Jocelyn Simmonds - Academia.edu (original) (raw)

Papers by Jocelyn Simmonds

... new PhD student, and those that later were under my wing (you know which group you belong to!... more ... new PhD student, and those that later were under my wing (you know which group you belong to!): Mehrdad Sabetzadeh, Shiva Nejati, Mihaela Bobaru, Jorge Baier, Daniela Nu˜nez, Andres Lagar-Cavilla, Claudia Garcia, Yiqiao Wang, Anya Tafliovich, Golnaz ...

Proceedings of the 2003 …, Jan 1, 2003

An object-oriented software design is often modelled as a collection of UML diagrams. There is an... more An object-oriented software design is often modelled as a collection of UML diagrams. There is an inherent need to preserve the consistency between these diagrams. Moreover, through evolution these diagrams get modified and can become inconsistent. To be able to preserve their consistency the formalism of description logics is used. Loom, a second generation reasoning tool, and RACER, a state-of-the-art reasoning tool, are used as particular description logic reasoning systems. Based on our experience with these tools, we argue that state-of-the-art description logic tools must offer a more extensive query language.

Model-checking is a widely-used automated technique for verification of both hardware and softwar... more Model-checking is a widely-used automated technique for verification of both hardware and software artifacts. A model-checker decides if a property to check is satisfied by a finite-state model of the artifact. If the property does not hold on the model, a counterexample, which can aid in debugging, is exhibited to the user. However, if the property does hold, no further information is given by traditional model-checkers. Thus, existing vacuity detection techniques (Beer et al. ; Kupferman and Vardi [8,; Purandare and Somenzi [10]; and Gheorghiu [6]) rely on property analysis and extra model-checking runs to determine if a property holds for the wrong reasons.

Electronic Proceedings in Theoretical Computer Science, 2010

Web service applications are distributed processes that are composed of dynamically bounded servi... more Web service applications are distributed processes that are composed of dynamically bounded services. In our previous work [15], we have described a framework for performing runtime monitoring of web service against behavioural correctness properties (described using property patterns and converted into finite state automata). These specify forbidden behavior (safety properties) and desired behavior (bounded liveness properties). Finite execution traces of web services described in BPEL are checked for conformance at runtime. When violations are discovered, our framework automatically proposes and ranks recovery plans which users can then select for execution. Such plans for safety violations essentially involve "going back" -compensating the executed actions until an alternative behaviour of the application is possible. For bounded liveness violations, recovery plans include both "going back" and "re-planning" -guiding the application towards a desired behaviour. Our experience, reported in [16], identified a drawback in this approach: we compute too many plans due to (a) overapproximating the number of program points where an alternative behaviour is possible and (b) generating recovery plans for bounded liveness properties which can potentially violate safety properties. In this paper, we describe improvements to our framework that remedy these problems and describe their effectiveness on a case study.

Lecture Notes in Computer Science, 2003

A software design is often modelled as a collection of UML diagrams. There is an inherent need to... more A software design is often modelled as a collection of UML diagrams. There is an inherent need to preserve consistency between these diagrams. Moreover, through evolution those diagrams get modified leading to possible inconsistency between different versions of the diagrams. State-of-the-art UML CASE tools provide poor support for consistency maintenance. To solve this problem, an extension of the UML metamodel enabling support for consistency maintenance and a classification of inconsistency problems is proposed. To achieve the detection and resolution of consistency conflicts, the use of description logic (DL) is presented. DL has the important property of being a decidable fragment of first-order predicate logic. By means of a number of concrete experiments in Loom, we show the feasibility of using this formalism for the purpose of maintaining consistency between (evolving) UML models.

As the standard for object-oriented analysis and design, the UML (Unified Modeling Language) meta... more As the standard for object-oriented analysis and design, the UML (Unified Modeling Language) metamodel, as well as contemporary CASE (Computer-Aided Software Engineering) tools, must provide adequate and integrated support for all essential aspects of software evolution. This includes version control, traceability, impact analysis, change propagation, inconsistency management, and model refactorings. This chapter focuses on the latter two aspects, and shows how tool support for these aspects can be provided. First, we extend the UML metamodel with support for 2 Mens, Van Der Straeten and Simmonds Copyright © 2005, Idea Group Inc. Copying or distributing in print or electronic forms without written permission of Idea Group Inc. is prohibited.

