Results 1  10
of
177
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2408 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Symbolic Boolean manipulation with ordered binarydecision diagrams
 ACM Computing Surveys
, 1992
"... Ordered BinaryDecision Diagrams (OBDDS) represent Boolean functions as directed acyclic graphs. They form a canonical representation, making testing of functional properties such as satmfiability and equivalence straightforward. A number of operations on Boolean functions can be implemented as grap ..."
Abstract

Cited by 876 (11 self)
 Add to MetaCart
Ordered BinaryDecision Diagrams (OBDDS) represent Boolean functions as directed acyclic graphs. They form a canonical representation, making testing of functional properties such as satmfiability and equivalence straightforward. A number of operations on Boolean functions can be implemented as graph algorithms on OBDD
Counterexampleguided Abstraction Refinement
, 2000
"... We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techn ..."
Abstract

Cited by 597 (60 self)
 Add to MetaCart
We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techniques which analyze such counterexamples and refine the abstract model correspondingly.
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 573 (30 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryantâ€™s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
Model checking large software specifications
 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
, 1998
"... In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in whether model checking can be effect ..."
Abstract

Cited by 117 (6 self)
 Add to MetaCart
In this paper, we present our experiences in using symbolic model checking to analyze a specification of a software system for aircraft collision avoidance. Symbolic model checking has been highly successful when applied to hardware systems. We are interested in whether model checking can be effectively applied to large software specifications. To investigate this, we translated a portion of the statebased system requirements specification of Traffic Alert and Collision Avoidance System II (TCAS II) into input to a symbolic model checker (SMV). We successfully used the symbolic model checker to analyze a number of properties of the system. We report on our experiences, describing our approach to translating the specification to the SMV language, explaining our methods for achieving acceptable performance, and giving a summary of the properties analyzed. Based on our experiences, we discuss the possibility of using model checking to aid specification development by iteratively applying the technique early in the development cycle. We consider the paper to be a data point for optimism about the potential for more widespread application of model checking to software systems.
Verification Tools for FiniteState Concurrent Systems
"... Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not t ..."
Abstract

Cited by 117 (3 self)
 Add to MetaCart
Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not the statetransition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and
Decomposable negation normal form
 Journal of the ACM
, 2001
"... Abstract. Knowledge compilation has been emerging recently as a new direction of research for dealing with the computational intractability of general propositional reasoning. According to this approach, the reasoning process is split into two phases: an offline compilation phase and an online quer ..."
Abstract

Cited by 109 (18 self)
 Add to MetaCart
Abstract. Knowledge compilation has been emerging recently as a new direction of research for dealing with the computational intractability of general propositional reasoning. According to this approach, the reasoning process is split into two phases: an offline compilation phase and an online queryanswering phase. In the offline phase, the propositional theory is compiled into some target language, which is typically a tractable one. In the online phase, the compiled target is used to efficiently answer a (potentially) exponential number of queries. The main motivation behind knowledge compilation is to push as much of the computational overhead as possible into the offline phase, in order to amortize that overhead over all online queries. Another motivation behind compilation is to produce very simple online reasoning systems, which can be embedded costeffectively into primitive computational platforms, such as those found in consumer electronics. One of the key aspects of any compilation approach is the target language into which the propositional theory is compiled. Previous target languages included Horn theories, prime implicates/implicants and ordered binary decision diagrams (OBDDs). We propose in this paper a new target compilation language, known as decomposable negation normal form (DNNF), and present a number of its properties that make it of interest to the broad community. Specifically, we
Binary Decision Diagrams and Beyond: Enabling Technologies for Formal Verification
, 1995
"... Ordered Binary Decision Diagrams (OBDDs) have found widespread use in CAD applications such as formal verification, logic synthesis, and test generation. OBDDs represent Boolean functions in a form that is both canonical and compact for many practical cases. They can be generated and manipulated by ..."
Abstract

Cited by 104 (0 self)
 Add to MetaCart
Ordered Binary Decision Diagrams (OBDDs) have found widespread use in CAD applications such as formal verification, logic synthesis, and test generation. OBDDs represent Boolean functions in a form that is both canonical and compact for many practical cases. They can be generated and manipulated by efficient graph algorithms. Researchers have found that many tasks can be expressed as series of operations on Boolean functions, making them candidates for OBDDbased methods. The success of OBDDs has inspired efforts to improve their efficiency and to expand their range of applicability. Techniques have been discovered to make the representation more compact and to represent other classes of functions. This has led to improved performance on existing OBDD applications, as well as enabled new classes of problems to be solved. This paper provides an overview of the state of the art in graphbased function representations. We focus on several recent advances of particular importance for forma...
Formal Verification by Symbolic Evaluation of PartiallyOrdered Trajectories
 Formal Methods in System Design
, 1993
"... Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form ..."
Abstract

Cited by 99 (25 self)
 Add to MetaCart
Symbolic trajectory evaluation provides a means to formally verify properties of a sequential system by a modified form of symbolic simulation. The desired system properties are expressed in a notation combining Boolean expressions and the temporal logic "nexttime" operator. In its simplest form, each property is expressed as an assertion [A =) C], where the antecedent A expresses some assumed conditions on the system state over a bounded time period, and the consequent C expresses conditions that should result. A generalization allows simple invariants to be established and proven automatically. The verifier operates on system models in which the state space is ordered by "information content". By suitable restrictions to the specification notation, we guarantee that for every trajectory formula, there is a unique weakest state trajectory that satisfies it. Therefore, we can verify an assertion [A =) C] by simulating the system over the weakest trajectory for A and testing...