Results 1  10
of
20
Lazy theorem proving for bounded model checking over infinite domains
, 2002
"... Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over program ..."
Abstract

Cited by 74 (11 self)
 Add to MetaCart
Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over program states, and an upper bound k, our procedure determines if there is a falsifying path of length k to the hypothesis that M satisfies the specification '. This problem can be reduced to the satisfiability of Boolean constraint formulas. Our verification engine for these kinds of formulas is lazy in that propositional abstractions of Boolean constraint formulas are incrementally refined by generating lemmas on demand from an automated analysis of spurious counterexamples using theorem proving. We exemplify bounded model checking for timed automata and for RTL level descriptions, and investigate the lazy integration of SAT solving and theorem proving. 1 Introduction Model checking decides the problem of whether a system satisfies a temporal logic property by exploring the underlying state space. It applies primarily to finitestate systems but also to certain infinitestate systems, and the state space can be represented in symbolic or explicit form. Symbolic model checking has traditionally employed a boolean representation of state sets using binary decision diagrams (BDD) [4] as a way of checking temporal properties, whereas explicitstate model checkers enumerate the set of reachable states of the system.
State/eventbased software model checking
 In Integrated Formal Methods
, 2004
"... Abstract. We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexampleguided abstraction refinement and compositional reasoning ..."
Abstract

Cited by 32 (8 self)
 Add to MetaCart
Abstract. We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexampleguided abstraction refinement and compositional reasoning. Our specification language is a state/event extension of linear temporal logic, and allows us to express many properties of software in a concise and intuitive manner. We show how standard automatatheoretic LTL model checking algorithms can be ported to our framework at no extra cost, enabling us to directly benefit from the large body of research on efficient LTL verification. We have implemented this work within our concurrent C model checker, MAGIC, and checked a number of properties of OpenSSL0.9.6c (an opensource implementation of the SSL protocol) and MicroC OS version 2 (a realtime operating system for embedded applications). Our experiments show that this new approach not only eases the writing of specifications, but also yields important gains both in space and in time during verification. In certain cases, we even encountered specifications that could not be verified using traditional pure eventbased or statebased approaches, but became tractable within our state/event framework. We report a bug in the source code of MicroC OS version 2, which was found during our experiments. 1
Constructing Automata from Temporal Logic Formulas: A Tutorial
 Summer School on Trends in Computer Science, LNCS 2090
"... This paper presents a tutorial introduction to the construction of finiteautomata on infinite words from lineartime temporal logic formulas. After defining the source and target formalisms, it describes a first construction whose correctness is quite direct to establish, but whose behavior is alwa ..."
Abstract

Cited by 29 (0 self)
 Add to MetaCart
This paper presents a tutorial introduction to the construction of finiteautomata on infinite words from lineartime temporal logic formulas. After defining the source and target formalisms, it describes a first construction whose correctness is quite direct to establish, but whose behavior is always equal to the worstcase upper bound. It then turns to the techniques that can be used to improve this algorithm in order to obtain the quite effective algorithms that are now in use.
Supervisory Control of Discrete Event Systems with CTL* Temporal Logic Specifications
 SIAM Journal of Control and Optimization
"... Supervisory control problem of discrete event systems with temporal logic specifications is studied in this paper. The full branching time logic{CTL* is used for expressing specifications of discrete event systems. The control problem of CTL* is reduced to the decision problem of CTL*. A small model ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
Supervisory control problem of discrete event systems with temporal logic specifications is studied in this paper. The full branching time logic{CTL* is used for expressing specifications of discrete event systems. The control problem of CTL* is reduced to the decision problem of CTL*. A small model theorem for the control of CTL* is obtained. It is shown that the control problem of CTL* (resp., CTL) is complete for deterministic double (resp., single) exponential time. A sound and complete supervisor synthesis algorithm for the control of CTL* is provided. Special cases of the control of computation tree logic (CTL) and lineartime temporal logic (LTL) are also studied. Finally, a simple example is given for illustration. The contribution of the paper is summarized as follows: (i) For the first time a sound and complete supervisory synthesis algorithm for CTL* specifications has been obtained; (ii) Usage of temporal logic makes the specification specifying process easier and userfriendly since natural language specifications can be easily translated to temporal logic specifications (when compared to formal language/automatabased specifications) and at the same time there is no increase in the computational complexity (when compared to that of formal language/automatabased specifications); (iii) CTL* temporal logic allows the control constraints on the sequences of states which can be also captured by a regular language or !language, as well as on the more general branching structures of states which can not be captured by a regular language or !language.
Bounded model checking for timed automata
 Electronic Notes in Theoretical Computer Science
, 2002
"... a;1 a ..."
The Inverse Method Implements the Automata Approach for Modal Satisfiability
 LTCSReport 0103, LuFG Theoretical Computer Science, RWTH
, 2001
"... This paper ties together two distinct strands in automated reasoning: the tableau and the automatabased approach. It is shown that the inverse tableau method can be viewes as an implementation of the automata approach. This is of interest to automated deduction because Voronkov recently showed tha ..."
Abstract

Cited by 19 (6 self)
 Add to MetaCart
This paper ties together two distinct strands in automated reasoning: the tableau and the automatabased approach. It is shown that the inverse tableau method can be viewes as an implementation of the automata approach. This is of interest to automated deduction because Voronkov recently showed that the inverse method yields a viable decision procedure for the modal logic K.
Specification Based Test Sequence Generation with Propositional Logic
, 2000
"... In the domain of concurrent reactive systems, much work has been devoted to (semi) automatically validating a system's correctness. A novel approach to the automated generation of test sequences is presented. It may be used for both glass box testing a specification and black box testing an impleme ..."
Abstract

Cited by 17 (13 self)
 Add to MetaCart
In the domain of concurrent reactive systems, much work has been devoted to (semi) automatically validating a system's correctness. A novel approach to the automated generation of test sequences is presented. It may be used for both glass box testing a specification and black box testing an implementation (SW/HW). Finite system models specified within the CASE tool AutoFocus as well as userfriendly test case specifications are automatically translated into propositional logic and fed into the propositional solver SATO. Results are interpreted as I/O traces (test sequences) of the system, and may be displayed as message sequence charts. A small example illustrates the basic ideas as well as the method's advantages and shortcomings. The testing process is integrated into an overall development process. Main contributions include the implementation of a tool for graphical specication of test cases and the description of an efficient method to fully automatically compute test sequences as well as its integration into the same CASE tool.
Testing Linear Temporal Logic Formulae on Finite Execution Traces
, 2001
"... We present a rewriting algorithm for efficiently testing Linear Temporal Logic (LTL) formulae on finite execution traces. The standard models of LTL are infinite traces, reflecting the behavior of reactive and concurrent systems which conceptually may be continuously alive. In most past applications ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
We present a rewriting algorithm for efficiently testing Linear Temporal Logic (LTL) formulae on finite execution traces. The standard models of LTL are infinite traces, reflecting the behavior of reactive and concurrent systems which conceptually may be continuously alive. In most past applications of LTL, theorem provers and model checkers have been used to formally prove that downscaled models satisfy such LTL specifications. Our goal is instead to use LTL for upscaled testing of real software applications, corresponding to analyzing the conformance of finite traces against LTL formulae. We first describe what it means for a finite trace to satisfy an LTL property and then suggest an optimized algorithm based on transforming LTL formulae. We use Maude, which turns out to be a good notation and an efficient rewriting engine for performing these experiments.
Synthesizing Dynamic Programming Algorithms from Linear Temporal Logic Formulae
, 2001
"... The problem of testing a linear temporal logic (LTL) formula on a finite execution trace of events, generated by an executing program, occurs naturally in runtime analysis of software. We present an algorithm which takes an LTL formula and generates an efficient dynamic programming algorithm. The ge ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
The problem of testing a linear temporal logic (LTL) formula on a finite execution trace of events, generated by an executing program, occurs naturally in runtime analysis of software. We present an algorithm which takes an LTL formula and generates an efficient dynamic programming algorithm. The generated algorithm tests whether the LTL formula is satisfied by a finite trace of events given as input. The generated algorithm runs in linear time, its constant depending on the size of the LTL formula. The memory needed is constant, also depending on the size of the formula.
StutteringInsensitive Automata for Onthefly Detection of Livelock Properties
 ENTCS
, 2002
"... The research examines liveness and progress properties of concurrent systems and their onthefly verification. An alternative formalism to Büchi automata, called testing automata, is developed. The basic idea of testing automata is to observe changes in the values of state propositions instead of t ..."
Abstract

Cited by 7 (1 self)
 Add to MetaCart
The research examines liveness and progress properties of concurrent systems and their onthefly verification. An alternative formalism to Büchi automata, called testing automata, is developed. The basic idea of testing automata is to observe changes in the values of state propositions instead of the values. Therefore, the testing automata are able to accept only stutteringinsensitive languages. Testing automata can accept the same stutteringinsensitive languages as (statelabelled) Büchi automata, and they have at most the same number of states. They are also more often deterministic. Moreover, onthefly verification using testing automata can often (but not always) use an algorithm performing only one search in the state space, whereas onthefly verification with Büchi automata requires two searches. Experimental results illustrating the benefits of testing automata are presented.