Results 1  10
of
37
Temporal and modal logic
 HANDBOOK OF THEORETICAL COMPUTER SCIENCE
, 1995
"... We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic. ..."
Abstract

Cited by 1300 (17 self)
 Add to MetaCart
(Show Context)
We give a comprehensive and unifying survey of the theoretical aspects of Temporal and modal logic.
Bisimulation through probabilistic testing
 in “Conference Record of the 16th ACM Symposium on Principles of Programming Languages (POPL
, 1989
"... We propose a language for testing concurrent processes and examine its strength in terms of the processes that are distinguished by a test. By using probabilistic transition systems as the underlying semantic model, we show how a testing algorithm can distinguish, with a probability arbitrarily clos ..."
Abstract

Cited by 533 (14 self)
 Add to MetaCart
We propose a language for testing concurrent processes and examine its strength in terms of the processes that are distinguished by a test. By using probabilistic transition systems as the underlying semantic model, we show how a testing algorithm can distinguish, with a probability arbitrarily close to one, between processes that are not bisimulation equivalent. We also show a similar result (in a slightly stronger form) for a new process relation called $bisimulationwhich lies strictly between that of simulation and bisimulation. Finally, the ultimately strength of the testing language is shown to identify a new process relation called probabilistic bisimulationwhich is strictly stronger than bisimulation. li? 1991 Academic Press. Inc. 1.
The Linear TimeBranching Time Spectrum II  The semantics of sequential systems with silent moves
, 1993
"... ion Rule (KFAR) (Baeten, Bergstra & Klop [3]), expresses a global fairness assumption. It says that when possible a system will escape from any cycle of internal actions. Some form of KFAR is crucial for many protocal verifications with unreliable channels, and for that reason preorders and equi ..."
Abstract

Cited by 376 (20 self)
 Add to MetaCart
ion Rule (KFAR) (Baeten, Bergstra & Klop [3]), expresses a global fairness assumption. It says that when possible a system will escape from any cycle of internal actions. Some form of KFAR is crucial for many protocal verifications with unreliable channels, and for that reason preorders and equivalences that satisfy KFAR are of special interest. Must preorders and divergence sensitive ones cannot satisfy KFAR. In Bergstra, Klop & Olderog [7] it is shown that the combination of KFAR with failure semantics is inconsistent, but they formulate a weaker version of KFAR that is satisfied in failure maysemantics. Still the combination of KFAR \Gamma and the liveness requirement appears to require global testing, and is only satisfied in the semantics between contrasimulation (C) and stability respecting branching bisimulation (BB s ). These requirements would reduce the number of suitable preorders to 18. It is in general a good strategy to do your verifications using the finest preorde...
Reactive, Generative and Stratified Models of Probabilistic Processes
 Information and Computation
, 1990
"... ion Let E; E 0 be PCCS expressions. The intermodel abstraction rule IMARGR is defined by E ff[p] \Gamma\Gamma! i E 0 =) E ff[p= G (E;fffg)] ae \Gamma\Gamma\Gamma\Gamma\Gamma\Gamma! i E 0 This rule uses the generative normalization function to convert generative probabilities to reactive ..."
Abstract

Cited by 195 (8 self)
 Add to MetaCart
(Show Context)
ion Let E; E 0 be PCCS expressions. The intermodel abstraction rule IMARGR is defined by E ff[p] \Gamma\Gamma! i E 0 =) E ff[p= G (E;fffg)] ae \Gamma\Gamma\Gamma\Gamma\Gamma\Gamma! i E 0 This rule uses the generative normalization function to convert generative probabilities to reactive ones, thereby abstracting away from the relative probabilities between different actions. We can now define 'GR ('G (P )) as the reactive transition system that can be inferred from P 's generative transition system via IMARGR . By the same procedure as described at the end of Section 3.1, 'GR can be extended to a mapping 'GR : j GG ! j GR . Write P GR ¸ Q if P; Q 2 Pr are reactive bisimulation equivalent with respect to the transitions derivable from G+IMARGR , i.e. the theory obtained by adding IMARGR to the rules of Figure 7. The equivalence GR ¸ is defined just like R ¸ but using the cPDF ¯GR instead of ¯R . ¯GR is defined by ¯GR (P; ff; S) = X i2I R (=I G ) fj p i j G+ I...
TableauBased Model Checking in the Propositional MuCalculus
 Acta Informatica
, 1990
"... This paper describes a procedure, based around the construction of tableau proofs, for determining whether finitestate systems enjoy properties formulated in the propositional mucalculus. It presents a tableaubased proof system for the logic and proves it sound and complete, and it discusses tech ..."
Abstract

