Results 1  10
of
64
Don’t Know in probabilistic systems
 SPIN 2006. LNCS
, 2006
"... In this paper the abstractionrefinement paradigm based on 3valued logics is extended to the setting of probabilistic systems. We define a notion of abstraction for Markov chains. To be able to relate the behavior of abstract and concrete systems, we equip the notion of abstraction with the concep ..."
Abstract

Cited by 35 (2 self)
 Add to MetaCart
(Show Context)
In this paper the abstractionrefinement paradigm based on 3valued logics is extended to the setting of probabilistic systems. We define a notion of abstraction for Markov chains. To be able to relate the behavior of abstract and concrete systems, we equip the notion of abstraction with the concept of simulation. Furthermore, we present model checking for abstract probabilistic systems (abstract Markov chains) with respect to specifications in probabilistic temporal logics, interpreted over a 3valued domain. More specifically, we introduce a 3valued version of probabilistic computationtree logic (PCTL) and give a model checking algorithm w.r.t. abstract Markov chains.
MultiValued Model Checking via Classical Model Checking
 IN PROCEEDINGS OF 14TH INTERNATIONAL CONFERENCE ON CONCURRENCY THEORY (CONCUR’03), VOLUME 2761 OF LNCS
, 2003
"... Multivalued modelchecking is an extension of classical modelchecking to reasoning about systems with uncertain information, which are common during early design stages. The additional values of the logic are used to capture the degree of uncertainty. In this paper, we show that the multivalue ..."
Abstract

Cited by 33 (11 self)
 Add to MetaCart
Multivalued modelchecking is an extension of classical modelchecking to reasoning about systems with uncertain information, which are common during early design stages. The additional values of the logic are used to capture the degree of uncertainty. In this paper, we show that the multivalued µcalculus modelchecking problem is reducible to several classical modelchecking problems. The reduction allows
Monotonic abstractionrefinement for CTL
 In TACAS
, 2004
"... Abstract. The goal of this work is to improve the efficiency and effectiveness of the abstractionrefinement framework for CTL over the 3valued semantics. We start by proposing a symbolic (BDDbased) approach for this framework. Next, we generalize the definition of abstract models in order to prov ..."
Abstract

Cited by 26 (3 self)
 Add to MetaCart
(Show Context)
Abstract. The goal of this work is to improve the efficiency and effectiveness of the abstractionrefinement framework for CTL over the 3valued semantics. We start by proposing a symbolic (BDDbased) approach for this framework. Next, we generalize the definition of abstract models in order to provide a monotonic abstractionrefinement framework. To do so, we introduce the notion of hypertransitions. model in which more CTL formulae can be proved or disproved. We suggest an automatic construction of an initial abstract model and its successive refined models. We complete the framework by adjusting the BDDbased approach to the new monotonic framework. Thus, we obtain a monotonic, symbolic framework that is suitable for both verification and falsification of full CTL. 1
How vacuous is vacuous
 In Proc. 10th TACAS, LNCS 2988
, 2004
"... Abstract. Modelchecking gained wide popularity for analyzing software and hardware systems. However, even when the desired property holds, the property or the model may still require fixing. For example, a property ϕ: “on all paths, a request is followed by an acknowledgment”, may hold because no r ..."
Abstract

Cited by 20 (8 self)
 Add to MetaCart
(Show Context)
Abstract. Modelchecking gained wide popularity for analyzing software and hardware systems. However, even when the desired property holds, the property or the model may still require fixing. For example, a property ϕ: “on all paths, a request is followed by an acknowledgment”, may hold because no requests have been generated. Vacuity detection has been proposed to address the above problem. This technique is able to determine that the above property ϕ is satisfied vacuously in systems where requests are never sent. Recent work in this area enabled the computation of interesting witnesses for the satisfaction of properties (in our case, those that satisfy ϕ and contain a request) and vacuity detection with respect to subformulas with single and multiple subformula occurrences. Often, the answer “vacuous ” or “not vacuous”, provided by existing techniques, is insufficient. Instead, we want to identify all subformulas of a given CTL formula that cause its vacuity, or better, identify all maximal such subformulas. Further, these subformulas may be mutually vacuous. In this paper, we propose a framework for identifying a variety of degrees of vacuity, including mutual vacuity between different subformulas. We also cast vacuity detection as a multivalued modelchecking problem. 1
Model checking with multivalued logics
, 2003
"... Abstract. In multivalued model checking, a temporal logic formula is interpreted relative to a structure not as a truth value but as a lattice element. In this paper we present new algorithms for multivalued model checking. We first show how to reduce multivalued model checking with any distribut ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
(Show Context)
Abstract. In multivalued model checking, a temporal logic formula is interpreted relative to a structure not as a truth value but as a lattice element. In this paper we present new algorithms for multivalued model checking. We first show how to reduce multivalued model checking with any distributive DeMorgan lattice to standard, twovalued model checking. We then present a direct, automatatheoretic algorithm for multivalued model checking with logics as expressive as the modal mucalculus. As part of showing correctness of the algorithm, we present a new fundamental result about extended alternating automata, a generalization of standard alternating automata. 1
On Model Checking Multiple Hybrid Views
 In Proceedings of 1st International Symposium on Leveraging Applications of Formal Methods
, 2004
"... Abstract. We study consistency, satisfiability, and validity problems for collectively model checking a set of views endowed with labelled transitions, hybrid constraints on states, and atomic propositions. A PTIME algorithm for deciding whether a set of views has a common refinement (consistency) i ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
Abstract. We study consistency, satisfiability, and validity problems for collectively model checking a set of views endowed with labelled transitions, hybrid constraints on states, and atomic propositions. A PTIME algorithm for deciding whether a set of views has a common refinement (consistency) is given. We prove that deciding whether a common refinement satisfies a formula of the hybrid mucalculus (satisfiability), and its dual (validity), are EXPTIMEcomplete. We determine two generically generated “summary ” views that constitute informative and consistent common refinements and abstractions of a set of views (respectively). 1
Weak alphabet merging of partial behaviour models
, 2011
"... Constructing comprehensive operational models of intended system behaviour is a complex and costly task, which can be mitigated by the construction of partial behaviour models, providing early feedback and subsequently elaborating them iteratively. However, how should partial behaviour models with d ..."
Abstract

