Results 1  10
of
28
Using compositional preorders in the verification of sliding window protocol
 In Proc. CAV’97, LNCS 1254
, 1997
"... ..."
Design and evaluation of a symbolic and abstractionbased model checker
 Taiwan University
, 2004
"... Abstract. Symbolic modelchecking usually includes two steps: the building of a compact representation of a state graph and the evaluation of the properties of the system upon this data structure. In case of properties expressed with a linear time logic, it appears that the second step is often more ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Abstract. Symbolic modelchecking usually includes two steps: the building of a compact representation of a state graph and the evaluation of the properties of the system upon this data structure. In case of properties expressed with a linear time logic, it appears that the second step is often more time consuming than the first one. In this work, we present a mixed solution which builds an observation graph represented in a non symbolic way but where the nodes are essentially symbolic set of states. Due to the small number of events to be observed in a typical formula, this graph has a very moderate size and thus the complexity time of verification is neglectible w.r.t. the time to build the observation graph. Thus we propose different symbolic implementations for the construction of the nodes of this graph. The evaluations we have done on standard examples show that our method outperforms the pure symbolic methods which makes it attractive.
Model Reduction of Modules for StateEvent Temporal Logics
 In IFIP Joint International Conference on Formal Description Techniques (FORTEPSTV'96), Chapman
, 1996
"... In many DiscreteEvent Systems (DES) both state and event information are of importance to the systems designer. Logics such as Ostroff’s RTTL allow for the specification and verification of a system’s stateevent behavior. To make realistic problems amenable to analysis, a designer must typically d ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
In many DiscreteEvent Systems (DES) both state and event information are of importance to the systems designer. Logics such as Ostroff’s RTTL allow for the specification and verification of a system’s stateevent behavior. To make realistic problems amenable to analysis, a designer must typically decompose the system into subsystems (modules) and use algebraic abstraction (quotient systems) to obtain hierarchical system models that preserve the properties to be verified. In this paper we use stateevent observational equivalence to perform model reduction for a subclass of formulas of stateevent linear temporal logics, with particular attention being paid to a discrete time temporal logic that is a simplification of RTTL. The reduction technique allows limited use of immediate operators.
A Logical Process Calculus
, 2002
"... This paper presents the Logical Process Calculus (LPC), a formalism that supports heterogeneous system specifications containing both operational and declarative subspecifiations. Syntactically, LPC extends Milner's Calculus of Communicating Systems with operators from the alternationfree line ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
This paper presents the Logical Process Calculus (LPC), a formalism that supports heterogeneous system specifications containing both operational and declarative subspecifiations. Syntactically, LPC extends Milner's Calculus of Communicating Systems with operators from the alternationfree lineartime µcalculus (LT). Semantically, LPC is equipped with a behavioral preorder that generalizes Hennessy's and De Nicola's musttesting preorder as well as LTµ's satisfaction relation, while being compositional for all LPC operators. From a technical point of view, the new calculus is distinguished by the inclusion of (i) both minimal and maximal fixedpoint operators and (ii) an unimplementability predicate on process terms which tags inconsistent specifications. The utility of LPC is demonstrated by means of an example highlighting the benefits of heterogeneous system specification.
A Semantic Theory for Heterogeneous System Design
 In FSTTCS 2000, vol. 1974 of LNCS
, 2000
"... This paper extends DeNicola and Hennessy's testing theory from labeled transition system to Büchi processes and establishes a tight connection between the resulting Büchi mustpreorder and satisfaction of lineartime temporal logic (LTL) formulas. An example dealing with the design of a communi ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
This paper extends DeNicola and Hennessy's testing theory from labeled transition system to Büchi processes and establishes a tight connection between the resulting Büchi mustpreorder and satisfaction of lineartime temporal logic (LTL) formulas. An example dealing with the design of a communications protocol testi es to the utility of the theory for heterogeneous system design, in which some components are specified as labeled transition systems and others are given as LTL formulas.
Liveness and fairness in processalgebraic verification
, 2003
"... Although liveness and fairness have been used for a long time in classical model checking, with processalgebraic methods they have seen far less use. One problem is combining fairness with the compositionality of process algebra. In this article we analyse this problem, and then present an approac ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
Although liveness and fairness have been used for a long time in classical model checking, with processalgebraic methods they have seen far less use. One problem is combining fairness with the compositionality of process algebra. In this article we analyse this problem, and then present an approach for using a class of fairness constraints. The approach fulfills all the requirements of compositionality and is compatible with an existing semantics. It is based on the standard LTS model and does not require new fairnessrelated constructs or rules for the process algebra. Therefore, it avoids potential conflicts between the fairness requirements and the underlying transition system. Although adding fairness can create an infinite subsystem, a larger system in which the subsystem is placed can still be finite. We present an algorithm for constructing a finite LTS which is equivalent to the larger system in every case that an exact finite representation exists, and which otherwise is a conservative estimate of it. However, checking whether an exact finite representation exists is costlier than building the representation, namely, it is PSPACEcomplete in the size of an intermediate parameter system.
