Results 1  10
of
98
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
An AutomataTheoretic Approach to BranchingTime Model Checking
 JOURNAL OF THE ACM
, 1998
"... Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques ..."
Abstract

Cited by 298 (64 self)
 Add to MetaCart
Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques have long been thought to introduce an exponential penalty, making them essentially useless for modelchecking. Recently, Bernholtz and Grumberg have shown that this exponential penalty can be avoided, though they did not match the linear complexity of nonautomatatheoretic algorithms. In this paper we show that alternating tree automata are the key to a comprehensive automatatheoretic framework for branching temporal logics. Not only, as was shown by Muller et al., can they be used to obtain optimal decision procedures, but, as we show here, they also make it possible to derive optimal modelchecking algorithms. Moreover, the simple combinatorial structure that emerges from the a...
Computing Simulations on Finite and Infinite Graphs
, 1996
"... . We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges ..."
Abstract

Cited by 147 (6 self)
 Add to MetaCart
. We present algorithms for computing similarity relations of labeled graphs. Similarity relations have applications for the refinement and verification of reactive systems. For finite graphs, we present an O(mn) algorithm for computing the similarity relation of a graph with n vertices and m edges (assuming m n). For effectively presented infinite graphs, we present a symbolic similaritychecking procedure that terminates if a finite similarity relation exists. We show that 2D rectangular automata, which model discrete reactive systems with continuous environments, define effectively presented infinite graphs with finite similarity relations. It follows that the refinement problem and the 8CTL modelchecking problem are decidable for 2D rectangular automata. 1 Introduction A labeled graph G = (V; E;A; hh\Deltaii) consist of a (possibly infinite) set V of vertices, a set E ` V 2 of edges, a set A of labels, and a function hh\Deltaii : V ! A that maps each vertex v to a label hh...
The NCSU Concurrency Workbench
, 1996
"... . The NCSU Concurrency Workbench is a tool for verifying finitestate systems. A key feature is its flexibility; its modular design eases the task of adding new analyses and changing the language users employ for describing systems. This note gives an overview of the system 's features, including it ..."
Abstract

Cited by 147 (23 self)
 Add to MetaCart
. The NCSU Concurrency Workbench is a tool for verifying finitestate systems. A key feature is its flexibility; its modular design eases the task of adding new analyses and changing the language users employ for describing systems. This note gives an overview of the system 's features, including its capacity for generating diagnostic information for incorrect systems, and discusses some of its applications. 1 Introduction The NCSU Concurrency Workbench (NCSUCWB) [1] supports the automatic verification of finitestate concurrent systems. The main goal of the system is to provide users with a tool that is flexible and easy to use and yet whose performance is competitive with that of existing specialpurpose tools. In support of the former, and like its predecessor, the (Edinburgh) Concurrency Workbench [9, 15], the NCSUCWB includes implementations of decision procedures for calculating a number of different behavioral equivalences and preorders between systems and for determining whe...
Reasoning about The Past with TwoWay Automata
 In 25th International Colloqium on Automata, Languages and Programming, ICALP ’98
, 1998
"... Abstract. The pcalculus can be viewed as essentially the "ultimate" program logic, as it expressively subsumes all propositional program logics, including dynamic logics, process logics, and temporal logics. It is known that the satisfiability problem for the pcalculus is EXPTIMEcomplete. This upp ..."
Abstract

Cited by 129 (12 self)
 Add to MetaCart
Abstract. The pcalculus can be viewed as essentially the "ultimate" program logic, as it expressively subsumes all propositional program logics, including dynamic logics, process logics, and temporal logics. It is known that the satisfiability problem for the pcalculus is EXPTIMEcomplete. This upper bound, however, is known for a version of the logic that has only forward modalities, which express weakest preconditions, but not backward modalities, which express strongest postconditions. Our main result in this paper is an exponential time upper bound for the satisfiability problem of the pcalculus with both forward and backward modalities. To get this result we develop a theory of twoway alternating automata on infinite trees. 1
The concurrency workbench: A semantics based tool for the verification of concurrent systems
 In Proceedings of the Workshop on Automatic Verification Methods for Finite State Machines
, 1991
"... Abstract The Concurrency Workbench is an automated tool for analyzing networks of finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model ..."
Abstract

