Results 1  10
of
23
An automatatheoretic approach to linear temporal logic
 Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science
, 1996
"... Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over s ..."
Abstract

Cited by 221 (22 self)
 Add to MetaCart
Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over some alphabet. Thus,programs and specificationscan be viewed as descriptions of languagesover some alphabet. The automatatheoretic perspective considers the relationships between programs and their specifications as relationships between languages.By translating programs and specifications to automata, questions about programs and their specifications can be reduced to questions about automata. More specifically, questions such as satisfiability of specifications and correctness of programs with respect to their specifications can be reduced to questions such as nonemptiness and containment of automata. Unlike classical automata theory, which focused on automata on finite words, the applications to program specification, verification, and synthesis, use automata on infinite words, since the computations in which we are interested are typically infinite. This paper provides an introduction to the theory of automata on infinite words and demonstrates its applications to program specification, verification, and synthesis. 1
A Partial Approach to Model Checking
 INFORMATION AND COMPUTATION
, 1994
"... This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, including aut ..."
Abstract

Cited by 113 (5 self)
 Add to MetaCart
This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, including automata that operate on words of ordinality higher than \omega.
Module Checking
, 1996
"... . In computer system design, we distinguish between closed and open systems. A closed system is a system whose behavior is completely determined by the state of the system. An open system is a system that interacts with its environment and whose behavior depends on this interaction. The ability of ..."
Abstract

Cited by 80 (11 self)
 Add to MetaCart
. In computer system design, we distinguish between closed and open systems. A closed system is a system whose behavior is completely determined by the state of the system. An open system is a system that interacts with its environment and whose behavior depends on this interaction. The ability of temporal logics to describe an ongoing interaction of a reactive program with its environment makes them particularly appropriate for the specification of open systems. Nevertheless, modelchecking algorithms used for the verification of closed systems are not appropriate for the verification of open systems. Correct model checking of open systems should check the system with respect to arbitrary environments and should take into account uncertainty regarding the environment. This is not the case with current modelchecking algorithms and tools. In this paper we introduce and examine the problem of model checking of open systems (mod ule checking, for short). We show that while module che...
Module checking revisited
 In Proc. 9th CAV, LNCS 1254
, 1997
"... Abstract. When we verify the correctness of an open system with respect to a desired requirement, we should take into consideration the different environments with which the system may interact. Each environment induces a different behavior of the system, and we want all these behaviors to satisfy t ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
Abstract. When we verify the correctness of an open system with respect to a desired requirement, we should take into consideration the different environments with which the system may interact. Each environment induces a different behavior of the system, and we want all these behaviors to satisfy the requirement. Module checking is an algorithmic method that checks, given an open system (modeled as a finite structure) and a desired requirement (specified by a temporallogic formula), whether the open system satisfies the requirement with respect to all environments. In this paper we extend the modulechecking method with respect to two orthogonal issues. Both issues concern the fact that often we are not interested in satisfaction of the requirement with respect to all environments, but only with respect to these that meet some restriction. We consider the case where the environment has incomplete information about the system; i.e., when the system has internal variables, which are not readable by its environment, and the case where some assumptions are known about environment; i.e., when the system is guaranteed to satisfy the requirement only when its environment satisfies certain assumptions. We study the complexities of the extended modulechecking problems. In particular, we show that for universal temporal logics (e.g., LTL, ¥ CTL, and ¥ CTL ¦), module checking with incomplete information coincides with module checking, which by itself coincides with model checking. On the other hand, for nonuniversal temporal logics (e.g., CTL and CTL ¦), module checking with incomplete information is harder than module checking, which is by itself harder than model checking. 1
Towards Model Checking Stochastic Process Algebra
, 2000
"... . Stochastic process algebra have been proven useful because they allow behaviouroriented performance and reliability modelling. As opposed to traditional performance modelling techniques, the behaviouroriented style supports composition and abstraction in a natural way. However, analysis of stocha ..."
Abstract

