Alur , R., Henzinger, T.A., Mang, F.Y.C., Qadeer, S. , Rajamani, S., Tasiran, S. , 1998. Mocha: Modularity in Model Checking. In: Proceedings of 10International Conference on Computer Aided Verification, Volume 1427 of LNCS, pp 521-525, Springer-Verlag.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....problem is in general no more complex than that of CTL: it can be solved in time O( m) where is the size of the formula, and m is the size of the model in which the formula is to be checked. This tractability result has led to the development of an ATL model checking system called MOCHA [4, 1]. To give a precise definition of ATL, we must first introduce the semantic structures over which formulae of ATL are interpreted. An alternating transition system (ATS) is a 5 tuple h ; Q ; i, where: is a finite, non empty set of atomic propositions; fa1 ; an g is a ....

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In CAV 1998.

....widespread use of concurrency to improve throughput. This leads to a design where it is difficult to find an intuitively convincing argument that the design is correct. Self timed circuits have been popular examples for researchers in timedautomata [11, 24, 2] We attempted to use the Mocha tool [1] to verify the correctness of our design; however, we have not been successful to date. For this approach 3 clr set y set clr q2B q1B y clr set1 set2 p1 rlatch rlatch mutex d g2 r2 y1 y2 Figure 3. Block diagram of simple arbiter to verification, considerable effort is required ....

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. Mocha: modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer-aided Verification, Lecture Notes in Computer Science 1427, pages 521--525. Springer-Verlag, 1998.

.... ways, for example, to accomodate multiple constraints on a single output port [22] branching time refinement [15] different implementation and specification time scales [13] and liveness constraints [23] The application of AGR can be semi automatically performed by a user of the MOCHA tool [9, 3] through its proof manager, but the user is still burdened with the task of constructing abstraction and witness modules [12] which in general requires human creativity. Recently, there are some works on mechanizing the construction of both abstraction modules [4] and witness modules [6] ....

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proceedings of the International Conference on Computer-Aided Verification (CAV'98), Lecture Notes in Computer Science 1427, pages 521-- 525, 1998.

....the Calvin tool [12] is one start in this direction. In the framework of temporal logic, the work on Alternating time Temporal Logic ATL [1] was proposed for the specification and verification of open systems together with automated support via symbolic model checking procedures. The Mocha toolkit [2] provides support for modular verification of components with requirement specifications based on the ATL. In previous work [14] we presented an algorithm for automatically generating the weakest possible assumption for a component to satisfy a required property. Although the motivation of that ....

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the 10th Int. Conf. on Computer-Aided Verification, pages 521--525, June 28--July 2, 1998.

....the Calvin tool [12] is one start in this direction. In the framework of temporal logic, the work on Alternating time Temporal Logic ATL [1] was proposed for the speci cation and veri cation of open systems together with automated support via symbolic model checking procedures. The Mocha toolkit [2] provides support for modular veri cation of components with requirement speci cations based on the ATL. In previous work [14] we presented an algorithm for automatically generating the weakest possible assumption for a component to satisfy a required property. Although the motivation of that ....

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the 10th Int. Conf. on Computer-Aided Veri cation, pages 521-525, June 28{July 2, 1998.

....property. While we do not reproduce the entire counter example, we give a taste of what the output looks like. The entire state space is represented as a tuple of values. This is based on the ordering q1l, q1r, q1s, q2l, q2r, q2s, tl1l, tl1r, tl1s, tl2l, tl2r, tl2s. For example, the sequence [1, 0, 0, 1, 1, 2, 1, 0, 0, 0, 0, 1] states the q1l is equal to one, q2s is equal to two etc. Each transition step in the counter example is written as a triple. An example is shown below. trans: 5 r This shows what the values of the various variables are and what transition is applied to change the state. The transitions are ....

