Clarke E. M., Grumberg O. and Long D. E. [1994b], Veri cation tools for nite{state concurrent systems, in J. W. de Bakker, W. P. de Roever and G. Rozenberg, eds, `A Decade of Concurrency { Re ections and Perspectives', Vol. 803 of LNCS, Springer, pp. 124-175. REX School/Symposium, Nordwijkerhout, The Netherlands, June 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....and completeness arguments are intimately connected to the abstraction process. Our intuitions tell us that a program s model is a kind of algebra, and the abstraction process is a kind of homomorphism, and indeed, the homomorphism approach provides a simple means of devising sound abstractions [4]. A crucial insight from the abstract interpretation research of Cousot and Cousot [7 9] is that an abstraction can be de ned in terms of a homomorphism and its inverse function, giving a Galois connection. The inverse function gives us a tool for arguing the completeness of an abstraction. ....

....must respect the labels: c R a c implies that a a . Thus, properties that hold true for all paths starting at a also hold true for all paths starting at c. This supports sound veri cation of LTL and ACTL coded properties of temporal logic on the abstract Kripke structure [4, 12, 34, 37]. A left total simulation ensures that every state in the concrete structure can be modelled in the abstract structure. Right totality ensures that there are no super uous abstract states. Simulations play a crucial role in equivalence proofs of interpreters [20] Each execution step of ....

E.M. Clarke, O. Grumberg, and D.E. Long. Veri cation tools for nite-state concurrent systems. In J.W. deBakker, W.-P. deRoever, and G. Rozenberg, editors, A Decade of Concurrency: Re ections and Perspectives, number 803 in Lecture Notes in Computer Science, pages 124-175. Springer, 1993.

.... checking approach to formal methods has received considerable attention in the literature, and readily available tools such as SMV [35, 13] for the Computation Tree Logic (CTL) and Spin [30] for the Linear Time Logic (LTL) are capable of handling the state spaces associated with realistic problems [19]. Although model checking began as a method for verifying hardware designs, there is growing evidence that model checking can be applied with considerable automation to speci cations for relatively large software systems, such as the Trac Alert and Collision Avoidance System II (TCAS II) 15] ....

....over the alternate approach of theorem proving is complete automation. Human interaction is generally required to prove all but the most trivial theorems. Readily available model checkers such as SMV and Spin can explore the state spaces for nite, but realistic, problems without human guidance [19]. We use the SMV model checker. It is freely available from Carnegie Mellon University and elsewhere. The model checking algorithm in SMV has the advantage of being breadth rst; hence the counterexamples that we interpret as test cases tend to be short. 1.3 What is a Test Case For our ....

Edmund M. Clarke, Jr., Orna Grumberg, and David E. Long. Veri cation tools for nitestate concurrent systems. In A Decade of Concurrency { Re ections and Perspectives, volume 803 of Lecture Notes in Computer Science. Springer-Verlag, 1994.

.... from Software Cost Reduction (SCR) requirements speci cations [14] The model checking approach to formal methods has received considerable attention in the literature, and readily available tools such as SMV and SPIN are capable of handling the state spaces associated with realistic problems [11]. Although model checking began as a method for verifying hardware designs, there is growing evidence that model checking can be applied with considerable automation to speci cations for relatively large software systems, such as the Trac Alert Collision Avoidance System (TCAS) II [9] The ....

Edmund M. Clarke, Jr., Orna Grumberg, and David E. Long. Veri cation tools for nite-state concurrent systems. In A Decade of Concurrency { Re ections and Perspectives, volume 803 of Lecture Notes in Computer Science. Springer-Verlag, 1994.

....an LTL formula . For verifying whether some path of a transition structure K G satis es , we can construct a calculus formula (EPre B ) that is equivalent to 9 B over all transition structures, and check (EPre B ) over K G ; this is, in fact, a symbolic model checking algorithm for LTL [3]. Now suppose that we want player 1 to control the game structure G for the objective . Theorem 1 tells us whether we can simply substitute the controllable predecessor operator 1Pre B for the calculus predecessor operator EPre B in the xpoint formula : the substitution works if and only if ....

E.M. Clarke, O. Grumberg, and D.E. Long. Veri- cation tools for nite-state concurrent systems. In A Decade of Concurrency: Re ections and Perspectives,

....algorithmic methods. In temporal logic model checking, we verify the correctness of a nite state system with respect to a desired behavior by checking whether a labeled state transition graph that models the system satis es a temporal logic formula that speci es this behavior (for a survey, see [CGL93]) Beyond being fully automatic, an additional attraction of model checking tools is their ability to accompany a negative answer to the correctness query by a counterexample to the satisfaction of the speci cation in the system. Thus, together with a negative answer, the model checker returns ....

E.M. Clarke, O. Grumberg, and D. Long. Veri cation tools for nite-state concurrent systems. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Decade of Concurrency { Re ections and Perspectives (Proceedings of REX School), volume 803 of Lecture Notes in Computer Science, pages 124-175. Springer-Verlag, 1993.

....Problems with the computational complexity of veri cation logics led researchers in theoretical computer science to investigate other approaches to formal veri cation. The most successful of these is model wooldridge.tex; 1 09 1999; 14:28; p. 20 Semantic Issues in Agent Communication 21 checking [27, 22, 10]. The idea behind model checking is as follows. Recall that in proof theoretic veri cation, to verify that a program i has some property when in state l , we derive the theory of that program [ i ; l ] and attempt to establish [ i ; l ] i.e. that property is a theorem of the ....

.... temporal logic ctl [11] can be done in time O(j j jM j) where j j is the size of the formula to be checked, and jM j is the size of the model (i.e. the number of states it contains) 16] Model checking approaches have recently been used to verify nite state systems with up to 10 120 states [10]. Using a model checking approach to conformance testing for acls, we would de ne the program semantics as a function [ L mod(L S ) which assigns to every program state pair an L S model, which encodes the properties of that program state pair. Verifying that ( i ; l ) j= f ....

Clarke, E., O. Grumberg, and D. Long: 1994, `Verication tools for nitestate concurrent systems'. In: J. W. de Bakker, W. P. de Roever, and G. Rozenberg (eds.): A Decade of Concurrency | Re ections and Perspectives (LNCS Volume 803). Springer-Verlag: Berlin, Germany, pp. 124-175.

No context found.

Clarke E. M., Grumberg O. and Long D. E. [1994b], Veri cation tools for nite{state concurrent systems, in J. W. de Bakker, W. P. de Roever and G. Rozenberg, eds, `A Decade of Concurrency { Re ections and Perspectives', Vol. 803 of LNCS, Springer, pp. 124-175. REX School/Symposium, Nordwijkerhout, The Netherlands, June 1993.

No context found.

E. M. Clarke, Jr., O. Grumberg, and D. E. Long, \Verication tools for nite-state concurrent systems", in A Decade of Concurrency { Re ections and Perspectives, volume 803 of Lecture Notes in Computer Science. (Springer-Verlag, 1994).

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC