Multi-valued logics support the explicit modeling of uncertainty and disagreement by allowing additional truth values in the logic. Such logics can be used for verification of dynamic properties of systems where complete, agreed upon models of the system are not available. In this paper, we present an implementation of a symbolic model checker for multi-valued temporal logics. The model checker works for any multi-valued logic whose truth values form a quasiboolean lattice. Our models are generalized Kripke structures, where both atomic propositions and transitions between states may take any of the truth values of a given multi-valued logic. Properties to be model checked are expressed in CTL, generalized with a multi-valued semantics. The design of the model checker is based on the use of MDDs, a multi-valued extension of Binary Decision Diagrams. We describe MDDs and their use in the model checker. We also give its theoretical time complexity and some preliminary empirical performance data.

. In analyzing infinite-state systems, it is often useful to define multiplevalued predicates. Such predicates can determine the (finite) levels of desirability of the current system state and transitions between them. We can capture multiple-valued predicates as elements of a logic defined over finite total orders (FTOs). In this paper we extend automata-theoretic LTL model-checking to reasoning about a class of multiple-valued logics. We also show that model-checking over FTOs is reducible to classical model-checking, and thus can be implemented in SPIN. 1 Introduction Currently, model-checking is essentially limited to reasoning about medium-sized finitestate models. Reasoning about large models, especially if these are not finite-state, is typically done using abstraction [CGL94]. Abstraction techniques, such as abstract interpretation [CC77], require the user to supply the mapping between concrete and abstract data types in their models. Predicate abstraction, introduced...

Abstract. Model-checking gained wide popularity for analyzing software and hardware systems. However, even when the desired property holds, the property or the model may still require fixing. For example, a property ϕ: “on all paths, a request is followed by an acknowledgment”, may hold because no requests have been generated. Vacuity detection has been proposed to address the above problem. This technique is able to determine that the above property ϕ is satisfied vacuously in systems where requests are never sent. Recent work in this area enabled the computation of interesting witnesses for the satisfaction of properties (in our case, those that satisfy ϕ and contain a request) and vacuity detection with respect to subformulas with single and multiple subformula occurrences. Often, the answer “vacuous ” or “not vacuous”, provided by existing techniques, is insufficient. Instead, we want to identify all subformulas of a given CTL formula that cause its vacuity, or better, identify all maximal such subformulas. Further, these subformulas may be mutually vacuous. In this paper, we propose a framework for identifying a variety of degrees of vacuity, including mutual vacuity between different subformulas. We also cast vacuity detection as a multi-valued model-checking problem. 1

Multi-valued logics support the explicit modeling of uncertainty and disagreement by allowing additional truth values in the logic. Such logics can be used for verification of dynamic properties of systems even where complete, agreed upon models of the system are not available. In this paper, we present a symbolic model checker for multi-valued temporal logics. The model checker works for any multi-valued logic whose truth values form a quasi-boolean lattice. Our models are generalized Kripke structures, where both atomic propositions and transitions between states may take any of the truth values of a given multi-valued logic. Properties to be model checked are expressed in CTL, generalized with a multi-valued semantics. The design of the model checker is based on the use of MDDs, a multi-valued extension of Binary Decision Diagrams.

Temporal logic query checking was first introduced by W. Chan in order to speed up design understanding by discovering properties not known a priori. A query is a temporal logic formula containing a special symbol?1, known as a placeholder. Given a Kripke structure and a propositional formula’, we say that’satisfies the query if replacing the placeholder by’results in a temporal logic formula satisfied by the Kripke structure. A solution to a temporal logic query on a Kripke structure is the set of all propositional formulas that satisfy the query. Query checking helps discover temporal properties of a system and, as such, is a useful tool for model exploration. In this paper, we show that query checking is applicable to a variety of model exploration tasks, ranging from invariant computation to test case generation. We illustrate these using a Cruise Control System. Additionally, we show that query checking is an instance of a multi-valued model checking of Chechik et al. This approach enables us to build an implementation of a temporal logic query checker, TLQSolver, on top of our existing multi-valued model checker Chek. It also allows us to decide a large class of queries and introduce witnesses for temporal logic queries—an essential notion for effective model exploration.

Multi-valued model-checking is an effective technique for reasoning about systems with in-complete or inconsistent information. In particular, it is well suited for reasoning about ab-stract, partial, and feature-based system descriptions. The technique is based on extending the classical model-checking algorithm over two-valued logic to arbitrary finite logics whose truth values form a distributive De Morgan lattice. In this thesis we address several issues surrounding the usability of multi-valued model-checking. Firstly, we provide an improved analysis of the worst-case complexity of the sym-bolic multi-valued model-checking algorithm, and show that it is independent of the height of the lattice. Secondly, we extend the notion of fairness to a multi-valued models, thus enabling application of multi-valued model-checking to asynchronous concurrent systems. Thirdly, we introduce multi-valued witnesses and counter-examples that aid in interpreting the results of the model-checker. Finally, we describe the design and implementation of a multi-valued model-checker χChek.

In this paper we propose a framework for defining and reasoning about compositions of concerns, based on multivalued logics. Rather than providing a small set of built-in composition operations, our framework provides a mechanism for constructing arbitrary types of composition. Our multi-valued logic model checker, # chek allows us to reason about the properties of compositions of concerns.

William Chan [3] to speed up design understanding by discovering properties not known a priori. A query is a temporal logic formula containing a special symbol ? 1 , known as a placeholder. Given a Kripke structure and a propositional formula ', we say that ' satisfies the query if replacing the placeholder by ' results in a temporal logic formula satisfied by the Kripke structure. A solution to a temporal logic query on a Kripke structure is the set of all propositional formulas that satisfy the query.

A multi-valued version of CTL* (mv-CTL*), where both the propositions and the accessibility relation are multi-valued, taking values in a complete lattice with a complement, is considered. Contrary to all the existing model checking results for multi-valued modal logics, our lattices are not required to be finite. A set of restrictions is provided under which there is a direct translation from mv-CTL* to CTL* model checking problem for designated values. Bisimulation induced by mvCTL* is characterized.

Multi-valued logics provide an interesting alternative to classical boolean logic for modeling and reasoning about systems. Such logics can be used for reasoning about partially-specified systems, effectively encode vacuity detection and query-checking problems, help in detecting inconsistencies, and many others. In our earlier work, we identified a useful family of multi-valued logics: those specified over finite distributive lattices where negation preserves involution, i.e., �¦������ � for every element � of the logic. Such structures are called quasi-boolean algebras, and model-checking over these not only extends the domain of applicability of automated reasoning to new problems, but can also speed up solutions to some classical verification problems. Symbolic model-checking over quasi-boolean algebras can be cast in terms of operations over multi-valued sets: sets whose membership functions are multi-valued. In this paper, we propose and empirically evaluate several choices for implementing multi-valued sets with decision diagrams. In particular, we describe two major approaches: (1) representing the multi-valued membership function canonically, using MDDs or ADDs; (2) representing multi-valued sets as a collection of classical sets, using a vector of either MBTDDs or BDDs. The naive implementation of (2) includes having a classical set for each value of the algebra. We exploit a result of lattice theory to reduce the number of such sets that need to be represented. The major contribution of this paper is the evaluation of the different implementations of multivalued sets, done via a series of experiments and using several case studies. 1