Cited by 14 (10 self)
 Add to MetaCart
Constructing comprehensive operational models of intended system behaviour is a complex and costly task, which can be mitigated by the construction of partial behaviour models, providing early feedback and subsequently elaborating them iteratively. However, how should partial behaviour models with different viewpoints covering different aspects of behaviour be composed? How should partial models of component instances of the same type be put together? In this paper, we propose model merging of Modal Transition Systems (MTSs) as a solution to these questions. MTS models are a natural extension of Labelled Transition Systems that support explicit modelling of what is currently unknown about system behaviour. We formally define model merging based on weak alphabet refinement, which guarantees property preservation, and show that merging consistent models is a process that should result in a minimal common weak alphabet refinement (MCR). In this paper, we provide theoretical results and algorithms that support such a process. Finally, because in practice MTS merging is likely to be combined with other operations over MTSs such as parallel composition, we also study the algebraic properties of merging and apply these, together with the algorithms that support MTS merging, in a case study.
Metamodelbased model conformance and multiview consistency checking
 ACM Trans. Softw. Eng. Methodol
"... Modeldriven development, using languages such as UML and BON, often makes use of multiple diagrams (e.g., class and sequence diagrams) when modeling systems. These diagrams, presenting different views of a system of interest, may be inconsistent. A metamodel provides a unifying framework in which t ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Modeldriven development, using languages such as UML and BON, often makes use of multiple diagrams (e.g., class and sequence diagrams) when modeling systems. These diagrams, presenting different views of a system of interest, may be inconsistent. A metamodel provides a unifying framework in which to ensure and check consistency, while at the same time providing the means to distinguish between valid and invalid models, that is, conformance. Two formal specifications of the metamodel for an objectoriented modeling language are presented, and it is shown how to use these specifications for model conformance and multiview consistency checking. Comparisons are made in terms of completeness and the level of automation each provide for checking multiview consistency and model conformance. The lessons learned from applying formal techniques to the problems of metamodeling, model conformance, and multiview consistency checking are summarized.
Temporal Logic Query Checking: A Tool for Model Exploration
 IEEE TRANSACTIONS ON SOFTWARE ENGINEERING
, 2003
"... Temporal logic query checking was first introduced by W. Chan in order to speed up design understanding by discovering properties not known a priori. A query is a temporal logic formula containing a special symbol?1, known as a placeholder. Given a Kripke structure and a propositional formula’, we ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
(Show Context)
Temporal logic query checking was first introduced by W. Chan in order to speed up design understanding by discovering properties not known a priori. A query is a temporal logic formula containing a special symbol?1, known as a placeholder. Given a Kripke structure and a propositional formula’, we say that’satisfies the query if replacing the placeholder by’results in a temporal logic formula satisfied by the Kripke structure. A solution to a temporal logic query on a Kripke structure is the set of all propositional formulas that satisfy the query. Query checking helps discover temporal properties of a system and, as such, is a useful tool for model exploration. In this paper, we show that query checking is applicable to a variety of model exploration tasks, ranging from invariant computation to test case generation. We illustrate these using a Cruise Control System. Additionally, we show that query checking is an instance of a multivalued model checking of Chechik et al. This approach enables us to build an implementation of a temporal logic query checker, TLQSolver, on top of our existing multivalued model checker Chek. It also allows us to decide a large class of queries and introduce witnesses for temporal logic queries—an essential notion for effective model exploration.