take precedence over theoretical elegance most of the time, focus is on bug-finding rather than true verification [2 min] Before I get started, I’d like to give you some understanding of the context in which we are carrying out our work. Perhaps more than some other groups we spend a lot of time trying to build what we hope are robust verification tools. Part of this is driven by our own personal desire to produce something useable, but part of this is also driven by the fact the places that we get our money from actually require that we produce tools that can be integrated with those of other research groups and used by research labs at various industrial sites. Over a third of the people in our group are programmers. Some of you may be familiar with research that we have done in the past on Bandera. We learned a lot from Bandera

3 Research Context -- Bogor
Supporting model-checking of OO software (Java, in particular) Open platform for research/experimentation take your favorite new idea, implement it in Bogor to try it out Teaching tool foundation of a tool/application-oriented course on model-checking some material already available; much more on the way [2 min] Before I get started, I’d like to give you some understanding of the context in which we are carrying out our work. Perhaps more than some other groups we spend a lot of time trying to build what we hope are robust verification tools. Part of this is driven by our own personal desire to produce something useable, but part of this is also driven by the fact the places that we get our money from actually require that we produce tools that can be integrated with those of other research groups and used by research labs at various industrial sites. Over a third of the people in our group are programmers. Some of you may be familiar with research that we have done in the past on Bandera. We learned a lot from Bandera

4 Goals of This Tutorial Introduction to the primary features/functions of Bogor Introduction to the Bogor APIs that will allow you to easily modify Bogor or to add new functionality requires some effort to learn …but a number of people have already implemented Bogor extension Overview of some of the more sophisticated reduction algorithms of Bogor Get feedback from you as to what features/support you might to have in Bogor that would make it more useful for you

5 Bogor [15 sec] So what is Bogor, well, Bogor is a beautiful place on the island of Java in Indonesia (actually, the name itself has some Dutch connections),

6 Bogor – Software Model Checking Framework
[15 sec] But when you think of Bogor, I want you to think of a nice software model-checker – you can see some screenshots of Bogor here on my slides

7 Bogor – Direct support for OO software
Extensive support for checking concurrent OO software Direct support for… Software targeted algorithms… unbounded dynamic creation of threads and objects automatic memory management (garbage collection) virtual methods, … …, exceptions, etc. supports virtually all of Java thread & heap symmetry compact state representation partial order reduction techniques driven by object escape analysis locking information [1 min 10 sec] So what is so great about Bogor? Well there are at least three things that I want you to remember about Bogor. The Bogor framework provides direct support for checking concurrent object-oriented software. It supports high-level features commonly found in modern programming languages such as dynamic creation of threads and objects, garbage collection, virtual method invocations, exceptions. It also has state-of-the-art reduction algorithms such as heap and thread symmetry reduction, collapse compression, as well as the classical partial-order reduction. In addition, we also has a novel partial order reductions based on both static and dynamic object escape analysis and synchronization patterns.

8 Bogor – Domain Specific Model-Checking
Modeling language and Algorithms easily customized to different domains Domain Y Domain Z Domain X [30 sec] Extensible modeling language and plug-in architecture allows Bogor to be customized to a variety of application domains

9 System Modeling Problem — Variety of Application Domains
Hardware Device Drivers Avionics Telephony Automotive GUI 1 minute As I mentioned that model checking has been or being applied to a variety of application domains. For example, Device drivers. We all know the blue screen of death problems in Microsoft Windows. Microsoft engineers figure out that most of the problem that they encounter is because hardware manufacturer does not provide good device drivers. Thus, Microsoft researchers come up with a way to detect violation of device driver protocol using model checking technology. They develop a tool that specifically designed to detect these violations. The tool has been successful in that it is included in their Device Driver Development Kit. We also heard about the work by Holzmann for Spin. He designed Spin specifically to analyze communication protocol, and has been very successful at that. In fact, he received the prestigious Software System Award for his work on Spin.

