E.M. Clarke and O. Grumberg. "Research on Automatic Verification of Finite-State Concurrent Systems". Ann. Rev. Comput. Sci. 2 (1987), 269-290.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....events) The dependencies can be appropriately modified and everything can proceed normally. 3.1. Formal Specification of Dependencies We adopt the language of Computation Tree Logic (CTL) as the language of our dependencies [12] CTL is a powerful language, well known from distributed computing [2, 6, 8, 12, 13]. A brief description of CTL and modeling of various dependencies is given in Appendix A. The primitives and are useful macros that yield CTL formulae. CTL can uniformly express different dependencies. Since it is a formal language, it helps reduce ambiguity in communication. It also makes it ....

E. Clarke and O. Grumberg, "Research on Automatic Verification of Finite State Concurrent systems," Annual Reviews of Computer Science, vol. 2, pp. 269--290, 1987.

....for transfinite induction. At the same time, certain properties of programs, such as liveness, cannot be proven unless fairness is assumed. In addition, fairness is a significant issue in hardware and software systems such as communication protocols, distributed databases and asynchronous circuits [7, 9]. In this report we assume a simple notion of fairness: unbounded but finite delay of subprocesses in concurrent computation. Consider a programming language with parallel constructs P jQ. A synchronous parallel operator forces both components to proceed at the same speed with lockstep ....

E. Clarke and O. Grumberg. Research on Automatic Verification of FiniteState Concurrent Systems. Ann. Rev. Comp. Sci., 2:269-290, 1987.

....work often required for a truly complete proof. This is especially useful for simulation based proofs, because of their length and the amount of tedious detail that needs to be checked. 2.4. 1 Choosing a Tool There is a wide range of possible useful automated tools, ranging from model checkers [CG87] which exhaustively search all possible states to verify properties without any human guidance, to programs that simply check the validity of each step in a detailed proof, from specialized provers optimized for a particular domain of applications, to general purpose theorem provers, from ....

E.M. Clarke and O. Grumberg. Research on automatic verification of finitestate concurrent systems. In Joseph Traub, Barbara Grosz, Butler Lampson, and Nils Nilsson, editors, Annual Reviews of Computer Science, volume 2, pages 269--290. Annual Reviews Inc., 1987.

....of the proposed metric. II. DESIGN VALIDATION MODELS AND MECHANISMS We describe different validation methods that are relevant to the design verification problem. A. Formal Design Verification Approaches to design verification include the use of temporallogic based model checking (e.g. [5]) automata oriented techniques (e.g. 7] 15] and the use of higher order logic and theorem proving techniques (e.g. 8] 10] Formal verification approaches have the advantage of guaranteeing partial or complete correctness but can be computationally expensive. Further, they often require ....

E. M. Clarke and O. Grumberg. Research on Automatic Verification of Finite-State Concurrent Systems. Annual Reviews of Computer Science, 2:269--290, 1987.

....for the verification of hardware designs. This has largely been made feasible through symbolic model checking, an efficient method based on representing sets of states as Binary Decision Diagrams (BDDs) 13] and implemented in smv [28] For more information on symbolic model checking see [16, 14, 25]. Alternative techniques for improving efficiency of model checking and the corresponding tools also exist (to mention SPIN and fdr2) There have also been encouraging developments in model checking of real time and hybrid systems [9, 12] One area that is lagging behind as far as experimental ....

E. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci., 2:269--290, 1987.

....is an outstanding request. A number of formalisms have been suggested for specifying these kinds of properties of concurrent programs. A variety of temporal logics have been proposed, the most popular being LTL, a linear time propositional logic, and CTL, a branching time propositional logic [12]. For the most part logics adopt a state based approach to describing program behavior. A formula describes properties of states that should hold or not at various times during any or all program executions. Most logics that 14 serve as a basis for automated reasoning are propositional, while ....

Clarke, E.M. and Grumberg, O. Research on automatic verification of finite-state concurrent systems. In Annual Review of Computer Science, pages 269--290. Annual Reviews Inc., 1987.

....number of surveys of formal hardware verification techniques [68, 67, 124, 123, 72] McFarland s tutorial [172] contains a number of examples from early techniques, but its coverage of more recent work in this fast moving field is unfortunately weak. Work related to model checking is condensed in [75]. Leonard surveys computer specification in general [159] Yoeli s tutorial collects a number of classic papers [95] There has been some side by side comparison of different theorem prover techniques [6, 229, 228] Combinational verification There has been much work on the verification of ....

E. M. Clarke and O. Grumberg. Research on automatic verification of finitestate concurrent systems. Annual Review of Computer Science, pages 269--90, 1987.

