Compositional Model Checking
, 1999
Abstract

Cited by 2474 (64 self)
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Temporal and modal logic
 HANDBOOK OF THEORETICAL COMPUTER SCIENCE
, 1995
Abstract

Cited by 1119 (17 self)
We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic.
Dynamic Logic
 Handbook of Philosophical Logic
, 1984
Abstract

Cited by 826 (7 self)
ed to be true under the valuation u iff there exists an a 2 N such that the formula x = y is true under the valuation u[x=a], where u[x=a] agrees with u everywhere except x, on which it takes the value a. This definition involves a metalogical operation that produces u[x=a] from u for all possible values a 2 N. This operation becomes explicit in DL in the form of the program x := ?, called a nondeterministic or wildcard assignment. This is a rather unconventional program, since it is not effective; however, it is quite useful as a descriptive tool. A more conventional way to obtain a square root of y, if it exists, would be the program x := 0 ; while x < y do x := x + 1: (1) In DL, such programs are firstclass objects on a par with formulas, complete with a collection of operators for forming compound programs inductively from a basis of primitive programs. To discuss the effect of the execution of a program on the truth of a formula ', DL uses a modal construct <>', which
Tableau Methods for Modal and Temporal Logics
, 1995
Abstract

Cited by 126 (20 self)
This document is a complete draft of a chapter by Rajeev Gor'e on "Tableau Methods for Modal and Temporal Logics" which is part of the "Handbook of Tableau Methods", edited by M. D'Agostino, D. Gabbay, R. Hahnle and J. Posegga, to be published in 1998 by Kluwer, Dordrecht. Any comments and corrections are highly welcome. Please email me at rpg@arp.anu.edu.au The latest version of this document can be obtained via my WWW home page: http://arp.anu.edu.au/ Tableau Methods for Modal and Temporal Logics Rajeev Gor'e Contents 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 Preliminaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.1 Syntax and Notational Conventions . . . . . . . . . . . . 3 2.2 Axiomatics of Modal Logics . . . . . . . . . . . . . . . . 4 2.3 Kripke Semantics For Modal Logics . . . . . . . . . . . . 5 2.4 Known Correspondence and Completeness Results . . . . 6 2.5 Logical Consequence . . . . . . . . . . . . . . . . . . . . 8 2....
Model Checking vs. Theorem Proving: A Manifesto
, 1991
Abstract

Cited by 117 (5 self)
We argue that rather than representing an agent's knowledge as a collection of formulas, and then doing theorem proving to see if a given formula follows from an agent's knowledge base, it may be more useful to represent this knowledge by a semantic model, and then do model checking to see if the given formula is true in that model. We discuss how to construct a model that represents an agent's knowledge in a number of different contexts, and then consider how to approach the modelchecking problem.
Model Checking for a Probabilistic Branching Time Logic with Fairness
 Distributed Computing
, 1998
Abstract

Cited by 116 (35 self)
We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but not probabilistic, choices. The presence of nondeterminism means that certain liveness properties cannot be established unless fairness is assumed. We introduce a probabilistic branching time logic PBTL, based on the logic TPCTL of Hansson [30] and the logic PCTL of [55], resp. pCTL of [14]. The formulas of the logic express properties such as "every request is eventually granted with probability at least p". We give three interpretations for PBTL on concurrent probabilistic processes: the first is standard, while in the remaining two interpretations the branching time quantifiers are taken to range over a certain kind of fair computation trees. We then present a model checking algorithm for...
Reasoning about Rings
, 1995
Abstract

Cited by 83 (6 self)
The ring is a useful means of structuring concurrent processes. Processes communicate by passing a token in a fixed direction; the process that possesses the token is allowed to perfrom certain actions. Usually, correctness properties are expected to hold irrespective of the size of the ring. We show that the problem of checking many useful correctness properties for rings of all sizes can be reduced to checking them on ring of sizes up to a small cutoff size. We apply our results to the verification of a mutual exclusion protocol and Milner's scheduler protocol. 1
The ForSpec Temporal Logic: A New Temporal PropertySpecification Language
, 2001
Abstract

Cited by 80 (22 self)
In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal propertyspecification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of logical and arithmetical operations on bit vectors to describe state properties, it enables the user to define temporal connectives over time windows, it enables the user to define regular events, which are regular sequences of Boolean events, and then relate such events via special connectives, it enables the user to express properties about the past, and it includes constructs that enable the user to model multiple clock and reset signals, which is useful in the verification of hardware design.
From Timed Automata to Logic  and Back
 MFCS’95, LNCS 969
, 1995
Abstract

Cited by 53 (7 self)
One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient modelchecking algorithms, and in the last few years these algorithms have been made applicable to the verification of realtime automata using the regiontechniques of Alur and Dill. In this
Reasoning with Axioms: Theory and Practice
 IN PROC. OF THE 7TH INT. CONF. ON PRINCIPLES OF KNOWLEDGE REPRESENTATION AND REASONING (KR 2000
, 2000
Abstract

Cited by 45 (17 self)
When reasoning in description, modal or temporal logics it is often useful to consider axioms representing universal truths in the domain of discourse. Reasoning with respect to an arbitrary set of axioms is hard, even for relatively inexpressive logics, and it is essential to deal with such axioms in an ecient manner if implemented systems are to be effective in real applications. This is particularly relevant to Description Logics, where subsumption reasoning with respect to a terminology is a fundamental problem. Two optimisation techniques that have proved to be particularly eective in dealing with terminologies are lazy unfolding and absorption. In this paper we seek to improve our theoretical understanding of these important techniques. We define a formal framework that allows the techniques to be precisely described, establish conditions under which they can be safely applied, and prove that, provided these conditions are respected, subsumption testing algo...