Results 1  10
of
30
An AutomataTheoretic Approach to BranchingTime Model Checking
 JOURNAL OF THE ACM
, 1998
"... Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques ..."
Abstract

Cited by 298 (64 self)
 Add to MetaCart
Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques have long been thought to introduce an exponential penalty, making them essentially useless for modelchecking. Recently, Bernholtz and Grumberg have shown that this exponential penalty can be avoided, though they did not match the linear complexity of nonautomatatheoretic algorithms. In this paper we show that alternating tree automata are the key to a comprehensive automatatheoretic framework for branching temporal logics. Not only, as was shown by Muller et al., can they be used to obtain optimal decision procedures, but, as we show here, they also make it possible to derive optimal modelchecking algorithms. Moreover, the simple combinatorial structure that emerges from the a...
An automatatheoretic approach to linear temporal logic
 Logics for Concurrency: Structure versus Automata, volume 1043 of Lecture Notes in Computer Science
, 1996
"... Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over s ..."
Abstract

Cited by 217 (23 self)
 Add to MetaCart
Abstract. The automatatheoretic approach to linear temporal logic uses the theory of automata as a unifying paradigm for program specification, verification, and synthesis. Both programs and specifications are in essence descriptions of computations. These computations can be viewed as words over some alphabet. Thus,programs and specificationscan be viewed as descriptions of languagesover some alphabet. The automatatheoretic perspective considers the relationships between programs and their specifications as relationships between languages.By translating programs and specifications to automata, questions about programs and their specifications can be reduced to questions about automata. More specifically, questions such as satisfiability of specifications and correctness of programs with respect to their specifications can be reduced to questions such as nonemptiness and containment of automata. Unlike classical automata theory, which focused on automata on finite words, the applications to program specification, verification, and synthesis, use automata on infinite words, since the computations in which we are interested are typically infinite. This paper provides an introduction to the theory of automata on infinite words and demonstrates its applications to program specification, verification, and synthesis. 1
The ForSpec Temporal Logic: A New Temporal PropertySpecification Language
, 2001
"... In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal propertyspecification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of logical and a ..."
Abstract

Cited by 79 (22 self)
 Add to MetaCart
In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal propertyspecification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of logical and arithmetical operations on bit vectors to describe state properties, it enables the user to define temporal connectives over time windows, it enables the user to define regular events, which are regular sequences of Boolean events, and then relate such events via special connectives, it enables the user to express properties about the past, and it includes constructs that enable the user to model multiple clock and reset signals, which is useful in the verification of hardware design.
Module Checking
, 1996
"... . In computer system design, we distinguish between closed and open systems. A closed system is a system whose behavior is completely determined by the state of the system. An open system is a system that interacts with its environment and whose behavior depends on this interaction. The ability of ..."
Abstract

Cited by 79 (11 self)
 Add to MetaCart
. In computer system design, we distinguish between closed and open systems. A closed system is a system whose behavior is completely determined by the state of the system. An open system is a system that interacts with its environment and whose behavior depends on this interaction. The ability of temporal logics to describe an ongoing interaction of a reactive program with its environment makes them particularly appropriate for the specification of open systems. Nevertheless, modelchecking algorithms used for the verification of closed systems are not appropriate for the verification of open systems. Correct model checking of open systems should check the system with respect to arbitrary environments and should take into account uncertainty regarding the environment. This is not the case with current modelchecking algorithms and tools. In this paper we introduce and examine the problem of model checking of open systems (mod ule checking, for short). We show that while module che...
Automated Temporal Reasoning about Reactive Systems
, 1996
"... . There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective a ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
. There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective and reliable means of specifying and ensuring correct behavior of such systems. This paper discusses known complexity and expressiveness results for a number of such logics in common use and describes key technical tools for obtaining essentially optimal mechanical reasoning algorithms. However, the emphasis is on underlying intuitions and broad themes rather than technical intricacies. 1 Introduction There is a growing need for reliable methods of designing correct reactive systems. These systems are characterized by ongoing, typically nonterminating and highly nondeterministic behavior. Examples include operating systems, network protocols, and air traffic control systems. There is w...
Model checking and the Mucalculus
 DIMACS Series in Discrete Mathematics
, 1997
"... There is a growing recognition of the need to apply formal mathematical methods in the design of "high confidence" computing systems. Such systems operate in safety critical contexts (e.g., air traffic control systems) or where errors could have major adverse economic consequences (e.g., banking n ..."
Abstract

