By K. Rustan M. Leino (auth.), Mihaela Bobaru, Klaus Havelund, Gerard J. Holzmann, Rajeev Joshi (eds.)

This publication constitutes the refereed lawsuits of the 3rd overseas Symposium on NASA Formal tools, NFM 2011, held in Pasadena, CA, united states, in April 2011.
The 26 revised complete papers offered including 12 device papers, three invited talks, and a couple of invited tutorials have been conscientiously reviewed and chosen from 141 submissions. the themes coated via NFM 2011 integrated yet weren't restricted to: theorem proving, common sense version checking, automatic trying out and simulation, model-based engineering, real-time and stochastic platforms, SAT and SMT solvers, symbolic execution, abstraction and abstraction refinement, compositional verification ideas; static and dynamic research recommendations, fault safeguard, cyber safeguard, specification formalisms, specifications research, and functions of formal techniques.

BA [Odd]: Number of states of the BA generated using the algorithm proposed by Oddoux [32]. U: Number of U, R, and ♦ in the formula. X: Number of ◦ in the formula. Boolean: Number of Boolean leafs, i. , variable references and constants. This is a good parameter for estimating the length of the formula. The results can be seen in Figure 3. The formulae generated by the Salt compiler contain a greater number of Boolean leafs, but use less temporal operators and, The Theory and Practice of SALT Example Specifications +20% +15% +15% +10% +10% Decrease / Increase Decrease / Increase Specification Patterns +20% +5% +0% -5% -10% -15% -20% +5% +0% -5% -10% -15% -20% -25% -30% 35 -25% BA [Fri] BA [Odd] U X Boolean -30% BA [Fri] BA [Odd] U X Boolean Fig.

Next timed[∼ c]ϕ states that the next occurrence of ϕ is within the time bounds ∼ c. This corresponds to the operator ∼c ϕ in TLTL. – ϕ until timed[∼ c] ψ states that ϕ is true until the next occurrence of ψ, and that this occurrence of ψ is within the time bounds ∼ c. The extended variants of until can be used as timed operators as well. – always timed[∼ c] ϕ states that ϕ must always be true within the time bounds ∼ c. – never timed[∼ c] ϕ states that ϕ must never be true within the time bounds ∼ c.

Occurring deals with events that may last more than one step and are separated by one or more steps in which the condition does not hold. holding considers single steps in which a condition holds. Both operators can also be used with an interval, e. , expressing the fact that an event has to occur at most 2 times in the future. To express this requirement manually in LTL, one would have to write ¬p W (p W (¬p W (p W ¬p))). The corresponding Salt specification is written concisely as assert o c c u r r i n g [ <=2] p.

