G. Winskel. A note on model checking the modal #-calculus. In G. Ausiello, M. DezaniCiancaglini, and S. R. D. Rocca, editors, Proceedings of the 16th International Colloquium on Automata, Languages and Programming, volume 372 of Lecture Notes in Computer Science, pages 761--772, Berlin, July 1989. Springer. 53  Home/Search   Document Not in Database   Summary   Related Articles   Check

....and more refined action predicates which permit reasoning on the information transmitted over the net. To interpret the logical formulae the labelled operational semantics presented in Section 2.4 is used. The logic is equipped with a proof system based on tableau. This system is inspired by [13, 46, 55]; but we have to deal with the additional difficulties induced by the richer labels. Moreover, we deal also with infinite state systems and explicit values. 6.1 A Logic for KLAIM In this section, we introduce a logic that allow us to specify and prove properties of mobile system specified in ....

G. Winskel. A note on model checking the modal #-calculus. In G. Ausiello, M. Dezani-Ciancaglini, and S. Ronchi Della Rocca, editors, Proceedings of the 16th International Colloquium on Automata, Languages and Programming, volume 372 of LNCS, pages 761--772, Berlin, July 1989. Springer.

....ambients against predicate calculus (without composition ajunct) is decidable, by presenting a local algorithm. Since in our case both processes and formulas can be recursively de ned, termination becomes a challenging issue. To establish a correct terminating condition we adapt the approach of [Win91], lifting it from the setting of propositional calculus to predicate calculus. The central idea is to generalise the syntax of a xpoint formular to XfIgF . The extra component fIg serves as a history recording device, used to remember the con gurations that have been visited so far. When a ....

....space, which is infeasible in our setting because, for instance, we can not determine which fresh name should be chosen to instantiate the x in N xA before model checking starts. Our algorithm will be a lifting of the local model checking algorithm for the propositional calculus proposed in [Win91] to the predicate calculus, with features to deal with spatial modalities. Given a nite set of names N 0 N and a nite set of closed processes P 0 P, let I = f(n 1 ; P 1 ) n l ; P l )g where n i :s are vectors of the same length over N 0 , n i 6= n j for i 6= j, and P i P 0 . I ....

G. Winskel. A Note on Model Checking the Modal -Calculus. Theoretical Computer Science 83:157-167. Elsevier, 1991.

....in the next paragraph. As far as concern formal verification of model checkers then let us point out on two recent papers [30, 26] The first paper [30] has described a model checker generated automatically from a proof. This model checker is Caml implementation of a model checking algorithm from [34], it is generated by an interactive logic framework Coq from a formally presented proof of correctness of the algorithm. The second paper [26] has described the formal specification and verification of the efficient algorithm for real time model checking implemented in the model checker RAVEN. It ....

Winskel G. A note on model checking the modal -calculus. Theoretical Computer Science, v.83, n.2, 1991, p.157-167. 14

....point out on a recent paper [27] where an automatically generated from a proof model checker is reported. To the best of our knowledge it is the first and unique paper on formally verified model checkers. This verified model checker is an implementation on Caml of a model checking algorithm from [28], it is generated by an interactive logic framework Coq from a formally presented proof of correctness of the algorithm. Why an extensive testing of model checkers for the Calculus in finite models is a non trivial problem Because overall test suits for a model checker must be transparent, must ....

Winskel G. A note on model checking the modal -calculus. Theoretical Computer Science, v.83, n.2, 1991, p.157-167.

....of existing techniques. 1 Introduction Research over the past decade points to the practical viability of automatically verifying concurrent finite state systems. Algorithms have been proposed for determining whether such systems enjoy properties specified by formulas in various temporal logics [4, 5, 8, 25, 27, 28] and for computing whether or not two systems exhibit the same (or related) observable behavior [2, 6, 18, 21] Tools built around implementations of these algorithms have been applied to the analysis of a variety of different kinds of systems [7, 11, 12, 22, 23, 24] When communicating processes ....

