Results 1  10
of
19
Using Compositional Preorders in the Verification of Sliding Window Protocol
 In Computer Aided Verification
"... The main obstacle to automatic verification of temporal logic properties of finitestate systems is the state explosion problem. One way to alleviate this is to replace components of a system with smaller ones and verify the required properties from the smaller system. This approach leads to notions ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The main obstacle to automatic verification of temporal logic properties of finitestate systems is the state explosion problem. One way to alleviate this is to replace components of a system with smaller ones and verify the required properties from the smaller system. This approach leads to notions of compositional propertypreserving equivalences and preorders. Previously we have shown that the NDFD preorder is the weakest preorder which is compositional w.r.t. standard operators and preserves nexttimeless linear temporal logic properties. In this paper we describe a case study where NDFD preorder was used to verify semiautomatically both safety and liveness properties of the Sliding Window protocol for arbitrary channel lengths and realistic parameter values. In this process we located a previously undiscovered fault leading to lack of liveness in a version of the protocol. 1 Introduction A promising approach to verification of finitestate concurrent systems is the use of proposi...
Design and evaluation of a symbolic and abstractionbased model checker
 Taiwan University
, 2004
"... Abstract. Symbolic modelchecking usually includes two steps: the building of a compact representation of a state graph and the evaluation of the properties of the system upon this data structure. In case of properties expressed with a linear time logic, it appears that the second step is often more ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. Symbolic modelchecking usually includes two steps: the building of a compact representation of a state graph and the evaluation of the properties of the system upon this data structure. In case of properties expressed with a linear time logic, it appears that the second step is often more time consuming than the first one. In this work, we present a mixed solution which builds an observation graph represented in a non symbolic way but where the nodes are essentially symbolic set of states. Due to the small number of events to be observed in a typical formula, this graph has a very moderate size and thus the complexity time of verification is neglectible w.r.t. the time to build the observation graph. Thus we propose different symbolic implementations for the construction of the nodes of this graph. The evaluations we have done on standard examples show that our method outperforms the pure symbolic methods which makes it attractive.
A Semantic Theory for Heterogeneous System Design
 In FSTTCS 2000, vol. 1974 of LNCS
, 2000
"... This paper extends DeNicola and Hennessy's testing theory from labeled transition system to Büchi processes and establishes a tight connection between the resulting Büchi mustpreorder and satisfaction of lineartime temporal logic (LTL) formulas. An example dealing with the design of a communicatio ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
This paper extends DeNicola and Hennessy's testing theory from labeled transition system to Büchi processes and establishes a tight connection between the resulting Büchi mustpreorder and satisfaction of lineartime temporal logic (LTL) formulas. An example dealing with the design of a communications protocol testi es to the utility of the theory for heterogeneous system design, in which some components are specified as labeled transition systems and others are given as LTL formulas.
Model Reduction of Modules for StateEvent Temporal Logics
 In IFIP Joint International Conference on Formal Description Techniques (FORTEPSTV'96), Chapman
, 1996
"... In many DiscreteEvent Systems (DES) both state and event information are of importance to the systems designer. Logics such as Ostroff’s RTTL allow for the specification and verification of a system’s stateevent behavior. To make realistic problems amenable to analysis, a designer must typically d ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
In many DiscreteEvent Systems (DES) both state and event information are of importance to the systems designer. Logics such as Ostroff’s RTTL allow for the specification and verification of a system’s stateevent behavior. To make realistic problems amenable to analysis, a designer must typically decompose the system into subsystems (modules) and use algebraic abstraction (quotient systems) to obtain hierarchical system models that preserve the properties to be verified. In this paper we use stateevent observational equivalence to perform model reduction for a subclass of formulas of stateevent linear temporal logics, with particular attention being paid to a discrete time temporal logic that is a simplification of RTTL. The reduction technique allows limited use of immediate operators.
A Logical Process Calculus
, 2002
"... This paper presents the Logical Process Calculus (LPC), a formalism that supports heterogeneous system specifications containing both operational and declarative subspecifiations. Syntactically, LPC extends Milner's Calculus of Communicating Systems with operators from the alternationfree linearti ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
This paper presents the Logical Process Calculus (LPC), a formalism that supports heterogeneous system specifications containing both operational and declarative subspecifiations. Syntactically, LPC extends Milner's Calculus of Communicating Systems with operators from the alternationfree lineartime µcalculus (LT). Semantically, LPC is equipped with a behavioral preorder that generalizes Hennessy's and De Nicola's musttesting preorder as well as LTµ's satisfaction relation, while being compositional for all LPC operators. From a technical point of view, the new calculus is distinguished by the inclusion of (i) both minimal and maximal fixedpoint operators and (ii) an unimplementability predicate on process terms which tags inconsistent specifications. The utility of LPC is demonstrated by means of an example highlighting the benefits of heterogeneous system specification.