Companies formalize software processes as a way of organizing development projects. Since there a... more Companies formalize software processes as a way of organizing development projects. Since there are differences in project contexts, a one-size-fits-all approach does not work well in practice. Some companies use a family of a predefined processes, but this approach has a high process maintenance cost. Instead, we define Software Process Lines (SPrL), where a general process with variability is tailored to project contexts. Model-Driven Engineering (MDE) provides a formal framework for defining the models and transformations required for automated SPrL tailoring. However, this approach requires the definition and co-evolution of various types of models and tool support beyond the skills of process engineers, making the industrial adoption challenging. This paper shares our experience using a megamodeling approach to the development of the back-end of our toolset. The megamodel provides a uniform mechanism for process definition, variability, tailoring and evolution, and we hide the MDE complexity through a user-friendly front-end. We report the application of our approach at Mobius, a small Chilean software enterprise.

Proceedings of the 6th International Workshop on Modeling in Software Engineering - MiSE 2014, 2014

ABSTRACT Companies formalize their software processes as a way of organizing their development pr... more ABSTRACT Companies formalize their software processes as a way of organizing their development projects. As each project has its own requirements and objectives, a family of processes is required in practice, in order to ensure that each project is handled appropriately. This family may be a collection of predefined processes, but can also be automatically generated by tailoring a general process to a project’s context which requires formalization and tool support to be successful. Model-driven engineering provides a formal framework for defining the models and transformations required for automated process tailoring, but various types of models must be specified and evolved, limiting the industrial adoption of this approach. To address this problem, in this paper we propose a megamodel for automated process tailoring. Megamodeling provides an integrating framework for modeling in the large, including the definition and evolution of all models and transformations required for tailoring while hiding complexity. We report the application of our approach to the software development process of Rhiscom, a small Chilean company.

For a system of distributed processes, correctness can be ensured by statically checking whether ... more For a system of distributed processes, correctness can be ensured by statically checking whether their composition satisfies the properties of interest. However, web services are distributed processes that dynamically discover properties of other web services. Since the overall system may not be available statically and since each business process is supposed to be relatively simple, we propose to use runtime monitoring of conversations between partners as a means of checking behavioral correctness of the entire web service system. Specifically, we identify a subset of UML 2.0 Sequence Diagrams (SD) as a property specification language. We show how our language can be used to specify the Specification Property System (SPS) [1]. By formalizing this subset using automata, we can check finite execution traces of web services against various complex properties. Finally, we discuss our experience using our language for runtime monitoring of an existing application, and conclude with a description of existing tool support.

Automated consistency checking of UML models becomes necessary as models grow in size and complex... more Automated consistency checking of UML models becomes necessary as models grow in size and complexity. Since the UML metamodel does not enforce model consistency, there are no fixed guidelines on how to approach the consistency problem. Current solutions are generally partial. The translation of the metamodel and the user designed model into Description Logics has proved to provide a solution in detecting a large set of inconsistencies. In order to make this solution available to system designers, we have implemented MCC+, a UML model consistency checker, built as a plug-in for Poseidon for UML, and relying on Jena as a reasoning engine. Compared to other approaches, we propose a usable and scalable solution, interoperable with a known modeling tool. We show the application of MCC+ to a real world large example of a meshing tool.

For a system of distributed processes, correctness can be ensured by (statically) checking whethe... more For a system of distributed processes, correctness can be ensured by (statically) checking whether their composition satisfies properties of interest. However, web services are distributed processes that dynamically discover properties of other web services. Since the overall system may not be available statically and since each business process is supposed to be relatively simple, we propose to use (on-line) runtime monitoring of conversations between partners as a means of checking behavioural correctness of the entire web service system. Our framework allows application developers to specify behavioural correctness properties. By transforming these properties to finite-state automata, we enable conformance checking of finite execution traces of web services described in BPEL against the specification. Moreover, when violations are discovered at runtime, we automatically propose and rank recovery plans which users of the system can then select for execution. For some of the violations, such plans essentially involve "going back" -compensating the occurred actions until an alternative behaviour of the application is possible. For other violations, such plans include both "going back" and "re-planning" -guiding the application towards a desired behaviour. We report on the implementation and experience with our monitoring and recovery system, and discuss the implications that the move to "smart internet" [39] may have on our approach.

