Results 1  10
of
295
Fast LTL to Büchi Automata Translation
, 2001
"... We present an algorithm to generate Büchi automata from LTL formulae. This algorithm generates a very weak alternating coBüchi automaton and then transforms it into a Büchi automaton, using a generalized B"uchi automaton as an intermediate step. Each automaton is simplified onthefly in ..."
Abstract

Cited by 180 (3 self)
 Add to MetaCart
(Show Context)
We present an algorithm to generate Büchi automata from LTL formulae. This algorithm generates a very weak alternating coBüchi automaton and then transforms it into a Büchi automaton, using a generalized B&quot;uchi automaton as an intermediate step. Each automaton is simplified onthefly in order to save memory and time. As usual we simplify the LTL formula before any treatment. We implemented this algorithm and compared it with Spin: the experiments show that our algorithm is much more efficient than Spin. The criteria of comparison are the size of the resulting automaton, the time of the computation and the memory used. Our implementation is available on the web at the following address: http://verif.liafa.jussieu.fr/ltl2ba
Model Checking of Safety Properties
, 1999
"... Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simp ..."
Abstract

Cited by 149 (22 self)
 Add to MetaCart
(Show Context)
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixedpoint expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...
The ForSpec Temporal Logic: A New Temporal PropertySpecification Language
, 2001
"... In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal propertyspecification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of log ..."
Abstract

Cited by 90 (22 self)
 Add to MetaCart
In this paper we describe the ForSpec Temporal Logic (FTL), the new temporal propertyspecification logic of ForSpec, Intel's new formal specification language. The key features of FTL are as follows: it is a linear temporal logic, based on Pnueli's LTL, it is based on a rich set of logical and arithmetical operations on bit vectors to describe state properties, it enables the user to define temporal connectives over time windows, it enables the user to define regular events, which are regular sequences of Boolean events, and then relate such events via special connectives, it enables the user to express properties about the past, and it includes constructs that enable the user to model multiple clock and reset signals, which is useful in the verification of hardware design.
Runtime verification for LTL and TLTL
, 2007
"... This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued ..."
Abstract

Cited by 69 (17 self)
 Add to MetaCart
(Show Context)
This paper studies runtime verification of properties expressed either in lineartime temporal logic (LTL) or timed lineartime temporal logic (TLTL). It classifies runtime verification in identifying its distinguishing features to model checking and testing, respectively. It introduces a threevalued semantics (with truth values true, false, inconclusive) as an adequate interpretation as to whether a partial observation of a running system meets an LTL or TLTL property. For LTL, a conceptually simple monitor generation procedure is given, which is optimal in two respects: First, the size of the generated deterministic monitor is minimal, and, second, the monitor identifies a continuously monitored trace as either satisfying or falsifying a property as early as possible. The feasibility of the developed methodology is demontrated using a collection of realworld temporal logic specifications. Moreover, the presented approach is related to the properties monitorable in general and is compared to existing concepts in the literature. It is shown that the set of monitorable properties does not only encompass the safety and cosafety properties but is strictly larger. For TLTL, the same road map is followed by first defining a threevalued semantics. The corresponding construction of a timed monitor is more involved, yet, as shown, possible.
Automatic Verification of Parameterized Synchronous Systems (Extended Abstract)
 In Proc. 8th Int'l. Conference on ComputerAided Verification (CAV
, 1996
"... ) E. Allen Emerson and Kedar S. Namjoshi Department of Computer Sciences, The University of Texas at Austin, U.S.A. Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parameterized Model Checking Problem (PMCP) is to determine whether a temporal pro ..."
Abstract

