Results 11  20
of
480
Visibly pushdown languages
, 2004
"... Abstract. We study congruences on words in order to characterize the class of visibly pushdown languages (Vpl), a subclass of contextfree languages. For any language L, we define a natural congruence on words that resembles the syntactic congruence for regular languages, such that this congruence i ..."
Abstract

Cited by 133 (15 self)
 Add to MetaCart
Abstract. We study congruences on words in order to characterize the class of visibly pushdown languages (Vpl), a subclass of contextfree languages. For any language L, we define a natural congruence on words that resembles the syntactic congruence for regular languages, such that this congruence is of finite index if, and only if, L is a Vpl. We then study the problem of finding canonical minimal deterministic automata for Vpls. Though Vpls in general do not have unique minimal automata, we consider a subclass of VPAs called kmodule singleentry VPAs that correspond to programs with recursive procedures without input parameters, and show that the class of wellmatched Vpls do indeed have unique minimal kmodule singleentry automata. We also give a polynomial time algorithm that minimizes such kmodule singleentry VPAs. 1 Introduction The class of visibly pushdown languages (Vpl), introduced in [1], is a subclassof contextfree languages accepted by pushdown automata in which the input letter determines the type of operation permitted on the stack. Visibly pushdown languages are closed under all boolean operations, and problems such as inclusion, that are undecidable for contextfree languages, are decidable for Vpl. Vpls are relevant to several applications that use contextfree languages suchas the modelchecking of software programs using their pushdown models [13]. Recent work has shown applications in other contexts: in modeling semanticsof effects in processing XML streams [4], in game semantics for programming languages [5], and in identifying larger classes of pushdown specifications thatadmit decidable problems for infinite games on pushdown graphs [6].
Reasoning about Systems with Many Processes
 Journal of the ACM
, 1992
"... Abstract. Methods are given for automatically verifying temporal properties of concurrent systems containing an arbitrary number of finitestate processes that communicate using CCS actions. Two models of systems are considered. Systems in the first model consist of a unique contro [ process and an ..."
Abstract

Cited by 130 (2 self)
 Add to MetaCart
Abstract. Methods are given for automatically verifying temporal properties of concurrent systems containing an arbitrary number of finitestate processes that communicate using CCS actions. Two models of systems are considered. Systems in the first model consist of a unique contro [ process and an arbitrary number of user processes with identical detlnitions, For this model, a decision procedure to check whether all the executions of a process satisfy a given specification is presented. This algorithm runs in time double exponential mthe sizes of the control andthe user process definitions. It is also proven that it is decidable whether all the fair executions of a process satisfy a gwen specification. The second model is a special case of the first. In this model, all the processes have identical definitions. For this model, an efficient decision procedure is presented that checks if every execution of a process satisfies a given temporal logic specification. This algorithm runs in time polynomial inthesize of the process definition. Itisshown howtoverify certamglobal properties such as mutual exchrslon and absence of deadlocks. Finally, it is shown how these decision procedures can beusedto reason about certain systems with a communication network,
Regular Model Checking
, 2000
"... . We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving re ..."
Abstract

Cited by 128 (20 self)
 Add to MetaCart
. We present regular model checking, a framework for algorithmic verification of infinitestate systems with, e.g., queues, stacks, integers, or a parameterized linear topology. States are represented by strings over a finite alphabet and the transition relation by a regular lengthpreserving relation on strings. Major problems in the verification of parameterized and infinitestate systems are to compute the set of states that are reachable from some set of initial states, and to compute the transitive closure of the transition relation. We present two complementary techniques for these problems. One is a direct automatatheoretic construction, and the other is based on widening. Both techniques are incomplete in general, but we give sufficient conditions under which they work. We also present a method for verifying !regular properties of parameterized systems, by computation of the transitive closure of a transition relation. 1 Introduction This paper presents regular ...
Model checking of message sequence charts
, 1999
"... Scenariobased specifications such as message sequence charts (MSC) or an intuitive and visual way of describing design requirements. Such specifications focus on message exchanges among communicating entities in distributed software systems. Structured specifications such as MSCgraphs and Hierarch ..."
Abstract

Cited by 124 (6 self)
 Add to MetaCart
Scenariobased specifications such as message sequence charts (MSC) or an intuitive and visual way of describing design requirements. Such specifications focus on message exchanges among communicating entities in distributed software systems. Structured specifications such as MSCgraphs and Hierarchical MSCgraphs (HMSC) allow convenient expression of multiple scenarios, and can be viewed as an early model of the system. In this paper, we present a comprehensive study of the problem of verifying whether this model satisfies a temporal requirement given by an automaton, by developing algorithms for the different cases along with matching lower bounds. When the model is given as an MSC, model checking can be done by constructing a suitable automaton for the linearizations of the partial order specified by the MSC, and the problem is coNPcomplete. When the model is given by an MSCgraph, we consider two possible semantics depending on the synchronous or asynchronous interpretation of concatenating two MSCs. For synchronous model checking of MSCgraphs and HMSCs, we present algorithms whose time complexity is proportional to the product of the size of the description and the cost of processing MSCs at individual vertices. Under the asynchronous interpretation, we prove undecidability of the model checking problem. We, then, identify a natural requirement of boundedness, give algorithms to check boundedness, and establish asynchronous model checking to be Pspacecomplete for bounded MSCgraphs and Expspacecomplete for bounded HMSCs.
Verification Tools for FiniteState Concurrent Systems
"... Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not t ..."
Abstract