G. Winskel. A note on model checking the modal -calculus. In Proceedings ICALP, volume 372 of LNCS, pages 761--772, Stresa, Italy, July 1989. Springer-Verlag.

....entire model checking approach is the state explosion problem that the size of the global state transition graph grows exponentially while the size of the system grows linearly. Several techniques have been introduced to cope with the state explosion problem. Local model checking [Lar90, SW91, Win89] or on the fly [Hol81, Hol85] model checking attempts to build only part of the state space of the system, while still maintaining the ability to check the properties of interest. Partialorder techniques attempt to avoid the wasteful representation of concurrency by interleaving [GW93] ....

....postfp(F; gfp(F ) Theorem 2.5.7 Greatest fix point is a prefixed point. prefp(F; gfp(F ) Using the above formalisation, we can prove in Lego the following lemma and theorems, which will be used to prove model checking rules presented in chapter 3. Theorem 2.5. 8 (Reduction lemma [Koz83, Win89] 8P:P gfp(F ) P F (gfp(Q: P [ F (Q) 32 Theorem 2.5.9 (Least fix point fold and unfold) 8P:P gfp(F ) P F (gfp(F ) P ) Theorem 2.5.10 (Greatest fix point base) 8P:P P 0 P gfp(Q: P 0 [ F (Q) Theorem 2.5.11 (Greatest fix point fold and unfold) 8P:P gfp(F ) ....

[Article contains additional citation context not shown here]

Glynn Winskel. A note on model checking the modal -calculus. In G. Ausiello, M. Dezani-Ciancaglini, and S. Ronchi Della Rocca, editors, Proceedings of the Sixteenth International Colloquium on Automata, Languages, and Programming, volume 372 of Lecture Notes in Computer Science, pages 761--772. Springer-Verlag, 1989.

....are handled using some form of well founded induction on approximation ordinals. In the absence of the subterm cut rule (or other rules with similar effect, such as the classical cut) approximation ordinals can be guaranteed to occur only in covariant positions, allowing techniques like tagging [12, 3] to be applied. In the presence of cut this can, however, no longer be guaranteed. To be sound, rates of progress for fixed point formulas appearing in different places in a sequent must be related. In our earlier work this caused us to rely on a handling of fixed points which was extremely ....

G. Winskel. A note on model checking the modal -calculus. Theoretical Computer Science, 83:157-- 187, 1991.

....6 Related work and conclusion Several local model checkers have been proposed. The algorithm used in this paper is due to Stirling and Walker[14] Cleaveland[6] proposes a slightly different algorithm with some optimization techniques. Independently of us, he mentions the use of database. Winskel[16] proposes a local model checker in the modal nu calculus, which is the dual of the modal mu calculus. The local model checking algorithm has been implemented in Concurrency Workbench[7] by Cleaveland et al. The main difference between Concurrency Workbench and our system is that we employ CSP as ....

Winskel, G. "A note on model checking the modal - calculus," ICALP '89, Lecture Notes in Computer Science 372, pp. 761--771 (1989).

....but integrates somewhat less smoothly into the proof environment, as the results produced by the model checker have to be introduced as (safe) axioms into the prover. Our approach is a compromise between the two. We have formalised the modal calculus, a specification of the model checker in [22] and proved it correct in Coq. Using Coq s program extraction mechanism our proof is then translated into an executable Caml program. Moreover, we also have the possibility to directly run the (proof of the) model checker in Coq itself and generate a proof object. We see our contribution as ....

....of the calculus, where negation occurs only in front of atomic proposition is called positive normal form. 4 Implementation of the model checker This section describes the formalisation of the calculus in Coq and the implementation and correctness proof of the model checker described in [22]. 4.1 Fixed points Assume an arbitrary type U . Then (Ensemble U) is the type of sets over U (which are implemented as predicates U Prop) We abbreviate this type to EnsU. Suppose further that F : EnsU EnsU is a monotone function w.r.t. the inclusion ordering. We define the following two ....

