Constraint Logic Programming (CLP) is a merger of two declarative paradigms: constraint solving and logic programming. Although a relatively new field, CLP has progressed in several quite different directions. In particular, the early fundamental concepts have been adapted to better serve in different areas of applications. In this survey of CLP, a primary goal is to give a systematic description of the major trends in terms of common fundamental concepts. The three main parts cover the theory, implementation issues, and programming for applications.

This paper gives a simple and direct algorithm for computing the always regular set of reachable states of a pushdown system. It then exploits this algorithm for obtaining model checking algorithms for linear-time temporal logic as well as for the logic CTL. For the latter, a new technical tool is introduced: pushdown automata with transitions conditioned on regular predicates on the stack content. Finally, this technical tool is also used to establish that CTL model checking remains decidable when the formulas are allowed to include regular predicates on the stack content.

How can a computer program developer ensure that a program actually implements its intended purpose? This article describes a method for checking the correctness of certain types of computer programs. The method is used commercially in the development of programs implemented as integrated circuits and is applicable to the development of “control-intensive ” software programs as well. “Divide-and-conquer ” techniques central to this method apply to a broad range of program verification methodologies. Classical methods for testing and quality control no longer are sufficient to protect us from communication network collapses, fatalities from medical machinery malfunction, rocket guidance failure, or a half-billion dollar commercial loss due to incorrect arithmetic in a popular integrated circuit. These sensational examples are only the headline cases. Behind them are multitudes of mundane programs whose failures merely infuriate their users and cause increased costs to their producers. A source of such problems is the growth in program complexity. The more a program controls, the more types of interactions it supports. For example, the telephone “call-forwarding ” service (forwarding incoming calls to a customer-designated number) interacts with the “billing ” program that must determine whether the forwarding number or the calling number gets charged for the additional connection to the customer-designated number. At the same time, call-forwarding interacts with the “connection ” program that deals with the issue of

This paper offers a synthetic overview of, and original contributions to, the use of logics and formal methods in the analysis of hybrid systems

. In computer system design, we distinguish between closed and open systems. A closed system is a system whose behavior is completely determined by the state of the system. An open system is a system that interacts with its environment and whose behavior depends on this interaction. The ability of temporal logics to describe an ongoing interaction of a reactive program with its environment makes them particularly appropriate for the specification of open systems. Nevertheless, model-checking algorithms used for the verification of closed systems are not appropriate for the verification of open systems. Correct model checking of open systems should check the system with respect to arbitrary environments and should take into account uncertainty regarding the environment. This is not the case with current model-checking algorithms and tools. In this paper we introduce and examine the problem of model checking of open systems (mod- ule checking, for short). We show that while module che...

) E. Allen Emerson and Kedar S. Namjoshi Department of Computer Sciences, The University of Texas at Austin, U.S.A. Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parameterized Model Checking Problem (PMCP) is to determine whether a temporal property is true of every size instance of the system. We consider systems formed by a synchronous parallel composition of a single control process with an arbitrary number of homogeneous user processes, and show that the PMCP is decidable for properties expressed in an indexed propositional temporal logic. While the problem is in general PSPACE-complete, our initial experimental results indicate that the method is usable in practice. 1 Introduction Systems with an arbitrary number of homogeneous processes occur in many contexts, especially in protocols for data communication, cache coherence, and classical synchronization problems. Current verification work on such systems has focussed mostly...

We briefly survey the background and history of modal and temporal logics. We then concentrate on the modal mu-calculus, a modal logic which subsumes most other commonly used logics. We provide an informal introduction, followed by a summary of the main theoretical issues. We then look at model-checking, and finally at the relationship of modal logics to other formalisms.

JACK, standing for Just Another Concurrency Kit, is a new environment integrating a set of verification tools, supported by a graphical interface offering facilities to use these tools separately or in combination. The environment proposes several functionalities for the design, analysis and verification of concurrent systems specified using process algebra. Tools exchange information through a text format called Fc2. Users are able to graphically layout their specifications, that will be automatically converted into the Fc2 format and then minimised with respect to various kinds of equivalences. A branching time and action based logic, ACTL, is used to describe the properties that the specification must satisfy, and model checking of ACTL formulae on the specification is performed in linear time. A translator from Natural Language to ACTL formulae is provided, in order to simplify the job to describe the specification properties by ACTL formulae. A description of the graphical interface is given together with its functionalities and the exchange format used by the tools. As an example of use of JACK, we present a small case study within JACK, that covers both verification of a software system and verification of its properties.

In implementation verification, we check that an implementation is correct with respect to a specification by checking whether the behaviors of a transition system that models the program's implementation correlate with the behaviors of a transition system that models its specification. In this paper, we investigate the effect of concurrency on the complexity of implementation verification. We consider trace-based and tree-based approaches to the verification of concurrent transition systems, with and without fairness. Our results show that in almost all cases the complexity of the problem is exponentially harder than that of the sequential case. Thus, as in the model-checking verification methodology, the stateexplosion problem cannot be avoided. A preliminary version of this work appeared in the proceedings of the 8th Conference on Concurrency Theory. y Department of Applied Mathematics & Computer Science, Weizmann institute, Rehovot 76100, Israel. Email: harel@wisdom.weizm...

Failure diagnosis problem of discrete event systems with linear-time temporal logic specications is studied in this paper. Diagnosability of discrete event systems in the temporal logic setting is dened. The problem of testing diagnosability is reduced to the problem of model checking. An algorithm for the test of diagnosability and the synthesis of a diagnoser is obtained. Finally, a simple example is given for illustration. The contributions of the paper are summarized as follows: (i) For the rst time an algorithm, of complexity polynomial in the number of states of the system and the number of specications, for the diagnoser synthesis is derived in the temporal logic setting; (ii) Usage of temporal logic makes the specication specifying process easier and userfriendly since natural language specications can be easily translated to temporal logic specications (when compared to formal language/automata-based specications), yet there are computational savings in the design of diagnoser (compared to that of formal language/automata-based specications); (iii) LTL-based failure diagnosis method can capture the failures representing violation of liveness properties which can not be captured by prior formal language/automaton-based failure diagnosis methods, which can only capture failures representing violation of safety properties (such as occurrence of a faulty event, or reaching a faulty state, etc.); (iv) By reducing the problem of testing diagnosability to that of model checking (and using the model checking to test the diagnosability) , a polynomial algorithm for testing diagnosability is obtained naturally; whence by using symbolic model checking we may test the diagnosability of large systems more eciently; (v) We relaxed the requirement...