Results 1  10
of
22
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
An automatatheoretic approach to linear temporal logic
 Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science
, 1996
"... Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over s ..."
Abstract

Cited by 217 (23 self)
 Add to MetaCart
Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over some alphabet. Thus,programs and specificationscan be viewed as descriptions of languagesover some alphabet. The automatatheoretic perspective considers the relationships between programs and their specifications as relationships between languages.By translating programs and specifications to automata, questions about programs and their specifications can be reduced to questions about automata. More specifically, questions such as satisfiability of specifications and correctness of programs with respect to their specifications can be reduced to questions such as nonemptiness and containment of automata. Unlike classical automata theory, which focused on automata on finite words, the applications to program specification, verification, and synthesis, use automata on infinite words, since the computations in which we are interested are typically infinite. This paper provides an introduction to the theory of automata on infinite words and demonstrates its applications to program specification, verification, and synthesis. 1
Decision Procedures and Expressiveness in the Temporal Logic of Branching Time
, 1985
"... We consider the computation tree logic (CTL) proposed in (Set. Comput. Programming 2 ..."
Abstract

Cited by 142 (4 self)
 Add to MetaCart
We consider the computation tree logic (CTL) proposed in (Set. Comput. Programming 2
Model Checking for a Probabilistic Branching Time Logic with Fairness
 Distributed Computing
, 1998
"... We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but n ..."
Abstract

Cited by 116 (37 self)
 Add to MetaCart
We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but not probabilistic, choices. The presence of nondeterminism means that certain liveness properties cannot be established unless fairness is assumed. We introduce a probabilistic branching time logic PBTL, based on the logic TPCTL of Hansson [30] and the logic PCTL of [55], resp. pCTL of [14]. The formulas of the logic express properties such as "every request is eventually granted with probability at least p". We give three interpretations for PBTL on concurrent probabilistic processes: the first is standard, while in the remaining two interpretations the branching time quantifiers are taken to range over a certain kind of fair computation trees. We then present a model checking algorithm for...
Synthesizing Distributed Systems
, 2001
"... In system synthesis, we transform a specication into a system that is guaranteed to satisfy the speci cation. When the system is distributed, the goal is to construct the system's underlying processes. Results on multiplayer games imply that the synthesis problem for linear specications is undecid ..."
Abstract

Cited by 42 (1 self)
 Add to MetaCart
In system synthesis, we transform a specication into a system that is guaranteed to satisfy the speci cation. When the system is distributed, the goal is to construct the system's underlying processes. Results on multiplayer games imply that the synthesis problem for linear specications is undecidable for general architectures, and is nonelementary decidable for hierarchical architectures, where the processes are linearly ordered and information among them ows in one direction. In this paper we present a signicant extension of this result. We handle both linear and branching specications, and we show that a sucient condition for decidability of the synthesis problem is a linear or cyclic order among the processes, in which information ows in either one or both directions. We also allow the processes to have internal hidden variables, and we consider communications with and without delay. Many practical applications fall into this class. 1 Introduction In system synthesis, we...
Constructing Automata from Temporal Logic Formulas: A Tutorial
 Summer School on Trends in Computer Science, LNCS 2090
"... This paper presents a tutorial introduction to the construction of finiteautomata on infinite words from lineartime temporal logic formulas. After defining the source and target formalisms, it describes a first construction whose correctness is quite direct to establish, but whose behavior is alwa ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
This paper presents a tutorial introduction to the construction of finiteautomata on infinite words from lineartime temporal logic formulas. After defining the source and target formalisms, it describes a first construction whose correctness is quite direct to establish, but whose behavior is always equal to the worstcase upper bound. It then turns to the techniques that can be used to improve this algorithm in order to obtain the quite effective algorithms that are now in use.
A gamebased framework for CTL counterexamples and 3valued abstractionrefinement
 In Computer Aided Verification (CAV), LNCS 2725
, 2003
"... Abstract. This work exploits and extends the gamebased framework of CTL model checking for counterexample and incremental abstractionrefinement. We define a gamebased CTL model checking for abstract models over the 3valued semantics, which can be used for verification as well as refutation. The ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
Abstract. This work exploits and extends the gamebased framework of CTL model checking for counterexample and incremental abstractionrefinement. We define a gamebased CTL model checking for abstract models over the 3valued semantics, which can be used for verification as well as refutation. The model checking may end with an indefinite result, in which case we suggest a new notion of refinement, which eliminates indefinite results of the model checking. This provides an iterative abstractionrefinement framework. It is enhanced by an incremental algorithm, where refinement is applied only where indefinite results exist and definite results from prior iterations are used within the model checking algorithm. We also define the notion of annotated counterexamples, which are sufficient and minimal counterexamples for full CTL. We present an algorithm that uses the game board of the model checking game to derive an annotated counterexample in case the examined system model refutes the checked formula. 1
Synthesis with incomplete informatio
 In Advances in Temporal Logic
, 2000
"... Abstract. In program synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. When the system is open, then at each moment it reads input signals and writes output signals, which depend on the input signals and the history of the computation so far. The ..."
Abstract