[Article contains additional citation context not shown here]

G. Winskel. A note on model checking the modal -calculus. Theoretical Computer Science, 83:157--167, 1991.

....which is called modal mu calculus ( 32, 33, 56, 57, 19] Modal mucalculus is a logic of programs, which is strictly more expressive than logics like PDL, DeltaP DL, CTL and CTL . It has been proposed as a logic for expressing temporal properties of reactive and parallel processes in [54, 36, 9, 62, 12, 55]. We refer to the excellent tutorial article [55] for a thorough introduction on modal mu calculus and its use in the context of concurrent processes. In this paper, we introduce an extension of standard modal mu calculus, called M , which allows for boolean combinations of atomic actions in the ....

G. Winskel. A note on model checking the modal -calculus. In Proceedings of the 11th International Colloquium on Automata, Languages and Programming, number 372 in Lecture Notes in Computer Science, pages 761--772. Springer-Verlag, 1989.

.... P : OE where OE is a modal calculus formula, and where P is a finite state CCS process. But such a result in not satisfactory, as it does not improve upon results obtainable using more standard and well understood model checking techniques based on global state space exploration (such as [10, 13]) Independently, in [7] and addressing Hennessy Milner logic only (so: no temporal properties) Simpson showed how a proof theoretical setting like that of (1) could be used to produce compositional proof systems from arbitrary GSOS operational semantics definitions in a very systematic way. ....

....in particular to obtain strong completeness results that apply to sequents of the shape (1) even in the presence of temporal connectives. Towards the realization of this one can clearly identify a number of subproblems, including at least the following: Model checking (in the style of e.g. [10, 13]) In this case sequents (1) are required to contain exactly one correctness assertion. Entailment. In this case the only program terms P allowed in correctness assertions P : OE, are variables (so: no program, or process constructors) Modal logic. In this case least and greatest fixed ....

G. Winskel. A note on model checking the modal -calculus. Theoretical Computer Science, 83:157--187, 1991.

....Different approaches to this problem have been proposed for the propositional case. Some of these employ tagging of fix point formulae to keep inference rules local, which simplifies both their use and theoretical treatment. For greatest fix points this technique has been proposed by G. Winskel in [17], while H.Andersen [1] extends it to least fix points by encoding into tags the inductive reasoning required for dealing with such formulae. We generalize these approaches to handle fix point predicates. One difficulty here is to find what constitute tags and to choose an appropriate semantics for ....

....sub predicates with free object variables can easily be converted into an equivalent formula in which all fix point sub predicates are closed. For example, oeZ: ha(x)i Z is equivalent to (oeZ:x: ha(x)i Z(x) x) For dealing with fix point formulae we use tags, generalizing the approaches of [1,2,17]. The idea of using tags for fix point formulae is to allow for the detection of loops of a certain kind when traversing the (symbolic) LTS of the process. Detecting such a loop would guarantee the validity of the corresponding sequent. In our case, a tag is a finite (possibly empty) list L = l 1 ....

G.Winskel, A Note on Model Checking the Modal -Calculus, Theoretical Computer Science, 83:157-167, 1991.

....if this block is labeled by , and dually for ) Our main result is a new local algorithm for evaluating PDG fixed points. Our algorithm, which we call LAFP, combines the simplicity of previously proposed induction based algorithms (such as Winskel s tableau method for calculus model checking [Win89] with the efficiency of semantics based algorithms (such as the bit vector method of Cleaveland, Klein, and Steffen for equational calculus model checking [CKS92] LAFP takes as input a PDG G and a vertex x 0 of G and determines, in a need driven fashion, whether or not x 0 is in the ....