....extension to the basic idea is that of verification by modules. As large systems are developed in modules, it is more efficient to verify the individual modules. However, this process should guarantee that the required property holds when the modules are combined. Such a system is described in [1]. Here again the logic used is slightly different. One cannot have the full generality of CTL and hence have to consider alternating temporal logic. These examples show that one can adapt the basic idea behind model checking to a wide variety of systems. From a users perspective, the key is to ....

R. ALUR,T.HENZINGER,F.MANG,S.QADEER,S.RAJAMANI, AND S. TASIRAN, MOCHA: modularity in model checking, in Hu and Vardi [13], pp. 521--525.

....In section 5, we introduce the multiagent planning problem, and show how this problem can be reduced to an ATEL model checking problem. In section 6, we introduce an example scenario; we describe how this scenario is implemented using a freely available ATL model checking system called MOCHA [2, 1], and we show how, using this system, we were able to check various ATEL properties in particular, we show how we were able to check the existence of multiagent plans for epistemic goals in this scenario. We conclude with some comments and a short discussion on related work. 2. ALTERNATING ....

.... is to ensure the smooth running of the system (e.g. the trains can always move through the tunnel, they cannot be forced into the tunnel, and so on) The MOCHA System The train controller system was modelled by Alur and colleagues using a prototype model checking system for ATL called MOCHA [2, 1]. MOCHA takes as input an alternating transition system described using a (relatively) high level language called REACTIVEMODULES, which loosely resembles high level programming languages such as C. The system is then capable of either randomly simulating the execution of this system, or else of ....

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In CAV 1998.

....to perform simple static analysis functions similar to the C language s lint tool, as well as to perform more complex model checking tasks on the code to ensure that a feature interacts correctly with its environment. The actual model checking task is performed using the Mocha model checking tool [4], 5] II. DFC The DFC architecture is an instance of the pipes and filters architectural design pattern. As shown in Figure 1, a DFC network consists of instances of a small number of component classes: Line Interface (LI) boxes which connect a single device to a DFC network, for example, a ....

Rajeev Alur, Thomas A. Henzinger, F.Y.C. Mang, Shaz Qadeer, Sriram K. Rajamani, and Serdar Tasiran, "Mocha: Modularity in model checking," in Proceedings of the Tenth International Conference on Computer-aided Verification (CAV). 1998, number 1427 in Lecture Notes in Computer Science, pp. 521--525, Springer-Verlag.

.... a nice survey on the history of compositional proof systems see [11] Due to the reality of the state explosion problem in automatic veri cation, there has recently been a renewed interest in applying the principles of abstraction and compositionality in combination with automatic model checking [5, 21, 20, 8, 14] The purpose of this paper is to present a tool supported method for verifying properties of real time systems using abstraction and compositionality. The tool we apply is the real time veri cation tool Uppaal [19] developed jointly by BRICS at Aalborg University and Department of Computing ....

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. Mocha Modularity in Model Checking. In Computer Aided Veri- cation, Proc. 10th Int. Conference, volume 1427 of Lecture Notes in Computer Science, pages 521-525. Springer Verlag, 1998.

....veri cation of individual functional primitives of the chosen protocol. We rst discuss related work in the area of modularization in order to distinguish our approach towards protocol modularization. Related Work: Modularization is a well known technique for simplifying complex software systems [1, 2, 6, 8, 9, 10, 11, 13, 14, 15, 17, 24]. We have observed that most of the approaches [8, 10, 17, 24] focus on implementation aspects of the composition of a protocol from micro protocols developed for speci c services. Among other approaches [1, 2, 6, 9, 11, 14, 15] have provisions for formal reasoning to ascertain con gurations ....

....technique for simplifying complex software systems [1, 2, 6, 8, 9, 10, 11, 13, 14, 15, 17, 24] We have observed that most of the approaches [8, 10, 17, 24] focus on implementation aspects of the composition of a protocol from micro protocols developed for speci c services. Among other approaches [1, 2, 6, 9, 11, 14, 15] have provisions for formal reasoning to ascertain con gurations against system speci cations. Our proposed approach [20] utilizes category theory based concepts to de ne interfaces for building block protocols and operations to complex protocol speci cations. We envision that the correctness of ....

