Results 1  10
of
13
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2395 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Verification Tools for FiniteState Concurrent Systems
"... Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not t ..."
Abstract

Cited by 117 (3 self)
 Add to MetaCart
Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not the statetransition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and
Another Look at LTL Model Checking
 FORMAL METHODS IN SYSTEM DESIGN
, 1994
"... We show how LTL model checking can be reduced to CTL model checking with fairness constraints. Using this reduction, we also describe how to construct a symbolic LTL model checker that appears to be quite efficient in practice. In particular, we show how the SMV model checking system developed by Mc ..."
Abstract

Cited by 111 (11 self)
 Add to MetaCart
We show how LTL model checking can be reduced to CTL model checking with fairness constraints. Using this reduction, we also describe how to construct a symbolic LTL model checker that appears to be quite efficient in practice. In particular, we show how the SMV model checking system developed by McMillan [16] can be extended to permit LTL specifications. The results that we have obtained are quite surprising. For the examples we considered, the LTL model checker required at most twice as much time and space as the CTL model checker. Although additional examples still need to be tried, it appears that efficient LTL model checking is possible when the specifications are not excessively complicated.
Modal Logics and muCalculi: An Introduction
, 2001
"... We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mucalculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at modelchec ..."
Abstract

Cited by 44 (3 self)
 Add to MetaCart
We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mucalculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at modelchecking, and finally at the relationship of modal logics to other formalisms.
The Common Fragment of CTL and LTL
 In IEEE Symposium on Foundations of Computer Science
, 2000
"... It is wellknown that CTL and LTL have incomparable expressive power. In this paper, we give an inductive definition of those ACTL formulas that can be expressed in LTL. In addition, we obtain a procedure to decide whether an ACTL formula lies in LTL, and show that this problem is PSPACE complete. B ..."
Abstract

Cited by 40 (1 self)
 Add to MetaCart
It is wellknown that CTL and LTL have incomparable expressive power. In this paper, we give an inductive definition of those ACTL formulas that can be expressed in LTL. In addition, we obtain a procedure to decide whether an ACTL formula lies in LTL, and show that this problem is PSPACE complete. By omitting path quantifiers, we get an inductive definition of the LTL formulas expressible in ACTL. We can show that the fragment defined by our logic represents exactly those LTL formulas the negation of which can be represented by a 1weak Büchi automaton and that for this fragment, the representing automaton can be chosen to be of size linear in the size of the formula.
Runtime verification for LTL and TLTL
, 2007
"... This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued ..."
Abstract

Cited by 24 (7 self)
 Add to MetaCart
This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued semantics (with truth values true, false, inconclusive) as an adequate interpretation as to whether a partial observation of a running system meets an LTL or TLTL property. For LTL, a conceptually simple monitor generation procedure is given, which is optimal in two respects: First, the size of the generated deterministic monitor is minimal, and, second, the monitor identifies a continuously monitored trace as either satisfying or falsifying a property as early as possible. The feasibility of the developed methodology is demontrated using a collection of realworld temporal logic specifications. Moreover, the presented approach is related to the properties monitorable in general and is compared to existing concepts in the literature. It is shown that the set of monitorable properties does not only encompass the safety and cosafety properties but is strictly larger. For TLTL, the same road map is followed by first defining a threevalued semantics. The corresponding construction of a timed monitor is more involved, yet, as shown, possible.
A Brief Account of Runtime Verification
, 2008
"... In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to wellknown verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishi ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
In this paper, a brief account of the field of runtime verification is given. Starting with a definition of runtime verification, a comparison to wellknown verification techniques like model checking and testing is provided, and applications in which runtime verification brings out its distinguishing features are pointed out. Moreover, extensions of runtime verification such as monitororiented programming, and monitorbased runtime reflection are sketched and their similarities and differences are discussed. Finally, the use of runtime verification for contract enforcement is briefly pointed out.
Optimal Complexity Bounds for Positive LTL Games
"... We prove two tight bounds on complexity of deciding graph games with winning conditions defined by formulas from fragments of LTL. Our first result is that deciding LTL+(#,#, games is in PSPACE. This is a tight bound: the problem is known to be PSPACEhard even for the much weaker logic LTL+(#, # ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We prove two tight bounds on complexity of deciding graph games with winning conditions defined by formulas from fragments of LTL. Our first result is that deciding LTL+(#,#, games is in PSPACE. This is a tight bound: the problem is known to be PSPACEhard even for the much weaker logic LTL+(#, #).
Model Checking: Historical Perspective and Example (Extended Abstract)
 TABLEAUX'98
, 1998
"... Model checking is an automatic verification technique for finite state concurrent systems such as sequential circuit designs and communication protocols. Specifications are expressed in propositional temporal logic. An exhaustive search of the global state transition graph or system model is u ..."
Abstract
 Add to MetaCart
Model checking is an automatic verification technique for finite state concurrent systems such as sequential circuit designs and communication protocols. Specifications are expressed in propositional temporal logic. An exhaustive search of the global state transition graph or system model is used to determine if the specification is true or not. If the