Cited by 17 (7 self)
 Add to MetaCart
Abstract. In program synthesis, we transform a specification into a system that is guaranteed to satisfy the specification. When the system is open, then at each moment it reads input signals and writes output signals, which depend on the input signals and the history of the computation so far. The specification considers all possible input sequences. Thus, if the specification is linear, it should hold in every computation generated by the interaction, and if the specification is branching, it should hold in the tree that embodies all possible input sequences. Often, the system cannot read all the input signals generated by its environment. For example, in a distributed setting, it might be that each process can read input signals of only part of the underlying processes. Then, we should transform a specification into a system whose output depends only on the readable parts of the input signals and the history of the computation. This is called synthesis with incomplete information. In this work we solve the problem of synthesis with incomplete information in its full generality. We consider linear and branching settings with complete and incomplete information. We claim that alternation is a suitable and helpful mechanism for coping with incomplete information. Using alternating tree automata, we show that incomplete information does not make the synthesis problem more complex, in both the linear and the branching paradigm. In particular, we prove that independently of the presence of incomplete information, the synthesis problems for CTL and CTL ⋆ are complete for EXPTIME and 2EXPTIME, respectively. 1.
Temporal Logics For Trace Systems: On Automated Verification
, 1993
"... We investigate an extension of CTL (Computation Tree Logic) by past modalities, called CTLP , interpreted over Mazurkiewicz's trace systems. The logic is powerful enough to express most of the partial order properties of distributed systems like serializability of database transactions, snapshots, p ..."
Abstract

Cited by 16 (6 self)
 Add to MetaCart
We investigate an extension of CTL (Computation Tree Logic) by past modalities, called CTLP , interpreted over Mazurkiewicz's trace systems. The logic is powerful enough to express most of the partial order properties of distributed systems like serializability of database transactions, snapshots, parallel execution of program segments, or inevitability under concurrency fairness assumption. We show that the model checking problem for the logic is NPhard, even if past modalities cannot be nested. Then, we give a one exponential time model checking algorithm for the logic without nested past modalities. We show that all the interesting partial order properties can be model checked using our algorithm. Next, we show that it is possible to extend the model checking algorithm to cover the whole language and its extension to CTL*P . Finally, we prove that the logic is undecidable and we discuss consequences of our results on using propositional versions of partial order temporal logics to s...
Branching Time and Partial Order in Temporal Logics
 Time and Logic: A Computational Approach
, 1995
"... The aim of this paper is to present existing propositional temporal logics with branching and partially ordered time. These logics are used for specifying and proving properties of programs and systems. The branching time approach is useful e.g. for nondeterministic programs and can be applied ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
The aim of this paper is to present existing propositional temporal logics with branching and partially ordered time. These logics are used for specifying and proving properties of programs and systems. The branching time approach is useful e.g. for nondeterministic programs and can be applied also for concurrent programs. The partial order approach is especially useful for concurrent programs and allows one to study more subtle properties than those based on branching time. A survey of branching time logics, computation tree logics, partial order temporal logics and logics based on event structures is given. The following issues are concerned in this paper: the completeness of proof systems, the finite model property, decidability, model checking and expressiveness of the logics. 1 Introduction The aim of this paper is to present existing formal languages of propositional temporal logic with frames based on branching time structures or, more general, partial orders. Bran...