Web service applications are dynamic, highly distributed, and loosely coupled orchestrations of s... more Web service applications are dynamic, highly distributed, and loosely coupled orchestrations of services which are notoriously difficult to debug. In this paper, we describe a user-guided recovery framework for web services. When behavioural correctness properties (safety and bounded liveness) of an application are violated at runtime, we automatically propose and rank recovery plans which users can then select for execution. For safety violations, such plans essentially involve "going back" -compensating the occurred actions until an alternative behavior of the application is possible. For bounded liveness violations, such plans include both "going back" and "re-planning" -guiding the application towards a desired behavior. We report on the implementation and our experience with the recovery system.

Abstract. The personal web vision promises to give users a highly personalized experience on the ... more Abstract. The personal web vision promises to give users a highly personalized experience on the web. This paper proposes and describes a Personal Web Workflow Methodology, designed to elicit, operationalize and execute a personal web user's goals. Our approach relies heavily on our prior research in goal modeling and operationalization, model matching and merging, and web service monitoring and recovery. We integrate this research with the social networking concept of crowd-sourcing to create a novel methodology for ...

2013 4th International Workshop on Product LinE Approaches in Software Engineering (PLEASE), 2013

ABSTRACT It is an increasing trend to apply Software Product Line (SPL) concepts and techniques f... more ABSTRACT It is an increasing trend to apply Software Product Line (SPL) concepts and techniques for software process tailoring, generating a Software PRocess Line (SPrL). However, there are several aspects that must be addressed before SPrLs can be fully adopted by industry, a key aspect being how software process variability is specified and managed. In the literature, there are several general-purpose as well as domain-specific proposals for specifying process variability. In this paper, we analyze the benefits and drawbacks of two general-purpose (feature models and OVM) and two domain-specific (SPEM variability primitives and vSPEM) approaches, as well as discuss what hinders industry adoption in each case.

Journal of Systems and Software, 2013

Software organizations specify their software processes so that process knowledge can be systemat... more Software organizations specify their software processes so that process knowledge can be systematically reused across projects. However, different projects may require different processes. Defining a separate process for each potential project context is expensive and error-prone, since these processes must simultaneously evolve in a consistent manner. Moreover, an organization cannot envision all possible project contexts in advance because several variables may be involved, and these may also be combined in different ways. This problem is even worse in small companies since they usually cannot afford to define more than one process. Software process lines are a specific type of software product lines, in the software process domain. A benefit of software process lines is that they allow software process customization with respect to a context. In this article we propose a model-driven approach for software process lines specification and configuration. The article also presents two industrial case studies carried out at two small Chilean software development companies. Both companies have benefited from applying our approach to their processes: new projects are now developed using custom processes, process knowledge is systematically reused, and the total time required to customize a process is much shorter than before.

Journal of Environmental Radioactivity, 2000

Signi"cant quantities of liquid radioactive waste were discharged to the Techa River in the south... more Signi"cant quantities of liquid radioactive waste were discharged to the Techa River in the southern Urals region of Russia in the early years of operation of the Mayak PA plant (1948}1951). A collaborative project is underway under contract to the European Commission to consider the radiological impact of radioactive contamination in the Southern Urals. Part of this project involves the calculation of radiation doses currently received by the population of Brodokalmak on the Techa river. The assessment made use of local data on the habits of the population and measurements of radionuclide activity concentrations in food and water. Exposure pathways included in the assessment were ingestion of foods and external exposure to gamma radiation from radionuclides deposited on the banks of the river. A range of doses was calculated for di!erent age groups, "rstly, assuming that the restrictions in place are retained and, secondly, assuming that there are no restrictions. These restrictions include bans on drinking river water, "shing and bathing in the river and the prohibition of use of the river and surrounding #ood plains by humans and cattle. With restrictions the highest dose estimated was 0.56 mSv y\ for the most exposed adults and without restrictions this increased to 3.4 mSv y\. Crown

International Journal on Software Tools for Technology Transfer, 2010

When model-checking reports that a property holds on a model, vacuity detection increases user co... more When model-checking reports that a property holds on a model, vacuity detection increases user confidence in this result by checking that the property is satisfied in the intended way. While vacuity detection is effective, it is a relatively expensive technique requiring many additional model-checking runs. We address the problem of efficient vacuity detection for Bounded Model Checking (BMC) of LTL properties, presenting three partial vacuity detection methods based on the efficient analysis of the resolution proof produced by a successful BMC run. In particular, we define a characteristic of resolution proofs -peripherality -and prove that if a variable is a source of vacuity, then there exists a resolution proof in which this variable is peripheral. Our vacuity detection tool, VaqTree, uses these methods to detect vacuous variables, decreasing the total number of model-checking runs required to detect all sources of vacuity.

... new PhD student, and those that later were under my wing (you know which group you belong to!... more ... new PhD student, and those that later were under my wing (you know which group you belong to!): Mehrdad Sabetzadeh, Shiva Nejati, Mihaela Bobaru, Jorge Baier, Daniela Nu˜nez, Andres Lagar-Cavilla, Claudia Garcia, Yiqiao Wang, Anya Tafliovich, Golnaz ...

Proceedings of the 2003 …, Jan 1, 2003

An object-oriented software design is often modelled as a collection of UML diagrams. There is an... more An object-oriented software design is often modelled as a collection of UML diagrams. There is an inherent need to preserve the consistency between these diagrams. Moreover, through evolution these diagrams get modified and can become inconsistent. To be able to preserve their consistency the formalism of description logics is used. Loom, a second generation reasoning tool, and RACER, a state-of-the-art reasoning tool, are used as particular description logic reasoning systems. Based on our experience with these tools, we argue that state-of-the-art description logic tools must offer a more extensive query language.

Model-checking is a widely-used automated technique for verification of both hardware and softwar... more Model-checking is a widely-used automated technique for verification of both hardware and software artifacts. A model-checker decides if a property to check is satisfied by a finite-state model of the artifact. If the property does not hold on the model, a counterexample, which can aid in debugging, is exhibited to the user. However, if the property does hold, no further information is given by traditional model-checkers. Thus, existing vacuity detection techniques (Beer et al. ; Kupferman and Vardi [8,; Purandare and Somenzi [10]; and Gheorghiu [6]) rely on property analysis and extra model-checking runs to determine if a property holds for the wrong reasons.

Electronic Proceedings in Theoretical Computer Science, 2010

Web service applications are distributed processes that are composed of dynamically bounded servi... more Web service applications are distributed processes that are composed of dynamically bounded services. In our previous work [15], we have described a framework for performing runtime monitoring of web service against behavioural correctness properties (described using property patterns and converted into finite state automata). These specify forbidden behavior (safety properties) and desired behavior (bounded liveness properties). Finite execution traces of web services described in BPEL are checked for conformance at runtime. When violations are discovered, our framework automatically proposes and ranks recovery plans which users can then select for execution. Such plans for safety violations essentially involve "going back" -compensating the executed actions until an alternative behaviour of the application is possible. For bounded liveness violations, recovery plans include both "going back" and "re-planning" -guiding the application towards a desired behaviour. Our experience, reported in [16], identified a drawback in this approach: we compute too many plans due to (a) overapproximating the number of program points where an alternative behaviour is possible and (b) generating recovery plans for bounded liveness properties which can potentially violate safety properties. In this paper, we describe improvements to our framework that remedy these problems and describe their effectiveness on a case study.

Lecture Notes in Computer Science, 2003

A software design is often modelled as a collection of UML diagrams. There is an inherent need to... more A software design is often modelled as a collection of UML diagrams. There is an inherent need to preserve consistency between these diagrams. Moreover, through evolution those diagrams get modified leading to possible inconsistency between different versions of the diagrams. State-of-the-art UML CASE tools provide poor support for consistency maintenance. To solve this problem, an extension of the UML metamodel enabling support for consistency maintenance and a classification of inconsistency problems is proposed. To achieve the detection and resolution of consistency conflicts, the use of description logic (DL) is presented. DL has the important property of being a decidable fragment of first-order predicate logic. By means of a number of concrete experiments in Loom, we show the feasibility of using this formalism for the purpose of maintaining consistency between (evolving) UML models.

As the standard for object-oriented analysis and design, the UML (Unified Modeling Language) meta... more As the standard for object-oriented analysis and design, the UML (Unified Modeling Language) metamodel, as well as contemporary CASE (Computer-Aided Software Engineering) tools, must provide adequate and integrated support for all essential aspects of software evolution. This includes version control, traceability, impact analysis, change propagation, inconsistency management, and model refactorings. This chapter focuses on the latter two aspects, and shows how tool support for these aspects can be provided. First, we extend the UML metamodel with support for 2 Mens, Van Der Straeten and Simmonds Copyright © 2005, Idea Group Inc. Copying or distributing in print or electronic forms without written permission of Idea Group Inc. is prohibited.