Liveness and fairness in processalgebraic verification
, 2003
"... Although liveness and fairness have been used for a long time in classical model checking, with processalgebraic methods they have seen far less use. One problem is combining fairness with the compositionality of process algebra. In this article we analyse this problem, and then present an approac ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Although liveness and fairness have been used for a long time in classical model checking, with processalgebraic methods they have seen far less use. One problem is combining fairness with the compositionality of process algebra. In this article we analyse this problem, and then present an approach for using a class of fairness constraints. The approach fulfills all the requirements of compositionality and is compatible with an existing semantics. It is based on the standard LTS model and does not require new fairnessrelated constructs or rules for the process algebra. Therefore, it avoids potential conflicts between the fairness requirements and the underlying transition system. Although adding fairness can create an infinite subsystem, a larger system in which the subsystem is placed can still be finite. We present an algorithm for constructing a finite LTS which is equivalent to the larger system in every case that an exact finite representation exists, and which otherwise is a conservative estimate of it. However, checking whether an exact finite representation exists is costlier than building the representation, namely, it is PSPACEcomplete in the size of an intermediate parameter system.
MCSOG: An LTL Model Checker Based on Symbolic Observation Graphs
, 2008
"... Model checking is a powerful and widespread technique for the verification of finite distributed systems. However, the main hindrance for wider application of this technique is the wellknown state explosion problem. During the last two decades, numerous techniques have been proposed to cope with th ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Model checking is a powerful and widespread technique for the verification of finite distributed systems. However, the main hindrance for wider application of this technique is the wellknown state explosion problem. During the last two decades, numerous techniques have been proposed to cope with the state explosion problem in order to get a manageable state space. Among them, onthefly modelchecking allows for generating only the ”interesting ” part of the model while symbolic modelchecking aims at checking the property on a compact representation of the system by using Binary Decision Diagram (BDD) techniques. In this paper, we propose a technique which combines these two approaches to check LTL\X statebased properties over finite systems. During the model checking process, only an abstraction of the state space of the system, namely the symbolic observation graph, is (possibly partially) explored. The building of such an abstraction is guided by the property to be checked and is equivalent to the original state space graph of the system w.r.t. LTL\X logic (i.e. the abstraction satisfies a given formula ϕ iff the system satisfies ϕ). Our technique was implemented for systems modeled by Petri nets and compared to an explicit modelchecker as well as to a symbolic one (NuSMV) and the obtained results are very competitive.
Failurebased Congruences, Unfair Divergences and New Testing Theory
, 1994
"... ion of Unstable Divergence (FAUD) presented in [BKO 87]. This terminology will be explained later. Propositions 3.3 (i) FAUD is a preorder (i.e. a reflexive and transitive relation) 1 The `(un)fair' or `(un)stable' attributes of divergences will be defined and explained later. Failurebased Congru ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
ion of Unstable Divergence (FAUD) presented in [BKO 87]. This terminology will be explained later. Propositions 3.3 (i) FAUD is a preorder (i.e. a reflexive and transitive relation) 1 The `(un)fair' or `(un)stable' attributes of divergences will be defined and explained later. Failurebased Congruences, Unfair Divergences and New Testing Theory 6 (ii) P 1 = FAUD P 2 iff P 1 FAUD P 2 P 2 FAUD P 1 (iii) All LOTOS operators are monotonic w.r.t. FAUD , i.e. FAUD is a precongruence. (iv) = FAUD is a congruence The proofs of (i) and (ii) are obvious. The proof of (iii) can found in [VaT 91], and (iv) is derived directly from (iii). The next propositions will clearly indicate that the differences between FAUD and cred, = FAUD and tc only appear on divergent processes. Propositions 3.4 For convergent processes, FAUD = cred, = FAUD = tc. Note that for divergent processes these relations are not comparable (see figure 3 for an illustration of = FAUD tc). i a i a i i a tc tc / P 1 P ...
A modern mathematical theory of cooperating state machines
 Proc. Algorithmic information theory, Vaasa, Reports 124:201–214
, 2005
"... In this work we apply theoretical results from socalled process algebras to state machines, and develop the theory further. State machines are a central concept in the development of telecommunication protocols and embedded software in practice. Unfortunately, the engineers ’ notion of “state machi ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In this work we apply theoretical results from socalled process algebras to state machines, and develop the theory further. State machines are a central concept in the development of telecommunication protocols and embedded software in practice. Unfortunately, the engineers ’ notion of “state machine ” is vague and varying. We hope that with the aid of our theory, engineers could improve their understanding of state machines and systems that consist of them, and thus become capable of designing better systems with less effort. This article focuses on the theoretical part of our endeavour.