Results 1  10
of
133
Automatic verification of finitestate concurrent systems using temporal logic specifications
 ACM Transactions on Programming Languages and Systems
, 1986
"... We give an efficient procedure for verifying that a finitestate concurrent system meets a specification expressed in a (propositional, branchingtime) temporal logic. Our algorithm has complexity linear in both the size of the specification and the size of the global state graph for the concurrent ..."
Abstract

Cited by 1173 (58 self)
 Add to MetaCart
We give an efficient procedure for verifying that a finitestate concurrent system meets a specification expressed in a (propositional, branchingtime) temporal logic. Our algorithm has complexity linear in both the size of the specification and the size of the global state graph for the concurrent system. We also show how this approach can be adapted to handle fairness. We argue that our technique can provide a practical alternative to manual proof construction or use of a mechanical theorem prover for verifying many finitestate concurrent systems. Experimental results show that state machines with several hundred states can be checked in a matter of seconds.
Temporal and modal logic
 HANDBOOK OF THEORETICAL COMPUTER SCIENCE
, 1995
"... We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic. ..."
Abstract

Cited by 1107 (16 self)
 Add to MetaCart
We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic.
Knowledge and Common Knowledge in a Distributed Environment
 Journal of the ACM
, 1984
"... : Reasoning about knowledge seems to play a fundamental role in distributed systems. Indeed, such reasoning is a central part of the informal intuitive arguments used in the design of distributed protocols. Communication in a distributed system can be viewed as the act of transforming the system's s ..."
Abstract

Cited by 499 (52 self)
 Add to MetaCart
: Reasoning about knowledge seems to play a fundamental role in distributed systems. Indeed, such reasoning is a central part of the informal intuitive arguments used in the design of distributed protocols. Communication in a distributed system can be viewed as the act of transforming the system's state of knowledge. This paper presents a general framework for formalizing and reasoning about knowledge in distributed systems. We argue that states of knowledge of groups of processors are useful concepts for the design and analysis of distributed protocols. In particular, distributed knowledge corresponds to knowledge that is "distributed" among the members of the group, while common knowledge corresponds to a fact being "publicly known". The relationship between common knowledge and a variety of desirable actions in a distributed system is illustrated. Furthermore, it is shown that, formally speaking, in practical systems common knowledge cannot be attained. A number of weaker variants...
A Logic for Reasoning about Time and Reliability
 Formal Aspects of Computing
, 1994
"... We present a logic for stating properties such as, "after a request for service there is at least a 98% probability that the service will be carried out within 2 seconds". The logic extends the temporal logic CTL by Emerson, Clarke and Sistla with time and probabilities. Formulas are interpreted ove ..."
Abstract

Cited by 247 (1 self)
 Add to MetaCart
We present a logic for stating properties such as, "after a request for service there is at least a 98% probability that the service will be carried out within 2 seconds". The logic extends the temporal logic CTL by Emerson, Clarke and Sistla with time and probabilities. Formulas are interpreted over discrete time Markov chains. We give algorithms for checking that a given Markov chain satisfies a formula in the logic. The algorithms require a polynomial number of arithmetic operations, in size of both the formula and This research report is a revised and extended version of a paper that has appeared under the title "A Framework for Reasoning about Time and Reliability" in the Proceeding of the 10 th IEEE Realtime Systems Symposium, Santa Monica CA, December 1989. This work was partially supported by the Swedish Board for Technical Development (STU) as part of Esprit BRA Project SPEC, and by the Swedish Telecommunication Administration. the Markov chain. A simple example is inc...
Symmetry and Model Checking
, 1994
"... We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model ch ..."
Abstract

Cited by 166 (15 self)
 Add to MetaCart
We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model checking. 1 Introduction In this paper, we show how to exploit symmetry in model checking. We focus on systems composed of many identical (isomorphic) processes. The global state transition graph M of such a system exhibits a great deal of symmetry, characterized by the group of graph automorphisms of M. The basic idea underlying our method is to reduce model checking over the original structure M, to model checking over a smaller quotient structure M, where symmetric states are identified. In the following paragraphs, we give a more detailed but still informal account of a "grouptheoretic" approach to exploiting symmetry. More precisely, the symmetry of M is reflected in the group, Aut M...
From Timed to Hybrid Systems
"... We propose a framework for the formal speci cation and veri cation of timed and hybrid systems. For timed systems we propose a speci cation language that refers to time only through age functions which measure the length of the most recent timeinterval in which agiven formula has been continuously t ..."
Abstract

