Results 1  10
of
41
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Efficient Model Checking Using Tabled Resolution
 Computer Aided Verification (CAV '97)
, 1997
"... We demonstrate the feasibility of using the XSB tabled logic programming system as a programmable fixedpoint engine for implementing efficient local model checkers. In particular, we present XMC, an XSBbased local model checker for a CCSlike valuepassing language and the alternationfree fragmen ..."
Abstract

Cited by 119 (32 self)
 Add to MetaCart
We demonstrate the feasibility of using the XSB tabled logic programming system as a programmable fixedpoint engine for implementing efficient local model checkers. In particular, we present XMC, an XSBbased local model checker for a CCSlike valuepassing language and the alternationfree fragment of the modal mucalculus. XMC is written in under 200 lines of XSB code, which constitute a declarative specification of CCS and the modal mucalculus at the level of semantic equations. In order to gauge the performance of XMC as an algorithmic model checker, we conducted a series of benchmarking experiments designed to compare the performance of XMC with the local model checkers implemented in C/C++ in the Concurrency Factory and SPIN specification and verification environments. After applying certain newly developed logicprogrammingbased optimizations (along with some standard ones), XMC's performance became extremely competitive with that of the Factory and shows promise in its comparison with SPIN.
Algebraic Process Verification
 Handbook of Process Algebra, chapter 17
"... This chapter addresses the question how to verify distributed and communicating systems in an e#ective way from an explicit process algebraic standpoint. This means that all calculations are based on the axioms and principles of the process algebras. ..."
Abstract

Cited by 62 (16 self)
 Add to MetaCart
This chapter addresses the question how to verify distributed and communicating systems in an e#ective way from an explicit process algebraic standpoint. This means that all calculations are based on the axioms and principles of the process algebras.
Efficient Verification of Parallel RealTime Systems
 In Costas Courcoubetis, editor, Computer Aided Verification
, 1997
"... This paper presents an efficient model checking algorithm for onesafe time Petri nets and a timed temporal logic. The approach is based on the idea of (1) using only differences of timing variables to be able to construct a finite representation of the set of all reachable states and (2) further r ..."
Abstract

Cited by 45 (10 self)
 Add to MetaCart
This paper presents an efficient model checking algorithm for onesafe time Petri nets and a timed temporal logic. The approach is based on the idea of (1) using only differences of timing variables to be able to construct a finite representation of the set of all reachable states and (2) further reducing the size of this representation by exploiting the concurrency in the net. This reduction of the state space is possible, because the considered lineartime temporal logic is stuttering invariant. The firings of transitions are only partially ordered by causality and a given formula
Monte Carlo Model Checking
 In Proc. of Tools and Algorithms for Construction and Analysis of Systems (TACAS 2005), volume 3440 of LNCS
, 2005
"... Abstract. We present MC 2, what we believe to be the first randomized, Monte Carlo algorithm for temporallogic model checking, the classical problem of deciding whether or not a property specified in temporal logic holds of a system specification. Given a specification S of a finitestate system, a ..."
Abstract

Cited by 43 (4 self)
 Add to MetaCart
Abstract. We present MC 2, what we believe to be the first randomized, Monte Carlo algorithm for temporallogic model checking, the classical problem of deciding whether or not a property specified in temporal logic holds of a system specification. Given a specification S of a finitestate system, an LTL (Linear Temporal Logic) formula ϕ, and parameters ɛ and δ, MC 2 takes N = ln(δ) / ln(1 − ɛ) random samples (random walks ending in a cycle, i.e lassos) from the Büchi automaton B = BS × B¬ϕ to decide if L(B) = ∅. Should a sample reveal an accepting lasso l, MC 2 returns false with l as a witness. Otherwise, it returns true and reports that with probability less than δ, pZ < ɛ, where pZ is the expectation of an accepting lasso in B. It does so in time O(N · D) and space O(D), where D is B’s recurrence diameter, using a number of samples N that is optimal to within a constant factor. Our experimental results demonstrate that MC 2 is fast, memoryefficient, and scales very well.
State Space Reduction using Partial Order Techniques
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
, 1998
"... With the advancement of computer technology, highly concurrent systems are being developed. The verification of such systems is a challenging task, as their state space grows exponentially with the number of processes. Partial order reduction is an effective technique to address this problem. It re ..."
Abstract

