Results 1 
7 of
7
Model Checking and Modular Verification
 ACM Transactions on Programming Languages and Systems
, 1991
"... We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing ..."
Abstract

Cited by 283 (11 self)
 Add to MetaCart
(Show Context)
We describe a framework for compositional verification of finite state processes. The framework is based on two ideas: a subset of the logic CTL for which satisfaction is preserved under composition; and a preorder on structures which captures the relation between a component and a system containing the component. Satisfaction of a formula in the logic corresponds to being below a particular structure (a tableau for the formula) in the preorder. We show how to do assumeguarantee style reasoning within this framework. In addition, we demonstrate efficient methods for model checking in the logic and for checking the preorder in several special cases. We have implemented a system based on these methods, and we use it to give a compositional verification of a CPU controller. 1 Introduction Temporal logic model checking procedures are useful tools for the verification of finite state systems [3, 12, 20]. However, these procedures have traditionally suffered from the state explosion proble...
Onthefly Verification of Finite Transition Systems
, 1993
"... The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a wellunderstood procedure. It is straightforwardly applicable to many description languages and is actually implemented in several industrial tools. But one of the main limitations of today&apo ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a wellunderstood procedure. It is straightforwardly applicable to many description languages and is actually implemented in several industrial tools. But one of the main limitations of today's verification tools is the size of the memory needed to exhaustively build the state graphs of the programs. For numerous properties, it is not necessary to explicitly build this graph and an exhaustive depthfirst traversal is often sufficient. This leads to an online algorithms for computing Buchi acceptance (in the deterministic case) and behavioral equivalences: they are presented in detail. In order to avoid retraversing states, it is however important to store some of the already visited states in memory. To keep the memory size bounded (and avoid a performance falling down), visited states are randomly replaced. In most cases this depthfirst traversal with replacement ca...
Compositional state space generation with partial order reductions for Asynchronous Communicating Systems
 In Proceedings of TACAS'2000
, 2000
"... . Compositional generation is an incremental technique for generating a reduced labelled transition system representing the behaviour of a set of communicating processes. In particular, since intermediate reductions can be performed after each generation step, the size of the Lts can be kept sma ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
. Compositional generation is an incremental technique for generating a reduced labelled transition system representing the behaviour of a set of communicating processes. In particular, since intermediate reductions can be performed after each generation step, the size of the Lts can be kept small and stateexplosion can be avoided in many cases. This paper deals with compositional generation in presence of asynchronous communications via shared buffers. More precisely, we show how partialorder reduction techniques can be used in this context to define equivalence relations: that preserve useful properties, are congruence w.r.t asynchronous composition, and rely on a (syntactic) notion of preorder on execution sequences characterizing their "executability" in any buffer environment. Two such equivalences are proposed, together with dedicated asynchronous composition operators able to directly produce reduced Lts. 1 Introduction This work takes place in the context of fo...
OnTheFly Verification Of Finite Transition Systems
 FORMAL METHODS IN SYSTEM DESIGN
, 1993
"... The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a wellunderstood procedure It is actually implemented in several industrial tools but one of their main limitations is the size of the memory needed to exhaustively build the state graphs of the pr ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
The analysis of programs by the exhaustive inspection of reachable states in a finite state graph is a wellunderstood procedure It is actually implemented in several industrial tools but one of their main limitations is the size of the memory needed to exhaustively build the state graphs of the programs. For numerous properties such as Buchi acceptance (in the deterministic case) and behavioral equivalence, it is not necessary to explicitly build this graph and an exhaustive depthfirst traversal is often sufficient. In order to avoid retraversing states, it is however important to store in memory some of the already visited states and randomly replace them (to keep the memory size bounded and avoid a performance falling down) In most cases this depthfirst traversal with replacement can push back significantly the limits of verification tools.
ABSTRACT JUN ZHOU. Deadlock Analysis of MessagePassing Programs with Identical Processes.
"... Deadlocks are a common type of faults in messagepassing programs. One approach to detecting deadlocks in a messagepassing program is to perform reachability analysis, which involves deriving possible global states of the program. The resulting state graph is referred to as a reachability graph (RG ..."
Abstract
 Add to MetaCart
(Show Context)
Deadlocks are a common type of faults in messagepassing programs. One approach to detecting deadlocks in a messagepassing program is to perform reachability analysis, which involves deriving possible global states of the program. The resulting state graph is referred to as a reachability graph (RG). The size of the RG of a messagepassing program, in the worst case, is an exponential function of the number of processes in the program. This problem, referred to as the state explosion problem, makes reachability analysis impractical for messagepassing programs with many processes. Assume that P is a messagepassing program that contains one process type T with a dynamic number of instances. Let Pm denote the version of P that has m instances of T. To detect deadlocks in P, we apply reachability analysis to P1, P2,..., and Pn, where n is an integer chosen randomly or according to some criterion. If the value of n is large, reachability analysis of Pn is impractical. If the value of n is small, we have little confidence on whether Pk is deadlockfree for any k>n. A deadlock cutoff number c for P means that under certain conditions, if Pc has no deadlocks, then Pk has no deadlocks for any k>c. For messagepassing programs that contain two or more process types with dynamic