Andreas Podelski

Sergiy Bogomolov, Marcelo Forets, Goran Frehse et al.

Approximating the set of reachable states of a dynamical system is an algorithmic yet mathematically rigorous way to reason about its safety. Although progress has been made in the development of efficient algorithms for affine dynamical systems, available algorithms still lack scalability to ensure their wide adoption in the industrial setting. While modern linear algebra packages are efficient for matrices with tens of thousands of dimensions, set-based image computations are limited to a few hundred. We propose to decompose reach set computations such that set operations are performed in low dimensions, while matrix operations like exponentiation are carried out in the full dimension. Our method is applicable both in dense- and discrete-time settings. For a set of standard benchmarks, it shows a speed-up of up to two orders of magnitude compared to the respective state-of-the art tools, with only modest losses in accuracy. For the dense-time case, we show an experiment with more than 10.000 variables, roughly two orders of magnitude higher than possible with previous approaches.

Daniel Dietsch, Matthias Heizmann, Jochen Hoenicke et al.

In theorem prover or SMT solver based verification, the program to be verified is often given in an intermediate verification language such as Boogie, Why, or CHC. This setting raises new challenges. We investigate a preprocessing step which takes the similar role that alias analysis plays in verification, except that now, a (mathematical) map is used to model the memory or a data object of type array. We present a program transformation that takes a program P to an equivalent program P' such that, by verifying P' instead of P, we can reduce the burden of the exponential explosion in the number of case splits. Here, the case splits are according to whether two statements using the same map variable are independent or not; if they are independent, we might as well employ two different map variables and thus remove the need for a case split (this is the idea behind the program transformation). We have implemented the program transformation and show that, in an ideal case, we can avoid the exponential explosion.

Tobias Morciniec, Andreas Podelski

During the execution of a test plan, a test manager may decide to drop a test case if its result can be inferred from already executed test cases. We show that it is possible to automatically generate a test plan to exploit the potential to justifiably drop a test case and thus reduce the number of test cases. Our approach uses Boolean formulas to model the mutual dependencies between test results. The algorithm to generate a test plan comes with the formal guarantee of optimality with regards to the inference of the result of a test case from already executed test cases.

Stephan Arlt, Evren Ermis, Sergio Feo-Arenis et al.

In black-box testing of GUI applications (a form of system testing), a dynamic analysis of the GUI application is used to infer a black-box model; the black-box model is then used to derive test cases for the test of the GUI application. In this paper, we propose to supplement the test with the verification of the black-box model. We present a method that can give a guarantee of the absence of faults, i.e., the correctness of all test cases of the black-box model. The black-model allows us to formulate a parametrized verification problem. As we will show, it also allows us to circumvent the static analysis of the GUI tool kit. We have implemented our approach; preliminary experiments indicate its practical potential.