....offered. For a description how this approach is applied to the alternating bit protocol see[CES86] by E. Clarke, E. Emerson and A. Sistla. Clarke and O. Grumberg have written an excellent review of the use of finite state machines and temporal logic in automatic verification of concurrent systems[CG87]. However, both the finite state machine approach and the related Petri net approach[Pet81] suffer from the inability to discuss time quantitatively. Much research in the protocol verification community is now aimed at adding some notion of time to the finite state approach, without exacerbating ....

Clarke, E.M. and Grumberg, O.: Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci., 2, 269--290 (1987).

....behavior, one only has to check that the program, modeled as a finite Kripke structure, satisfies (is a model of) the propositional temporal logic formula that specifies that behavior. Hence the name model checking for the verification methods derived from this viewpoint. Surveys can be found in [CG87, Wol89, CGL93] We distinguish between two types of temporal logics: linear and branching [Lam80] In linear temporal logics, each moment in time has a unique possible future, while in branching temporal logics, each moment in time may split into several possible futures. The complexity of model ....

E.M. Clarke and O. Grumberg. Research on automatic verification of finitestate concurrent systems. In Annual Review of Computer Science, volume 2, pages 269--290, 1987.

....procedure has been mechanically verified. Lengauer s work differs from ours because it is not concerned with the direct mechanical verification of concurrent programs, nor are we concerened with the efficiency (except as it may be related to the correctness) of concurrent programs. Clarke [Clarke 87] has also mechanically verified concurrent programs. His model is not completely general, as the programs must be of specific size (e.g. ring sizes of two or three, etc. However, his verification procedure is completely automatic. 15. Conclusion The operational semantics presented here ....

E.M. Clarke, O. Grumberg. Research on Automatic Verification of Finite State Systems. Technical Report CS-87-105, CMU, January, 1987.

....checking efficiently the validity of formulae in a given model. Although HTL severely restricts the expressiveness power of HTL it is still appropriate to express many interesting properties in the context of hypertext. Clarke, et al. have studied the model checking problem for CTL extensively [11, 12, 6]. In the general case, the model process for HTL may become very complex. However, in most practical cases it has been shown that this model checking is possible even in very large systems. Based on previous results by Lichtenstein and Pnueli [24] Emerson and Lei showed in [14] that formulae ....

Clarke, E. M., and Grumberg, O. Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci. 2 (1987), 269--290.

....transfinite induction. At the same time, certain properties of programs, such as liveness, cannot be proven unless fairness is assumed. In addition, fairness is a significant issue in hardware and software systems such as communication protocols, distributed databases and asynchronous circuits [7, 9]. In this report we assume a simple notion of fairness: unbounded but finite delay of subprocesses in concurrent computation. Consider a programming language with parallel constructs P jQ. A synchronous parallel operator forces both components to proceed at the same speed with lockstep ....

E. Clarke and O. Grumberg. Research on Automatic Verification of FiniteState Concurrent Systems. Ann. Rev. Comp. Sci., 2:269-290, 1987.

....behavior, one only has to check that the program, modeled as a finite Kripke structure, is a model of (satisfies) the propositional temporal logic formula that specifies that behavior. Hence the name model checking for the verification methods derived from this viewpoint. Surveys can be found in [CG87, Wol89, CGL93] We distinguish between two types of temporal logics: linear and branching [Lam80] In linear temporal logics, each moment in time has a unique possible future, while in branching temporal logics, each moment in time may split into several possible futures. The complexity of model ....

E.M. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. In Annual Review of Computer Science, vol. 2, pp. 269--290, 1987.

.... a subformula f have been identified, the states that satisfy EG(f) namely, the ones where f is always true in some possible computation) are identified by finding all the strongly connected components of the state space where f is always true that are reachable by a path where f also holds (see (Clarke and Grumberg 1987)) On the fly model checking algorithms, such as the one for CTL presented in (Bhat et al. 1995) construct only the portion of the state space required by the given formula, rather than labeling the entire state space. 3.1 Symbolic Model Checking For a finite state system S, the complexity ....

Clarke, E., and O. Grumberg. 1987. Research on automatic verification of finite-state concurrent systems. In J. Traub, B. Grosz, B. Lampson, and N. Nilsson (Eds.), Annual Review of Computer Science, Vol. II, 269--290. Annual Reviews.

....[14, 16] Though these approaches were quite general, the verification process required a significant human input. More recently, there has been a large body of work devoted to the use of model checking, languagecontainment, and reachability analysis to finite state machine models of hardware [8]. The latter class of systems work automatically but they do not yet scale up efficiently to realistic hardware designs. The challenge then is to combine the generality of theorem proving with an acceptable and efficient level of automation. Our main thesis is that in order to achieve a balance ....