Cited by 146 (16 self)
 Add to MetaCart
We propose a framework for the formal speci cation and veri cation of timed and hybrid systems. For timed systems we propose a speci cation language that refers to time only through age functions which measure the length of the most recent timeinterval in which agiven formula has been continuously true. We then consider hybrid systems, which are systems consisting of a nontrivial mixture of discrete and continuous components, such as a digital controller that controls acontinuous environment. The proposed framework extends the temporal logic approach which has proven useful for the formal analysis of discrete systems such as reactive programs. The new framework consists of a semantic model for hybrid time, the notion of phase transition systems, which extends the formalism of discrete transition systems, an extended version of Statecharts for the speci cation of hybrid behaviors, and an extended version of temporal logic that enables reasoning about continuous change.
StateBased Model Checking of EventDriven System Requirements
 IEEE Transactions on Software Engineering
, 1993
"... AbstractIn this paper, we demonstrate how model checking can be used to verify safety properties for eventdriven systems. SCR tabular requirements describe required system behavior in a format that is intuitive, easy to read, and scalable to large systems (e.g., the software requhements for the A7 ..."
Abstract

Cited by 131 (7 self)
 Add to MetaCart
AbstractIn this paper, we demonstrate how model checking can be used to verify safety properties for eventdriven systems. SCR tabular requirements describe required system behavior in a format that is intuitive, easy to read, and scalable to large systems (e.g., the software requhements for the A7 aircraft). Model checking of temporal logics has been established as a sound technique for verifying properties of hardware systems. We have developed an automated technique for formalizing the semiformal SCR requirements and for transforming the resultant formal specification onto a finite structure that a model checker can analyze. This technique was effective in uncovering violations of system invariants in both an automobile cruise control system and a waterlevel monitoring system. Index TermsFormal specification, formal verification, model checking, requirements analysis, sonware requirements, temporal logic.
Modelchecking algorithms for continuoustime Markov chains
 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
, 2003
"... Continuoustime Markov chains (CTMCs) have been widely used to determine system performance and dependability characteristics. Their analysis most often concerns the computation of steadystate and transientstate probabilities. This paper introduces a branching temporal logic for expressing realt ..."
Abstract

Cited by 128 (26 self)
 Add to MetaCart
Continuoustime Markov chains (CTMCs) have been widely used to determine system performance and dependability characteristics. Their analysis most often concerns the computation of steadystate and transientstate probabilities. This paper introduces a branching temporal logic for expressing realtime probabilistic properties on CTMCs and presents approximate model checking algorithms for this logic. The logic, an extension of the continuous stochastic logic CSL of Aziz et al., contains a timebounded until operator to express probabilistic timing properties over paths as well as an operator to express steadystate probabilities. We show that the model checking problem for this logic reduces to a system of linear equations (for unbounded until and the steadystate operator) and a Volterra integral equation system (for timebounded until). We then show that the problem of modelchecking timebounded until properties can be reduced to the problem of computing transient state probabilities for CTMCs. This allows the verification of probabilistic timing properties by efficient techniques for transient analysis for CTMCs such as uniformization. Finally, we show that a variant of lumping equivalence (bisimulation), a wellknown notion for aggregating CTMCs, preserves the validity of all formulas in the logic.
Model Checking vs. Theorem Proving: A Manifesto
, 1991
"... We argue that rather than representing an agent's knowledge as a collection of formulas, and then doing theorem proving to see if a given formula follows from an agent's knowledge base, it may be more useful to represent this knowledge by a semantic model, and then do model checking to see if the g ..."
Abstract

Cited by 117 (5 self)
 Add to MetaCart
We argue that rather than representing an agent's knowledge as a collection of formulas, and then doing theorem proving to see if a given formula follows from an agent's knowledge base, it may be more useful to represent this knowledge by a semantic model, and then do model checking to see if the given formula is true in that model. We discuss how to construct a model that represents an agent's knowledge in a number of different contexts, and then consider how to approach the modelchecking problem.
Synthesizing StateBased Object Systems from LSC Specifications
, 2000
"... Live sequence charts (LSCs) have been de ned recently as an extension of message sequence charts (MSCs � or their UML variant, sequence diagrams) for rich interobject speci cation. One of the main additions is the notion of universal charts and hot, mandatory behavior, which, among other things, en ..."
Abstract

Cited by 83 (23 self)
 Add to MetaCart
Live sequence charts (LSCs) have been de ned recently as an extension of message sequence charts (MSCs � or their UML variant, sequence diagrams) for rich interobject speci cation. One of the main additions is the notion of universal charts and hot, mandatory behavior, which, among other things, enables one to specify forbidden scenarios. LSCs are thus essentially as expressive as statecharts. This paper deals with synthesis, which is the problem of deciding, given an LSC speci cation, if there exists a satisfying object system and, if so, to synthesize one automatically. The synthesis problem is crucial in the development of complex systems, since sequence diagrams serve as the manifestation of use cases  whether used formally or informally  and if synthesizable they could lead directly to implementation. Synthesis is considerably harder for LSCs than for MSCs, and we tackle it by de ning consistency, showing that an entire LSC speci cation is consistent i it is satis able by a statebased object system, and then synthesizing a satisfying system as a collection of nite state machines or statecharts. 1