Results 1  10
of
152
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2474 (64 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Temporal and modal logic
 HANDBOOK OF THEORETICAL COMPUTER SCIENCE
, 1995
"... We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic. ..."
Abstract

Cited by 1119 (17 self)
 Add to MetaCart
We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic.
An AutomataTheoretic Approach to BranchingTime Model Checking
 JOURNAL OF THE ACM
, 1998
"... Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques ..."
Abstract

Cited by 302 (66 self)
 Add to MetaCart
Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques have long been thought to introduce an exponential penalty, making them essentially useless for modelchecking. Recently, Bernholtz and Grumberg have shown that this exponential penalty can be avoided, though they did not match the linear complexity of nonautomatatheoretic algorithms. In this paper we show that alternating tree automata are the key to a comprehensive automatatheoretic framework for branching temporal logics. Not only, as was shown by Muller et al., can they be used to obtain optimal decision procedures, but, as we show here, they also make it possible to derive optimal modelchecking algorithms. Moreover, the simple combinatorial structure that emerges from the a...
FailStop Processors: An Approach to Designing FaultTolerant Computing Systems
, 1983
"... This paper was originally submitted to ACM Transactions on Programming Languages and Systems. The responsible editor was Susan L. Graham. The authors and editor kindly agreed to transfer the paper to the ACM Transactions on Computer Systems ..."
Abstract

Cited by 299 (17 self)
 Add to MetaCart
This paper was originally submitted to ACM Transactions on Programming Languages and Systems. The responsible editor was Susan L. Graham. The authors and editor kindly agreed to transfer the paper to the ACM Transactions on Computer Systems
Probabilistic Simulations for Probabilistic Processes
, 1994
"... Several probabilistic simulation relations for probabilistic systems are defined and evaluated according to two criteria: compositionality and preservation of "interesting" properties. Here, the interesting properties of a system are identified with those that are expressible in an untimed ..."
Abstract

Cited by 275 (18 self)
 Add to MetaCart
Several probabilistic simulation relations for probabilistic systems are defined and evaluated according to two criteria: compositionality and preservation of "interesting" properties. Here, the interesting properties of a system are identified with those that are expressible in an untimed version of the Timed Probabilistic concurrent Computation Tree Logic (TPCTL) of Hansson. The definitions are made, and the evaluations carried out, in terms of a general labeled transition system model for concurrent probabilistic computation. The results cover weak simulations, which abstract from internal computation, as well as strong simulations, which do not.
Resources, Concurrency and Local Reasoning
 THEORETICAL COMPUTER SCIENCE
, 2004
"... In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs. ..."
Abstract

Cited by 157 (5 self)
 Add to MetaCart
In this paper we show how a resourceoriented logic, separation logic, can be used to reason about the usage of resources in concurrent programs.
Tentative Steps Toward a Development Method for Interfering Programs
 ACM TOPLAS
, 1983
"... Development methods for (sequential) programs that run in isolation have been studied elsewhere. Programs that run in parallel can interfere with each other, either via shared storage or by sending messages. Extensions to earlier development methods are proposed for the rigorous development of inter ..."
Abstract

Cited by 141 (5 self)
 Add to MetaCart
Development methods for (sequential) programs that run in isolation have been studied elsewhere. Programs that run in parallel can interfere with each other, either via shared storage or by sending messages. Extensions to earlier development methods are proposed for the rigorous development of interfering programs. In particular, extensions tothe specification method based on postconditions that are predicates oftwo states and the development methods of operation decomposition a d data refinement are proposed.
Verifying properties of large sets of processes with network invariants,” in Automatic Verification Methods for Finite State Systems
, 1990
"... If a system is built from a large number of identical finitestate processes, it seems intuitively obvious that, with the help of "a little induction", the verification of such a system can be reduced to a finitestate problem. The difficulty is to find the right form of "a little in ..."
Abstract

Cited by 99 (0 self)
 Add to MetaCart
If a system is built from a large number of identical finitestate processes, it seems intuitively obvious that, with the help of "a little induction", the verification of such a system can be reduced to a finitestate problem. The difficulty is to find the right form of "a little induction". There have been several attempts to address this problem in the context of modelchecking [CGBS6], [CGS7], [GSS7]. In very general terms (see Section 6 for more details), the approach is to find ways of proving that if a process atisfies a fornmla, then the nfold parallel composition of this process with itself still satisfies the same (or a related) formula. This approach makes some interesting verifications possible. However, it has its limits and usually requires the implementation of special purpose tools. In this paper, we propose an alternative approach. It is an attempt o make the "little induction " explicit and simple. If one wants to prove that some property holds for the composition of n processes P, one ought to be able to proceed as follows. Prove that one process satisfies the property or, as is often necessary when using induction, a stronger property I. Then prove that the composition of any process satisfying I with one of the processes P still satisfies I. Such a property I essentially represents the joint behavior of any number of processes P. Since adding one more process P to a network satisfying I does not change I, we call it a network invariant. All this is general and quite obvious. The problem is to find a framework in which it works. For this, we turn to process theory in the style of CCS and CSP [MilS0], [Hoa85]. We actually use a variant of TCSP, but this choice is not important as long as some conditions made explicit in Section 2 are satisfied. The idea is that the network invariant I is itself expressed as a process. The inductive step then essentially reduces to proving in the process theory that I I I P is a process equal to or stronger than I. Of course if the processes are finitestate, this can be done with an automatic verification toot. Hence, once the invariant I is found, our method is completely automatic.