E. M. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. In Joseph F. Traub, Barbara J. Grosz, Butler W. Lampson, and Nils J. Nilsson, editors, Annual Review of Computer Science, Volume 2, pages 269--290. Annual Reviews, Inc., Palo Alto, CA, 1987.

.... folk result on CTL In this setting it is well known that the 8 U operator can be expressed in terms of 9 U and 8F: 8[f U g] j 8Fg :9[ g) U ( f :g) 1) This fact may be used to simplify proofs by induction over the structure of CTL formulas (see e.g. 1, 8] or to ease model checking (see e.g. [3, 4]) In such cases 8F is much simpler than 8 U. 9 U also is often simpler to deal with than 8 U. Indeed, looking at the quantifier alternation in the semantic clause for 8 U, we see that it has the general form 8 9 k8 i : and then is (syntactically) in Pi 3 , whereas (the clause for) 9 U ....

E. M. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci., 2:269--290, 1987.

....we execute the actions. These worlds act as models for the language L. Hence, we can check the truth of an LTL formula given a plan, by checking its truth in the sequence of world visited by that plan using standard model checking techniques developed in the program verification area (see, e.g. CG87] 4 Hence, if we have a domain strategy for the goal fon(B; A) on(C; B)g like if we achieve on(B; A) then preserve it until on(C; B) is achieved , we could express this information as the LTL formula 2(on(B; A) on(B; A)Uon(C;B) and check its truth against candidate plans, rejecting any ....

E. M. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. In Joe F. Traub, Nils J. Nilsson, and Barbara J. Grozf, editors, Annual Review of Computing Science. Annual Reviews Inc., 1987.

....case (and especially with very long formulae) checking of CTL formulae, while possible, may have exponential complexity. The restricted language CTL allows a very efficient checking algorithm to be developed, however. Clarke et al. have extensively studied the model checking problem for CTL [8, 9, 5]. The simplifying characteristic of CTL is that certain of the temporal operators must always be paired, reducing the number of combinations that must be searched in the model. For example, each path quantifier must be immediately followed by exactly one of the operators ffi, U , 2, or 3. Since ....

E. M. Clarke and Grumberg. Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci., 2:269--290, 1987.

....protocols and distributed systems, and that certain properties of programs cannot be proved unless fairness is assumed. Moreover, there is evidence in the form of concrete software systems that fairness can be expressed in logics such as the temporal logic CTL , and automatically verified [3]. As a concrete system which is capable of expressing fairness, we adopt the modal calculus due to Kozen [12] It is essentially a finitary, propositional modal logic with least and greatest fixed points of monotone operators. As a modal logic, it fits in better with domain theory in logical ....

E. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci., 2:269--290, 1987.

....the model checking approach, described in [AK86] as one of the most exciting developments in the theory of program correctness , is that it can be done algorithmically. Model checking was originally developed for branching time [CES86, QS82] but was later extended also to linear time [LP85] See [CG87] for a more recent survey. In view of the attractiveness of the model checking approach, one would like to extend its applicability as much as possible. Unfortunately, the tableau based model checking algorithms in the literature (cf. LP85] involve the intricacies of the logic at hand and do ....

Clarke, E.M., Grumberg, E.M.: Research on automatic verification of finite-state concurrent systems, in Annual Review of Computer Science 2(1987), pp. 269--290.

....induction. At the same time, certain properties of programs, such as liveness, cannot be proved unless fairness is assumed. In addition, fairness is an important issue in hardware and software systems such as communication protocols, distributed databases and asynchronous circuits , see e.g. [3]. The aim of this research is to develop a framework, within which the combined computation of a process P (an element of some domain D) and some environment E can be handled. Starting with a class of domains ranged over by D and signatures of continuous operations over them, we aim to develop ....

E.M. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci., 2:269--290, 1987.

No context found.

E.M. Clarke and O. Grumberg. "Research on Automatic Verification of Finite-State Concurrent Systems". Ann. Rev. Comput. Sci. 2 (1987), 269-290.

No context found.

Clarke, E. M., and Grumberg, O. Research on automatic verification of finite-state concurrent systems. Ann. Rev. Comput. Sci. 2 (1987), 269--290.

No context found.

Clarke, E. M. and Grumberg, O. Research on Automatic Verification of Finite State Concurrent Systems, Annual Reviews in Computer Science, 2, pp. 269-290, 1987

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC