Abstract. We describe a partial order reduction technique for a realtime component model. Components are described as timed automata with data ports, which can be composed in stati...
This paper describes the design and implementation of GNAT Pro for ERC32, a flexible cross-development environment supporting the Ravenscar tasking model on top of bare ERC32 comp...
Asynchronous systems components are hard to write, hard to reason about, and (not coincidentally) hard to mechanically verify. In order to achieve high performance, asynchronous c...
Prakash Chandrasekaran, Christopher L. Conway, Jos...
Writes via unchecked pointer dereferences rank high among vulnerabilities most often exploited by malicious code. The most common attacks use an unchecked string copy to cause a b...
Abstract. Because of its critical importance underlying all other software, lowlevel system software is among the most important targets for formal verification. Low-level systems...