10 Leveraging Domain Knowledge
Holzmann developed a customized model extraction from C to Spin Translation using pattern matching of particular domain idioms In essence, an abstract machine for a particular domain Very effective at finding subtle defects Gerard Holzmann developed a customized model extraction from C to Spin. The translation is done by pattern matching particular domain idoms. In essence, what he did was building an abstract machine for checking the Lucent Path Star Telephone Switch. This experiment proved that this method is very effective at finding subtle defects. Lucent Path Star Telephone Switch

11 System Modeling Problem — Variety of System Descriptions
Design Notations State Machines Model Checker Byte code Source code 15 seconds However, as we know that there are various software system descriptions, for example, design notations, state machines, even byte code. These system descriptions work at different levels of abstraction. So, there is a gap between the system description used and the modeling language provided by the model checker. Different levels of abstraction!

12 The Goal Avionics State Machines Model-checking Engine
Abstract machine tailored to domain and level of abstraction 30 seconds Thus, our goal is to have a model checking engine that can be easily adapted to a particular application domain using different system description by providing domain & abstraction extensions. Thus, we basically build an abstract machine (or virtual machine) tailored to that domain and that level of system abstraction. Model-checking Engine Domain & Abstraction Extensions

13 The Goal Device Drivers Source code
Abstract machine tailored to domain and level of abstraction Domain & Abstraction Extensions Model-checking Engine Domain & Abstraction Extensions

14 The Goal Automotive Design Notations Model-checking Engine
Abstract machine tailored to domain and level of abstraction Total 10 minutes 30 seconds Domain & Abstraction Extensions Model-checking Engine Domain & Abstraction Extensions Domain & Abstraction Extensions

15 Customization Mechanisms
Bogor -- Extensible Modeling Language Core Modeling Language Threads, Objects, Methods, Exceptions, etc. Domain-Specific Abstractions + Bogor -- Customizable Checking Engine Modules Scheduling Strategy State-space Exploration State Representation Core Checker Modules Customized Checker Modules …existing modules… Domain-Specific Scheduler Domain-Specific Search Domain-Specific State Rep.

16 Outline Overview Bogor Modeling Language and UI Modeling Java programs
Example: Dining philosophers Demo: Bogor UI and BIR Case Wizard Overview Modeling Java programs Java classes and methods Dynamic dispatch of methods Exceptions Other BIR Features Functional sub-language Extension: Channels

17 Bogor Modeling Language ¡ BIR
BIR = Bandera Intermediate Representation Used as the intermediate language for the Bandera Tool Set for model-checking Java programs Guarded command language when <condition> do <command> Native support for a variety of object-oriented language features dynamically created objects and threads, exceptions, methods, inheritance, etc.

18 An Example ¡ 2 Dining Philosophers
left right right left

19 A BIR Example ¡ 2 Dining Philosophers
system TwoDiningPhilosophers { record Fork { boolean isHeld; } main thread MAIN() { Fork fork1; Fork fork2; loc loc0: do { // create forks fork1 := new Fork; fork2 := new Fork; // start philosophers start Phil(fork1, fork2); start Phil(fork2, fork1); } return; } thread Phil(Fork left, Fork right) { loc loc0: // take left fork when !left.isHeld do { left.isHeld := true; } goto loc1; loc loc1: // take right fork when !right.isHeld do { right.isHeld := true; } goto loc2; loc loc2: // put right fork do { right.isHeld := false; } goto loc3; loc loc3: // put left fork do { left.isHeld := false; } goto loc0; }

20 A BIR Example ¡ 2 Dining Philosophers
system TwoDiningPhilosophers { record Fork { boolean isHeld; } main thread MAIN() { Fork fork1; Fork fork2; loc loc0: do { // create forks fork1 := new Fork; fork2 := new Fork; // start philosophers start Phil(fork1, fork2); start Phil(fork2, fork1); } return; } Uses a record to model forks thread Phil(Fork left, Fork right) { loc loc0: // take left fork when !left.isHeld do { left.isHeld := true; } goto loc1; loc loc1: // take right fork when !right.isHeld do { right.isHeld := true; } goto loc2; loc loc2: // put right fork do { right.isHeld := false; } goto loc3; loc loc3: // put left fork do { left.isHeld := false; } goto loc0; }

