Results 1  10
of
122
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 3209 (69 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Symbolic Model Checking: 10^20 States and Beyond
, 1992
"... Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of st ..."
Abstract

Cited by 749 (41 self)
 Add to MetaCart
Many different methods have been devised for automatically verifying finite state systems by examining stategraph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state space symbolical/y instead of explicitly. The generality of our method comes from using a dialect of the MuCalculus as the primary specification language. We describe a model checking algorithm for MuCalculus formulas that uses Bryant’s Binary Decision Diagrams (Bryant, R. E., 1986, IEEE Trans. Comput. C35) to represent relations and formulas. We then show how our new MuCalculus model checking algorithm can be used to derive efficient decision procedures for CTL model checking, satistiability of lineartime temporal logic formulas, strong and weak observational equivalence of finite transition systems, and language containment for finite wautomata. The fixed point computations for each decision procedure are sometimes complex. but can be concisely expressed in the MuCalculus. We illustrate the practicality of our approach to symbolic model checking by discussing how it can be used to verify a simple synchronous pipeline circuit.
A Direct Symbolic Approach to Model Checking Pushdown Systems (Extended Abstract)
, 1997
"... This paper gives a simple and direct algorithm for computing the always regular set of reachable states of a pushdown system. It then exploits this algorithm for obtaining model checking algorithms for lineartime temporal logic as well as for the logic CTL. For the latter, a new technical tool is i ..."
Abstract

Cited by 136 (4 self)
 Add to MetaCart
This paper gives a simple and direct algorithm for computing the always regular set of reachable states of a pushdown system. It then exploits this algorithm for obtaining model checking algorithms for lineartime temporal logic as well as for the logic CTL. For the latter, a new technical tool is introduced: pushdown automata with transitions conditioned on regular predicates on the stack content. Finally, this technical tool is also used to establish that CTL model checking remains decidable when the formulas are allowed to include regular predicates on the stack content.
A Technique of State Space Search Based on Unfolding
 Formal Methods in System Design
, 1992
"... Unfoldings of Petri nets provide a method of searching the state space of concurrent systems without considering all possible interleavings of concurrent events. A procedure is given for constructing the unfolding of a Petri net, terminating the construction when it is sufficient to represent all re ..."
Abstract

Cited by 88 (0 self)
 Add to MetaCart
(Show Context)
Unfoldings of Petri nets provide a method of searching the state space of concurrent systems without considering all possible interleavings of concurrent events. A procedure is given for constructing the unfolding of a Petri net, terminating the construction when it is sufficient to represent all reachable markings. This procedure is applied to hazard and deadlock detection in asynchronous circuits. Examples are given of scalable systems with exponential size state spaces, but polynomial size unfoldings, including a distributed mutual exclusion ring circuit.
Compositional and Symbolic ModelChecking of RealTime Systems
 In Proc. of the 16th IEEE RealTime Systems Symposium
, 1995
"... Efficient automatic modelchecking algorithms for realtime systems have been obtained in recent years based on the stateregion graph technique of Alur, Courcoubetis and Dill. However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in t ..."
Abstract

Cited by 71 (21 self)
 Add to MetaCart
(Show Context)
Efficient automatic modelchecking algorithms for realtime systems have been obtained in recent years based on the stateregion graph technique of Alur, Courcoubetis and Dill. However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in the space of control nodes, and explosion in the region space over clockvariables. In this paper we attack these explosion problems by developing and combining compositional and symbolic modelchecking techniques. The presented techniques provide the foundation for a new automatic verification tool Uppaal. Experimental results indicate that Uppaal performs time and spacewise favorably compared with other realtime verification tools. 1 Introduction Within the last decade modelchecking has turned out to be a useful technique for verifying temporal properties of finitestate systems. Efficient modelchecking algorithms for finitestate systems have been obtained with respect to a number o...
PartialOrder Reduction in Symbolic State Space Exploration
, 1997
"... . State space explosion is a fundamental obstacle in formal verification of designs and protocols. Several techniques for combating this problem have emerged in the past few years, among which two are significant: partialorder reductions and symbolic state space search. In asynchronous systems, ..."
Abstract