Cited by 23 (9 self)
 Add to MetaCart
. Stochastic process algebra have been proven useful because they allow behaviouroriented performance and reliability modelling. As opposed to traditional performance modelling techniques, the behaviouroriented style supports composition and abstraction in a natural way. However, analysis of stochastic process algebra models is stateoriented, because standard numerical analysis is typically based on the calculation of (transient and steady) state probabilities. This shift of paradigms hampers the acceptance of the process algebraic approach by performance modellers. In this paper, we develop an entirely behaviouroriented analysis technique for stochastic process algebra. The key contribution is an actionbased temporal logic to describe behavioursofinterest, together with a model checking algorithm to derive the probability with which a stochastic process algebra model exhibits a given behaviourofinterest. 1 Introduction The analysis of systems with respect to their performance...
Alternating Automata and Program Verification
 In Computer Science Today. LNCS 1000
, 1995
"... . We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear tempora ..."
Abstract

Cited by 23 (1 self)
 Add to MetaCart
. We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear temporal logics the automaton runs on infinite words while for branching temporal logics the automaton runs on infinite trees. The simple combinatorial structures that emerge from the automatatheoretic approach decouple the logical and algorithmic components of finitestateprogram verification and yield clear and general verification algorithms. 1 Introduction Temporal logics, which are modal logics geared towards the description of the temporal ordering of events, have been adopted as a powerful tool for specifying and verifying concurrent programs [Pnu77, MP92]. One of the most significant developments in this area is the discovery of algorithmic methods for verifying temporal logic properties...
Verification of Fair Transition Systems
, 1998
"... . In program verification, we check that an implementation meets its specification. Both the specification and the implementation describe the possible behaviors of the program, though at different levels of abstraction. We distinguish between two approaches to implementation of specifications. The ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
. In program verification, we check that an implementation meets its specification. Both the specification and the implementation describe the possible behaviors of the program, though at different levels of abstraction. We distinguish between two approaches to implementation of specifications. The first approach is tracebased implementation, where we require every computation of the implementation to correlate to some computation of the specification. The second approach is treebased implementation, where we require every computation tree embodied in the implementation to correlate to some computation tree embodied in the specification. The two approaches to implementation are strongly related to the lineartime versus branchingtime dichotomy in temporal logic. In this work we examine the tracebased and the treebased approachesfrom a complexitytheoretic point of view. We consider and compare the complexity of verification of fair transition systems, modeling both the implement...
On the Complexity of Branching Modular Model Checking (Extended Abstract)
, 1995
"... In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consid ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consider assumeguarantee specifications in which the assumptions and the guarantees are specified by universal branching temporal formulas (i.e., all path quantifiers are universal). Verifying modules with respect to such specifications is called the branching modular modelchecking problem. We consider both ACTL and ACTL*, the universal fragments of CTL and CTL*. We develop two fundamental techniques: building max...
An AutomataTheoretic Approach to Modular Model Checking
, 1998
"... this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in 8CTL and 8CTL
A Heuristic for the Automatic Generation of Ranking Functions
 Workshop on Advances in Verification
, 2000
"... The duality between invariance and progress is fundamental in proof techniques for the verication of programs. Proving invariance requires the construction of invariants, while progress proofs hinge on the identication of appropriate ranking functions. With the recent interest in automated verica ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
The duality between invariance and progress is fundamental in proof techniques for the verication of programs. Proving invariance requires the construction of invariants, while progress proofs hinge on the identication of appropriate ranking functions. With the recent interest in automated verication techniques, the topic of automatic generation of invariants is facing a revival of interest. In [14] it has been shown that temporal properties of reactive systems can be proven via nitary abstractions if those abstractions comprise a notion of acceptance conditions, like !automata. Based on this, that paper concludes that there is a strong need for devising eective heuristics for generating such conditions. In this note, we address this issue. We suggest a simple heuristic in the spirit of, and combining well with, the popular predicate abstraction approach to the automatic generation and renement of invariants. The presentation is nontechnical and guided by examples. ...