Results 1  10
of
102
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 753 (40 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryant’s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
Model Checking and Modular Verification
 ACM Transactions on Programming Languages and Systems
, 1991
"... We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing ..."
Abstract

Cited by 310 (11 self)
 Add to MetaCart
(Show Context)
We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing the component. Satisfaction of a formula in the logic corresponds to being below a particular structure (a tableau for the formula) in the preorder. We show how to do assumeguarantee style reasoning within this framework. In addition, we demonstrate efficient methods for model checking in the logic and for checking the preorder in several special cases. We have implemented a system based on these methods, and we use it to give a compositional verification of a CPU controller. 1 Introduction Temporal logic model checking procedures are useful tools for the verification of finite state systems [3, 12, 20]. However, these procedures have traditionally suffered from the state explosion proble...
A LinearTime ModelChecking Algorithm for the AlternationFree Modal MuCalculus
 Formal Methods in System Design
, 1993
"... We develop a modelchecking algorithm for a logic that permits propositions to be defined using greatest and least fixed points of mutually recursive systems of equations. This logic is as expressive as the alternationfree fragment of the modal mucalculus identified by Emerson and Lei, and it may ..."
Abstract

Cited by 138 (15 self)
 Add to MetaCart
(Show Context)
We develop a modelchecking algorithm for a logic that permits propositions to be defined using greatest and least fixed points of mutually recursive systems of equations. This logic is as expressive as the alternationfree fragment of the modal mucalculus identified by Emerson and Lei, and it may therefore be used to encode a number of temporal logics and behavioral preorders. Our algorithm determines whether a process satisfies a formula in time proportional to the product of the sizes of the process and the formula; this improves on the best known algorithm for similar fixedpoint logics. 1 Introduction Behavioral equivalences and preorders, and temporal logics, have been used extensively in automated verification tools for finitestate processes [3, 12, 18, 19, 20]. The relations are typically used to relate a highlevel specification process to a more detailed implementation process, while the logics enable system designers to formulate collections of properties that implementa...
A Partial Approach to Model Checking
 INFORMATION AND COMPUTATION
, 1994
"... This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, includin ..."
Abstract

Cited by 122 (4 self)
 Add to MetaCart
This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, including automata that operate on words of ordinality higher than \omega.
An Integration of Model Checking with Automated Proof Checking
, 1995
"... Although automated proof checking tools for generalpurpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which effi ..."
Abstract

Cited by 100 (8 self)
 Add to MetaCart
(Show Context)
Although automated proof checking tools for generalpurpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which efficient decision procedures can be found. The model checking paradigm yields an important class of decision procedures for establishing temporal properties of finitestate systems. Model checking is remarkably effective for automatically verifying finite automata with relatively small state spaces, but is inadequate when the state spaces are either too large or unbounded. For this reason, it is useful to integrate the complementary technologies of model checking and proof checking. Such an integration has to be carried out in a delicate manner in order to be more than just the sum of the techniques. We describe...
Model Checking for ContextFree Processes
, 1992
"... We develop a modelchecking algorithm that decides for a given contextfree process whether it satisfies a property written in the alternationfree modal mucalculus. The central idea behind this algorithm is to raise the standard iterative modelchecking techniques to higher order: in contrast to t ..."
Abstract

Cited by 88 (8 self)
 Add to MetaCart
We develop a modelchecking algorithm that decides for a given contextfree process whether it satisfies a property written in the alternationfree modal mucalculus. The central idea behind this algorithm is to raise the standard iterative modelchecking techniques to higher order: in contrast to the usual approaches, in which the set of formulas that are satisfied by a certain state are iteratively computed, our algorithm iteratively computes a property transformer for each state class of the finite process representation. These property transformers can then simply be applied to solve the modelchecking problem. The complexity of our algorithm is linear in the size of the system's representation and exponential in the size of the property being investigated.
An Improved Algorithm for the Evaluation of Fixpoint Expressions
, 1996
"... Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification ..."
Abstract

Cited by 72 (3 self)
 Add to MetaCart
(Show Context)
Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification algorithms and as specification formalisms in their own right. We consider the problem of evaluating expressions in these calculi over a given model. A naive algorithm for this task may require time n q , where n is the maximum length of a chain in the lattice and q is the depth of fixpoint nesting. In 1986, Emerson and Lei presented a method requiring about n d steps, where d is the This research was sponsored in part by the Wright Laboratory, Aeronautical Systems Center, Air Force Material Command,USAF, and the Advanced Research Projects Agency (ARPA) under grant number F336159311330. The views and conclusions contained in this document are those of the authors and should not be ...
TestingBased Abstractions for ValuePassing Systems
 In CONCUR'94, number 836 in Lecture Notes in Computer Science
, 1994
"... ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
(Show Context)
ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. This paper presents a framework for the abstract interpretation of processes that pass values. We define a process description language that is parameterized with respect to the set of values that processes may exchange and show that an abstraction over values induces an abstract semantics for processes. Our main results state that if the abstract value interpretation safely/optimally approximates the ground interpretation, then the resulting abstracted processes safely/optimally approximate those derived from the ground semantics (in a precisely defined sense). As the processes derived from an abstract semantics in general have far fewer states than those derived from a concrete sem...
Pushdown Processes: Parallel Composition and Model Checking
, 1993
"... In this paper we consider a strict generalization of contextfree processes, the pushdown processes, and show that this class of processes is 1) closed under parallel composition with finite state systems, and can 2) be model checked by means of an elegant adaptation of the higher order model che ..."
Abstract

Cited by 29 (3 self)
 Add to MetaCart
In this paper we consider a strict generalization of contextfree processes, the pushdown processes, and show that this class of processes is 1) closed under parallel composition with finite state systems, and can 2) be model checked by means of an elegant adaptation of the higher order model checker introduced in [BS92]. This shows the advantages of pushdown processes over contextfree processes, which are not sufficiently general in order to support parallel composition.
Efficient Model Checking via the Equational µCalculus
 In Proc. 11th IEEE Symp. Logic in Comp. Sci
, 1996
"... This paper studies the use of an equational variant of the modal ¯calculus as a unified framework for efficient temporal logic model checking. In particular, we show how an expressive temporal logic, CTL , may be efficiently translated into the ¯calculus. Using this translation, one may then em ..."
Abstract

Cited by 22 (0 self)
 Add to MetaCart
This paper studies the use of an equational variant of the modal ¯calculus as a unified framework for efficient temporal logic model checking. In particular, we show how an expressive temporal logic, CTL , may be efficiently translated into the ¯calculus. Using this translation, one may then employ ¯calculus modelchecking techniques, including onthefly procedures, BDDbased algorithms and compositional modelchecking approaches, to determine if systems satisfy formulas in CTL . 1. Introduction Recent years have witnessed a surge of work on automatic approaches for establishing whether or not finitestate reactive systems satisfy specifications given in temporal logics [5, 8, 9, 14, 18, 21, 24, 26, 29]. Reactive systems typically maintain an ongoing interaction with their environments; temporal logics permit the formulation of requirements on a system's evolving behavior and hence are wellsuited for specifying system properties. The task of verifying if a system satisfies ...