Results 1  10
of
39
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Verification Tools for FiniteState Concurrent Systems
"... Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not t ..."
Abstract

Cited by 118 (3 self)
 Add to MetaCart
Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not the statetransition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and
Reasoning about networks with many identical processes
 Information and Computation
, 1989
"... Consider a distributed mutual exclusion algorithm fur processes arranged in a ring network in which mutual exclusion is guaranteed by means of a token that is passed around the ring ( [6], [10], [12]). How can we determine that such a system of processes is correct? Our first attempt might be to co ..."
Abstract

Cited by 95 (9 self)
 Add to MetaCart
Consider a distributed mutual exclusion algorithm fur processes arranged in a ring network in which mutual exclusion is guaranteed by means of a token that is passed around the ring ( [6], [10], [12]). How can we determine that such a system of processes is correct? Our first attempt might be to consider a reduced system with one or two processes. If we can show that the reduced system is correct and if the individual processes are really identical, then we are tempted to conelude that the entire system will be correct.. In fact, this type of informal argument is used quite frequently by designers in constructing systems that contain large numbers of identical processing elements. Of course, it is easy to contrive an example in which some pathological behavior only occurs when, say, 100 processes are connected together. By examining a system with only one or two processes it might even be quite difficult to determine that this behavior is possible. Nevertheless, one has the feeling that in many cases this kind of intuitive reasoning does
Automatic verification of sequential circuits using temporal logic
 IEEE Transactions on Computer C35
, 1986
"... AbstractVerifying the correctness of sequential circuits has been an important problem for a long time. But lack of any formal and efficient method of verification has prevented the creation of practical design aids for this purpose. Since all the known techniques of simulation apd prototype testi ..."
Abstract

Cited by 74 (11 self)
 Add to MetaCart
AbstractVerifying the correctness of sequential circuits has been an important problem for a long time. But lack of any formal and efficient method of verification has prevented the creation of practical design aids for this purpose. Since all the known techniques of simulation apd prototype testing are time consuming and not very reliable, there is an acute need for such tools. In this paper we describe an automatic verification system for sequential circuits in which specifications are expressed in a propositional temporal logic. In contrast to most other mechanical verification systems, our system does not require any user assistance and is quite;fastexperimental results show that state machines with several hundred states can be checked for correctness in a matter of seconds! The verification system uses a simple and efficient algorithm, called a model checker. The algorithm works in two steps: in the first step, it builds a labeled statetransition graph; and in the second step, it determines the truth of a temporal formula with. respect to the statetransition graph. We discuss two different techniques that we thave implemented for automatically generating the statetransition graphs: The first involves extracting the state graph directly feom the circuit by exhaustive simulation. The second obtains the state graph by compilation from an HDL specification of the original circuit. Index TermsAsynchronous circuits, hardware verification, sequential circuit verification, temporal logic, temporal logic model checking. I.
Model building and model checking for biochemical processes
 Cell Biochemistry and Biophysics
, 2003
"... A central claim of computational systems biology is that, by drawing upon mathematical approaches developed in the context of dynamical systems, kinetic analysis, computational theory and logic, it is possible to create powerful simulation, analysis and reasoning tools for working biologists to be u ..."
Abstract

Cited by 50 (3 self)
 Add to MetaCart
A central claim of computational systems biology is that, by drawing upon mathematical approaches developed in the context of dynamical systems, kinetic analysis, computational theory and logic, it is possible to create powerful simulation, analysis and reasoning tools for working biologists to be used in deciphering existing data, devising new experiments and ultimately, understanding functional properties of genomes, proteomes, cells, organs and organisms. In this paper we describe a novel computational tool that achieves many of the goals of this new discipline. The novelty of this system involves an automatonbased semantics of the temporal evolution of complex biochemical reactions starting from the representation given as a set of differential equations. More importantly, the related tools also provide ability to qualitatively reason about the systems using a propositional temporal logic that can express ordered sequence of events succinctly and unambiguously. The implementation of our mathematical and computational models in the Simpathica and XSSYS systems is described briefly. Several example applications of these systems to cellular and biochemical processes are presented: the two most prominent ones are Leibler et al.’s repressilator (an artificial synthesized oscillatory network) and CurtoVoitSorribasCascante’s purine metabolism reaction model.
Efficient Generation of Counterexamples and Witnesses in Symbolic Model Checking
, 1994
"... Model checking is an automatic technique for verifying sequential circuit designs and protocols. An efficient search procedure is used to determine whether or not the specification is satisfied. If it is not satisfied, our technique will produce a counterexample execution trace that shows the cause ..."
Abstract

