Type systems for secure information flow are useful for efficiently checking that programs have secure information flow. They are, however, conservative, so that they often rej...
Counterexamples explain why a desired temporal logic property fails to hold, and as such are considered to be the most useful form of output from model-checkers. Multi-valued model...
Current numerical model checkers for stochastic systems can efficiently analyse stochastic models. However, the fact that they are unable to provide debugging information constrain...
Abstract. When a model does not satisfy a given specification, a counterexample is produced by the model checker to demonstrate the failure. A user must then examine the counterexa...
Ilan Beer, Shoham Ben-David, Hana Chockler, Avigai...