Cited by 66 (0 self)
 Add to MetaCart
. State space explosion is a fundamental obstacle in formal verification of designs and protocols. Several techniques for combating this problem have emerged in the past few years, among which two are significant: partialorder reductions and symbolic state space search. In asynchronous systems, interleavings of independent concurrent events are equivalent, and only a representative interleaving needs to be explored to verify local properties. Partialorder methods exploit this redundancy and visit only a subset of the reachable states. Symbolic techniques, on the other hand, capture the transition relation of a system and the set of reachable states as boolean functions. In many cases, these functions can be represented compactly using binary decision diagrams (BDDs). Traditionally, the two techniques have been practiced by two different schoolspartialorder methods with enumerative depthfirst search for the analysis of asynchronous network protocols, and symbolic bread...
A Partial Order Approach to Branching Time Logic Model Checking
 Information and Computation
, 1994
"... Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implem ..."
Abstract

Cited by 64 (15 self)
 Add to MetaCart
Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implemented and demonstrated for assertional languages that model the executions of a program as computation sequences, in particular the logic LTL (linear temporal logic). The present paper shows, for the first time, how this approach can be applied to languages that model the behavior of a program as a tree. We study here partial order reductions for branching temporal logics, e.g., the logics CTL and CTL (all logics with the nexttime operator removed) and process algebras such as CCS. Conditions on the subset of successors from each node to guarantee reduction that preserves CTL properties are given. Provided experimental results show that the reduction is substantial. 1 Introduction Partial ord...
CrystalBall: Predicting and Preventing Inconsistencies in Deployed Distributed Systems
"... We propose a new approach for developing and deploying distributed systems, in which nodes predict distributed consequences of their actions, and use this information to detect and avoid errors. Each node continuously runs a state exploration algorithm on a recent consistent snapshot of its neighbor ..."
Abstract

Cited by 51 (5 self)
 Add to MetaCart
(Show Context)
We propose a new approach for developing and deploying distributed systems, in which nodes predict distributed consequences of their actions, and use this information to detect and avoid errors. Each node continuously runs a state exploration algorithm on a recent consistent snapshot of its neighborhood and predicts possible future violations of specified safety properties. We describe a new state exploration algorithm, consequence prediction, which explores causally related chains of events that lead to property violation. This paper describes the design and implementation of this approach, termed CrystalBall. We evaluate CrystalBall on RandTree, BulletPrime, Paxos, and Chord distributed system implementations. We identified new bugs in mature Mace implementations of three systems. Furthermore, we show that if the bug is not corrected during system development, CrystalBall is effective in steering the execution away from inconsistent states at runtime.
Checking concise specifications for multithreaded software
 Journal of Object Technology
, 2004
"... Abstract. Ensuring the reliability of multithreaded software systems is difficult due to the potential for subtle interactions between threads. Unfortunately, checking tools for such systems do not scale to programs with a large number of threads and procedures. To improve this shortcoming, we prese ..."
Abstract

Cited by 44 (11 self)
 Add to MetaCart
(Show Context)
Abstract. Ensuring the reliability of multithreaded software systems is difficult due to the potential for subtle interactions between threads. Unfortunately, checking tools for such systems do not scale to programs with a large number of threads and procedures. To improve this shortcoming, we present a verification technique that uses concise specifications to analyze large multithreaded programs modularly. We achieve threadmodular analysis by annotating each shared variable by an access predicate that summarizes the condition under which a thread may access that variable. We achieve proceduremodular analysis by annotating each procedure by its specification, which is related to its implementation by an abstraction relation that combines the notions of simulation and reduction. We have implemented our analysis in CalvinR, a static checker for multithreaded Java programs. To validate our methodology, we have used CalvinR to check a number of important properties for a file system. Our experience shows that requirements for complex multithreaded systems can be stated concisely and verified in our framework. Presented at the Workshop on Formal Techniques for Javalike Programs, 2003 1
Modelchecking of causality properties
 in: Proc. LICS’95, IEEE Computer Society Press, Silverspring, MD
, 1995
"... ..."