21 A BIR Example ¡ 2 Dining Philosophers
Thread declarations system TwoDiningPhilosophers { record Fork { boolean isHeld; } main thread MAIN() { Fork fork1; Fork fork2; loc loc0: do { // create forks fork1 := new Fork; fork2 := new Fork; // start philosophers start Phil(fork1, fork2); start Phil(fork2, fork1); } return; } thread Phil(Fork left, Fork right) { loc loc0: // take left fork when !left.isHeld do { left.isHeld := true; } goto loc1; loc loc1: // take right fork when !right.isHeld do { right.isHeld := true; } goto loc2; loc loc2: // put right fork do { right.isHeld := false; } goto loc3; loc loc3: // put left fork do { left.isHeld := false; } goto loc0; }

22 A BIR Example ¡ 2 Dining Philosophers
thread Phil(Fork left, Fork right) { loc loc0: // take left fork when !left.isHeld do { left.isHeld := true; } goto loc1; loc loc1: // take right fork when !right.isHeld do { right.isHeld := true; } goto loc2; loc loc2: // put right fork do { right.isHeld := false; } goto loc3; loc loc3: // put left fork do { left.isHeld := false; } goto loc0; } system TwoDiningPhilosophers { record Fork { boolean isHeld; } main thread MAIN() { Fork fork1; Fork fork2; loc loc0: do { // create forks fork1 := new Fork; fork2 := new Fork; // start philosophers start Phil(fork1, fork2); start Phil(fork2, fork1); } return; } Local variable declarations

23 A BIR Example ¡ 2 Dining Philosophers
thread Phil(Fork left, Fork right) { loc loc0: // take left fork when !left.isHeld do { left.isHeld := true; } goto loc1; loc loc1: // take right fork when !right.isHeld do { right.isHeld := true; } goto loc2; loc loc2: // put right fork do { right.isHeld := false; } goto loc3; loc loc3: // put left fork do { left.isHeld := false; } goto loc0; } system TwoDiningPhilosophers { record Fork { boolean isHeld; } main thread MAIN() { Fork fork1; Fork fork2; loc loc0: do { // create forks fork1 := new Fork; fork2 := new Fork; // start philosophers start Phil(fork1, fork2); start Phil(fork2, fork1); } return; } Control locations

24 A BIR Example ¡ 2 Dining Philosophers
…aka “guarded transitions”, “guarded commands” Guarded transformations thread Phil(Fork left, Fork right) { loc loc0: // take left fork when !left.isHeld do { left.isHeld := true; } goto loc1; loc loc1: // take right fork when !right.isHeld do { right.isHeld := true; } goto loc2; loc loc2: // put right fork do { right.isHeld := false; } goto loc3; loc loc3: // put left fork do { left.isHeld := false; } goto loc0; } When condition is true Execute these statement(s) atomically Trivially true guards

25 A BIR Example ¡ 2 Dining Philosophers
Demo Bogor BIR Editor syntax highlighting well-formed-ness checker Bogor Counter-example Display states and transitions navigation heap visualization BIR Session Wizard creating new sessions configuring Bogor

26 Bogor Online Resources
Project website Bogor User Manual Distribution & Licensing Freely downloadable from the Bogor project website registration is required Cannot redistribute the Bogor package, but you can redistribute Bogor extensions

27 Outline Overview Bogor Modeling Language and UI Modeling Java programs
Example: Dining philosophers Demo: Bogor UI and BIR Case Wizard Overview Modeling Java programs Java classes and methods Dynamic dispatch of methods Exceptions Other BIR Features Functional sub-language Extension: Channels

28 Modeling Java Programs
Java classes and methods public class A { public static int N; public int x; protected int y; public A() {…} public void foo() {…} } class B extends A {} class C extends B { record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} }