Cited by 48 (2 self)
 Add to MetaCart
Model checking is an automatic technique for verifying sequential circuit designs and protocols. An efficient search procedure is used to determine whether or not the specification is satisfied. If it is not satisfied, our technique will produce a counterexample execution trace that shows the cause of the problem. Although finding counterexamples is extremely important, there is no description of how to do this in the literature on model checking. We describe an efficient algorithm to produce counterexamples and witnesses for symbolic model checking algorithms. This algorithm is used in the SMV model checker and works quite well in practice. We also discuss how to extend our technique to more complicated specifications. This extension makes it possible to find counterexamples for verification procedures based on showing language containment between various types of omegaautomata.
Automated Temporal Reasoning about Reactive Systems
, 1996
"... . There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective a ..."
Abstract

Cited by 39 (2 self)
 Add to MetaCart
. There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective and reliable means of specifying and ensuring correct behavior of such systems. This paper discusses known complexity and expressiveness results for a number of such logics in common use and describes key technical tools for obtaining essentially optimal mechanical reasoning algorithms. However, the emphasis is on underlying intuitions and broad themes rather than technical intricacies. 1 Introduction There is a growing need for reliable methods of designing correct reactive systems. These systems are characterized by ongoing, typically nonterminating and highly nondeterministic behavior. Examples include operating systems, network protocols, and air traffic control systems. There is w...
A Methodology for Hardware Verification Based on Logic Simulation
 Journal of the ACM
, 1991
"... A logic simulator can prove the correctness of a digital circuit if it can be shown that only circuits fulfilling the system specification will produce a particular response to a sequence of simulation commands. This style of verification has advantages over other proof methods in being readily a ..."
Abstract

Cited by 37 (5 self)
 Add to MetaCart
A logic simulator can prove the correctness of a digital circuit if it can be shown that only circuits fulfilling the system specification will produce a particular response to a sequence of simulation commands. This style of verification has advantages over other proof methods in being readily automated and requiring less attention on the part of the user to the lowlevel details of the design. It has advantages over other approaches to simulation in providing more reliable results, often at a comparable cost.
Model checking and the Mucalculus
 DIMACS Series in Discrete Mathematics
, 1997
"... There is a growing recognition of the need to apply formal mathematical methods in the design of "high confidence" computing systems. Such systems operate in safety critical contexts (e.g., air traffic control systems) or where errors could have major adverse economic consequences (e.g., banking n ..."
Abstract

Cited by 37 (0 self)
 Add to MetaCart
There is a growing recognition of the need to apply formal mathematical methods in the design of "high confidence" computing systems. Such systems operate in safety critical contexts (e.g., air traffic control systems) or where errors could have major adverse economic consequences (e.g., banking networks). The problem is especially acute in the design of many reactive systems which must exhibit correct ongoing behavior, yet are not amenable to thorough testing due to their inherently nondeterministic nature. One useful approach for specifying and reasoning about correctness of such systems is temporal logic model checking, which can provide an efficient and expressive tool for automatic verification that a finite state system meets a correctness specification formulated in temporal logic. We describe model checking algorithms and discuss their application. To do this, we focus attention on a particularly important type of temporal logic known as the Mucalculus.
Enhancing Model Checking in Verification by AI Techniques
 Artificial Intelligence
, 1999
"... Model checking is a fruitful application of computational logic with high relevance to the verification of concurrent systems. While model checking is capable of automatically testing that a concurrent system satisfies its formal specification, it can not precisely locate an error and suggest a r ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
Model checking is a fruitful application of computational logic with high relevance to the verification of concurrent systems. While model checking is capable of automatically testing that a concurrent system satisfies its formal specification, it can not precisely locate an error and suggest a repair, i.e., a suitable correction, to the system. In this paper, we tackle this problem by using principles from AI. In particular, we introduce the abstract concept of a system repair problem, and exemplify this concept on repair of concurrent programs and protocols. For the development of our framework, we formally extend the concept of counterexample, which has been proposed in model checking previously, and provide examples which demonstrate the need for such an extension. Moreover, we investigate into optimization issues for the problem of finding a repair, and present techniques which gain in some cases a considerable reduction of the search space for a repair.