Cited by 102 (7 self)
 Add to MetaCart
(Show Context)
This paper describes a procedure, based around the construction of tableau proofs, for determining whether finitestate systems enjoy properties formulated in the propositional mucalculus. It presents a tableaubased proof system for the logic and proves it sound and complete, and it discusses techniques for the efficient construction of proofs that states enjoy properties expressed in the logic. The approach is the basis of an ongoing implementation of a model checker in the Concurrency Workbench, an automated tool for the analysis of concurrent systems. 1 Introduction One area of program verification that has proven amenable to automation involves the analysis of finitestate processes. While computer systems in general are not finitestate, many interesting ones, including a variety of communication protocols and hardware systems, are, and their finitary nature enables the development and implementation of decision procedures that test for various properties. Model checking has p...
Complete Axiomatizations for Reasoning about Knowledge and Time
 STUDIA LOGICA
, 1999
"... Sound and complete axiomatizations are provided for a number of different logics involving modalities for knowledge and time. These logics arise from different choices for various parameters regarding the regarding the interaction of knowledge with time and regarding the language used. All the logic ..."
Abstract

Cited by 84 (6 self)
 Add to MetaCart
Sound and complete axiomatizations are provided for a number of different logics involving modalities for knowledge and time. These logics arise from different choices for various parameters regarding the regarding the interaction of knowledge with time and regarding the language used. All the logics considered involve the discrete time linear temporal logic operators `next' and `until' and an operator for the knowledge of each of a number of agents. Both the single agent and multiple agent cases are studied: in some instances of the latter there is also an operator for the common knowledge of the group of all agents. Four different semantic properties of agents are considered: whether they have a unique initial state, whether they operate synchronously, whether they have perfect recall, and whether they learn. The property of no learning is essentially dual to perfect recall. Not all settings of these parameters lead to recursively axiomatizable logics, but sound and complete axiomatizations are presented for all the ones that do.
Refinementoriented probability for CSP
, 1995
"... Jones and Plotkin give a general construction for forming a probabilistic powerdomain over any directedcomplete partial order [Jon90, JP89]. We apply their technique to the failures/divergences semantic model for Communicating Sequential Processes [Hoa85]. The resulting probabilistic model supports ..."
Abstract

Cited by 44 (7 self)
 Add to MetaCart
Jones and Plotkin give a general construction for forming a probabilistic powerdomain over any directedcomplete partial order [Jon90, JP89]. We apply their technique to the failures/divergences semantic model for Communicating Sequential Processes [Hoa85]. The resulting probabilistic model supports a new binary operator, probabilistic choice, and retains all operators of CSP including its two existing forms of choice. An advantage of using the general construction is that it is easy to see which CSP identities remain true in the probabilistic model. A surprising consequence however is that probabilistic choice distributes through all other operators; such algebraic mobility means that the syntactic position of the choice operator gives little information about when the choice actually must occur. That in turn leads to some interesting interaction between probability and nondeterminism. A simple communications protocol is used to illustrate the probabilistic algebra, and several sugg...
Automated Temporal Reasoning about Reactive Systems
, 1996
"... . There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective a ..."
Abstract

Cited by 41 (2 self)
 Add to MetaCart
. There is a growing need for reliable methods of designing correct reactive systems such as computer operating systems and air traffic control systems. It is widely agreed that certain formalisms such as temporal logic, when coupled with automated reasoning support, provide the most effective and reliable means of specifying and ensuring correct behavior of such systems. This paper discusses known complexity and expressiveness results for a number of such logics in common use and describes key technical tools for obtaining essentially optimal mechanical reasoning algorithms. However, the emphasis is on underlying intuitions and broad themes rather than technical intricacies. 1 Introduction There is a growing need for reliable methods of designing correct reactive systems. These systems are characterized by ongoing, typically nonterminating and highly nondeterministic behavior. Examples include operating systems, network protocols, and air traffic control systems. There is w...
Efficient Detection of Vacuity in Temporal Model Checking
 Formal Methods in System Design
, 2001
"... Abstract. The ability to generate a counterexample is an important feature of model checking tools, because a counterexample provides information to the user in the case that the formula being checked is found to be nonvalid. In this paper, we turn our attention to providing similar feedback to t ..."
Abstract

Cited by 34 (6 self)
 Add to MetaCart
(Show Context)
Abstract. The ability to generate a counterexample is an important feature of model checking tools, because a counterexample provides information to the user in the case that the formula being checked is found to be nonvalid. In this paper, we turn our attention to providing similar feedback to the user in the case that the formula is found to be valid, because valid formulas can hide real problems in the model. For instance, propositional logic formulas containing implications can suffer from antecedent failure, in which the formula is trivially valid because the precondition of the implication is not satisfiable. We call this vacuity, and extend the definition to cover other kinds of trivial validity. For nonvacuously valid formulas, we define an interesting witness as a nontrivial example of the validity of the formula. We formalize the notions of vacuity and interesting witness, and show how to detect vacuity and generate interesting witnesses in temporal model checking. Finally, we provide a practical solution for a useful subset of ACTL formulas.