29 Modeling Java Programs
Additional BIR identifiers public class A { public static int N; public int x; protected int y; public A() {…} public void foo() {…} } class B extends A {} class C extends B { record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} } (|…|), /|…|\, \|…|/, {|…|}, and +|…|+ are all BIR identifiers used to avoid name clashes

30 Modeling Java Programs
Records for Java classes records are used to model Java classes (inheritance) public class A { public static int N; public int x; protected int y; public A() {…} public void foo() {…} } class B extends A {} class C extends B { record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} }

31 Modeling Java Programs
Static fields static fields are modeled as global variables public class A { public static int N; public int x; protected int y; public A() {…} public void foo() {…} } class B extends A {} class C extends B { record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} }

32 Modeling Java Programs
Java methods as functions Java methods are modeled as functions public class A { public static int N; public int x; protected int y; public A() {…} public void foo() {…} } class B extends A {} class C extends B { record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} }

33 Modeling Java Programs
Dynamic dispatch of methods public class A { public static int N; public int x; protected int y; public A() {…} public void foo() {…} } class B extends A {} class C extends B { record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} } Virtual tables are used to resolve dynamic dispatch of methods

34 Modeling Java Programs
Dynamic dispatch of methods public class A { public static int N; public int x; protected int y; public A() {…} public void foo() {…} } class B extends A {} class C extends B { record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} }

35 Modeling Java Programs
Dynamic dispatch of methods function bar((|A|) a) { loc loc0: // invokespecial invoke {|A.foo()|} (a) goto loc0; loc loc1: // invokevirtual invoke virtual +|A.foo()|+ (a) goto loc1; } record (|A|) extends (|java.lang.Object|) { int /|A.x|\; int /|A.y|\; } int \|A.N|/; function {|A.<init>()|} ((|A|) [|this|]) … function {|A.foo()|} ((|A|) [|this|]) … record (|B|) extends (|A|) {} record (|C|) extends (|B|) {} function {|C.foo()|} ((|C|) [|this|]) … virtual +|A.foo()|+ { (|A|) -> {|A.foo()|} (|B|) -> {|A.foo()|} (|C|) -> {|C.foo()|} } BIR function invocations models Java method invocations (static, special, virtual, or interface)

36 Modeling Java Programs
Exceptions Throwable record public static void baz() { try { } catch (Throwable t) { } throwable record (|java.lang.Throwable|) extends (|java.lang.Object|) {…} function {|baz|}() { (|java.lang.Throwable|) [|t|]; loc loc0: do { … } goto loc1; loc loc1: do { … } return; loc loc2: do { … } goto loc1; catch (|java.lang.Throwable|) [|t|] at loc0 goto loc2; } Catch tables are used to keep track try-catch regions (order of declarations)

37 Outline Overview Bogor Modeling Language and UI Modeling Java programs
Example: Dining philosophers Demo: Bogor UI and BIR Case Wizard Overview Modeling Java programs Java classes and methods Dynamic dispatch of methods Exceptions Other BIR Features Functional sub-language Extension: Channels

38 BIR Functional Sub-language
Motivation wants to allow complex queries of states while guaranteeing purity very useful for specification purposes Syntax and semantics similar to other functional languages (SML, etc.) currently only support first-order function

39 BIR Functional Sub-language
record Node { Node next; int x; } fun sortedList(Node n) returns boolean = let Node next = n.next in next == null ? true : (n.x <= next.x ? sortedList(next) : false); Node for a linked-list data structure A recursive function to determine whether a given list is sorted (ascending order)

40 Assessment BIR provides features commonly found in modern programming languages Dynamic creation of objects and threads, automatic memory management, etc. Java-to-BIR translator Uses the Soot framework from Sable Research at McGill University Document:

41 BIR Extensions BIR allows introduction of new abstract types
extension Channel for MyChannel { // declaration of abstract types typedef type<'a>; // declaration of abstract expresions expdef Channel.type<'a> create<'a>(int); expdef boolean isEmpty<'a>(Channel.type<'a>); expdef 'a getFirst<'a>(Channel.type<'a>); // declaration of abstract actions/commands actiondef send<'a>(Channel.type<'a>, 'a); actiondef removeFirst<'a>(Channel.type<'a>); } BIR allows introduction of new abstract types and operations Channel.type<int> chan; int x; chan := Channel.create<int>(5); // ch 5 slots Channel.send<int>(chan, 0); // send 0 x := Channel.getFirst<int>(chan); // recv 1st Channel.removeFirst<int>(chan); Sample usage wait till next session!

Download ppt "Model Checking Software Using The Bogor Framework"

Similar presentations

Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...

Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Chapter 1: Computer Systems

Chapter 1: Computer Systems
Department of Software Engineering Faculty of Mathematics and Physics CHARLES UNIVERSITY IN PRAGUE Czech Republic Extracting Zing Models from C Source.

Department of Software Engineering Faculty of Mathematics and Physics CHARLES UNIVERSITY IN PRAGUE Czech Republic Extracting Zing Models from C Source.
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...

Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...
Developing Verifiable Concurrent Software Tevfik Bultan Department of Computer Science University of California, Santa Barbara

Developing Verifiable Concurrent Software Tevfik Bultan Department of Computer Science University of California, Santa Barbara
C#: Project Cool Arthur Ketchel II Keith Francisco Chris McInnis.

C#: Project Cool Arthur Ketchel II Keith Francisco Chris McInnis.
Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...

Objects and Classes David Walker CS 320. Advanced Languages advanced programming features –ML data types, exceptions, modules, objects, concurrency,...
© 2008 IBM Corporation Behavioral Models for Software Development Andrei Kirshin, Dolev Dotan, Alan Hartman January 2008.

© 2008 IBM Corporation Behavioral Models for Software Development Andrei Kirshin, Dolev Dotan, Alan Hartman January 2008.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Java Software Solutions Foundations of Program Design Sixth Edition by Lewis.

Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Java Software Solutions Foundations of Program Design Sixth Edition by Lewis.
An Approach and Tool for Synchronous Refactoring of UML Diagrams and Models Using Model-to-Model Transformations Hafsteinn Þór Einarsson Helmut Neukirchen.

An Approach and Tool for Synchronous Refactoring of UML Diagrams and Models Using Model-to-Model Transformations Hafsteinn Þór Einarsson Helmut Neukirchen.
Object-Oriented Implementation of Reconciliations M.Sc. Seminar Talk by Costa Shapiro under supervision of Prof. Shmuel Katz Computer Science – Technion.

Object-Oriented Implementation of Reconciliations M.Sc. Seminar Talk by Costa Shapiro under supervision of Prof. Shmuel Katz Computer Science – Technion.
Java: Chapter 1 Computer Systems Computer Programming II.

Java: Chapter 1 Computer Systems Computer Programming II.
Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.

Chapter 1 Introduction Dr. Frank Lee. 1.1 Why Study Compiler? To write more efficient code in a high-level language To provide solid foundation in parsing.
Funded by: European Commission – 6th Framework Project Reference: IST-2004-026460 WP 2: Learning Web-service Domain Ontologies Miha Grčar Jožef Stefan.

Funded by: European Commission – 6th Framework Project Reference: IST WP 2: Learning Web-service Domain Ontologies Miha Grčar Jožef Stefan.
1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.

1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.
Invitation to Computer Science 5 th Edition Chapter 6 An Introduction to System Software and Virtual Machine s.

Invitation to Computer Science 5 th Edition Chapter 6 An Introduction to System Software and Virtual Machine s.
CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright.

CIS 842: Specification and Verification of Reactive Systems Lecture INTRO-Bogor-Simulation: Executing (Simulating) Concurrent Systems in Bogor Copyright.
Model construction and verification for dynamic programming languages Radu Iosif

Model construction and verification for dynamic programming languages Radu Iosif

Similar presentations

Ads by Google