Results 1 
8 of
8
Model checking of message sequence charts
, 1999
"... Scenariobased specifications such as message sequence charts (MSC) or an intuitive and visual way of describing design requirements. Such specifications focus on message exchanges among communicating entities in distributed software systems. Structured specifications such as MSCgraphs and Hierarch ..."
Abstract

Cited by 124 (6 self)
 Add to MetaCart
Scenariobased specifications such as message sequence charts (MSC) or an intuitive and visual way of describing design requirements. Such specifications focus on message exchanges among communicating entities in distributed software systems. Structured specifications such as MSCgraphs and Hierarchical MSCgraphs (HMSC) allow convenient expression of multiple scenarios, and can be viewed as an early model of the system. In this paper, we present a comprehensive study of the problem of verifying whether this model satisfies a temporal requirement given by an automaton, by developing algorithms for the different cases along with matching lower bounds. When the model is given as an MSC, model checking can be done by constructing a suitable automaton for the linearizations of the partial order specified by the MSC, and the problem is coNPcomplete. When the model is given by an MSCgraph, we consider two possible semantics depending on the synchronous or asynchronous interpretation of concatenating two MSCs. For synchronous model checking of MSCgraphs and HMSCs, we present algorithms whose time complexity is proportional to the product of the size of the description and the cost of processing MSCs at individual vertices. Under the asynchronous interpretation, we prove undecidability of the model checking problem. We, then, identify a natural requirement of boundedness, give algorithms to check boundedness, and establish asynchronous model checking to be Pspacecomplete for bounded MSCgraphs and Expspacecomplete for bounded HMSCs.
Model checking of hierarchical state machines
 ACM Trans. Program. Lang. Syst
"... Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of sequential hierarchical (nested) systems, i.e., finitestate machines whose states themselves can be other machines. This nesting ability is common in var ..."
Abstract

Cited by 77 (9 self)
 Add to MetaCart
Model checking is emerging as a practical tool for detecting logical errors in early stages of system design. We investigate the model checking of sequential hierarchical (nested) systems, i.e., finitestate machines whose states themselves can be other machines. This nesting ability is common in various software design methodologies, and is available in several commercial modeling tools. The straightforward way to analyze a hierarchical machine is to flatten it (thus incurring an exponential blow up) and apply a modelchecking tool on the resulting ordinary FSM. We show that this flattening can be avoided. We develop algorithms for verifying lineartime requirements whose complexity is polynomial in the size of the hierarchical machine. We also address the verification of branching time requirements and provide efficient algorithms and matching lower bounds.
Hierarchical Hybrid Modeling of Embedded Systems
, 2001
"... This paper describes the modeling language CHARON for modular design of interacting hybrid systems. The language allows specification of architectural as well as behavioral hierarchy, and discrete as well as continuous activities. The modular structure of the language is not merely syntactic, bu ..."
Abstract

Cited by 26 (4 self)
 Add to MetaCart
This paper describes the modeling language CHARON for modular design of interacting hybrid systems. The language allows specification of architectural as well as behavioral hierarchy, and discrete as well as continuous activities. The modular structure of the language is not merely syntactic, but is exploited by analysis tools, and is supported by a formal semantics with an accompanying compositional theory of refinement. We illustrate the benefits of CHARON in design of embedded control software using examples from automated highways concerning vehicle coordination.
Symbolic Exploration of Transition Hierarchies
"... In formal design veri cation, successful model checking is typically preceded by a laborious manual process of constructing design abstractions. We present a methodology for partially and in some cases, fullybypassing the abstraction process. For this purpose, we provide to the designer abstractio ..."
Abstract

Cited by 13 (5 self)
 Add to MetaCart
In formal design veri cation, successful model checking is typically preceded by a laborious manual process of constructing design abstractions. We present a methodology for partially and in some cases, fullybypassing the abstraction process. For this purpose, we provide to the designer abstraction operators which, if used judiciously in the description of a design, structure the corresponding state space hierarchically. This structure can then be exploited by veri cation tools, and makes possible the automatic and exhaustive exploration of state spaces that would otherwise be out of scope for existing model checkers. Speci cally, we present the following contributions: A temporal abstraction operator that aggregates transitions and hides intermediate steps. Mathematically, our abstraction operator is a function that maps a at transition system into a twolevel hierarchy where each atomic upperlevel transition expands into an entire lowerlevel transition system. For example, an arithmetic operation may expand into a sequence of bit operations. A BDDbased algorithm for the symbolic exploration of multilevel hierarchies of transition
Formal Methods For Developing High Assurance Computer Systems: Working Group Report
, 1998
"... This report summarizes the discussions conducted on the topic "Formal Methods for Developing High Assurance Systems." High assurance computer systems are computer systems where convincing evidence is required that the system satisfies a collection of critical properties. To operate correctly, these ..."
Abstract

Cited by 7 (0 self)
 Add to MetaCart
This report summarizes the discussions conducted on the topic "Formal Methods for Developing High Assurance Systems." High assurance computer systems are computer systems where convincing evidence is required that the system satisfies a collection of critical properties. To operate correctly, these systems must satisfy properties such as safety and security. Examples of high assurance systems include flight control systems, medical systems, and control systems for nuclear plants. In addition, increased reliance on communications is moving many communications systems, such as telephone networks and cellular and satellite communications systems, into the domain of high assurance systems. The aim of the 1998 discussion was to revisit and continue a discussion began in the working group with the same name at the first WIFT in 1995. A report describing the discussions at WIFT'95 is available at the web site: http://www.cse.msu.edu/WIFT98/
Timespace tradeo s for undirected graph traversal
 In Proceedings 31st Annual Symposium on Foundations of Computer Science
, 1990
"... We investigate timespace tradeo s for traversing undirected graphs, using a variety of structured models that are all variants of Cook and Racko 's \Jumping Automata for Graphs". Our strongest tradeo is a quadratic lower bound on the product of time and space for graph traversal. For example, achie ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
We investigate timespace tradeo s for traversing undirected graphs, using a variety of structured models that are all variants of Cook and Racko 's \Jumping Automata for Graphs". Our strongest tradeo is a quadratic lower bound on the product of time and space for graph traversal. For example, achieving linear time requires linear space, implying that depth rst search is optimal. Since our bound in fact applies to nondeterministic algorithms for nonconnectivity, it also implies that closure under complementation of nondeterministic spacebounded complexity classes is achieved only at the expense of increased time. To demonstrate that these structured models are realistic, we also investigate their power. In addition to admitting well known algorithms such as depth rst search and random walk, we show that one simple variant of this model is nearly as powerful as a Turing machine. Speci cally, for general undirected graph problems, it can simulate a Turing machine with only a constant factor increase in space and a polynomial factor increase in time.
Interval Reduction through Requirements Analysis
, 1998
"... Our premise is that a notable part of the delays that can be encountered in system design projects are caused by logical inconsistencies that are often inadvertently inserted in the early phases of software design. ..."
Abstract
 Add to MetaCart
Our premise is that a notable part of the delays that can be encountered in system design projects are caused by logical inconsistencies that are often inadvertently inserted in the early phases of software design.