Cited by 118 (3 self)
 Add to MetaCart
Temporal logic model checking is an automatic technique for verifying finitestate concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a statetransition graph. An efficient search procedure is used to determine whether or not the statetransition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and
Model Checking vs. Theorem Proving: A Manifesto
, 1991
"... We argue that rather than representing an agent's knowledge as a collection of formulas, and then doing theorem proving to see if a given formula follows from an agent's knowledge base, it may be more useful to represent this knowledge by a semantic model, and then do model checking to see if the g ..."
Abstract

Cited by 117 (5 self)
 Add to MetaCart
We argue that rather than representing an agent's knowledge as a collection of formulas, and then doing theorem proving to see if a given formula follows from an agent's knowledge base, it may be more useful to represent this knowledge by a semantic model, and then do model checking to see if the given formula is true in that model. We discuss how to construct a model that represents an agent's knowledge in a number of different contexts, and then consider how to approach the modelchecking problem.
Model Checking for a Probabilistic Branching Time Logic with Fairness
 Distributed Computing
, 1998
"... We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but n ..."
Abstract

Cited by 116 (37 self)
 Add to MetaCart
We consider concurrent probabilistic systems, based on probabilistic automata of Segala & Lynch [55], which allow nondeterministic choice between probability distributions. These systems can be decomposed into a collection of "computation trees" which arise by resolving the nondeterministic, but not probabilistic, choices. The presence of nondeterminism means that certain liveness properties cannot be established unless fairness is assumed. We introduce a probabilistic branching time logic PBTL, based on the logic TPCTL of Hansson [30] and the logic PCTL of [55], resp. pCTL of [14]. The formulas of the logic express properties such as "every request is eventually granted with probability at least p". We give three interpretations for PBTL on concurrent probabilistic processes: the first is standard, while in the remaining two interpretations the branching time quantifiers are taken to range over a certain kind of fair computation trees. We then present a model checking algorithm for...
A Direct Symbolic Approach to Model Checking Pushdown Systems (Extended Abstract)
, 1997
"... This paper gives a simple and direct algorithm for computing the always regular set of reachable states of a pushdown system. It then exploits this algorithm for obtaining model checking algorithms for lineartime temporal logic as well as for the logic CTL. For the latter, a new technical tool is i ..."
Abstract

Cited by 113 (4 self)
 Add to MetaCart
This paper gives a simple and direct algorithm for computing the always regular set of reachable states of a pushdown system. It then exploits this algorithm for obtaining model checking algorithms for lineartime temporal logic as well as for the logic CTL. For the latter, a new technical tool is introduced: pushdown automata with transitions conditioned on regular predicates on the stack content. Finally, this technical tool is also used to establish that CTL model checking remains decidable when the formulas are allowed to include regular predicates on the stack content.
Another Look at LTL Model Checking
 Formal Methods in System Design
, 1994
"... We show how LTL model checking can be reduced to CTL model checking with fairness constraints. Using this reduction, we also describe how to construct a symbolic LTL model checker that appears to be quite efficient in practice. In particular, we show how the SMV model checking system developed by Mc ..."
Abstract

Cited by 111 (11 self)
 Add to MetaCart
We show how LTL model checking can be reduced to CTL model checking with fairness constraints. Using this reduction, we also describe how to construct a symbolic LTL model checker that appears to be quite efficient in practice. In particular, we show how the SMV model checking system developed by McMillan [16] can be extended to permit LTL specifications. The results that we have obtained are quite surprising. For the examples we considered, the LTL model checker required at most twice as much time and space as the CTL model checker. Although additional examples still need to be tried, it appears that efficient LTL model checking is possible when the specifications are not excessively complicated. This research was sponsored in part by the Avionics Laboratory, Wright Research and Development Center, Aeronautical Systems Division (AFSC), U.S. Air Force, WrightPatterson AFB, Ohio 454336543 under Contract F3361590C1465, ARPA Order No. 7597 and in part by the National Science foundat...
Automatic Abstraction without Counterexamples
, 2002
"... A method of automatic abstraction is presented that uses proofs of unsatisfiability derived from SATbased bounded model checking as a guide to choosing an abstraction for unbounded model checking. Unlike earlier methods, this approach is not based on analysis of abstract counterexamples. The perfo ..."
Abstract

Cited by 108 (8 self)
 Add to MetaCart
A method of automatic abstraction is presented that uses proofs of unsatisfiability derived from SATbased bounded model checking as a guide to choosing an abstraction for unbounded model checking. Unlike earlier methods, this approach is not based on analysis of abstract counterexamples. The performance of this approach on benchmarks derived from microprocessor verification indicates that SAT solvers are quite effective in eliminating logic that is not relevant to a given property. Moreover, benchmark results suggest that when bounded model checking successfully terminates, and the problem is unsatisfiable, the number of state variables in the proof of unsatisfiability tends to be small. In all cases tested, when bounded model checking succeeded, unbounded model checking of the resulting abstraction also succeeded.