Results 1  10
of
323
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 3229 (69 self)
 Add to MetaCart
(Show Context)
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Tree Automata, MuCalculus and Determinacy (Extended Abstract)
 IN PROCEEDINGS OF THE 32ND ANNUAL SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE, FOCS ’91
, 1991
"... We show that the propositional MuCalculus is equivalent in expressive power to finite automata on infinite trees. Since complementation is trivial in the MuCalculus, our equivalence provides a radically simplified, alternative proof of Rabin's complementation lemma for tree automata, which is ..."
Abstract

Cited by 299 (4 self)
 Add to MetaCart
(Show Context)
We show that the propositional MuCalculus is equivalent in expressive power to finite automata on infinite trees. Since complementation is trivial in the MuCalculus, our equivalence provides a radically simplified, alternative proof of Rabin's complementation lemma for tree automata, which is the heart of one of the deepest decidability results. We also show how MuCalculus can be used to establish determinacy of infinite games used in earlier proofs of complementation lemma, and certain games used in the theory of online algorithms.
Model checking partial state spaces with 3valued temporal logics
 In Proceedings of the 11th International Conference on ComputerAided Verification (CAV99
, 1999
"... ..."
(Show Context)
On probabilistic model checking
, 1996
"... Abstract. This tutorial presents an overview of model checking for both discrete and continuoustime Markov chains (DTMCs and CTMCs). Model checking algorithms are given for verifying DTMCs and CTMCs against specifications written in probabilistic extensions of temporal logic, including quantitative ..."
Abstract

Cited by 106 (26 self)
 Add to MetaCart
(Show Context)
Abstract. This tutorial presents an overview of model checking for both discrete and continuoustime Markov chains (DTMCs and CTMCs). Model checking algorithms are given for verifying DTMCs and CTMCs against specifications written in probabilistic extensions of temporal logic, including quantitative properties with rewards. Example properties include the probability that a fault occurs and the expected number of faults in a given time period. We also describe the practical application of stochastic model checking with the probabilistic model checker PRISM by outlining the main features supported by PRISM and three realworld case studies: a probabilistic security protocol, dynamic power management and a biological pathway. 1
Local Model Checking Games
 In: Proceedings of CONCUR
, 1995
"... Model checking is a very successful technique for verifying temporal properties of nite state concurrent systems. It is standard to view this method as essentially algorithmic, and consequently a very fruitful relationship between temporal logics and automata has been developed. In the case of bran ..."
Abstract

Cited by 98 (8 self)
 Add to MetaCart
(Show Context)
Model checking is a very successful technique for verifying temporal properties of nite state concurrent systems. It is standard to view this method as essentially algorithmic, and consequently a very fruitful relationship between temporal logics and automata has been developed. In the case of branching time logics the
On the Expressive Completeness of the Propositional MuCalculus With Respect to Monadic Second Order Logic
, 1996
"... . Monadic second order logic (MSOL) over transition systems is considered. It is shown that every formula of MSOL which does not distinguish between bisimilar models is equivalent to a formula of the propositional calculus. This expressive completeness result implies that every logic over tran ..."
Abstract

Cited by 94 (5 self)
 Add to MetaCart
. Monadic second order logic (MSOL) over transition systems is considered. It is shown that every formula of MSOL which does not distinguish between bisimilar models is equivalent to a formula of the propositional calculus. This expressive completeness result implies that every logic over transition systems invariant under bisimulation and translatable into MSOL can be also translated into the calculus. This gives a precise meaning to the statement that most propositional logics of programs can be translated into the calculus. 1 Introduction Transition systems are structures consisting of a nonempty set of states, a set of unary relations describing properties of states and a set of binary relations describing transitions between states. It was advocated by many authors [26, 3] that this kind of structures provide a good framework for describing behaviour of programs (or program schemes), or even more generally, engineering systems, provided their evolution in time is disc...
Generalized model checking: Reasoning about partial state spaces
 In Proceedings of the 11th InternationalConference onConcurrencyTheory (CONCUR00), C.Palamidessi, eds., Lecture Notes in Computer Science
, 2000
"... ..."
(Show Context)
Games for the µCalculus
"... Given a formula of the propositional µcalculus, we construct a tableau of the formula and define an infinite game of two players of which one wants to show that the formula is satisfiable, and the other seeks the opposite. The strategy for the first player can be further transformed into a model of ..."
Abstract

Cited by 73 (5 self)
 Add to MetaCart
Given a formula of the propositional µcalculus, we construct a tableau of the formula and define an infinite game of two players of which one wants to show that the formula is satisfiable, and the other seeks the opposite. The strategy for the first player can be further transformed into a model of the formula while the strategy for the second forms what we call a refutation of the formula. Using Martin's Determinacy Theorem, we prove that any formula has either a model or a refutation. This completeness result is a starting point for the completeness theorem for the µcalculus to be presented elsewhere. However, we argue that refutations have some advantages of their own. They are generated by a natural system of sound logical rules and can be presented as regular trees of the size exponential in the size of a refuted formula. This last aspect completes the small model theorem for the µcalculus established by Emerson and Jutla [3]. Thus, on a more practical side, refutations can be...
An Improved Algorithm for the Evaluation of Fixpoint Expressions
, 1996
"... Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification ..."
Abstract

Cited by 72 (3 self)
 Add to MetaCart
(Show Context)
Many automated finitestate verification procedures can be viewed as fixpoint computations over a finite lattice (typically the powerset of the set of system states). For this reason, fixpoint calculi such as those proposed by Kozen and Park have proven useful, both as ways to describe verification algorithms and as specification formalisms in their own right. We consider the problem of evaluating expressions in these calculi over a given model. A naive algorithm for this task may require time n q , where n is the maximum length of a chain in the lattice and q is the depth of fixpoint nesting. In 1986, Emerson and Lei presented a method requiring about n d steps, where d is the This research was sponsored in part by the Wright Laboratory, Aeronautical Systems Center, Air Force Material Command,USAF, and the Advanced Research Projects Agency (ARPA) under grant number F336159311330. The views and conclusions contained in this document are those of the authors and should not be ...
XPath with conditional axis relations
 In EDBT
, 2004
"... This paper is about the W3C standard nodeaddressing language for XML documents, called XPath. XPath is still under development. Version 2.0 appeared in 2001 while the theoretical foundations of Version 1.0 (dating from 1998) are still being widely studied. The paper aims at bringing XPath to a & ..."
Abstract

Cited by 72 (7 self)
 Add to MetaCart
This paper is about the W3C standard nodeaddressing language for XML documents, called XPath. XPath is still under development. Version 2.0 appeared in 2001 while the theoretical foundations of Version 1.0 (dating from 1998) are still being widely studied. The paper aims at bringing XPath to a "stable fixed point" in its development: a version which is expressively complete, still manageable computationally, with a userfriendly syntax and a natural semantics.