Cited by 102 (3 self)
 Add to MetaCart
Abstract The Concurrency Workbench is an automated tool for analyzing networks of finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. 1 Introduction This paper describes the Concurrency Workbench [11, 12, 13], a tool that supports the automatic verification of finitestate processes. Such tools are practically motivated: the development of complex distributed computer systems requires sophisticated verification techniques to guarantee correctness, and the increase in detail rapidly becomes unmanageable without computer assistance. Finitestate systems, such as communications protocols and hardware, are particularly suitable for automated analysis because their finitary nature ensures the existence of decision procedures for a wide range of system properties.
Module Checking
, 1996
"... . In computer system design, we distinguish between closed and open systems. A closed system is a system whose behavior is completely determined by the state of the system. An open system is a system that interacts with its environment and whose behavior depends on this interaction. The ability of ..."
Abstract

Cited by 79 (11 self)
 Add to MetaCart
. In computer system design, we distinguish between closed and open systems. A closed system is a system whose behavior is completely determined by the state of the system. An open system is a system that interacts with its environment and whose behavior depends on this interaction. The ability of temporal logics to describe an ongoing interaction of a reactive program with its environment makes them particularly appropriate for the specification of open systems. Nevertheless, modelchecking algorithms used for the verification of closed systems are not appropriate for the verification of open systems. Correct model checking of open systems should check the system with respect to arbitrary environments and should take into account uncertainty regarding the environment. This is not the case with current modelchecking algorithms and tools. In this paper we introduce and examine the problem of model checking of open systems (mod ule checking, for short). We show that while module che...
Model Checking for ContextFree Processes
, 1992
"... We develop a modelchecking algorithm that decides for a given contextfree process whether it satisfies a property written in the alternationfree modal mucalculus. The central idea behind this algorithm is to raise the standard iterative modelchecking techniques to higher order: in contrast to t ..."
Abstract

Cited by 78 (8 self)
 Add to MetaCart
We develop a modelchecking algorithm that decides for a given contextfree process whether it satisfies a property written in the alternationfree modal mucalculus. The central idea behind this algorithm is to raise the standard iterative modelchecking techniques to higher order: in contrast to the usual approaches, in which the set of formulas that are satisfied by a certain state are iteratively computed, our algorithm iteratively computes a property transformer for each state class of the finite process representation. These property transformers can then simply be applied to solve the modelchecking problem. The complexity of our algorithm is linear in the size of the system's representation and exponential in the size of the property being investigated.
Efficient OntheFly ModelChecking for Regular AlternationFree MuCalculus
, 2000
"... Modelchecking is a successful technique for automatically verifying concurrent finitestate systems. When building a modelchecker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the modelchecking problem, and the userfriendlin ..."
Abstract

Cited by 58 (11 self)
 Add to MetaCart
Modelchecking is a successful technique for automatically verifying concurrent finitestate systems. When building a modelchecker, a good compromise must be made between the expressive power of the property description formalism, the complexity of the modelchecking problem, and the userfriendliness of the interface. We present a temporal logic and an associated modelchecking method that attempt to fulfill these criteria. The logic is an extension of the alternationfree µcalculus with ACTLlike action formulas and PDLlike regular expressions, allowing a concise and intuitive description of safety, liveness, and fairness properties over labeled transition systems. The modelchecking method is based upon a succinct translation of the verification problem into a boolean equation system, which is solved by means of an efficient local algorithm having a good average complexity. The algorithm also allows to generate full diagnostic information (examples and counterexamples) for temporal for...
An Improved Algorithm for the Evaluation of Fixpoint Expressions
, 1996
"... Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification ..."
Abstract

Cited by 57 (3 self)
 Add to MetaCart
Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification algorithms and as specification formalisms in their own right. We consider the problem of evaluating expressions in these calculi over a given model. A naive algorithm for this task may require time n q , where n is the maximum length of a chain in the lattice and q is the depth of fixpoint nesting. In 1986, Emerson and Lei presented a method requiring about n d steps, where d is the This research was sponsored in part by the Wright Laboratory, Aeronautical Systems Center, Air Force Material Command,USAF, and the Advanced Research Projects Agency (ARPA) under grant number F336159311330. The views and conclusions contained in this document are those of the authors and should not be ...