MCSOG: An LTL Model Checker Based on Symbolic Observation Graphs
, 2008
"... Model checking is a powerful and widespread technique for the verification of finite distributed systems. However, the main hindrance for wider application of this technique is the wellknown state explosion problem. During the last two decades, numerous techniques have been proposed to cope with th ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Model checking is a powerful and widespread technique for the verification of finite distributed systems. However, the main hindrance for wider application of this technique is the wellknown state explosion problem. During the last two decades, numerous techniques have been proposed to cope with the state explosion problem in order to get a manageable state space. Among them, onthefly modelchecking allows for generating only the ”interesting ” part of the model while symbolic modelchecking aims at checking the property on a compact representation of the system by using Binary Decision Diagram (BDD) techniques. In this paper, we propose a technique which combines these two approaches to check LTL\X statebased properties over finite systems. During the model checking process, only an abstraction of the state space of the system, namely the symbolic observation graph, is (possibly partially) explored. The building of such an abstraction is guided by the property to be checked and is equivalent to the original state space graph of the system w.r.t. LTL\X logic (i.e. the abstraction satisfies a given formula ϕ iff the system satisfies ϕ). Our technique was implemented for systems modeled by Petri nets and compared to an explicit modelchecker as well as to a symbolic one (NuSMV) and the obtained results are very competitive.
Failurebased Congruences, Unfair Divergences and New Testing Theory
, 1994
"... ion of Unstable Divergence (FAUD) presented in [BKO 87]. This terminology will be explained later. Propositions 3.3 (i) FAUD is a preorder (i.e. a reflexive and transitive relation) 1 The `(un)fair' or `(un)stable' attributes of divergences will be defined and explained later. Failureba ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
ion of Unstable Divergence (FAUD) presented in [BKO 87]. This terminology will be explained later. Propositions 3.3 (i) FAUD is a preorder (i.e. a reflexive and transitive relation) 1 The `(un)fair' or `(un)stable' attributes of divergences will be defined and explained later. Failurebased Congruences, Unfair Divergences and New Testing Theory 6 (ii) P 1 = FAUD P 2 iff P 1 FAUD P 2 P 2 FAUD P 1 (iii) All LOTOS operators are monotonic w.r.t. FAUD , i.e. FAUD is a precongruence. (iv) = FAUD is a congruence The proofs of (i) and (ii) are obvious. The proof of (iii) can found in [VaT 91], and (iv) is derived directly from (iii). The next propositions will clearly indicate that the differences between FAUD and cred, = FAUD and tc only appear on divergent processes. Propositions 3.4 For convergent processes, FAUD = cred, = FAUD = tc. Note that for divergent processes these relations are not comparable (see figure 3 for an illustration of = FAUD tc). i a i a i i a tc tc / P 1 P ...
Combining Explicit and Symbolic Approaches for Better OntheFly LTL Model Checking
, 1106
"... Abstract. Wepresenttwonewhybridtechniquesthatreplace thesynchronizedproductusedinthe automatatheoretic approach for LTL model checking. The proposed products are explicit graphs of aggregates (symbolic sets of states) that can be interpreted as Büchi automata. These hybrid approaches allow on the o ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. Wepresenttwonewhybridtechniquesthatreplace thesynchronizedproductusedinthe automatatheoretic approach for LTL model checking. The proposed products are explicit graphs of aggregates (symbolic sets of states) that can be interpreted as Büchi automata. These hybrid approaches allow on the one hand to use classical emptinesscheck algorithms and build the graph onthefly, and on the other hand, to have a compact encoding of the state space thanks to the symbolic representation of the aggregates. The Symbolic Observation Product assumes a globally stuttering property (e.g., LTL\X) to aggregate states. The SelfLoop Aggregation Product does not require the property to be globally stuttering (i.e., it can tackle full LTL), but dynamically detects and exploits a form of stuttering where possible. Our experiments show that these two variants, while incomparable with each other, can outperform other existing approaches. 1