Results 1  10
of
216
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Combining Partial Order Reductions with Onthefly Modelchecking
, 1994
"... Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during i ..."
Abstract

Cited by 191 (14 self)
 Add to MetaCart
Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during its generation. We prove conditions under which these two methods can be combined in order to gain reduction from both methods. An extension of the modelchecker SPIN, which implements this combination, is studied, showing substantial reduction over traditional search, not only in the number of reachable states, but directly in the amount of memory and time used. We also describe how to apply partialorder modelchecking under given fairness assumptions.
All from one, one for all: on model checking using representatives
 LNCS
, 1993
"... Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based ..."
Abstract

Cited by 150 (6 self)
 Add to MetaCart
Checking that a given finite state program satisfies a linear temporal logic property is suffering in many cases from a severe space and time explosion. One way to cope with this is to reduce the state graph used for model checking. We define an equivalence relation between infinite sequences, based on infinite traces such that for each equivalence class, either all or none of the sequences satisfy the checked formula. We present an algorithm for constructing a state graph that contains at least one representative sequence for each equivalence class. This allows applying existing model checking algorithms to the reduced state graph rather than on the larger full state graph of the program. It also allows model checking under fairness assumptions, and exploits these assumptions to obtain smaller state graphs. A formula rewriting technique is presented to allow coarser equivalence relation among sequences, such that less representatives are needed. 1
Pointer Analysis for Multithreaded Programs
 ACM SIGPLAN 99
, 1999
"... This paper presents a novel interprocedural, flowsensitive, and contextsensitive pointer analysis algorithm for multithreaded programs that may concurrently update shared pointers. For each pointer and each program point, the algorithm computes a conservative approximation of the memory locations ..."
Abstract

Cited by 135 (13 self)
 Add to MetaCart
This paper presents a novel interprocedural, flowsensitive, and contextsensitive pointer analysis algorithm for multithreaded programs that may concurrently update shared pointers. For each pointer and each program point, the algorithm computes a conservative approximation of the memory locations to which that pointer may point. The algorithm correctly handles a full range of constructs in multithreaded programs, including recursive functions, function pointers, structures, arrays, nested structures and arrays, pointer arithmetic, casts between pointer variables of different types, heap and stack allocated memory, shared global variables, and threadprivate global variables. We have implemented the algorithm in the SUIF compiler system and used the implementation to analyze a sizable set of multithreaded programs written in the Cilk multithreaded programming language. Our experimental results show that the analysis has good precision and converges quickly for our set of Cilk programs.
Design of Embedded Systems: Formal Models, Validation, and Synthesis
 PROCEEDINGS OF THE IEEE
, 1999
"... This paper addresses the design of reactive realtime embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware ASICs with embedded software. The concurrent design process for such embedded systems involves solving the ..."
Abstract

Cited by 106 (9 self)
 Add to MetaCart
This paper addresses the design of reactive realtime embedded systems. Such systems are often heterogeneous in implementation technologies and design styles, for example by combining hardware ASICs with embedded software. The concurrent design process for such embedded systems involves solving the specification, validation, and synthesis problems. We review the variety of approaches to these problems that have been taken.
Symbolic Verification with Periodic Sets
, 1994
"... Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other s ..."
Abstract

Cited by 73 (6 self)
 Add to MetaCart
Symbolic approaches attack the state explosion problem by introducing implicit representations that allow the simultaneous manipulation of large sets of states. The most commonly used representation in this context is the Binary Decision Diagram (BDD). This paper takes the point of view that other structures than BDD's can be useful for representing sets of values, and that combining implicit and explicit representations can be fruitful. It introduces a representation of complex periodic sets of integer values, shows how this representation can be manipulated, and describes its application to the statespace exploration of protocols. Preliminary experimental results indicate that the method can dramatically reduce the resources required for statespace exploration.
Model Checking Complete Requirements Specifications Using Abstraction
 Automated Software Engineering
, 1999
"... Although model checking has proven remarkably effective in detecting errors in hardware designs, its success in the analysis of software specifications has been limited. Model checking algorithms for hardware verification commonly use Binary Decision Diagrams (BDDs) to represent predicates involving ..."
Abstract

Cited by 70 (19 self)
 Add to MetaCart
Although model checking has proven remarkably effective in detecting errors in hardware designs, its success in the analysis of software specifications has been limited. Model checking algorithms for hardware verification commonly use Binary Decision Diagrams (BDDs) to represent predicates involving the many Boolean variables commonly found in hardware descriptions. Unfortunately, BDD representations may be less effective for analyzing software specifications, which usually contain not only Booleans but variables spanning a wide range of data types. Further, software specifications typically have huge, sometimes infinite, state spaces that cannot be model checked directly using conventional symbolic methods. One promising but largely unexplored approach to model checking software...
The practitioner's guide to coloured Petri nets
 International Journal on Software Tools for Technology Transfer
, 1998
"... Coloured Petri nets (CPnets or CPNs) provide a framework for the design, specification, validation, and verification of systems. CPnets have a wide range of application areas and many CPN projects have been carried out in industry, e.g., in the areas of communication protocols, operating systems, ..."
Abstract

Cited by 69 (16 self)
 Add to MetaCart
Coloured Petri nets (CPnets or CPNs) provide a framework for the design, specification, validation, and verification of systems. CPnets have a wide range of application areas and many CPN projects have been carried out in industry, e.g., in the areas of communication protocols, operating systems, hardware designs, embedded systems, software system designs, and business process reengineering. Design/CPN is a graphical computer tool supporting the practical use of CPnets. The tool supports the construction, simulation, and functional and performance analysis of CPN models. The tool is used by more than four hundred organisations in forty different countries  including one hundred commercial companies. It is available free of charge, also for commercial use. This paper provides a comprehensive road map to the practical use of CPnets and the Design/CPN tool. We give an informal introduction to the basic concepts and ideas underlying CPnets. The key components and facilities of the Design/CPN tool are presented and their use illustrated. The paper is selfcontained and does not assume any prior knowledge of Petri nets and CPnets nor any experience with the Design/CPN tool.
Compositional and Symbolic ModelChecking of RealTime Systems
 In Proc. of the 16th IEEE RealTime Systems Symposium
, 1995
"... Efficient automatic modelchecking algorithms for realtime systems have been obtained in recent years based on the stateregion graph technique of Alur, Courcoubetis and Dill. However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in t ..."
Abstract

Cited by 67 (21 self)
 Add to MetaCart
Efficient automatic modelchecking algorithms for realtime systems have been obtained in recent years based on the stateregion graph technique of Alur, Courcoubetis and Dill. However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in the space of control nodes, and explosion in the region space over clockvariables. In this paper we attack these explosion problems by developing and combining compositional and symbolic modelchecking techniques. The presented techniques provide the foundation for a new automatic verification tool Uppaal. Experimental results indicate that Uppaal performs time and spacewise favorably compared with other realtime verification tools. 1 Introduction Within the last decade modelchecking has turned out to be a useful technique for verifying temporal properties of finitestate systems. Efficient modelchecking algorithms for finitestate systems have been obtained with respect to a number o...
Reliable Hashing without Collision Detection
 IN COMPUTER AIDED VERIFICATION. 5TH INTERNATIONAL CONFERENCE
, 1993
"... Thanks to a variety of new techniques, statespace exploration is becoming an increasingly effective method for the verification of concurrent programs. One of these techniques, hashing without collision detection, was proposed by Holzmann as a waytovastly reduce the amount of memory needed to s ..."
Abstract

Cited by 63 (1 self)
 Add to MetaCart
Thanks to a variety of new techniques, statespace exploration is becoming an increasingly effective method for the verification of concurrent programs. One of these techniques, hashing without collision detection, was proposed by Holzmann as a waytovastly reduce the amount of memory needed to store the explored state space. Unfortunately, this reduction in memory use comes at the price of a high probability of ignoring part of the state space and hence of missing existing errors. In this paper, we carefully analyze this method and show that, by using a modified strategy, it is possible to reduce the risk of error to a negligible amount while maintaining the memory use advantage of Holzmann's technique. Our proposed strategy has been implemented and we describe experiments that confirm the excellent expected results.