Results 1  10
of
12
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2474 (64 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Symbolic Boolean manipulation with ordered binarydecision diagrams
 ACM Computing Surveys
, 1992
"... Ordered BinaryDecision Diagrams (OBDDS) represent Boolean functions as directed acyclic graphs. They form a canonical representation, making testing of functional properties such as satmfiability and equivalence straightforward. A number of operations on Boolean functions can be implemented as grap ..."
Abstract

Cited by 894 (13 self)
 Add to MetaCart
Ordered BinaryDecision Diagrams (OBDDS) represent Boolean functions as directed acyclic graphs. They form a canonical representation, making testing of functional properties such as satmfiability and equivalence straightforward. A number of operations on Boolean functions can be implemented as graph algorithms on OBDD
Verification Tools for FiniteState Concurrent Systems
"... Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not t ..."
Abstract

Cited by 122 (3 self)
 Add to MetaCart
Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not the statetransition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and
Model Checking of Safety Properties
, 1999
"... Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simp ..."
Abstract

Cited by 105 (16 self)
 Add to MetaCart
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixedpoint expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...
Efficient Generation of Counterexamples and Witnesses in Symbolic Model Checking
, 1994
"... Model checking is an automatic technique for verifying sequential circuit designs and protocols. An efficient search procedure is used to determine whether or not the specification is satisfied. If it is not satisfied, our technique will produce a counterexample execution trace that shows the cause ..."
Abstract

Cited by 50 (2 self)
 Add to MetaCart
Model checking is an automatic technique for verifying sequential circuit designs and protocols. An efficient search procedure is used to determine whether or not the specification is satisfied. If it is not satisfied, our technique will produce a counterexample execution trace that shows the cause of the problem. Although finding counterexamples is extremely important, there is no description of how to do this in the literature on model checking. We describe an efficient algorithm to produce counterexamples and witnesses for symbolic model checking algorithms. This algorithm is used in the SMV model checker and works quite well in practice. We also discuss how to extend our technique to more complicated specifications. This extension makes it possible to find counterexamples for verification procedures based on showing language containment between various types of omegaautomata.
An algorithm for strongly connected component analysis in n log n symbolic steps
 Formal Methods in System Design
"... Abstract. We present a symbolic algorithm for strongly connected component decomposition. The algorithm performs �(n log n) image and preimage computations in the worst case, where n is the number of nodes in the graph. This is an improvement over the previously known quadratic bound. The algorithm ..."
Abstract

Cited by 47 (6 self)
 Add to MetaCart
Abstract. We present a symbolic algorithm for strongly connected component decomposition. The algorithm performs �(n log n) image and preimage computations in the worst case, where n is the number of nodes in the graph. This is an improvement over the previously known quadratic bound. The algorithm can be used to decide emptiness of Büchi automata with the same complexity bound, improving Emerson and Lei’s quadratic bound, and emptiness of Streett automata, with a similar bound in terms of nodes. It also leads to an improved procedure for the generation of nonemptiness witnesses.
A Comparative Study of Symbolic Algorithms for the Computation of Fair Cycles
"... Detection of fair cycles is an important task of many model checking algorithms. When the transition system is represented symbolically, the standard approach to fair cycle detection is the one of Emerson and Lei. In the last decade variants of this algorithm and an alternative method based on stron ..."
Abstract

Cited by 36 (7 self)
 Add to MetaCart
Detection of fair cycles is an important task of many model checking algorithms. When the transition system is represented symbolically, the standard approach to fair cycle detection is the one of Emerson and Lei. In the last decade variants of this algorithm and an alternative method based on strongly connected component decomposition have been proposed. We present a taxonomy of these techniques and compare representatives of each major class on a collection of reallife examples. Our results indicate that the EmersonLei procedure is the fastest, but other algorithms tend to generate shorter counterexamples.
Forward Model Checking Techniques Oriented to Buggy Designs
 Proc. ICCAD
, 1997
"... Forward model checking is an efficient symbolic model checking method for verifying realistic properties of sequential circuits and protocols. In this paper, we present the techniques that modify the order of state traversal on forward model checking, and that dramatically improve average CPU time f ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
Forward model checking is an efficient symbolic model checking method for verifying realistic properties of sequential circuits and protocols. In this paper, we present the techniques that modify the order of state traversal on forward model checking, and that dramatically improve average CPU time for finding design errors. A failing property has to be checked again and again to analyze the bug until it is corrected. The techniques, therefore, can have significant impacts on actual verification tasks. We use a modified regular/!regular expression to represent a set of illegal state transition sequences of an FSM. It makes the problem clear and gives us a sense of depthfirst traversal, not on the state space, but on the property. 1
Model Checking and TransitiveClosure Logic
, 1997
"... We give a lineartime algorithm to translate any formula from computation tree logic (CTL or CTL*) into an equivalent expression in a variableconfined fragment of transitiveclosure logic FO(TC). Traditionally, CTL and CTL* have been used to express queries for model checking and then translated in ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
We give a lineartime algorithm to translate any formula from computation tree logic (CTL or CTL*) into an equivalent expression in a variableconfined fragment of transitiveclosure logic FO(TC). Traditionally, CTL and CTL* have been used to express queries for model checking and then translated into µcalculus for symbolic evaluation. Evaluation of µcalculus formulas is, however, complete for time polynomial in the (typically huge) number of states in the Kripke structure. Thus, this is often not feasible, not parallelizable, and efficient incremental strategies are unlikely to exist. By contrast, evaluation of any formula in FO(TC) requires only NSPACE[log n]. This means that the space requirements are manageable, the entire computation is parallelizable, and efficient dynamic evaluation is possible.
Language Containment Checking with Nondeterministic BDDs
 In 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems, volume 2031 of LNCS
"... . Checking for language containment between nondeterministic ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
. Checking for language containment between nondeterministic