Results 1  10
of
28
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2426 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Modal Logics and muCalculi: An Introduction
, 2001
"... We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mucalculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at modelchec ..."
Abstract

Cited by 44 (3 self)
 Add to MetaCart
We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mucalculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at modelchecking, and finally at the relationship of modal logics to other formalisms.
Partial Model Checking (Extended Abstract)
 In Proceedings, Tenth Annual IEEE Symposium on Logic in Computer Science
, 1995
"... ) Henrik Reif Andersen Department of Computer Science Technical University of Denmark Building 344, DK2800 Lyngby, Denmark. Abstract A major obstacle in applying finitestate model checking to the verification of large systems is the combinatorial explosion of the state space arising when many ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
) Henrik Reif Andersen Department of Computer Science Technical University of Denmark Building 344, DK2800 Lyngby, Denmark. Abstract A major obstacle in applying finitestate model checking to the verification of large systems is the combinatorial explosion of the state space arising when many loosely coupled parallel processes are considered. The problem also known as the stateexplosion problem has been attacked from various sides. This paper presents a new approach based on partial model checking: Parts of the concurrent system are gradually removed while transforming the specification accordingly. When the intermediate specifications constructed in this manner can be kept small, the stateexplosion problem is avoided. Experimental results with a prototype implemented in Standard ML, shows that for Milner's Scheduler  an often used benchmark  this approach improves on the published results on Binary Decision Diagrams and is comparable to results obtained using generalized...
Symbolic Trajectory Evaluation
 Formal Hardware Verification
, 1996
"... ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significa ..."
Abstract

Cited by 26 (6 self)
 Add to MetaCart
ion The main problem with model checking is the state explosion problem  the state space grows exponentially with system size. Two methods have some popularity in attacking this problem: compositional methods and abstraction. While they cannot solve the problem in general, they do offer significant improvements in performance. The direct method of verifying that a circuit has a property f is to show the model M satisfies f . The idea behind abstraction is that instead of verifying property f of model M , we verify property f A of model MA and the answer we get helps us answer the original problem. The system MA is an abstraction of the system M . One possibility is to build an abstraction MA that is equivalent (e.g. bisimilar [48]) to M . This sometimes leads to performance advantages if the state space of MA is smaller than M . This type of abstraction would more likely be used in model comparison (e.g. as in [38]). Typically, the behaviour of an abstraction is not equivalent...
Symbolic Protocol Verification with Queue BDDs
 In Proceedings of the 11th IEEE Symposium on Logic in Computer Science
, 1997
"... . Symbolic verification based on Binary Decision Diagrams (BDDs) has proven to be a powerful technique for ensuring the correctness of digital hardware. In contrast, BDDs have not caught on as widely for software verification, partly because the data types used in software are more complicated than ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
. Symbolic verification based on Binary Decision Diagrams (BDDs) has proven to be a powerful technique for ensuring the correctness of digital hardware. In contrast, BDDs have not caught on as widely for software verification, partly because the data types used in software are more complicated than those used in hardware. In this work, we propose an extension of BDDs for dealing with dynamic data structures. Specifically, we focus on queues, since they are commonly used in modeling communication protocols. We introduce Queue BDDs (QBDDs), which include all the power of BDDs while also providing an efficient representation of queue contents. Experimental results show that QBDDs are wellsuited for the verification of communication protocols. Keywords: communication protocols, queues, symbolic verification, BDDs, state explosion, statespace exploration, model checking 1. Introduction Binary Decision Diagrams (BDDs) [5] have proven to be a powerful tool for the verification of digital ...
Clock Difference Diagrams
 Nordic Journal of Computing
, 1999
"... We sketch a BDDlike structure for representing unions of simple convex polyhedra, describing the legal values of a set of clocks given bounds on the values of clocks and clock differences. 1 Introduction The basic problem we are trying to tackle is the combination BDD's and DBM's (difference bound ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
We sketch a BDDlike structure for representing unions of simple convex polyhedra, describing the legal values of a set of clocks given bounds on the values of clocks and clock differences. 1 Introduction The basic problem we are trying to tackle is the combination BDD's and DBM's (difference bound matrices) in order to allow a completely BDDbased approach to the verification of continuous realtime systems. Early approaches in this direction include [WTD95] and [Bal96]. Another inspiration for this work comes from [ST98]. Some of the ideas come from the implementation of a decision algorithm for timed bisimulation ([WL97]). 2 Definition of CDD's We assume a finite set of realvalued clocks C = fX 1 ; : : : ; X k g. We are interested in a data structure to represent and manipulate sets of possible values of these clocks. In particular, we shall confine ourselves to sets being the finite unions of simple convex polyhedra. The simple convex polyhedra are described by bounds on the ind...
Proving Properties of Dynamic Process Networks
, 1998
"... We present the first compositional proof system for checking processes against formulas in the modal ¯calculus which is capable of handling dynamic process networks. The proof system is obtained in a systematic way from the operational semantics of the underlying process algebra. A nontrivial proo ..."
Abstract

Cited by 16 (8 self)
 Add to MetaCart
We present the first compositional proof system for checking processes against formulas in the modal ¯calculus which is capable of handling dynamic process networks. The proof system is obtained in a systematic way from the operational semantics of the underlying process algebra. A nontrivial proof example is given, and the proof system is shown to be sound in general, and complete for finitestate processes. 1 Introduction In this paper we address the problem of verifying modal ¯calculus properties of general infinitestate processes, and we present what we believe to be the first genuinely compositional solution to this problem. The value of compositionality in program logics is well established. Compositionality allows better structuring and decomposition of the verification task, it allows reuse of proofs, and it allows reasoning about partially instantiated programs, thus supporting program synthesis. Even more fundamentally it allows, at least in principle, verification exe...
Compositionality via cutelimination: HennessyMilner logic for an arbitrary GSOS
 In Logic in Computer Science
, 1995
"... We present a sequent calculus for proving that processes in a process algebra satisfy assertions in HennessyMilner logic. The main novelty lies in the use of the operational semantics to derive introduction rules (on the left and right of sequents) for the different operators of the process calculu ..."
Abstract

Cited by 16 (3 self)
 Add to MetaCart
We present a sequent calculus for proving that processes in a process algebra satisfy assertions in HennessyMilner logic. The main novelty lies in the use of the operational semantics to derive introduction rules (on the left and right of sequents) for the different operators of the process calculus. This gives a generic proof system applicable to any process algebra with an operational semantics specified in the GSOS format. We identify the desirable property of compositionality with cutelimination, and we prove that this holds for a class of sequents. Further, we show that the proof system enjoys good completeness and !completeness properties relative to its intended model. 1 Introduction The provision of proof systems for program logics is an important research goal, as such systems enable one to give formal proofs guaranteeing that programs satisfy required properties. A desirable feature of such proof systems is that they should allow a compositional style of proof developme...
Compositional Proof Systems for Model Checking Infinite State Processes
, 1995
"... . We present the first compositional proof system for checking processes against formulas in the modal ¯calculus which is capable of handling general infinitestate processes. The proof system is obtained in a systematic way from the operational semantics of the underlying process algebra. A nontr ..."
Abstract

Cited by 15 (3 self)
 Add to MetaCart
. We present the first compositional proof system for checking processes against formulas in the modal ¯calculus which is capable of handling general infinitestate processes. The proof system is obtained in a systematic way from the operational semantics of the underlying process algebra. A nontrivial proof example is given, and the proof system is shown to be sound in general, and complete for finitestate processes. 1 Introduction In this paper we address the problem of verifying modal ¯calculus properties of general infinitestate processes, and we present what we believe to be the first genuinely compositional solution to this problem. The value of compositionality in program logics is well established. Compositionality allows better structuring and decomposition of the verification task, it allows proof reuse, and it allows reasoning about partially instantiated programs, thus supporting program synthesis. Even more fundamentally it allows, at least in principle, verification...