Results 1  10
of
23
A theory of timed automata
, 1999
"... Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of ..."
Abstract

Cited by 1975 (31 self)
 Add to MetaCart
Model checking is emerging as a practical tool for automated debugging of complex reactive systems such as embedded controllers and network protocols (see [23] for a survey). Traditional techniques for model checking do not admit an explicit modeling of time, and are thus, unsuitable for analysis of realtime systems whose correctness depends on relative magnitudes of different delays. Consequently, timed automata [7] were introduced as a formal notation to model the behavior of realtime systems. Its definition provides a simple way to annotate statetransition graphs with timing constraints using finitely many realvalued clock variables. Automated analysis of timed automata relies on the construction of a finite quotient of the infinite space of clock valuations. Over the years, the formalism has been extensively studied leading to many results establishing connections to circuits and logic, and much progress has been made in developing verification algorithms, heuristics, and tools. This paper provides a survey of the theory of timed automata, and their role in specification and verification of realtime systems.
Model checking of hierarchical state machines
 ACM Trans. Program. Lang. Syst
"... Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of sequential hierarchical (nested) systems, i.e., finitestate machines whose states themselves can be other machines. This nesting ability is common in var ..."
Abstract

Cited by 77 (9 self)
 Add to MetaCart
Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of sequential hierarchical (nested) systems, i.e., finitestate machines whose states themselves can be other machines. This nesting ability is common in various software design methodologies, and is available in several commercial modeling tools. The straightforward way to analyze a hierarchical machine is to flatten it (thus incurring an exponential blow up) and apply a modelchecking tool on the resulting ordinary FSM. We show that this flattening can be avoided. We develop algorithms for verifying lineartime requirements whose complexity is polynomial in the size of the hierarchical machine. We also address the verification of branching time requirements and provide efficient algorithms and matching lower bounds.
From Timed Automata to Logic  and Back
 MFCS’95, LNCS 969
, 1995
"... One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient modelchecking algorithms, and in the last few years these algorithms have been made applicable to the verification of realtime automata usi ..."
Abstract

Cited by 52 (7 self)
 Add to MetaCart
One of the most successful techniques for automatic verification is that of model checking. For finite automata there exist since long extremely efficient modelchecking algorithms, and in the last few years these algorithms have been made applicable to the verification of realtime automata using the regiontechniques of Alur and Dill. In this
Efficient reachability analysis of hierarchical reactive machines
 INTERNATIONAL CONFERENCE ON COMPUTERAIDED VERIFICATION
, 2000
"... Hierarchical state machines is a popular visual formalism for software specifications. To apply automated analysis to such specifications, the traditional approach is to compile them to existing model checkers. Aimed at exploiting the modular structure more effectively, our approach is to develop al ..."
Abstract

Cited by 22 (5 self)
 Add to MetaCart
Hierarchical state machines is a popular visual formalism for software specifications. To apply automated analysis to such specifications, the traditional approach is to compile them to existing model checkers. Aimed at exploiting the modular structure more effectively, our approach is to develop algorithms that work directly on the hierarchical structure. First, we report on an implementation of a visual hierarchical language with modular features such as nested modes, variable scoping, mode reuse, exceptions, group transitions, and history. Then, we identify a variety of heuristics to exploit these modular features during reachability analysis. We report on an enumerative as well as a symbolic checker, and case studies.
Model Checking of RealTime Systems: A Telecommunications Application
 IN PROCEEDINGS OF THE 19TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING
, 1997
"... We describe the application of model checking tools to analyze a realtime software challenge in the design of Lucent Technologies' 5ESS telephone switching system. We use two tools: COSPAN for checking realtime properties, and TPWB for checking probabilistic specifications. We report on the feedba ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
We describe the application of model checking tools to analyze a realtime software challenge in the design of Lucent Technologies' 5ESS telephone switching system. We use two tools: COSPAN for checking realtime properties, and TPWB for checking probabilistic specifications. We report on the feedback given by the tools, and based on our experience, discuss the advantages and the limitations of the approach used.
Virtual Symmetry Reduction
 In Logic in Computer Science (LICS
, 2000
"... We provide a general method for ameliorating state explosion via symmetry reduction in certain asymmetric systems, such as systems with many similar, but not identical, processes. The method applies to systems whose structures (i.e., state transition graphs) have more state symmetries than arc sy ..."
Abstract

Cited by 17 (3 self)
 Add to MetaCart
We provide a general method for ameliorating state explosion via symmetry reduction in certain asymmetric systems, such as systems with many similar, but not identical, processes. The method applies to systems whose structures (i.e., state transition graphs) have more state symmetries than arc symmetries. We introduce a new notion of "virtual symmetry" that strictly subsumes earlier notions of "rough symmetry" and "near symmetry" [ET99]. Virtual symmetry is the most general condition under which the structure of a system is naturally bisimilar to its quotient by a group of state symmetries.
Pushdown module checking
, 2005
"... Model checking is a useful method to verify automatically the correctness of a system with respect to a desired behavior, by checking whether a mathematical model of the system satisfies a formal specification of this behavior. Many systems of interest are open, in the sense that their behavior depe ..."
Abstract

Cited by 17 (13 self)
 Add to MetaCart
Model checking is a useful method to verify automatically the correctness of a system with respect to a desired behavior, by checking whether a mathematical model of the system satisfies a formal specification of this behavior. Many systems of interest are open, in the sense that their behavior depends on the interaction with their environment. The model checking problem for finite– state open systems (called module checking) has been intensively studied in the literature. In this paper, we focus on open pushdown systems and we study the related model–checking problem (pushdown module checking, for short) with respect to properties expressed by CTL and CTL ∗ formulas. We show that pushdown module checking against CTL (resp., CTL ∗ ) is 2Exptimecomplete (resp., 3Exptimecomplete). Moreover, we prove that for a fixed CTL (resp., CTL ∗ ) formula, the problem is Exptimecomplete. 1
"Next" Heuristic For OnTheFly Model Checking
, 1999
"... . We present a new heuristic for onthefly enumerative invariant verification. The heuristic is based on a construct for temporal scaling, called next, that compresses a sequence of transitions leading to a given target set into a single metatransition. First, we give an onthefly algorithm to s ..."
Abstract

Cited by 14 (6 self)
 Add to MetaCart
. We present a new heuristic for onthefly enumerative invariant verification. The heuristic is based on a construct for temporal scaling, called next, that compresses a sequence of transitions leading to a given target set into a single metatransition. First, we give an onthefly algorithm to search a process expression built using the constructs of hiding, parallel composition, and temporal scaling. Second, we show that as long the target set \Theta of transitions includes all transitions that access variables shared with the environment, the process next \Theta for P and P are equivalent according to the weaksimulation equivalence. As a result, to search the product of given processes, we can cluster processes into groups with as little communication among them as possible, and compose the groups only after applying appropriate hiding and temporal scaling operators. Applying this process recursively gives an expression that has multiple nested applications of next, and ha...
Reasoning About Strategies
 In IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science’10, LIPIcs 8
, 2010
"... In open systems verification, to formally check for reliability, one needs an appropriate formalism to model the interaction between open entities and express that the system is correct no matter how the environment behaves. An important contribution in this context is given by modal logics for stra ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
In open systems verification, to formally check for reliability, one needs an appropriate formalism to model the interaction between open entities and express that the system is correct no matter how the environment behaves. An important contribution in this context is given by modal logics for strategic ability, in the setting of multiagent games, such as ATL, ATL*, and the like. Recently, Chatterjee, Henzinger, and Piterman introduced Strategy Logic, which we denote here by SLCHP, with the aim of getting a powerful framework for reasoning explicitly about strategies. SLCHP is obtained by using firstorder quantifications over strategies and it has been investigated in the specific setting of twoagents turnedbased game structures where a nonelementary modelchecking algorithm has been provided. While SLCHP is a very expressive logic, we claim that it does not fully capture the strategic aspects of multiagent systems. In this paper, we introduce and study a more general strategy logic, denoted SL, for reasoning about strategies in multiagent concurrent systems. We prove that SL strictly includes SLCHP, while maintaining a decidable modelchecking problem. Indeed, we show that it is 2EXPTIMECOMPLETE, thus not harder than that for ATL * and a remarkable improvement of the same problem for SLCHP. We also consider the satisfiability problem and show that it is undecidable already for the sublogic SLCHP under the concurrent game semantics. Digital Object Identifier 10.4230/LIPIcs.FSTTCS.2010.133 1
Pushdown Module Checking with Imperfect Information
, 2012
"... The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems ( ..."
Abstract

Cited by 14 (8 self)
 Add to MetaCart
The model checking problem for finitestate open systems (module checking) has been extensively studied in the literature, both in the context of environments with perfect and imperfect information about the system. Recently, the perfect information case has been extended to infinitestate systems (pushdown module checking). In this paper, we extend pushdown module checking to the imperfect information setting; i.e., to the case where the environment has only a partial view of the system’s control states and pushdown store content. We study the complexity of this problem with respect to the branchingtime temporal logics CTL, CTL ∗ and the propositional µcalculus. We show that pushdown module checking, which is by itself harder than pushdown model checking, becomes undecidable when the environment has imperfect information.