Cited by 65 (7 self)
 Add to MetaCart
) E. Allen Emerson and Kedar S. Namjoshi Department of Computer Sciences, The University of Texas at Austin, U.S.A. Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parameterized Model Checking Problem (PMCP) is to determine whether a temporal property is true of every size instance of the system. We consider systems formed by a synchronous parallel composition of a single control process with an arbitrary number of homogeneous user processes, and show that the PMCP is decidable for properties expressed in an indexed propositional temporal logic. While the problem is in general PSPACEcomplete, our initial experimental results indicate that the method is usable in practice. 1 Introduction Systems with an arbitrary number of homogeneous processes occur in many contexts, especially in protocols for data communication, cache coherence, and classical synchronization problems. Current verification work on such systems has focussed mostly...
Monitoring of realtime properties
 In Proceedings of the 26th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), volume 4337 of LNCS
, 2006
"... Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for unti ..."
Abstract

Cited by 57 (16 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for untimed and timed formulae, in that standard models of linear temporal logic are infinite traces, whereas in runtime verification only finite system behaviours are at hand. Therefore, a 3valued semantics (true, false, inconclusive) for LTL and TLTL on finite traces is defined that resembles the infinite trace semantics in a suitable and intuitive manner. Then, the paper describes how to construct, given a (T)LTL formula, a deterministic monitor with three output symbols that reads a finite trace and yields its according 3valued (T)LTL semantics. Notably, the monitor rejects a trace as early as possible, in that any minimal bad prefix results in false as a return value. 1
Automatatheoretic approach to planning for temporally extended goals
 IN ECP
, 2000
"... We study an automatatheoretic approach to planning for temporally extended goals. Specifically, we devise techniques based on nonemptiness of Büchi automata on infinite words, to synthesize sequential and conditional plans in a generalized setting in which we have that: goals are general temporal ..."
Abstract

Cited by 53 (10 self)
 Add to MetaCart
We study an automatatheoretic approach to planning for temporally extended goals. Specifically, we devise techniques based on nonemptiness of Büchi automata on infinite words, to synthesize sequential and conditional plans in a generalized setting in which we have that: goals are general temporal properties of desired execution; dynamic systems are represented by finite transition systems; incomplete information on the initial situation is allowed; and states are only partially observable. We prove that the techniques proposed are optimal wrt the worst case complexity of the problem. Thanks to the scalability of the nonemptiness algorithms, the techniques presented here promise to be applicable to fairly large systems, notwithstanding the intrinsic complexity of the problem.
SPOT: an Extensible Model Checking Library Using TransitionBased Generalized Büchi Automata
 IN PROC. OF MASCOTS’04
, 2004
"... Spot is a C++ library offering model checking bricks that can be combined and interfaced with third party tools to build a model checker. It relies on Transitionbased Generalized B uchi Automata (TGBA) and does not need to degeneralize these automata to check their emptiness. We motivate the choice ..."
Abstract

Cited by 51 (13 self)
 Add to MetaCart
Spot is a C++ library offering model checking bricks that can be combined and interfaced with third party tools to build a model checker. It relies on Transitionbased Generalized B uchi Automata (TGBA) and does not need to degeneralize these automata to check their emptiness. We motivate the choice of TGBA by illustrating a very simple (yet efficient) translation of LTL into TGBA. We then show how it supports onthefly computations, and how it can be extended or integrated in other tools.
Distributed Explicit Fair Cycle Detection (Set Based Approach)
"... The fair cycle detectiou problem is at the heart of both LTL and fair CTL model checking. This paper preseuts a new distributed scalable algorithm for explicit fair cycle detection. Our method combines the simplicity of the distributiou of explicitly preseuted data structure and the features of ..."
Abstract

Cited by 48 (12 self)
 Add to MetaCart
The fair cycle detectiou problem is at the heart of both LTL and fair CTL model checking. This paper preseuts a new distributed scalable algorithm for explicit fair cycle detection. Our method combines the simplicity of the distributiou of explicitly preseuted data structure and the features of symbolic algorithm allowing for an efficient parallelisa tion. If a fair cycle (i.e. couuterexample) is detected, theu the algorithm produces a cycle, which is in general shorter than that produced by depthfirst search based algorithms, Experimental results confirm that our approach outperforms that based ou a direct implementation of the best sequential algorithm.