Cited by 22 (2 self)
 Add to MetaCart
With the advancement of computer technology, highly concurrent systems are being developed. The verification of such systems is a challenging task, as their state space grows exponentially with the number of processes. Partial order reduction is an effective technique to address this problem. It relies on the observation that the effect of executing transitions concurrently is often independent of their ordering. In this paper we present the basic principles behind partial order reduction and its implementation.
ModelChecking for a Subclass of Event Structures
 Proc. of TACAS'97, LNCS 1217
, 1997
"... . A finite representation of the prime event structure corresponding to the behaviour of a program is suggested. The algorithm of linear complexity using this representation for model checking of the formulas of Discrete Event Structure Logic without past modalities is given. A method of building fi ..."
Abstract

Cited by 15 (8 self)
 Add to MetaCart
. A finite representation of the prime event structure corresponding to the behaviour of a program is suggested. The algorithm of linear complexity using this representation for model checking of the formulas of Discrete Event Structure Logic without past modalities is given. A method of building finite representations of event structures in an efficient way by applying partial order reductions is provided. 1 Introduction Model checking is one of the most successful methods of automatic verification of program properties. A modelchecking algorithm decides whether a finitestate concurrent system satisfies its specification, given as a formula of a temporal logic [3, 10]. Behaviour of a concurrent system can be modeled in two ways. In the interleaving semantics, the meaning of a program is an execution tree, temporallogic assertions are interpreted over paths of this tree. In partialorder semantics (or event structure semantics), behaviour is an event structure, where the ordering r...
Verification Experiments on the MASCARA Protocol
 In Proceedings of SPIN Workshop ’01
, 2001
"... . In this paper, we describe a case study on the verification of a real industrial protocol for wireless atm, called mascara. Several tools have been used: sdl has been chosen as the specification language and the commercial tool Objectgeode has been used for creating and maintaining sdl descript ..."
Abstract

Cited by 13 (8 self)
 Add to MetaCart
. In this paper, we describe a case study on the verification of a real industrial protocol for wireless atm, called mascara. Several tools have been used: sdl has been chosen as the specification language and the commercial tool Objectgeode has been used for creating and maintaining sdl descriptions. The if toolset has been used for generation, minimization and comparison of system models and verification of expected properties. All specification and verification tools are connected via the if language, which has been defined as an intermediate representation for timed asynchronous systems as well as an open validation environment. Due to the complexity of the protocol, static analysis techniques, such as live variable analysis and program slicing, were the key to the success of this case study. The results obtained give some hints concerning a methodology for the formal verification of real systems. 1 Introduction Model checking [CE81,QS82] is by now a well established m...
On the Costs and Benefits of using PartialOrder Methods for the Verification of Concurrent Systems
 Proceedings of DIMACS Workshop on PartialOrder Methods in Verification
, 1997
"... Verification by statespace exploration is one of the most successful strategies for analyzing the correctness of finitestate concurrent reactive systems. Partialorder methods are algorithms for dynamically pruning the state space of such systems without incurring the risk of any incompleteness in ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
Verification by statespace exploration is one of the most successful strategies for analyzing the correctness of finitestate concurrent reactive systems. Partialorder methods are algorithms for dynamically pruning the state space of such systems without incurring the risk of any incompleteness in the verification results. This paper presents results of experiments performed with these algorithms on real protocol examples, and discusses the practical significance of partialorder methods. 1. Introduction Statespace exploration is one of the most successful strategies for checking the correctness of finitestate concurrent reactive systems. It consists in exploring a global state graph, called the state space, representing the combined behavior of all concurrent components in the system. Many different types of properties of a system can be checked by exploring its state space: deadlocks, dead code, unspecified receptions, violations of userspecified assertions, etc. Moreo...
Exp.Open 2.0: A Flexible Tool Integrating Partial Order, Compositional, and Onthefly Verification Methods
, 2005
"... It is desirable to integrate formal verification techniques applicable to different languages. We present Exp.Open 2.0, a new tool of the Cadp verification toolbox which combines several features. First, Exp.Open 2.0 allows to describe concurrent systems as a composition of finite state machines, ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
It is desirable to integrate formal verification techniques applicable to different languages. We present Exp.Open 2.0, a new tool of the Cadp verification toolbox which combines several features. First, Exp.Open 2.0 allows to describe concurrent systems as a composition of finite state machines, using either synchronization vectors, or parallel composition, hiding, renaming, and cut operators from several process algebras (Ccs, Csp, Lotos, ELotos, µCrl). Second, together with other tools of Cadp, Exp.Open 2.0 allows state space generation and onthefly exploration. Third, Exp.Open 2.0 implements onthefly partial order reductions to avoid the generation of irrelevant interleavings of independent transitions. Fourth, Exp.Open 2.0 allows to export models towards other tools using interchange formats such as automata networks and Petri nets. Finally, we show some practical applications and measure the efficiency of Exp.Open 2.0 on several benchmarks.