Compositional Model Checking
, 1999
Abstract

Cited by 2407 (62 self)
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Property preserving abstractions for the verification of concurrent systems
 FORMAL METHODS IN SYSTEM DESIGN, VOL 6, ISS
, 1995
Abstract

Cited by 136 (4 self)
We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function mapping sets of states of a system S into sets of states of a system S'. We give results on the preservation of properties expressed in sublanguages of the branching timecalculus when two systems S and S' are related via h � isimulations. They can be used to verify a property for a system by verifying the same property on a simpler system which is an abstraction of it. We show also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed verification method. This is a revised version of the papers [2] and [16] � the results are fully developed in [27].
Foundations of Timed Concurrent Constraint Programming
 Proceedings of the Ninth Annual IEEE Symposium on Logic in Computer Science
, 1994
Abstract

Cited by 89 (10 self)
We develop a model for timed, reactive computation by extending the asynchronous, untimed concurrent constraint programming model in a simple and uniform way. In the spirit of process algebras, we develop some combinators expressible in this model, and reconcile their operational, logical and denotational character. We show how programs may be compiled into finitestate machines with loopfree computations at each state, thus guaranteeing bounded response time. 1 Introduction and Motivation Reactive systems [12,3,9] are those that react continuously with their environment at a rate controlled by the environment. Execution in a reactive system proceeds in bursts of activity. In each phase, the environment stimulates the system with an input, obtains a response in bounded time, and may then be inactive (with respect to the system) for an arbitrary period of time before initiating the next burst. Examples of reactive systems are controllers and signalprocessing systems. The primary issu...
Completing the Temporal Picture
, 1991
Abstract

Cited by 74 (16 self)
The paper presents a relatively complete proof system for proving the validity of temporal properties of reactive programs. The presented proof system improves on previous temporal systems, in that it reduces the validity of program properties into pure assertional reasoning, not involving additional temporal reasoning. The proof system is based on the classification of temporal properties according to the Borel hierarchy, providing appropriate proof rules for the classes of safety, response, and reactivity properties.
Interpreting Message Flow Graphs
 Formal Aspects of Computing
, 1995
Abstract

Cited by 48 (9 self)
We give a semantics for Message Flow Graphs(MFGs), which play the role for interprocess communication that Program Dependence Graphs play for control ow in parallel processes. MFGs have been used to analyse parallel code, and are closely related to Message Sequence Charts and Time Sequence Diagrams in telecommunications systems. Our requirements are rstly, to determine unambiguously exactly what execution traces are speci ed by anMFG, and secondly, to use a nitestate interpretation. Our methods function for both asynchronous and synchronous communications. From a set of MFGs, we de ne a transition system of global states, and from that a Buchi automaton by considering safety and liveness properties of the system. In order easily to describe liveness properties, we interpret the traces of the transition system as a model of MannaPnueli temporal logic. Finally,we describe the expressive power of MFGs by mimicking an arbitrary Buchi automaton by means of a set of MFGs. 1.
Discounting the future in systems theory
 In Automata, Languages, and Programming, LNCS 2719
, 2003
A Normal Form for Temporal Logic and its Application in TheoremProving and Execution
 Journal of Logic and Computation
, 1997
Abstract

Cited by 44 (26 self)
In this paper a normal form, called Separated Normal Form (SNF), for temporal logic formulae is described. A simple propositional temporal logic, based on a discrete linear model structure, is introduced and a procedure for transforming an arbitrary formula of this logic into SNF is described. It is shown that the transformation process preserves satisfiability and ensures that any model of the transformed formula is a model of the original one. This normal form not only provides a simple and concise representation for temporal formulae, but is also used as the basis for both a resolution proof method and an execution mechanism for this type of temporal logic. In addition to outlining these applications, we show how the normal form can be extended to deal with firstorder temporal logic. 1
Automated Temporal Reasoning about Reactive Systems
, 1996
Abstract

Cited by 39 (2 self)
. There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective and reliable means of specifying and ensuring correct behavior of such systems. This paper discusses known complexity and expressiveness results for a number of such logics in common use and describes key technical tools for obtaining essentially optimal mechanical reasoning algorithms. However, the emphasis is on underlying intuitions and broad themes rather than technical intricacies. 1 Introduction There is a growing need for reliable methods of designing correct reactive systems. These systems are characterized by ongoing, typically nonterminating and highly nondeterministic behavior. Examples include operating systems, network protocols, and air traffic control systems. There is w...
Programming in Timed Concurrent Constraint Languages
, 1994
Abstract

Cited by 34 (4 self)
This paper explores Lhc expressive power of Lhc tcc paradigm. The origin of Lhc work in Lhc inLcgraLion of synchronous and consLrainL programming is described. The basic conceptual and maLhcmaLical framework developed in Lhc spirk of Lhc modelbased approach characLcrisLic of LhcorcLical compuLcr science is reviewed. Wc show LhaL a range of consLrucLs for expressing LimcouLs, prccmpLion and oLhcr complicaLcd paLLcrns of Lcmporal acLivky arc expressible in the basic model and languageframework. Indeed, we present a single construct on processes, definable in the language, that can simulate the effect of other preemption constructs