Companies formalize software processes as a way of organizing development projects. Since there a... more Companies formalize software processes as a way of organizing development projects. Since there are differences in project contexts, a one-size-fits-all approach does not work well in practice. Some companies use a family of a predefined processes, but this approach has a high process maintenance cost. Instead, we define Software Process Lines (SPrL), where a general process with variability is tailored to project contexts. Model-Driven Engineering (MDE) provides a formal framework for defining the models and transformations required for automated SPrL tailoring. However, this approach requires the definition and co-evolution of various types of models and tool support beyond the skills of process engineers, making the industrial adoption challenging. This paper shares our experience using a megamodeling approach to the development of the back-end of our toolset. The megamodel provides a uniform mechanism for process definition, variability, tailoring and evolution, and we hide the MDE complexity through a user-friendly front-end. We report the application of our approach at Mobius, a small Chilean software enterprise.

Proceedings of the 6th International Workshop on Modeling in Software Engineering - MiSE 2014, 2014

ABSTRACT Companies formalize their software processes as a way of organizing their development pr... more ABSTRACT Companies formalize their software processes as a way of organizing their development projects. As each project has its own requirements and objectives, a family of processes is required in practice, in order to ensure that each project is handled appropriately. This family may be a collection of predefined processes, but can also be automatically generated by tailoring a general process to a project’s context which requires formalization and tool support to be successful. Model-driven engineering provides a formal framework for defining the models and transformations required for automated process tailoring, but various types of models must be specified and evolved, limiting the industrial adoption of this approach. To address this problem, in this paper we propose a megamodel for automated process tailoring. Megamodeling provides an integrating framework for modeling in the large, including the definition and evolution of all models and transformations required for tailoring while hiding complexity. We report the application of our approach to the software development process of Rhiscom, a small Chilean company.

For a system of distributed processes, correctness can be ensured by statically checking whether ... more For a system of distributed processes, correctness can be ensured by statically checking whether their composition satisfies the properties of interest. However, web services are distributed processes that dynamically discover properties of other web services. Since the overall system may not be available statically and since each business process is supposed to be relatively simple, we propose to use runtime monitoring of conversations between partners as a means of checking behavioral correctness of the entire web service system. Specifically, we identify a subset of UML 2.0 Sequence Diagrams (SD) as a property specification language. We show how our language can be used to specify the Specification Property System (SPS) [1]. By formalizing this subset using automata, we can check finite execution traces of web services against various complex properties. Finally, we discuss our experience using our language for runtime monitoring of an existing application, and conclude with a description of existing tool support.

Automated consistency checking of UML models becomes necessary as models grow in size and complex... more Automated consistency checking of UML models becomes necessary as models grow in size and complexity. Since the UML metamodel does not enforce model consistency, there are no fixed guidelines on how to approach the consistency problem. Current solutions are generally partial. The translation of the metamodel and the user designed model into Description Logics has proved to provide a solution in detecting a large set of inconsistencies. In order to make this solution available to system designers, we have implemented MCC+, a UML model consistency checker, built as a plug-in for Poseidon for UML, and relying on Jena as a reasoning engine. Compared to other approaches, we propose a usable and scalable solution, interoperable with a known modeling tool. We show the application of MCC+ to a real world large example of a meshing tool.

For a system of distributed processes, correctness can be ensured by (statically) checking whethe... more For a system of distributed processes, correctness can be ensured by (statically) checking whether their composition satisfies properties of interest. However, web services are distributed processes that dynamically discover properties of other web services. Since the overall system may not be available statically and since each business process is supposed to be relatively simple, we propose to use (on-line) runtime monitoring of conversations between partners as a means of checking behavioural correctness of the entire web service system. Our framework allows application developers to specify behavioural correctness properties. By transforming these properties to finite-state automata, we enable conformance checking of finite execution traces of web services described in BPEL against the specification. Moreover, when violations are discovered at runtime, we automatically propose and rank recovery plans which users of the system can then select for execution. For some of the violations, such plans essentially involve "going back" -compensating the occurred actions until an alternative behaviour of the application is possible. For other violations, such plans include both "going back" and "re-planning" -guiding the application towards a desired behaviour. We report on the implementation and experience with our monitoring and recovery system, and discuss the implications that the move to "smart internet" [39] may have on our approach.

