What causes a system to satisfy a specification?
Abstract
Even when a system is proven to be correct with respect to a specification, there is still a question of how complete the specification is, and whether it really covers all the behaviors of the system.Coverage metricsattempt to check which parts of a system are actually relevant for the verification process to succeed. Recent work on coverage in model checking suggests several coverage metrics and algorithms for finding parts of the system that are not covered by the specification. The work has already proven to be effective in practice, detecting design errors that escape early verification efforts in industrial settings. In this article, we relate a formal definition of causality given by Halpern and Pearl to coverage. We show that it gives significant insight into unresolved issues regarding the definition of coverage and leads to potentially useful extensions of coverage. In particular, we introduce the notion ofresponsibility, which assigns to components of a system a quantitative measure of their relevance to the satisfaction of the specification.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- Jun 01, 2008
- Source ID
- 10.1145/1352582.1352588
Entities
People
- Hana Chockler
- Joseph Halpern
- Orna Kupferman
Organizations
- Air Force Office of Scientific Research
- Cornell University
- Division of Information and Intelligent Systems
- Hebrew University of Jerusalem
- IBM Research
- National Science Foundation
- United States Department of Defense