Results 1  10
of
58
An AutomataTheoretic Approach to BranchingTime Model Checking
 JOURNAL OF THE ACM
, 1998
"... Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques ..."
Abstract

Cited by 354 (66 self)
 Add to MetaCart
Translating linear temporal logic formulas to automata has proven to be an effective approach for implementing lineartime modelchecking, and for obtaining many extensions and improvements to this verification method. On the other hand, for branching temporal logic, automatatheoretic techniques have long been thought to introduce an exponential penalty, making them essentially useless for modelchecking. Recently, Bernholtz and Grumberg have shown that this exponential penalty can be avoided, though they did not match the linear complexity of nonautomatatheoretic algorithms. In this paper we show that alternating tree automata are the key to a comprehensive automatatheoretic framework for branching temporal logics. Not only, as was shown by Muller et al., can they be used to obtain optimal decision procedures, but, as we show here, they also make it possible to derive optimal modelchecking algorithms. Moreover, the simple combinatorial structure that emerges from the a...
A Partial Approach to Model Checking
 INFORMATION AND COMPUTATION
, 1994
"... This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, includin ..."
Abstract

Cited by 124 (4 self)
 Add to MetaCart
This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, including automata that operate on words of ordinality higher than \omega.
Reasoning about Rings
, 1995
"... The ring is a useful means of structuring concurrent processes. Processes communicate by passing a token in a fixed direction; the process that possesses the token is allowed to perfrom certain actions. Usually, correctness properties are expected to hold irrespective of the size of the ring. We sho ..."
Abstract

Cited by 112 (9 self)
 Add to MetaCart
The ring is a useful means of structuring concurrent processes. Processes communicate by passing a token in a fixed direction; the process that possesses the token is allowed to perfrom certain actions. Usually, correctness properties are expected to hold irrespective of the size of the ring. We show that the problem of checking many useful correctness properties for rings of all sizes can be reduced to checking them on ring of sizes up to a small cutoff size. We apply our results to the verification of a mutual exclusion protocol and Milner's scheduler protocol. 1
Verifying properties of large sets of processes with network invariants (Extended Abstract)
, 1990
"... ..."
(Show Context)
Memoryefficient algorithms for the verification of temporal properties
 FORMAL METHODS IN SYSTEM DESIGN
, 1992
"... ..."
(Show Context)
Algorithmic analysis of programs with well quasiordered domains
 Information and Computation
"... Over the past few years increasing research effort has been directed towards the automatic verification of infinitestate systems. This paper is concerned with identifying general mathematical structures which can serve as sufficient conditions for achieving decidability. We present decidability res ..."
Abstract

Cited by 70 (17 self)
 Add to MetaCart
Over the past few years increasing research effort has been directed towards the automatic verification of infinitestate systems. This paper is concerned with identifying general mathematical structures which can serve as sufficient conditions for achieving decidability. We present decidability results for a class of systems (called wellstructured systems) which consist of a finite control part operating on an infinite data domain. The results assume that the data domain is equipped with a preorder which is a well quasiordering, such that the transition relation is ``monotonic' ' (a simulation) with respect to the preorder. We show that the following properties are decidable for wellstructured systems: v Reachability: whether a certain set of control states is reachable. Other safety properties can be reduced to the reachability problem. 1
Reducing model checking of the many to the few
 In 17th International Conference on Automated Deduction (CADE17
, 2000
"... Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parametrized Model Checking Problem (PMCP) is to determine whether a temporal property is true for every size instance of the system. Unfortunately, it is undecidable in general. We are able to establ ..."
Abstract

Cited by 66 (6 self)
 Add to MetaCart
(Show Context)
Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parametrized Model Checking Problem (PMCP) is to determine whether a temporal property is true for every size instance of the system. Unfortunately, it is undecidable in general. We are able to establish, nonetheless, decidability of the PMCP in quite a broad framework. We consider asynchronous systems comprised of an arbitrary number ¢ of homogeneous copies of a generic process template. The process template is represented as a synchronization skeleton while correctness properties are expressed using Indexed CTL* £ X. We reduce model checking for systems of arbitrary size ¢ to model checking for systems of size (up to) a small cutoff size ¤. This establishes decidability of PMCP as it is only necessary model check a finite number of relatively small systems. The results generalize to systems comprised of multiple heterogeneous classes of processes, where each class is instantiated by many homogenous copies of the class template (e.g., ¥ readers and ¢ writers). 1
Undecidable Verification Problems for Programs with Unreliable Channels
 Information and Computation
, 1994
"... We consider the verification of a particular class of infinitestate systems, namely systems consisting of finitestate processes that communicate via unbounded lossy FIFO channels. This class is able to model e.g. link protocols such as the Alternating Bit Protocol and HDLC. In an earlier paper, we ..."
Abstract

Cited by 65 (13 self)
 Add to MetaCart
We consider the verification of a particular class of infinitestate systems, namely systems consisting of finitestate processes that communicate via unbounded lossy FIFO channels. This class is able to model e.g. link protocols such as the Alternating Bit Protocol and HDLC. In an earlier paper, we showed that the problems of checking reachability, safety properties, and eventuality properties are decidable for this class of systems. In this paper, we show that the following problems are undecidable, namely ffl The model checking problem in propositional temporal logics such as Propositional Linear Time Temporal Logic (PTL) and Computation Tree Logic (CTL). ffl The problem of deciding eventuality properties with fair channels: do all computations eventually reach a given set of states if the unreliable channels satisfy fairness assumptions. The results are obtained through a reduction from a variant of Post's Correspondence Problem. This research report is a revised and extended ...
Automatic Verification of Parameterized Synchronous Systems (Extended Abstract)
 In Proc. 8th Int'l. Conference on ComputerAided Verification (CAV
, 1996
"... ) E. Allen Emerson and Kedar S. Namjoshi Department of Computer Sciences, The University of Texas at Austin, U.S.A. Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parameterized Model Checking Problem (PMCP) is to determine whether a temporal pro ..."
Abstract

Cited by 65 (7 self)
 Add to MetaCart
) E. Allen Emerson and Kedar S. Namjoshi Department of Computer Sciences, The University of Texas at Austin, U.S.A. Abstract. Systems with an arbitrary number of homogeneous processes occur in many applications. The Parameterized Model Checking Problem (PMCP) is to determine whether a temporal property is true of every size instance of the system. We consider systems formed by a synchronous parallel composition of a single control process with an arbitrary number of homogeneous user processes, and show that the PMCP is decidable for properties expressed in an indexed propositional temporal logic. While the problem is in general PSPACEcomplete, our initial experimental results indicate that the method is usable in practice. 1 Introduction Systems with an arbitrary number of homogeneous processes occur in many contexts, especially in protocols for data communication, cache coherence, and classical synchronization problems. Current verification work on such systems has focussed mostly...
Focusing the inverse method for linear logic
 Proceedings of CSL 2005
, 2005
"... 1.1 Quantification and the subformula property.................. 3 1.2 Ground forward sequent calculus......................... 5 1.3 Lifting to free variables............................... 10 ..."
Abstract

Cited by 52 (15 self)
 Add to MetaCart
(Show Context)
1.1 Quantification and the subformula property.................. 3 1.2 Ground forward sequent calculus......................... 5 1.3 Lifting to free variables............................... 10