Results 1  10
of
13
Model Checking and Modular Verification
 ACM Transactions on Programming Languages and Systems
, 1991
"... We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing ..."
Abstract

Cited by 271 (11 self)
 Add to MetaCart
We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing the component. Satisfaction of a formula in the logic corresponds to being below a particular structure (a tableau for the formula) in the preorder. We show how to do assumeguarantee style reasoning within this framework. In addition, we demonstrate efficient methods for model checking in the logic and for checking the preorder in several special cases. We have implemented a system based on these methods, and we use it to give a compositional verification of a CPU controller. 1 Introduction Temporal logic model checking procedures are useful tools for the verification of finite state systems [3, 12, 20]. However, these procedures have traditionally suffered from the state explosion proble...
Verification Tools for FiniteState Concurrent Systems
"... Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not t ..."
Abstract

Cited by 117 (3 self)
 Add to MetaCart
Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not the statetransition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and
Modular Model Checking of Software
 In Conference on Tools and Algorithms for the Construction and Analysis of Systems
, 1997
"... This work presents a modular approach to temporal logic model checking of software. Model checking is a method that automatically determines whether a finite state system satisfies a temporal logic specification. Model checking algorithms have been successfully used to verify complex systems. Howeve ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
This work presents a modular approach to temporal logic model checking of software. Model checking is a method that automatically determines whether a finite state system satisfies a temporal logic specification. Model checking algorithms have been successfully used to verify complex systems. However, their use is limited by the high space requirements needed to represent the verified system. When hardware designs are considered, a typical solution is to partition the design into units running in parallel, and handle each unit separately. For software systems such a solution is not always feasible. This is because a software system might be too large to fit into memory even when it consists of a single sequential unit. To avoid the high space requirements for software we suggest to partition the program text into sequentially composed subprograms. Based on this partition, we present a model checking algorithm for software that arrives at its conclusion by examining each subprogram in s...
On the Complexity of Branching Modular Model Checking (Extended Abstract)
, 1995
"... In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consid ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consider assumeguarantee specifications in which the assumptions and the guarantees are specified by universal branching temporal formulas (i.e., all path quantifiers are universal). Verifying modules with respect to such specifications is called the branching modular modelchecking problem. We consider both ACTL and ACTL*, the universal fragments of CTL and CTL*. We develop two fundamental techniques: building max...
An AutomataTheoretic Approach to Modular Model Checking
, 1998
"... this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
this paper we consider assumeguarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in 8CTL and 8CTL
An abstract account of composition
 MATHEMATICAL FOUNDATIONS OF COMPUTER SCIENCE
, 1995
"... We presentalogic of specifications of reactive systems. The logic is independent of particular computational models, but it captures common patterns of reasoning with assumptioncommitment specifications. We use the logic for deriving proof rules for TLA and CTL specifications. ..."
Abstract

Cited by 15 (1 self)
 Add to MetaCart
We presentalogic of specifications of reactive systems. The logic is independent of particular computational models, but it captures common patterns of reasoning with assumptioncommitment specifications. We use the logic for deriving proof rules for TLA and CTL specifications.
Lazy Compositional Verification
 In this volume
, 1998
"... . Existing methodologies for the verification of concurrent systems are effective for reasoning about global properties of small systems. For large systems, these approaches become expensive both in terms of computational and human effort. A compositional verification methodology can reduce the ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
. Existing methodologies for the verification of concurrent systems are effective for reasoning about global properties of small systems. For large systems, these approaches become expensive both in terms of computational and human effort. A compositional verification methodology can reduce the verification effort by allowing global system properties to be derived from local component properties. For this to work, each component must be viewed as an open system interacting with a wellbehaved environment. Much of the emphasis in compositional verification has been on the assumeguarantee paradigm where component properties are verified contingent on properties that are assumed of the environment. We highlight an alternate paradigm called lazy composition where the component properties are proved by composing the component with an abstract environment. We present the main ideas underlying lazy composition along with illustrative examples, and contrast it with the assumegu...
What if Model Checking Must Be Truly Symbolic
, 1995
"... There are many methodologies whose main concern it is to reduce the complexity of a verification problem to be ultimately able to apply model checking. Here we propose to use a model checking like procedure which operates on a small, truly symbolic description of the model. We do so by exploiting ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
There are many methodologies whose main concern it is to reduce the complexity of a verification problem to be ultimately able to apply model checking. Here we propose to use a model checking like procedure which operates on a small, truly symbolic description of the model. We do so by exploiting systematically the separation between the (small) control part and the (large) data part of systems which often occurs in practice. By expanding the control part, we get an intermediate description of the system which already allows our symbolic model checking procedure to produce meaningful results but which is still small enough to allow model checking to be performed. 1 Introduction This paper is about a close marriage of two well known verification paradigms: that of model checking and generation of verification conditions . There is no need for reiterating the success story of model checking in the verification of reactive systems originating with the seminal paper by Clarke, Emer...
Towards the TheoryGuided Design of Help Systems for Programming and Modelling Tasks
 C. Frasson, G. Gauthier & G.I. McCalla (eds): Intelligent tutoring systems, Proceedings ITS 92
, 1992
"... This paper describes an approach to the design of online help for programming tasks and modelling tasks, based on a theoretical framework of problem solving and learning. The framework leads to several design principles which are important to the problem of when and how to supply help information t ..."
Abstract

Cited by 6 (5 self)
 Add to MetaCart
This paper describes an approach to the design of online help for programming tasks and modelling tasks, based on a theoretical framework of problem solving and learning. The framework leads to several design principles which are important to the problem of when and how to supply help information to a learner who is constructing a solution to a given problem. We will describe two example domains where we apply these design principles: The ABSYNT problem solving monitor supports learners with help and proposals for functional programming. The PETRIHELP system currently under development is intended to support the learning of modelling with Petri nets.