Results 1  10
of
10
Model checking of hierarchical state machines
 ACM Trans. Program. Lang. Syst
"... Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of sequential hierarchical (nested) systems, i.e., finitestate machines whose states themselves can be other machines. This nesting ability is common in var ..."
Abstract

Cited by 81 (9 self)
 Add to MetaCart
Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of sequential hierarchical (nested) systems, i.e., finitestate machines whose states themselves can be other machines. This nesting ability is common in various software design methodologies, and is available in several commercial modeling tools. The straightforward way to analyze a hierarchical machine is to flatten it (thus incurring an exponential blow up) and apply a modelchecking tool on the resulting ordinary FSM. We show that this flattening can be avoided. We develop algorithms for verifying lineartime requirements whose complexity is polynomial in the size of the hierarchical machine. We also address the verification of branching time requirements and provide efficient algorithms and matching lower bounds.
Reliable Hashing without Collision Detection
 IN COMPUTER AIDED VERIFICATION. 5TH INTERNATIONAL CONFERENCE
, 1993
"... Thanks to a variety of new techniques, statespace exploration is becoming an increasingly effective method for the verification of concurrent programs. One of these techniques, hashing without collision detection, was proposed by Holzmann as a waytovastly reduce the amount of memory needed to s ..."
Abstract

Cited by 63 (1 self)
 Add to MetaCart
Thanks to a variety of new techniques, statespace exploration is becoming an increasingly effective method for the verification of concurrent programs. One of these techniques, hashing without collision detection, was proposed by Holzmann as a waytovastly reduce the amount of memory needed to store the explored state space. Unfortunately, this reduction in memory use comes at the price of a high probability of ignoring part of the state space and hence of missing existing errors. In this paper, we carefully analyze this method and show that, by using a modified strategy, it is possible to reduce the risk of error to a negligible amount while maintaining the memory use advantage of Holzmann's technique. Our proposed strategy has been implemented and we describe experiments that confirm the excellent expected results.
The State of SPIN
 CAV 96: Computer Aided Veri Lecture Notes in Computer Science 1102
, 1996
"... ..."
A SpaceEfficient Onthefly Algorithm for RealTime Model Checking
 In Proceedings of CONCUR'96, Volume 1119 of LNCS
"... . In temporallogic model checking, we verify the correctness of a program with respect to a desired behavior by checking whether a structure that models the program satisfies a temporallogic formula that specifies the behavior. The main practical limitation of model checking is caused by the size ..."
Abstract

Cited by 15 (2 self)
 Add to MetaCart
. In temporallogic model checking, we verify the correctness of a program with respect to a desired behavior by checking whether a structure that models the program satisfies a temporallogic formula that specifies the behavior. The main practical limitation of model checking is caused by the size of the state space of the program, which grows exponentially with the number of concurrent components. This problem, known as the stateexplosion problem, becomes more difficult when we consider realtime model checking, where the program and the specification involve quantitative references to time. In particular, when use timed automata to describe realtime programs and we specify timed behaviors in the logic TCTL, a realtime extension of the temporal logic CTL with clock variables, then the state space under consideration grows exponentially not only with the number of concurrent components, but also with the number of clocks and the length of the clock constraints used in the program a...
CTL* Model Checking for SPIN
 IN SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER, LNCS
, 1999
"... We describe an efficient CTL* model checking algorithm based on alternating automata and games. A CTL* formula, expressing a correctness property, is first translated to a hesitant alternating automaton and then composed with a Kripke structure representing the model to be checked, this resulting ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
We describe an efficient CTL* model checking algorithm based on alternating automata and games. A CTL* formula, expressing a correctness property, is first translated to a hesitant alternating automaton and then composed with a Kripke structure representing the model to be checked, this resulting automaton is then checked for nonemptiness. We introduce the nonemptiness game that checks the nonemptiness of a hesitant alternating automata (HAA). In the same
Testing SPIN's LTL formula conversion into Bchi automata with randomly generated input
 In Proceedings of the 7th International SPIN Workshop on Model Checking of Software (SPIN'2000
, 2000
"... ..."
Direct Model Checking of Temporal Properties
"... In this paper, we address the problem of model checking temporal properties of finitestate programs. ..."
Abstract
 Add to MetaCart
In this paper, we address the problem of model checking temporal properties of finitestate programs.
L'analyse Formelle Des Systemes Temporises En Pratique
, 1998
"... In this thesis we propose a complete formal framework for the analysis of timed systems, with the emphasis given on the practicality of the approach. We describe timed systems in the formal model of timed automata, finitediscretestate automata equipped with clocks in a densetime domain. Propertie ..."
Abstract
 Add to MetaCart
In this thesis we propose a complete formal framework for the analysis of timed systems, with the emphasis given on the practicality of the approach. We describe timed systems in the formal model of timed automata, finitediscretestate automata equipped with clocks in a densetime domain. Properties of such systems are expressed in the lineartime formalism of timed Büchi automata (timed automata with acceptance conditions), or in one of the branchingtime logics CTL, TCTL or etctl. These formalisms cover a large spectrum of properties on the order of events and the timing constraints on the delays between events. We also examine other interesting properties such as deadlock and timelock freedom or reachability. We consider two types of analysis. Verification : given a system and a property, check whether the system satisfies the property. Controller synthesis : given a system and a property, find a restriction of the system which satisfies the property. These problems have been proven decidable in previous works, however, with a high (exponential) complexity, basically due to the fact that the state space is extremely large (state explosion) and has to be entirely generated and explored. To respond to the challenge of making the approach tractable, we propose methods which are efficient in practice, despite of the high worstcase theoretical complexity. Our approach is based on two key elements. First, on abstractions which reduce the concrete state space to a much smaller abstract state space, while preserving all properties of interest. Second, on efficient techniques to compute and explore the abstract state space. We define two sets of abstractions and study the properties they preserve. Timeabstracting bisimulations are equivalences which hide the quantitative aspect of time : we know that some time passes, but not how much. The stronger of these bisimulations preserves all properties of interest. Timeabstracting simulations are abstractions derived by a forward reachability analysis on the system. These abstractions preserve only linear properties. The analysis methods differ depending on the underlying abstraction(s) used. In the case of bisimulations, the approach consists in two steps : first, generate the timeabstracting quotient of the state space, then apply classical (untimed) analysis techniques to the quotient to prove properties of the concrete system. In the case of simulations, the generation of the abstract state space and the analysis are performed at the same time. This technique is called onthefly and can often provide fast answers without having to generate the entire (abstract) state space. We develop onthefly verification techniques for TBA and ETCTL.