Results 1  10
of
22
Model Checking for Combined Logics with an Application to Mobile Systems
 AUTOMATED SOFTWARE ENGINEERING
, 2004
"... In this paper, we develop model checking procedures for three ways of combining (temporal) logics: temporalization, independent combination, and join. We prove that they are terminating, sound, and complete, we analyze their computational complexity, and we report on experiments with implementations ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
In this paper, we develop model checking procedures for three ways of combining (temporal) logics: temporalization, independent combination, and join. We prove that they are terminating, sound, and complete, we analyze their computational complexity, and we report on experiments with implementations. We take a close look at mobile systems and show how the proposed combined model checking framework can be successfully applied to the specification and verification of their properties.
On ACTL Formulas Having Linear Counterexamples
, 2001
"... In case an ACTL formula fails over a transition graph M , it is most useful to provide a counterexample, i.e., a computation tree of M witnessing the failure. If there exists a single path in M which by itself witnesses the failure of , then has a linear counterexample. We show that, given M an ..."
Abstract

Cited by 9 (0 self)
 Add to MetaCart
In case an ACTL formula fails over a transition graph M , it is most useful to provide a counterexample, i.e., a computation tree of M witnessing the failure. If there exists a single path in M which by itself witnesses the failure of , then has a linear counterexample. We show that, given M and , where M 6j= , it is NPhard to determine whether there exists a linear counterexample.
Using Assumptions to Distribute CTL Model Checking
 Parallel and Distributed Model Checking (PDMC'2002), Electronic Notes in Theoretical Computer Science
, 2002
"... In this work we discuss the problem of performing distributed CTL model checking by splitting the given state space into several "partial state spaces". The partial state space is modelled as a Kripke structure with border states. Each computer involved in the distributed computation owns ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
In this work we discuss the problem of performing distributed CTL model checking by splitting the given state space into several "partial state spaces". The partial state space is modelled as a Kripke structure with border states. Each computer involved in the distributed computation owns a partial state space and performs a model checking algorithm on this incomplete structure. To be able to proceed, the border states are augmented by assumptions about the truth of formulas and the computers exchange assumptions about relevant states as they compute more precise information. In the paper we give the basic definitions and present the distributed algorithm.
S.: Verification of gaporder constraint abstractions of counter systems
"... Abstract. We investigate verification problems for gaporder constraint systems (GCS), an (infinitelybranching) abstract model of counter machines, in which constraints (over Z) between the variables of the source state and the target state of a transition are gaporder constraints (GC) [27].GCS ex ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We investigate verification problems for gaporder constraint systems (GCS), an (infinitelybranching) abstract model of counter machines, in which constraints (over Z) between the variables of the source state and the target state of a transition are gaporder constraints (GC) [27].GCS extend monotonicity constraint systems [5], integral relation automata [12], and constraint automata in [15]. First, we show that checking the existence of infinite runs in GCS satisfying acceptance conditions àlaBüchi (fairness problem) is decidable and PSPACEcomplete. Next, we consider a constrained branchingtime logic, GCCTL ∗ , obtained by enriching CTL ∗ with GC, thus enabling expressive properties and subsuming the setting of [12]. We establish that, while modelchecking GCS against the universal fragment of GCCTL ∗ is undecidable, modelchecking against the existential fragment, and satisfiability of both the universal and existential fragments are instead decidable and PSPACEcomplete (note that the two fragments are not dual since GC are not closed under negation). Moreover, our results imply PSPACEcompleteness of the verification problems investigated and shown to be decidable in [12], but for which no elementary upper bounds are known. 1
D.: Program Models for Compositional Verification
 ICFEM 2008. LNCS
, 2008
"... Abstract. Compositional verification is crucial for guaranteeing the security of systems where new components can be loaded dynamically. In earlier work, we developed a compositional verification principle for controlflow properties of sequential control flow graphs with procedures. This paper dis ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Compositional verification is crucial for guaranteeing the security of systems where new components can be loaded dynamically. In earlier work, we developed a compositional verification principle for controlflow properties of sequential control flow graphs with procedures. This paper discusses how the principle can be generalised to richer program models. We first present a generic program model, of which the original program model is an instantiation, and explicate under what conditions the compositional verification principle applies. We then present two other example instantiations of the generic model: with exceptional and with multithreaded control flow, and show that for these particular instantiations the conditions hold. The program models we present are specifically tailored to our compositional verification principle; however, they are sufficiently intuitive and standard to be useful on their own. Tool support and practical application of the method are discussed. 1
Can a Model Checker Generate Tests for NonDeterministic Systems?
, 2007
"... Modern software is increasingly concurrent, timed, distributed, and therefore, nondeterministic. While it is well known that tests can be generated as LTL or CTL model checker counterexamples, we argue that nondeterminism creates difficulties that need to be resolved and propose test generation me ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
Modern software is increasingly concurrent, timed, distributed, and therefore, nondeterministic. While it is well known that tests can be generated as LTL or CTL model checker counterexamples, we argue that nondeterminism creates difficulties that need to be resolved and propose test generation methods to overcome them. The proposed methods rely on fault modeling by mutation and use conventional (closed) and modular (open) model checkers.
A Compositional World a survey of recent works on compositionality in formal methods
, 2005
"... We survey the most significant literature about compositional techniques for concurrent and realtime system verification. We especially focus on abstract frameworks for rely/guarantee compositionality that handles circularity, but also consider different developments. ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
We survey the most significant literature about compositional techniques for concurrent and realtime system verification. We especially focus on abstract frameworks for rely/guarantee compositionality that handles circularity, but also consider different developments.
Abstraction for Model Checking Modular Interpreted Systems over ATL
"... We present an abstraction technique for model checking multiagent systems given as modular interpreted systems (MIS) (introduced by Jamroga and Ågotnes). MIS allow for succinct representations of compositional systems, they permit agents to be removed, added or replaced and they are modular by fac ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We present an abstraction technique for model checking multiagent systems given as modular interpreted systems (MIS) (introduced by Jamroga and Ågotnes). MIS allow for succinct representations of compositional systems, they permit agents to be removed, added or replaced and they are modular by facilitating control over the amount of interaction. Specifications are given as arbitrary ATL formulae: We can therefore reason about strategic abilities of groups of agents. Our technique is based on collapsing each agent’s local state space with handcrafted equivalence relations, one per strategic modality. We present
On the Universal and Existential Fragments of the µCalculus
, 2003
"... One source of complexity in the µcalculus is its ability to specify an unbounded number of switches between universal (AX) and existential (EX) branching modes. We therefore study the problems of satis ability, validity, model checking, and implication for the universal and existential fragmen ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
One source of complexity in the µcalculus is its ability to specify an unbounded number of switches between universal (AX) and existential (EX) branching modes. We therefore study the problems of satis ability, validity, model checking, and implication for the universal and existential fragments of the µcalculus, in which only one branching mode is allowed. The universal fragment is rich enough to express most specifications of interest, and therefore improved algorithms are of practical importance. We show that while the satis ability and validity problems become indeed simpler for the existential and universal fragments, this is, unfortunately, not the case for model checking and implication.