Results 1 
9 of
9
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Model checking action and statelabelled Markov chains
 DSN’04, Proceedings of International Conference on Dependable Systems and Networks
, 2004
"... In this paper we introduce the logic asCSL, an extension of continuous stochastic logic (CSL), which provides powerful means to characterise execution paths of action and statelabelled Markov chains. In asCSL, path properties are characterised by regular expressions over actions and stateformulas ..."
Abstract

Cited by 14 (2 self)
 Add to MetaCart
In this paper we introduce the logic asCSL, an extension of continuous stochastic logic (CSL), which provides powerful means to characterise execution paths of action and statelabelled Markov chains. In asCSL, path properties are characterised by regular expressions over actions and stateformulas. Thus, the executability of a path not only depends on the available actions but also on the validity of certain state formulas in intermediate states. Our main result is that the model checking problem for asCSL can be reduced to CSL model checking on a modified Markov chain, which is obtained through a product automaton construction. We provide a case study of a scalable cellular phone system which shows how the logic asCSL and the model checking procedure can be applied in practice. 1.
Foundations of a Theory of Specification for Distributed Systems
, 1984
"... This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance pr ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
This thesis investigates a particular approach, called statetransition specification, to the problem of describing the behavior of modules in a distributed or concurrent computer ,stem. A statetransition specification consists off (1) a state machine, which incorporates the safety or invariance properties of the module, and (2) validity conditions on the computations of the machine, which'capture the desired liveness or eventu;lity properties. The theory and techniques of state. transition specification are developed'from first principles to a point at which it is possible to write example sPeCificatiOns,'to checkthe Specifications for coraiatency, and to perform correctlse examples.
Models and Temporal Logics for Timed Component Connectors
 In Proc. SEFM’04. IEEE CS
, 2004
"... The coordination language Reo supports compositional system construction through connectors with realtime properties that exogenously coordinate the interactions among the constituent components into a coherent collaboration. In this paper, we present an operational semantics for the channelbased ..."
Abstract

Cited by 13 (6 self)
 Add to MetaCart
The coordination language Reo supports compositional system construction through connectors with realtime properties that exogenously coordinate the interactions among the constituent components into a coherent collaboration. In this paper, we present an operational semantics for the channelbased component connectors of Reo in terms of Timed Constraint Automata and introduce a temporallogic for specification and verification of their realtime properties.
Linear Functional Fixedpoints
, 2009
"... We introduce a logic of functional fixedpoints. It is suitable for analyzing heapmanipulating programs and can encode several logics used for program verification with different ways of expressing reachability. While full fixedpoint logic remains undecidable, several subsets admit decision proced ..."
Abstract

Cited by 11 (2 self)
 Add to MetaCart
We introduce a logic of functional fixedpoints. It is suitable for analyzing heapmanipulating programs and can encode several logics used for program verification with different ways of expressing reachability. While full fixedpoint logic remains undecidable, several subsets admit decision procedures. In particular, for the logic of linear functional fixedpoints, we develop an abstraction refinement integration of the SMT solver Z3 and a satisfiability checker for propositional lineartime temporal logic. The integration refines the temporal abstraction by generating safety formulas until the temporal abstraction is unsatisfiable or a model for it is also a model for the functional fixedpoint formula.
What It Means for a Concurrent Program to Satisfy a Specification: Why No One Has Specified Priority
 IN PROCEEDINGS OF THE TWELFTH ACM SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 1984
"... The formal correspondence between an implementation and its specification is examined. It is shown that existing specifications that claim to describe priority are either vacuous or else too restrictive to be implemented in some reasonable situations. This is illustrated with a precisely formula ..."
Abstract

Cited by 11 (5 self)
 Add to MetaCart
The formal correspondence between an implementation and its specification is examined. It is shown that existing specifications that claim to describe priority are either vacuous or else too restrictive to be implemented in some reasonable situations. This is illustrated with a precisely formulated problem of specifying a firstcomefirstserved mutual exclusion algorithm, which it is claimed cannot be solved by existing methods.
A Hierarchical Completeness Proof for Interval Temporal Logic with Finite Time
, 2003
"... Logics based on regular languages over finite words and #words o#er a promising but elusive framework for formal specification and verification. Starting with the seminal work of Buchi [5, 6] and Elgot [11] around 1960, a number of such logics and decision procedures have been proposed. ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
Logics based on regular languages over finite words and #words o#er a promising but elusive framework for formal specification and verification. Starting with the seminal work of Buchi [5, 6] and Elgot [11] around 1960, a number of such logics and decision procedures have been proposed.
Discrete Event Systems in Rewriting Logic
, 1996
"... In this note, we report on some work in progress on using rewriting logics for discrete event simulation. The idea is to combine the proofs in the logic with the observations in the simulations to gain a better understanding of the interaction intricacies that seem to occur in complex simulations. I ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this note, we report on some work in progress on using rewriting logics for discrete event simulation. The idea is to combine the proofs in the logic with the observations in the simulations to gain a better understanding of the interaction intricacies that seem to occur in complex simulations. In particular, we use communication protocols as our application domain, since they have all the interaction and unpredictability that makes formal specifications difficult. 1 Problem: Formal Methods in Simulation The historical barriers to the use of formal methods in designing and developing communication protocols derive from their different attitudes: verification models have been used for many years for proofs of behavior (a verification model cannot tell you when the model is wrong), but simulation models are used for observations of behavior (a simulation model cannot tell you when the model is right). These are almost always different models, since they must concentrate on different ...
Algoritmos de Satisfactibildad y ModelChecking para la Lógica Temporal Proposicional: Comparación y Aplicación para la Representación de Conocimientos Temporales
"... os de Datos Generales . . . . . . . . . . . . . . . . . . . . . . . 66 7.2 Implementaci'on del M'etodo del Tablero . . . . . . . . . . . . . . . . . . . . . 71 7.3 Implementaci'on del M'etodo Buchi . . . . . . . . . . . . . . . . . . . . . . . . 74 7.4 Implementaci'on de los Algoritmos de ModelChec ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
os de Datos Generales . . . . . . . . . . . . . . . . . . . . . . . 66 7.2 Implementaci'on del M'etodo del Tablero . . . . . . . . . . . . . . . . . . . . . 71 7.3 Implementaci'on del M'etodo Buchi . . . . . . . . . . . . . . . . . . . . . . . . 74 7.4 Implementaci'on de los Algoritmos de ModelChecking . . . . . . . . . . . . . 74 7.4.1 LTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 7.4.2 CTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 List of Figures 2.1 Grafo de transiciones de la planificaci'on de recursos no compartibles con dos procesos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1 Tablero de la f'ormula F 1 j (fl 8 3a flflb) . . . . . . . . . . . . . . . . . . . 15 3.2 Modelo de la f'ormula F 1 j (fl 8 3a flflb) . . . . . . . . . . . . . . . . . . . 16 3.3 Tablero de la f'ormula F 2 j (2fla (bUc)) . . . . . . . . . . . . . . . . . . . . 16 3.4 Estructura Hintikka de la f...