Cited by 37 (0 self)
 Add to MetaCart
There is a growing recognition of the need to apply formal mathematical methods in the design of "high confidence" computing systems. Such systems operate in safety critical contexts (e.g., air traffic control systems) or where errors could have major adverse economic consequences (e.g., banking networks). The problem is especially acute in the design of many reactive systems which must exhibit correct ongoing behavior, yet are not amenable to thorough testing due to their inherently nondeterministic nature. One useful approach for specifying and reasoning about correctness of such systems is temporal logic model checking, which can provide an efficient and expressive tool for automatic verification that a finite state system meets a correctness specification formulated in temporal logic. We describe model checking algorithms and discuss their application. To do this, we focus attention on a particularly important type of temporal logic known as the Mucalculus.
OntheFly Symbolic Model Checking for RealTime Systems
 IN PROC. OF THE 18TH IEEE REALTIME SYSTEMS SYMPOSIUM
, 1997
"... This paper presents an onthefly and symbolic algorithm for checking whether a timed automaton satisfies a formula of a timed temporal logic which is more expressive than TCTL. The algorithm is onthefly in the sense that the statespace is generated dynamically and only the minimal amount of info ..."
Abstract

Cited by 31 (9 self)
 Add to MetaCart
This paper presents an onthefly and symbolic algorithm for checking whether a timed automaton satisfies a formula of a timed temporal logic which is more expressive than TCTL. The algorithm is onthefly in the sense that the statespace is generated dynamically and only the minimal amount of information required by the verification procedure is stored in memory. The algorithm is symbolic in the sense that it manipulates sets of states, instead of states, which are represented as boolean combinations of linear inequalities of clocks. We show how a prototype implementation of our algorithm has improved the performances of the tool KRONOS for the verification of the FDDI protocol.
Hyperdocuments as Automata: Tracebased Browsing Property Verification
 In Proceedings of the 1992 European Conference on Hypertext (ECHT92: November 30December 4
, 1992
"... In many hypertext systems, meaningfully traversing a document depends on capabilities, features, and navigational aids that are part of the browser implementation. For example, if a reader browses to a node that has no out links, then backing up, or "warping" to the table of contents can allow the b ..."
Abstract

Cited by 27 (10 self)
 Add to MetaCart
In many hypertext systems, meaningfully traversing a document depends on capabilities, features, and navigational aids that are part of the browser implementation. For example, if a reader browses to a node that has no out links, then backing up, or "warping" to the table of contents can allow the browsing session to continue. If hyperdocuments are to become interchangeable among hypertext systems, rather than being readable only on the systems from which they are authored, one obvious but complex approach is to try and standardize on (most likely, very many) browsing features and behaviors, forming some standard union of the capabilities of current major implementations. This approach molds (or perhaps restricts) future systems, since new browsing "features" must then be worked into such a standard. An alternate approach, used in this paper, is to deemphasized browser features and emphasize inherent document structure with browsing semantics. An author should be able to create docume...
Hyperdocuments as Automata: Verification of Tracebased Browsing Properties by Model Checking
, 1997
"... As hypertext systems proliferate and as networks become more ubiquitous, an important problem is to determine how to provide hyperdocument interoperability. Instead of taking the approach of standardizing, and implementing, a large and complex set of browsing features gleaned from some "union" of ex ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
As hypertext systems proliferate and as networks become more ubiquitous, an important problem is to determine how to provide hyperdocument interoperability. Instead of taking the approach of standardizing, and implementing, a large and complex set of browsing features gleaned from some "union" of existing systems, we present an approach that allows each document to encode its own browsing semantics in the links of the hyperdocument. Any implementation offering the "follow link" operation can then simulate the intent of the author. The method requires a mental shift in how a hyperdocument is viewed abstractly. Instead of treating the links of a document as defining a static directed graph, they are thought of as defining an abstract program, termed the linksautomaton of the document. A branching temporal logic notation, termed HTL*, is introduced for specifying properties a document should exhibit during browsing. An automated program verification technique called model checking is ...
Alternating Automata and Program Verification
 In Computer Science Today. LNCS 1000
, 1995
"... . We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear tempora ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
. We describe an automatatheoretic approach to the automatic verification of finitestate programs. The basic idea underlying this approach is that for any temporal formula we can construct an alternating automaton that accepts precisely the computations that satisfy the formula. For linear temporal logics the automaton runs on infinite words while for branching temporal logics the automaton runs on infinite trees. The simple combinatorial structures that emerge from the automatatheoretic approach decouple the logical and algorithmic components of finitestateprogram verification and yield clear and general verification algorithms. 1 Introduction Temporal logics, which are modal logics geared towards the description of the temporal ordering of events, have been adopted as a powerful tool for specifying and verifying concurrent programs [Pnu77, MP92]. One of the most significant developments in this area is the discovery of algorithmic methods for verifying temporal logic properties...