Results 1  10
of
75
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 574 (30 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryantâ€™s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
Model Checking and Modular Verification
 ACM Transactions on Programming Languages and Systems
, 1991
"... We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing ..."
Abstract

Cited by 271 (11 self)
 Add to MetaCart
We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing the component. Satisfaction of a formula in the logic corresponds to being below a particular structure (a tableau for the formula) in the preorder. We show how to do assumeguarantee style reasoning within this framework. In addition, we demonstrate efficient methods for model checking in the logic and for checking the preorder in several special cases. We have implemented a system based on these methods, and we use it to give a compositional verification of a CPU controller. 1 Introduction Temporal logic model checking procedures are useful tools for the verification of finite state systems [3, 12, 20]. However, these procedures have traditionally suffered from the state explosion proble...
A Partial Approach to Model Checking
 INFORMATION AND COMPUTATION
, 1994
"... This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, including aut ..."
Abstract

Cited by 113 (5 self)
 Add to MetaCart
This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, including automata that operate on words of ordinality higher than \omega.
A LinearTime ModelChecking Algorithm for the AlternationFree Modal MuCalculus
 Formal Methods in System Design
, 1993
"... We develop a modelchecking algorithm for a logic that permits propositions to be defined using greatest and least fixed points of mutually recursive systems of equations. This logic is as expressive as the alternationfree fragment of the modal mucalculus identified by Emerson and Lei, and it may ..."
Abstract

Cited by 109 (16 self)
 Add to MetaCart
We develop a modelchecking algorithm for a logic that permits propositions to be defined using greatest and least fixed points of mutually recursive systems of equations. This logic is as expressive as the alternationfree fragment of the modal mucalculus identified by Emerson and Lei, and it may therefore be used to encode a number of temporal logics and behavioral preorders. Our algorithm determines whether a process satisfies a formula in time proportional to the product of the sizes of the process and the formula; this improves on the best known algorithm for similar fixedpoint logics. 1 Introduction Behavioral equivalences and preorders, and temporal logics, have been used extensively in automated verification tools for finitestate processes [3, 12, 18, 19, 20]. The relations are typically used to relate a highlevel specification process to a more detailed implementation process, while the logics enable system designers to formulate collections of properties that implementa...
The concurrency workbench: A semantics based tool for the verification of concurrent systems
 In Proceedings of the Workshop on Automatic Verification Methods for Finite State Machines
, 1991
"... Abstract The Concurrency Workbench is an automated tool for analyzing networks of finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model ..."
Abstract

Cited by 102 (3 self)
 Add to MetaCart
Abstract The Concurrency Workbench is an automated tool for analyzing networks of finitestate processes expressed in Milner's Calculus of Communicating Systems. Its key feature is its breadth: a variety of different verification methods, including equivalence checking, preorder checking, and model checking, are supported for several different process semantics. One experience from our work is that a large number of interesting verification methods can be formulated as combinations of a small number of primitive algorithms. The Workbench has been applied to the verification of communications protocols and mutual exclusion algorithms and has proven a valuable aid in teaching and research. 1 Introduction This paper describes the Concurrency Workbench [11, 12, 13], a tool that supports the automatic verification of finitestate processes. Such tools are practically motivated: the development of complex distributed computer systems requires sophisticated verification techniques to guarantee correctness, and the increase in detail rapidly becomes unmanageable without computer assistance. Finitestate systems, such as communications protocols and hardware, are particularly suitable for automated analysis because their finitary nature ensures the existence of decision procedures for a wide range of system properties.
An Integration of Model Checking with Automated Proof Checking
, 1995
"... Although automated proof checking tools for generalpurpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which effi ..."
Abstract

Cited by 88 (8 self)
 Add to MetaCart
Although automated proof checking tools for generalpurpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which efficient decision procedures can be found. The model checking paradigm yields an important class of decision procedures for establishing temporal properties of finitestate systems. Model checking is remarkably effective for automatically verifying finite automata with relatively small state spaces, but is inadequate when the state spaces are either too large or unbounded. For this reason, it is useful to integrate the complementary technologies of model checking and proof checking. Such an integration has to be carried out in a delicate manner in order to be more than just the sum of the techniques. We describe...
Model Checking for ContextFree Processes
, 1992
"... We develop a modelchecking algorithm that decides for a given contextfree process whether it satisfies a property written in the alternationfree modal mucalculus. The central idea behind this algorithm is to raise the standard iterative modelchecking techniques to higher order: in contrast to t ..."
Abstract

Cited by 78 (8 self)
 Add to MetaCart
We develop a modelchecking algorithm that decides for a given contextfree process whether it satisfies a property written in the alternationfree modal mucalculus. The central idea behind this algorithm is to raise the standard iterative modelchecking techniques to higher order: in contrast to the usual approaches, in which the set of formulas that are satisfied by a certain state are iteratively computed, our algorithm iteratively computes a property transformer for each state class of the finite process representation. These property transformers can then simply be applied to solve the modelchecking problem. The complexity of our algorithm is linear in the size of the system's representation and exponential in the size of the property being investigated.
An Improved Algorithm for the Evaluation of Fixpoint Expressions
, 1996
"... Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification ..."
Abstract

Cited by 57 (3 self)
 Add to MetaCart
Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification algorithms and as specification formalisms in their own right. We consider the problem of evaluating expressions in these calculi over a given model. A naive algorithm for this task may require time n q , where n is the maximum length of a chain in the lattice and q is the depth of fixpoint nesting. In 1986, Emerson and Lei presented a method requiring about n d steps, where d is the This research was sponsored in part by the Wright Laboratory, Aeronautical Systems Center, Air Force Material Command,USAF, and the Advanced Research Projects Agency (ARPA) under grant number F336159311330. The views and conclusions contained in this document are those of the authors and should not be ...
Pushdown Processes: Parallel Composition and Model Checking
, 1993
"... In this paper we consider a strict generalization of contextfree processes, the pushdown processes, and show that this class of processes is 1) closed under parallel composition with finite state systems, and can 2) be model checked by means of an elegant adaptation of the higher order model che ..."
Abstract

Cited by 27 (3 self)
 Add to MetaCart
In this paper we consider a strict generalization of contextfree processes, the pushdown processes, and show that this class of processes is 1) closed under parallel composition with finite state systems, and can 2) be model checked by means of an elegant adaptation of the higher order model checker introduced in [BS92]. This shows the advantages of pushdown processes over contextfree processes, which are not sufficiently general in order to support parallel composition.
TestingBased Abstractions for ValuePassing Systems
 In CONCUR'94, number 836 in Lecture Notes in Computer Science
, 1994
"... ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
ions for ValuePassing Systems ? Rance Cleaveland ?? and James Riely ??? 1 Dept. of Computer Science, N.C. State University, Raleigh, NC 276958206, USA 2 Dept. of Computer Science, University of N.C., Chapel Hill, NC 275993175, USA email: rance@csc.ncsu.edu, riely@cs.unc.edu Abstract. This paper presents a framework for the abstract interpretation of processes that pass values. We define a process description language that is parameterized with respect to the set of values that processes may exchange and show that an abstraction over values induces an abstract semantics for processes. Our main results state that if the abstract value interpretation safely/optimally approximates the ground interpretation, then the resulting abstracted processes safely/optimally approximate those derived from the ground semantics (in a precisely defined sense). As the processes derived from an abstract semantics in general have far fewer states than those derived from a concrete sem...