....concise, and we provide a completely rigorous proof of the algorithm s correctness. In terms of related work, LAFP is to our knowledge the first efficient local algorithm for evaluating structures of arbitrary alternation depth to appear in the literature. Tableau based local algorithms such as [Win89, Cle90, SW91] suffer an exponential blowup even when the alternation depth is fixed. The semi local algorithm of [RS97] is demonstratably less local than LAFP, exploring more vertices than LAFP on certain examples. Several efficient local methods for various subsets of the calculus have ....

G. Winskel. A note on model checking the modal -calculus. In Proceedings of ICALP '89, Vol. 372 of Lecture Notes in Computer Science, 1989.

....not always necessary to examine all the states in the transition system. However, the worst case complexity of these approaches is generally larger than the complexity of the global methods. Tableau based local approaches have been developed by Cleaveland [8] Stirling and Walker [19] and Winskel [21]. More recently, Andersen [1] and Larsen [13] have developed efficient local methods for a subset of the calculus. Mader [15] has also proposed improvements to the tableau based method of Stirling and Walker that seem to increase its efficiency. In this paper, we restrict ourselves to global ....

G. Winskel. A note on model checking the modal -calculus. In Proceedings of the Sixteenth International Colloquium on Automata, Languages, and Programming, 1989.

....of P . 2. 2 Calculus Kozen s (propositional) modal calculus( K) has expressive power subsuming many modal and temporal logics such as LTL and CTL [4, 5, 10] We take a negation free version of modal calculus and use Winskel s construction of tagging fixed points with sets of states [27]. The assertions are constructed from the following grammar: Phi : X j Phi Psi j Phi Psi j hKi Phi j [K] Phij Z:U Phi j Z:U Phi where U is called tag which is a subset of states, X ranges over a set of assertion variables, and K ranges over subsets of labels. We will let GammaK ....

Glynn Winskel. A note on model checking the modal -calculus. In G. Ausiello, M. Dezani-Ciancaglini, and S. Ronchi Della Rocca, editors, Proceedings of ICALP, volume 372 of Lecture Notes in Computer Science, pages 761--772. Springer-Verlag, 1989.

....expressiveness, it turns out that validity is decidable for the modal calculus, and for finite state processes the problem of deciding satisfaction between a process and an assertion is decidable too. A range of algorithms and proof systems for this problem has been given in the literature, e.g. [9, 4, 11, 18, 6, 25, 8, 2, 21, 12, 7, 1]. They mostly rely on globally Appears in: Proceedings of LICS 94, IEEE Computer Society Press. Supported by the Danish Technical Research Council. Basic Research in Computer Science, Centre of the Danish National Research Foundation. or locally computing the underlying transition system. ....

....system can be seen as a result of turning the operational reductions of Larsen and Xinxin and the syntactic reductions of Andersen and Winskel into proof rules. But the match is not exact; apart from the new static rules the treatment of fixed points is closer to the work on local model checking [11, 18, 6, 25]. 2 Languages p a:p a t[rec x:t=x] rec x:t p Theta q ff Thetafi Theta q pf Xig f Xig Xi(ff) fi p ff 2 Figure 1: Operational rules. The process language has a general parallel composition operator called a product, t 0 Theta ....

[Article contains additional citation context not shown here]

Glynn Winskel. A note on model checking the modal -calculus. In G. Ausiello, M. Dezani-Ciancaglini, and S. Ronchi Della Rocca, editors, Proceedings of ICALP, volume 372 of LNCS, pages 761--772. Springer-Verlag, 1989.

....the problem of deciding satisfaction between a process and an assertion is decidable too. A range of algorithms and proof systems for this problem has been given in the literature, e.g. Emerson and Lei, 1986, Arnold and Crubille, 1988, Larsen, 1988, Stirling and Walker, 1991, Cleaveland, 1990, Winskel, 1989, Cleaveland and Ste en, 1992, Andersen, 1994, Vergauwen and Lewi, 1992, Larsen, 1992, Cleaveland et al. 1992, Andersen, 1993] They mostly rely on globally or locally computing the underlying transition system. However, what we seek here is a method that is compositional in the structure of ....

