Results 1  10
of
19
Using Assumptions to Distribute CTL Model Checking
 Parallel and Distributed Model Checking (PDMC'2002), Electronic Notes in Theoretical Computer Science
, 2002
"... In this work we discuss the problem of performing distributed CTL model checking by splitting the given state space into several "partial state spaces". The partial state space is modelled as a Kripke structure with border states. Each computer involved in the distributed computation owns ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
In this work we discuss the problem of performing distributed CTL model checking by splitting the given state space into several "partial state spaces". The partial state space is modelled as a Kripke structure with border states. Each computer involved in the distributed computation owns a partial state space and performs a model checking algorithm on this incomplete structure. To be able to proceed, the border states are augmented by assumptions about the truth of formulas and the computers exchange assumptions about relevant states as they compute more precise information. In the paper we give the basic definitions and present the distributed algorithm.
On ACTL Formulas Having Linear Counterexamples
, 2001
"... In case an ACTL formula fails over a transition graph M , it is most useful to provide a counterexample, i.e., a computation tree of M witnessing the failure. If there exists a single path in M which by itself witnesses the failure of , then has a linear counterexample. We show that, given M an ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
In case an ACTL formula fails over a transition graph M , it is most useful to provide a counterexample, i.e., a computation tree of M witnessing the failure. If there exists a single path in M which by itself witnesses the failure of , then has a linear counterexample. We show that, given M and , where M 6j= , it is NPhard to determine whether there exists a linear counterexample.
Model Checking for Combined Logics with an Application to Mobile Systems
 AUTOMATED SOFTWARE ENGINEERING
, 2004
"... In this paper, we develop model checking procedures for three ways of combining (temporal) logics: temporalization, independent combination, and join. We prove that they are terminating, sound, and complete, we analyze their computational complexity, and we report on experiments with implementations ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
In this paper, we develop model checking procedures for three ways of combining (temporal) logics: temporalization, independent combination, and join. We prove that they are terminating, sound, and complete, we analyze their computational complexity, and we report on experiments with implementations. We take a close look at mobile systems and show how the proposed combined model checking framework can be successfully applied to the specification and verification of their properties.
Can a Model Checker Generate Tests for NonDeterministic Systems?
, 2007
"... Modern software is increasingly concurrent, timed, distributed, and therefore, nondeterministic. While it is well known that tests can be generated as LTL or CTL model checker counterexamples, we argue that nondeterminism creates difficulties that need to be resolved and propose test generation me ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Modern software is increasingly concurrent, timed, distributed, and therefore, nondeterministic. While it is well known that tests can be generated as LTL or CTL model checker counterexamples, we argue that nondeterminism creates difficulties that need to be resolved and propose test generation methods to overcome them. The proposed methods rely on fault modeling by mutation and use conventional (closed) and modular (open) model checkers.
A Compositional World a survey of recent works on compositionality in formal methods
, 2005
"... We survey the most significant literature about compositional techniques for concurrent and realtime system verification. We especially focus on abstract frameworks for rely/guarantee compositionality that handles circularity, but also consider different developments. ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
We survey the most significant literature about compositional techniques for concurrent and realtime system verification. We especially focus on abstract frameworks for rely/guarantee compositionality that handles circularity, but also consider different developments.
S.: Verification of gaporder constraint abstractions of counter systems
"... Abstract. We investigate verification problems for gaporder constraint systems (GCS), an (infinitelybranching) abstract model of counter machines, in which constraints (over Z) between the variables of the source state and the target state of a transition are gaporder constraints (GC) [27].GCS ex ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate verification problems for gaporder constraint systems (GCS), an (infinitelybranching) abstract model of counter machines, in which constraints (over Z) between the variables of the source state and the target state of a transition are gaporder constraints (GC) [27].GCS extend monotonicity constraint systems [5], integral relation automata [12], and constraint automata in [15]. First, we show that checking the existence of infinite runs in GCS satisfying acceptance conditions àlaBüchi (fairness problem) is decidable and PSPACEcomplete. Next, we consider a constrained branchingtime logic, GCCTL ∗ , obtained by enriching CTL ∗ with GC, thus enabling expressive properties and subsuming the setting of [12]. We establish that, while modelchecking GCS against the universal fragment of GCCTL ∗ is undecidable, modelchecking against the existential fragment, and satisfiability of both the universal and existential fragments are instead decidable and PSPACEcomplete (note that the two fragments are not dual since GC are not closed under negation). Moreover, our results imply PSPACEcompleteness of the verification problems investigated and shown to be decidable in [12], but for which no elementary upper bounds are known. 1
Search Techniques and Automata for Symbolic Model Checking
, 2001
"... Model checking addresses correctness of finitestate systems by formal methods. It automatically either proves the userdefined properties of the system correct, or... ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Model checking addresses correctness of finitestate systems by formal methods. It automatically either proves the userdefined properties of the system correct, or...
AssumeGuarantee Reasoning with Local Specifications
"... Abstract. We investigate assumeguarantee reasoning for global specifications consisting of conjunctions of local specifications. We present a sound and complete assumeguarantee rule that permits reasoning about individual modules for local specifications and draws conclusions on global specificati ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate assumeguarantee reasoning for global specifications consisting of conjunctions of local specifications. We present a sound and complete assumeguarantee rule that permits reasoning about individual modules for local specifications and draws conclusions on global specifications. We illustrate our approach with an example from the field of network congestion control, where different agents are responsible for controlling packet flow across a shared infrastructure. In this context, we derive an assumeguarantee rule for system stability, and show that this rule is valuable to reason about any number of agents, any initial flow configuration, and any topology of bounded degree. 1
On the Universal and Existential Fragments of the µCalculus
, 2003
"... One source of complexity in the µcalculus is its ability to specify an unbounded number of switches between universal (AX) and existential (EX) branching modes. We therefore study the problems of satis ability, validity, model checking, and implication for the universal and existential fragmen ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
One source of complexity in the µcalculus is its ability to specify an unbounded number of switches between universal (AX) and existential (EX) branching modes. We therefore study the problems of satis ability, validity, model checking, and implication for the universal and existential fragments of the µcalculus, in which only one branching mode is allowed. The universal fragment is rich enough to express most specifications of interest, and therefore improved algorithms are of practical importance. We show that while the satis ability and validity problems become indeed simpler for the existential and universal fragments, this is, unfortunately, not the case for model checking and implication.