Results 1  10
of
38
Reasoning about The Past with TwoWay Automata
 In 25th International Colloqium on Automata, Languages and Programming, ICALP ’98
, 1998
"... Abstract. The pcalculus can be viewed as essentially the "ultimate" program logic, as it expressively subsumes all propositional program logics, including dynamic logics, process logics, and temporal logics. It is known that the satisfiability problem for the pcalculus is EXPTIMEcomplete ..."
Abstract

Cited by 160 (14 self)
 Add to MetaCart
(Show Context)
Abstract. The pcalculus can be viewed as essentially the "ultimate" program logic, as it expressively subsumes all propositional program logics, including dynamic logics, process logics, and temporal logics. It is known that the satisfiability problem for the pcalculus is EXPTIMEcomplete. This upper bound, however, is known for a version of the logic that has only forward modalities, which express weakest preconditions, but not backward modalities, which express strongest postconditions. Our main result in this paper is an exponential time upper bound for the satisfiability problem of the pcalculus with both forward and backward modalities. To get this result we develop a theory of twoway alternating automata on infinite trees. 1
Heterogeneous Concurrent Modeling and Design in Java (Volumes 1: Introduction to Ptolemy II)
, 2005
"... ..."
A survey of recent advances in SATbased formal verification
 STTT
, 2005
"... Dramatic improvements in SAT solver technology over the last decade and the growing need for more efficient and scalable verification solutions have fueled research in verification methods based on SAT solvers. This paper presents a survey of the latest developments in SATbased formal verificatio ..."
Abstract

Cited by 67 (9 self)
 Add to MetaCart
Dramatic improvements in SAT solver technology over the last decade and the growing need for more efficient and scalable verification solutions have fueled research in verification methods based on SAT solvers. This paper presents a survey of the latest developments in SATbased formal verification, including incomplete methods such as bounded model checking and complete methods for model checking. We focus on how the surveyed techniques formulate the verification problem as a SAT problem and how they exploit crucial aspects of a SAT solver, such as applicationspecific heuristics and conflictdriven learning. Finally,wesummarizethenoteworthy achievements in this area so far and note the major challenges in making this technology more pervasive in industrial design verification flows.
Liveness Checking as Safety Checking
 In FMICS’02: Formal Methods for Industrial Critical Systems, volume 66(2) of ENTCS
, 2002
"... Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algo ..."
Abstract

Cited by 60 (5 self)
 Add to MetaCart
Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algorithms have always been considered to be necessary for checking liveness. In this paper we describe an e#cient translation of liveness checking problems into safety checking problems. A counter example is detected by saving a previously visited state in an additional state recording component and checking a loop closing condition. The approach handles fairness and thus extends to full LTL.
Efficient Decision Procedures for Model Checking of Linear Time Logic Properties
 Eleventh Conference on Computer Aided Verification (CAV'99
, 1999
"... . We propose an algorithm for LTL model checking based on the classification of the automata and on guided symbolic search. Like most current methods for LTL model checking, our algorithm starts with a tableau construction and uses a model checker for CTL with fairness constraints to prove the exist ..."
Abstract

Cited by 43 (14 self)
 Add to MetaCart
(Show Context)
. We propose an algorithm for LTL model checking based on the classification of the automata and on guided symbolic search. Like most current methods for LTL model checking, our algorithm starts with a tableau construction and uses a model checker for CTL with fairness constraints to prove the existence of fair paths. However, we classify the tableaux according to their structure, and use efficient decision procedures for each class. Guided search applies hints to constrain the transition relation during fixpoint computations. Each fixpoint is thus translated into a sequence of fixpoints that are often much easier to compute than the original one. Our preliminary experimental results suggest that the new algorithm for LTL is quite efficient. In fact, for properties that can be expressed in both CTL and LTL, the algorithm is competitive with the CTL model checking algorithm. 1 Introduction Successful application of model checking requires strategies to bridge the gap betwee...
Expand, Enlarge and Check: New algorithms for the coverability problem of WSTS
 J. COMPUT. SYST. SCI
, 2006
"... In this paper, we present a general algorithmic schema called \Expand, Enlarge and Check" from which new efficient algorithms for the coverability problem of WSTS can be constructed. We show here that our schema allows us to define forward algorithms that decide the coverability problem for se ..."
Abstract

