• Publications
  • Influence
ICS: Integrated Canonizer and Solver
Decision procedures are at the core of many industrial-strength verification systems such as ACL2, PVS, or STeP but many existing decision procedures lack an appropriate API for managing contexts and efficiently switching between contexts. Expand
Sal 2
Its high-level specification language and wide range of model checkers make SAL convenient for those seeking a ready-to-use solution, while its scriptability and flexible choice of backend analyzers should make it attractive to those seeking an experimental platform. Expand
Maximum Resilience of Artificial Neural Networks
The effectiveness and scalability of this approach by means of computing maximal resilience bounds for a number of ANN benchmark sets ranging from typical image recognition scenarios to the autonomous maneuvering of robots are demonstrated. Expand
An Overview of SAL
This work instantiation of the SAL framework augments PVS with tools for abstraction, invariant generation, program analysis, theorem proving, and model checking to separate concerns as well as calculate properties of concurrent systems. Expand
Monadic Second-Order Logics with Cardinalities
We delimit the boundary between decidability versus undecidability of the weak monadic second-order logic of one successor (WS1S) extended with linear cardinality constraints of the formExpand
Lazy Theorem Proving for Bounded Model Checking over Infinite Domains
The combination of propositional SAT checkers with domain-specific theorem provers as a foundation for bounded model checking over infinite domains is investigated, bounded modelchecking for timed automata and for RTL level descriptions is exemplified, and the lazy integration of SAT solving and theorem proving is investigated. Expand
Deconstructing Shostak
  • H. Ruess, N. Shankar
  • Computer Science
  • Proceedings 16th Annual IEEE Symposium on Logic…
  • 16 June 2001
A variant of Shostak's algorithm is described, along with proofs of termination, soundness and completeness, and all previously published variants of it yield incomplete decision procedures. Expand
Bounded model checking and induction: From refutation to verification
A general k-induction scheme is defined and strengthened invariant strengthening is demonstrated using infinite-state systems ranging from communication protocols to timed automata and (linear) hybrid automata. Expand
Protocol-independent secrecy
  • J. Millen, H. Ruess
  • Computer Science
  • Proceeding IEEE Symposium on Security and…
  • 14 May 2000
The secrecy theorem encapsulates the use of induction so that the discharge of protocol-specific proof obligations is reduced to first-order reasoning. Expand
EFSMT: A Logical Framework for Cyber-Physical Systems
This paper addresses the challenge with EFSMT, the exists-forall quantified first-order fragment of propositional combinations over constraints, as the logical framework and foundation for analyzing and synthesizing cyber-physical systems and proposes an algorithm for solving EFS MT problems based on the interplay between two SMT solvers. Expand