Results 11  20
of
29
An AutomataTheoretic Approach to Modular Model Checking
, 1998
"... this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in 8CTL and 8CTL
Compositional Minimization of Finite State Systems Using Interface Specifications
, 1995
"... In this paper we present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
In this paper we present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps that exploit global communication constraints given in terms of interface specifications. The effect of the method, which is developed for bisimulation semantics here, depends on the structure of the distributed system under consideration, and the accuracy of the interface specifications. However, its correctness does not: every "successful" construction is guaranteed to yield the desired minimal transition system, independent of the correctness of the interface specifications provided by the program designer.
Bisimulation Minimization in an AutomataTheoretic Verification Framework
 In Formal Methods in ComputerAided Design (FMCAD
, 1998
"... Bisimulation is a seemingly attractive statespace minimization technique because it can be computed automatically and yields the smallest model preserving all ¯calculus formulas. It is considered impractical for symbolic model checking, however, because the required BDDs are prohibitively large fo ..."
Abstract

Cited by 12 (1 self)
 Add to MetaCart
Bisimulation is a seemingly attractive statespace minimization technique because it can be computed automatically and yields the smallest model preserving all ¯calculus formulas. It is considered impractical for symbolic model checking, however, because the required BDDs are prohibitively large for most designs. We revisit bisimulation minimization, this time in an automatatheoretic framework. Bisimulation has potential in this framework because after intersecting the design with the negation of the property, minimization can ignore most of the atomic propositions. We compute bisimulation using an algorithm due to Lee and Yannakakis that represents bisimulation relations by their equivalence classes and only explores reachable classes. This greatly improves on the time and memory usage of naive algorithms. We demonstrate that bisimulation is practical for many designs within the automatatheoretic framework. In most cases, however, the cost of performing this reduction still outweigh...
Selective mucalculus: New Modal Operators for Proving Properties on Reduced Transition Systems
 In Proceedings of FORTE X/PSTV XVII '97. Chapman
, 1997
"... In model checking for temporal logic, the correctness of a (concurrent) system with respect to a desired behavior is verified by checking whether a structure that models the system satisfies a formula describing the behaviour. Most existing verification techniques, and in particular those defined fo ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
In model checking for temporal logic, the correctness of a (concurrent) system with respect to a desired behavior is verified by checking whether a structure that models the system satisfies a formula describing the behaviour. Most existing verification techniques, and in particular those defined for concurrent calculi like as CCS, are based on a representation of the concurrent system by means of a labelled transition system. In this approach to verification, state explosion is one of the most serious problems. In this paper we present a new temporal logic, the selective mucalculus, with the property that only the actions occurring in a formula are relevant to check the formula itself. We prove that the selective mucalculus is as powerful as the mucalculus. We define the notion of aebisimulation between transition systems: given a set of actions ae, a transition system aebisimulates another one if they have the same behaviour with respect to the actions in ae. We prove that, if t...
Automatic abstraction for model checking software systems with interrelated numeric constraints
 In Proceedings of the 9th ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE9
, 2001
"... Model checking techniques have not been effective in important classes of software systems characterized by large (or infinite) input domains with interrelated linear and nonlinear constraints over the input variables. Various model abstraction techniques have been proposed to address this problem. ..."
Abstract

Cited by 8 (5 self)
 Add to MetaCart
Model checking techniques have not been effective in important classes of software systems characterized by large (or infinite) input domains with interrelated linear and nonlinear constraints over the input variables. Various model abstraction techniques have been proposed to address this problem. In this paper, we wish to propose domain abstraction based on data equivalence and trajectory reduction as an alternative and complement to other abstraction techniques. Our technique applies the abstraction to the input domain (environment) instead of the model and is applicable to constraintfree and deterministic constrained data transition system. Our technique is automatable with some minor restrictions.
Abstractions and Partial Order Reductions for Checking Branching Properties of Time Petri Nets
, 2001
"... The paper deals with verification of untimed branching time properties of Time Petri Nets. The atomic variant of the geometric region method for preserving properties of CTL and ACTL is improved. Then, it is shown, for the first time, how to apply the partial order reduction method to deal with next ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
The paper deals with verification of untimed branching time properties of Time Petri Nets. The atomic variant of the geometric region method for preserving properties of CTL and ACTL is improved. Then, it is shown, for the first time, how to apply the partial order reduction method to deal with nexttime free branching properties of Time Petri Nets. The above two results are combined offering an efficient method for model checking of ACTL X and CTL X properties of Time Petri Nets.
Model Checking with formuladependent abstract models
 In ComputerAided Verification (CAV), volume 2102 of LNCS
, 2001
"... We present a model checking algorithm for ∀CTL (and full CTL) which uses an iterative abstraction refinement strategy. In each iteration we call a standard model checker for the abstract models A_i. If A_i does not satisfy Φ we refine the abstract model A_i yielding another abstract model ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We present a model checking algorithm for ∀CTL (and full CTL) which uses an iterative abstraction refinement strategy. In each iteration we call a standard model checker for the abstract models A_i. If A_i does not satisfy Φ we refine the abstract model A_i yielding another abstract model A_i+1 and (re)call the model checker to A_i+1. Otherwise the formula holds for the original system M. Our algorithm terminates at least for all transition systems M that have a finite simulation or bisimulation quotient. In contrast to other abstraction refinement algorithms, we always work with abstract models whose size just depend on the length of the formula Φ (but not on the size of the system which might be infinite).
Correcting a SpaceEfficient Simulation Algorithm
"... Although there are many efficient algorithms for calculating the simulation preorder on finite Kripke structures, only two have been proposed of which the space complexity is of the same order as the size of the output of the algorithm. Of these, the one with the best time complexity exploits the re ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
Although there are many efficient algorithms for calculating the simulation preorder on finite Kripke structures, only two have been proposed of which the space complexity is of the same order as the size of the output of the algorithm. Of these, the one with the best time complexity exploits the representation of the simulation problem as a generalised coarsest partition problem. It is based on a fixedpoint operator for obtaining a generalised coarsest partition as the limit of a sequence of partition pairs. We show that this fixedpoint theory is flawed, and that the algorithm is incorrect. Although we do not see how the fixedpoint operator can be repaired, we correct the algorithm without affecting its space and time complexity. 1
An Efficient Simulation Algorithm based on Abstract Interpretation
, 709
"... A number of algorithms for computing the simulation preorder are available. Let Σ denote the state space, → the transition relation and Psim the partition of Σ induced by simulation equivalence. The algorithms by Henzinger, Henzinger, Kopke and by Bloom and Paige run in O(Σ→)time and, as far a ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
A number of algorithms for computing the simulation preorder are available. Let Σ denote the state space, → the transition relation and Psim the partition of Σ induced by simulation equivalence. The algorithms by Henzinger, Henzinger, Kopke and by Bloom and Paige run in O(Σ→)time and, as far as timecomplexity is concerned, they are the best available algorithms. However, these algorithms have the drawback of a space complexity that is more than quadratic in the size of the state space. The algorithm by Gentilini, Piazza, Policriti — subsequently corrected by van Glabbeek and Ploeger — appears to provide the best compromise between time and space complexity. Gentilini et al.’s algorithm runs in O(Psim  2 →)time while the space complexity is in O(Psim  2 + Σ  log Psim). We present here a new efficient simulation algorithm that is obtained as a modification of Henzinger et al.’s algorithm and whose correctness is based on some techniques used in applications of abstract interpretation to model checking. Our algorithm runs in O(Psim→)time and O(PsimΣ  log Σ)space. Thus, this algorithm improves the best known time bound while retaining an acceptable space complexity that is in general less than quadratic in the size of the state space. An experimental evaluation showed good comparative results with respect to Henzinger, Henzinger and Kopke’s algorithm. 1
Automatic Abstraction in Model Checking
, 2000
"... As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale become ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale becomes extremely difficult. Formal verification methodologies can potentially catch subtle design errors. However, many stateoftheart formal verification tools suffer from the state explosion problem. This thesis explores abstraction techniques to avoid the state explosion problem. In our methodology, atomic formulas extracted from an SMVlike concurrent program are used to construct abstraction functions. The initial abstract structure is built by using existential abstraction techniques. When the model checker disproves a universal property on the abstract structure, it generates a counterexample. However, this abstract counterexample might be spurious because abstraction is not complete. We provide a new symbolic algorithm to determine whether an abstract counterexample is spurious. When a counterexample is identified to be spurious, the algorithm will compute the shortest prefix of the abstract counterexample that does not correspond to an actual trace in the concrete model. The last abstract state in this prefix is split into less abstract states so that the spurious counterexample is eliminated. Thus, a more refined abstraction function is obtained. It is usually desirable to obtain the coarsest refinement which eliminates the counterexample because this corresponds to the smallest abstract model that avoids the spurious counterexample. We prove, however, that finding the coarsest refinement is NPhard. Because of this, we use a polynomialtime algorithm which gives a su...