Cited by 37 (5 self)
 Add to MetaCart
In this paper, we present a general algorithmic schema called \Expand, Enlarge and Check" from which new efficient algorithms for the coverability problem of WSTS can be constructed. We show here that our schema allows us to define forward algorithms that decide the coverability problem for several classes of systems for which the Karp and Miller procedure cannot be generalized, and for which no complete forward algorithms were known. Our results have important applications for the verification of parameterized systems and communication protocols.
Model Checking the World Wide Web
 Computer Aided Verification
, 2001
"... . Web design is an inherently errorprone process. To help with the detection of errors in the structure and connectivity of Web pages, we propose to apply modelchecking techniques to the analysis of the World Wide Web. Model checking the Web is different in many respects from ordinary model che ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
(Show Context)
. Web design is an inherently errorprone process. To help with the detection of errors in the structure and connectivity of Web pages, we propose to apply modelchecking techniques to the analysis of the World Wide Web. Model checking the Web is different in many respects from ordinary model checking of system models, since the Kripke structure of the Web is not known in advance, but can only be explored in a gradual fashion. In particular, the modelchecking algorithms cannot be phrased in ordinary calculus, since some operations, such as the computation of sets of predecessor Web pages and the computations of greatest fixpoints, are not possible on the Web. We introduce constructive calculus, a fixpoint calculus similar to calculus, but whose formulas can be effectively evaluated over the Web; and we show that its expressive power is very close to that of ordinary calculus. Constructive calculus can be used not only for phrasing Web modelchecking algorithms, but also for the analysis of systems having a large, irregular state space that can be only gradually explored, such as software systems. On the basis of these ideas, we have implemented the Web model checker MCWEB, and we describe some of the issues that arose in its implementation, as well as the type of errors that it was able to find. 1
Is There a Best Symbolic CycleDetection Algorithm?
 In Proc. Tools and Algorithms for Construction and Analysis of Systems, volume 2031 of LNCS
, 2001
"... Faircycle detection, a core problem in model checking, is solvable in linear time in the size of the design model using an explicit state representation. Existing cycledetection algorithms for symbolic model checking are quadratic or n log n time in the worst case and often inefficient in practice ..."
Abstract

Cited by 33 (3 self)
 Add to MetaCart
Faircycle detection, a core problem in model checking, is solvable in linear time in the size of the design model using an explicit state representation. Existing cycledetection algorithms for symbolic model checking are quadratic or n log n time in the worst case and often inefficient in practice. Which default symbolic cycledetection algorithm to implement in model checkers remains an open question. We compare several such algorithms based on the numbers of external and internal iterations and the numbers of image operations that they perform on both randomlygenerated and real examples. Unlike recent work by Ravi, Bloem, and Somenzi, we conclude that model checkers need to implement at least two generic cycledetection algorithms: the traditional EmersonLei algorithm and one that evolved from our study, originally due to Hojati et al. We demonstrate that these two algorithms are complementary, as the latter algorithm is provably incomparable to EmersonLei's and often...
A practical approach to coverage in model checking
 In Computer Aided Verification, Proc. 13th International Conference
, 2001
"... Abstract. In formal verification, we verify that a system is correct with respect to a specification. When verification succeeds and the system is proven to be correct, there is still a question of how complete the specification is, and whether it really covers all the behaviors of the system. In th ..."
Abstract

Cited by 32 (11 self)
 Add to MetaCart
(Show Context)
Abstract. In formal verification, we verify that a system is correct with respect to a specification. When verification succeeds and the system is proven to be correct, there is still a question of how complete the specification is, and whether it really covers all the behaviors of the system. In this paper we study coverage metrics for model checking from a practical point of view. Coverage metrics are based on modifications we apply to the system in order to check which parts of it were actually relevant for the verification process to succeed. We suggest several definitions of coverage, suitable for specifications given in linear temporal logic or by automata on infinite words. We describe two algorithms for computing the parts of the system that are not covered by the specification. The first algorithm is built on top of automatabased modelchecking algorithms. The second algorithm reduces the coverage problem to the modelchecking problem. Both algorithms can be implemented on top of existing model checking tools. 1
Partial completeness of abstract fixpoint checking
 PROC. 4 TH INT. SYMP. SARA’2000. HORSESHOE BAY, TX, US, LNAI 1864. SPRINGERVERLAG
, 2000
"... Abstract interpretation is used in program static analysis and model checking to cope with infinite state spaces and/or with computer fixpoints for specifications. The abstraction is partially complete when the checking algorithm is exact in that, if the algorithm ever terminates, its answer is alw ..."
Abstract

Cited by 23 (13 self)
 Add to MetaCart
Abstract interpretation is used in program static analysis and model checking to cope with infinite state spaces and/or with computer fixpoints for specifications. The abstraction is partially complete when the checking algorithm is exact in that, if the algorithm ever terminates, its answer is always affirmative for correct specifications. We characterize partially complete abstractions for various abstract fixpoint checking algorithms, including new ones, and show that the computation of complete abstract domains is essentially equivalent to invariance proofs that is to concrete fixpoint checking.