....reductions of Larsen and Xinxin and the syntactic reductions of Andersen and Winskel into proof rules. But the match is not exact; apart from the new static rules the treatment of xed points is closer to the work on local model checking [Larsen, 1988, Stirling and Walker, 1991, Cleaveland, 1990, Winskel, 1989] 2 Languages p a:p a t[rec x:t=x] rec x:t p q q pf g f g ( p 2 Table 1: Operational rules. The process language has a general parallel composition operator called a product, t 0 t 1 , that allows the components ....

[Article contains additional citation context not shown here]

Winskel, G. (1989). A note on model checking the modal - calculus. In Ausiello, G., Dezani-Ciancaglini, M., and Rocca, S. R. D., editors, Proceedings of ICALP, volume 372 of LNCS, pages 761-772. SpringerVerlag.

....the problem of deciding satisfaction between a process and an assertion is decidable too. A range of algorithms and proof systems for this problem has been given in the literature, e.g. Emerson and Lei, 1986, Arnold and Crubille, 1988, Larsen, 1988, Stirling and Walker, 1991, Cleaveland, 1990, Winskel, 1989, Cleaveland and Steffen, 1992, 5 Andersen, 1994, Vergauwen and Lewi, 1992, Larsen, 1992, Cleaveland et al. 1992, Andersen, 1993] They mostly rely on globally or locally computing the underlying transition system. However, what we seek here is a method that is compositional in the structure of ....

....reductions of Larsen and Xinxin and the syntactic reductions of Andersen and Winskel into proof rules. But the match is not exact; apart from the new static rules the treatment of fixed points is closer to the work on local model checking [Larsen, 1988, Stirling and Walker, 1991, Cleaveland, 1990, Winskel, 1989] 2 Languages p p a:p a p p ff p 0 p q ff p 0 ff 6= q ff q 0 p q ff q 0 ff 6= t[rec x:t=x] ff t 0 rec x:t ff t 0 ff 6= p ff p 0 q fi q 0 p Theta q ff Thetafi p 0 Theta q 0 p ff p 0 pf Xig fi p 0 f Xig Xi(ff) ....

[Article contains additional citation context not shown here]

Winskel, G. (1989). A note on model checking the modal -calculus. In Ausiello, G., Dezani-Ciancaglini, M., and Rocca, S. R. D., editors, Proceedings of ICALP, volume 372 of LNCS, pages 761--772. Springer-Verlag.

No context found.

G. Winskel. A note on model checking the modal #-calculus. In G. Ausiello, M. DezaniCiancaglini, and S. R. D. Rocca, editors, Proceedings of the 16th International Colloquium on Automata, Languages and Programming, volume 372 of Lecture Notes in Computer Science, pages 761--772, Berlin, July 1989. Springer. 53

No context found.

Winskel, G. (1991). A note on model checking the modal #-calculus. Theoretical Computer Science, 83:157--167.

No context found.

G. Winskel. A note on model checking the modal #-calculus. Theoretical Computer Science, 83, 157--187, 1991.

No context found.

G. Winskel. A note on model checking the modal #-calculus. In G. Ausiello, M. Dezani-Ciancaglini, and S. R. D. Rocca, editors, Proceedings of the 16th International Colloquium on Automata, Languages and Programming, volume 372 of Lecture Notes in Computer Science, pages 761--772, Berlin, July 1989. Springer. 17

No context found.

G. Winskel. A note on model checking the modal -calculus. Theoretical Computer Science, 83:157-187, 1991.

No context found.

G. Winskel. A note on model checking the modal #- calculus. Theoretical Computer Science, 83:157--167, 1991. 10

No context found.

G. Winskel. A Note on Model Checking the Modal -calculus. In 16th International Colloquium on Automata, Languages and Programming (ICALP), LNCS 372, pages 761--772, 1989.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC