Results 1 
9 of
9
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2408 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Dihomotopy as a Tool in State Space Analysis
, 2002
"... Recent geometric methods have been used in concurrency theory for quickly finding deadlocks and unreachable states, see [14] for instance. The reason why these methods are fast is that they contain in germ ingredients for tackling the statespace explosion problem. In this paper we show how this can ..."
Abstract

Cited by 17 (5 self)
 Add to MetaCart
Recent geometric methods have been used in concurrency theory for quickly finding deadlocks and unreachable states, see [14] for instance. The reason why these methods are fast is that they contain in germ ingredients for tackling the statespace explosion problem. In this paper we show how this can be made formal. We also give some hints about the underlying algorithmics. Finally, we compare with other wellknown methods for coping with the statespace explosion problem.
Exact acceleration of realtime model checking
 Electronic Notes in Theoretical Computer Science
, 2002
"... Abstract Different time scales do often occur in realtime systems, e.g., a polling realtime system samples the environment many times per second, whereas the environment may only change a few times per second. When these systems are modeled as (networks of) timed automata, the validation using sym ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Abstract Different time scales do often occur in realtime systems, e.g., a polling realtime system samples the environment many times per second, whereas the environment may only change a few times per second. When these systems are modeled as (networks of) timed automata, the validation using symbolic model checking techniques can significantly be slowed down by unnecessary fragmentation of the symbolic state space. This paper introduces a syntactical adjustment to a subset of timed automata that addresses this fragmentation problem and that can speedup forward symbolic reachability analysis in a significant way. We prove that this syntactical adjustment does not alter reachability properties and that it indeed is effective. We illustrate our exact acceleration technique with runtime data obtained with the model checkers Uppaal and Kronos. Moreover, we demonstrate that automated application of our exact acceleration technique can significantly speedup the verification of the runtime behavior of LEGO Mindstorms programs. 1 We thank Oliver M"oller for interesting discussions and we thank Jozef Hooman and the four anonymous reviewers for valuable comments on earlier versions of this paper. 2 Email: martijnh@cs.kun.nl
A Transformational Approach for Generating NonLinear Invariants
 IN STATIC ANALYSIS SYMPOSIUM (JUNE 2000
, 2000
"... Computing invariants is the key issue in the analysis of infinitestate systems whether analysis means testing, verification or parameter synthesis. In particular, methods that allow to treat combinations of loops are of interest. We present a set of algorithms and methods that can be applied to cha ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
Computing invariants is the key issue in the analysis of infinitestate systems whether analysis means testing, verification or parameter synthesis. In particular, methods that allow to treat combinations of loops are of interest. We present a set of algorithms and methods that can be applied to characterize overapproximations of the set of reachable states of combinations of selfloops. We present two families of complementary techniques. The first one identifies a number of basic cases of pair of selfloops for which we provide an exact characterization of the reachable states. The second family of techniques is a set of rules based on static analysis that allow to reduce n selfloops (n 2) to n  1 independent pairs of selfloops. The results of the analysis of the pairs of selfloops can then be combined to provide an overapproximation of the reachable states of the n selfloops. We illustrate our methods by synthesizing conditions under which the Biphase Mark protocol works proper...
Automated Analysis of FaultTolerance in Distributed Systems
 In Proc. First ACM SIGPLAN Workshop on Automated Analysis of Software
, 1997
"... A method for automated analysis of faulttolerance of distributed systems is presented. It is based on a stream model of computation augmented with approximation constructs, and this facilitates efficient analysis. Analyses of a protocol for faulttolerant moving agents and a reliable broadcast prot ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
A method for automated analysis of faulttolerance of distributed systems is presented. It is based on a stream model of computation augmented with approximation constructs, and this facilitates efficient analysis. Analyses of a protocol for faulttolerant moving agents and a reliable broadcast protocol illustrate the method.
Model Checking DataIndependent Systems With Arrays
, 2003
"... We say a program is dataindependent with respect to a data type X if the operations it can perform on values of type X are restricted to just equality testing, although the system may also input, store and move around values of type X within its variables. This property can be exploited to give ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
We say a program is dataindependent with respect to a data type X if the operations it can perform on values of type X are restricted to just equality testing, although the system may also input, store and move around values of type X within its variables. This property can be exploited to give procedures for the automatic veri cation, called model checking, of such programs independently of the instance for the type X.
Iterating Transducers for Safety of DataAbstractions
, 2000
"... Regular languages have proved useful for the symbolic state exploration of infinite state systems. Regular languages can be used to represent infinite sets of system configurations, the transitional semantics of the system consequently can be modeled by finitestate transducers. A standard problem e ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
Regular languages have proved useful for the symbolic state exploration of infinite state systems. Regular languages can be used to represent infinite sets of system configurations, the transitional semantics of the system consequently can be modeled by finitestate transducers. A standard problem encountered when doing symbolic state exploration for in nite state systems is, how to explore all states in a finite amount of time. When representing the onestep transition relation of a system by a finitestate transducer T , this problem boils down to finding a finitestate representation for T , capturing the transitive closure of the onestep reduction relation. In this paper we give a semialgorithm to compute T . The construction is based on building a quotient of an infinitestate representation, where the quotienting uses past and future bisimulations computed on finite approximations of T . As in general, T is not representable by a finitestate transducer, the constructi...