Web service applications are dynamic, highly distributed, and loosely coupled orchestrations of s... more Web service applications are dynamic, highly distributed, and loosely coupled orchestrations of services which are notoriously difficult to debug. In this paper, we describe a user-guided recovery framework for web services. When behavioural correctness properties (safety and bounded liveness) of an application are violated at runtime, we automatically propose and rank recovery plans which users can then select for execution. For safety violations, such plans essentially involve "going back" -compensating the occurred actions until an alternative behavior of the application is possible. For bounded liveness violations, such plans include both "going back" and "re-planning" -guiding the application towards a desired behavior. We report on the implementation and our experience with the recovery system.

Abstract. The personal web vision promises to give users a highly personalized experience on the ... more Abstract. The personal web vision promises to give users a highly personalized experience on the web. This paper proposes and describes a Personal Web Workflow Methodology, designed to elicit, operationalize and execute a personal web user's goals. Our approach relies heavily on our prior research in goal modeling and operationalization, model matching and merging, and web service monitoring and recovery. We integrate this research with the social networking concept of crowd-sourcing to create a novel methodology for ...

2013 4th International Workshop on Product LinE Approaches in Software Engineering (PLEASE), 2013

ABSTRACT It is an increasing trend to apply Software Product Line (SPL) concepts and techniques f... more ABSTRACT It is an increasing trend to apply Software Product Line (SPL) concepts and techniques for software process tailoring, generating a Software PRocess Line (SPrL). However, there are several aspects that must be addressed before SPrLs can be fully adopted by industry, a key aspect being how software process variability is specified and managed. In the literature, there are several general-purpose as well as domain-specific proposals for specifying process variability. In this paper, we analyze the benefits and drawbacks of two general-purpose (feature models and OVM) and two domain-specific (SPEM variability primitives and vSPEM) approaches, as well as discuss what hinders industry adoption in each case.

Journal of Systems and Software, 2013

Software organizations specify their software processes so that process knowledge can be systemat... more Software organizations specify their software processes so that process knowledge can be systematically reused across projects. However, different projects may require different processes. Defining a separate process for each potential project context is expensive and error-prone, since these processes must simultaneously evolve in a consistent manner. Moreover, an organization cannot envision all possible project contexts in advance because several variables may be involved, and these may also be combined in different ways. This problem is even worse in small companies since they usually cannot afford to define more than one process. Software process lines are a specific type of software product lines, in the software process domain. A benefit of software process lines is that they allow software process customization with respect to a context. In this article we propose a model-driven approach for software process lines specification and configuration. The article also presents two industrial case studies carried out at two small Chilean software development companies. Both companies have benefited from applying our approach to their processes: new projects are now developed using custom processes, process knowledge is systematically reused, and the total time required to customize a process is much shorter than before.

Journal of Environmental Radioactivity, 2000

Signi"cant quantities of liquid radioactive waste were discharged to the Techa River in the south... more Signi"cant quantities of liquid radioactive waste were discharged to the Techa River in the southern Urals region of Russia in the early years of operation of the Mayak PA plant (1948}1951). A collaborative project is underway under contract to the European Commission to consider the radiological impact of radioactive contamination in the Southern Urals. Part of this project involves the calculation of radiation doses currently received by the population of Brodokalmak on the Techa river. The assessment made use of local data on the habits of the population and measurements of radionuclide activity concentrations in food and water. Exposure pathways included in the assessment were ingestion of foods and external exposure to gamma radiation from radionuclides deposited on the banks of the river. A range of doses was calculated for di!erent age groups, "rstly, assuming that the restrictions in place are retained and, secondly, assuming that there are no restrictions. These restrictions include bans on drinking river water, "shing and bathing in the river and the prohibition of use of the river and surrounding #ood plains by humans and cattle. With restrictions the highest dose estimated was 0.56 mSv y\ for the most exposed adults and without restrictions this increased to 3.4 mSv y\. Crown

International Journal on Software Tools for Technology Transfer, 2010

When model-checking reports that a property holds on a model, vacuity detection increases user co... more When model-checking reports that a property holds on a model, vacuity detection increases user confidence in this result by checking that the property is satisfied in the intended way. While vacuity detection is effective, it is a relatively expensive technique requiring many additional model-checking runs. We address the problem of efficient vacuity detection for Bounded Model Checking (BMC) of LTL properties, presenting three partial vacuity detection methods based on the efficient analysis of the resolution proof produced by a successful BMC run. In particular, we define a characteristic of resolution proofs -peripherality -and prove that if a variable is a source of vacuity, then there exists a resolution proof in which this variable is peripheral. Our vacuity detection tool, VaqTree, uses these methods to detect vacuous variables, decreasing the total number of model-checking runs required to detect all sources of vacuity.