R. Alur, et al., \MOCHA: Modularity in Model Checking." LNCS 1427, pp. 521-525, Springer-Verlag, 1998.

....of participating entities to the protocol. The main properties that a non repudiation protocol must ensure are given as alternating time temporal logic formulas. In section 4, we report on results about the automatic veri cation of several non repudiation protocols using the model checker Mocha [2]. Mocha is a model checker that supports the alternating transition systems and the alternating time temporal logic. We use this tool to formally analyze four protocols and were able to explain in term of strategies several bugs. Then, we compare our techniques to some related works. Finally, we ....

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. Mocha: modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer-aided Verication, Lecture Notes in Computer Science 1427, pages 521-525. Springer-Verlag, 1998.

....using a pulse mode handshake protocol was presented in [5] As their circuit uses intricate timing optimizations, 5] calls for exhaustive formal verification to ensure correctness. However, 5] reports that formal verification of their circuit has not been successful to date using a tool from [1], and that for this approach to verification, considerable effort is required to find abstractions and write hand crafted models that can be verified without running out of memory. We believe some of the difficulty in building pulse mode models is due to the implicit relation between the rising ....

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran, "MOCHA: modularity in model checking," Computer-Aided Verification (CAV 98), pp. 521-525, 1998.

No context found.

R. Alur, T.A. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. 10th CAV, LNCS 1427. Springer-Verlag, pages 516--520, 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha: modularity in model checking. In CAV 98: Proc. of 10th Conf. on Computer Aided Verification, volume 1427 of Lect. Notes in Comp. Sci., pages 521--525. Springer-Verlag, 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha : Modularity in model checking. In CAV 98: Computer Aided Veri cation, LNCS, pages 521-525. Springer-Verlag, 1998.

....the subtyping logic of the type system. The proof technique for establishing the soundness of our assume guarantee rule builds on ideas from our earlier work in [27] and [15] An alternative approach to reason with context sensitive abstractions is given in [20] We are aware of two model checkers [4, 22] that provide tool support for assume guarantee reasoning. Both these systems do not support dynamic channel creation and channel passing, which are important features in distributed software. In addition, the novel aspects of this paper are the integration of assume guarantee reasoning into the ....

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha : Modularity in model checking. In CAV 98: Computer Aided Veri cation, LNCS, pages 521-525. Springer-Verlag, 1998.

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proceedings of the loth International Conference on Computer Aided Verification, LNCS 1427, pages 516-520. Springer-Verlag, 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer Aided Verification, Lecture Notes in Computer Science 1427, pages 521--525. Springer-Verlag, 1998.

....regions of states. Regions correspond to (and are represented as) logical formulae [30] Model checkers have been successfully applied in di erent industries, with hardware design being one the most popular application domains. Widely known model checkers include COSPAN, SPIN [27, 51] Mocha [3] and SMV [50] Contrary to model checkers, theorem provers usually do not have such a high degree of automation. Correctness statements are formulated as theorems in the logic of the theorem prover. A theorem prover can do parts of the proof automatically, but it often requires hints from the ....

....reduce the required veri cation e ort. In some cases, a circuit consists of a large number of identical sub circuits, whose correctness then clearly needs to be veri ed only once. Modular design is a general technique which is also applicable outside the hardware domain. Some model checkers [3] explicitly support modularity as the main design principle. Despite of the state space reduction techniques such as abstractions and modular design, we may end up with a system complex enough to make a complete veri cation infeasible. In such cases we can use testing. Testing usually does not ....

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Ramajani, and S. Tasiran. MOCHA: modularity in model checking. In 10th International Conference on Computer-Aided Veri cation, pages 516-520. LNCS, Springer-Verlag, 1998.

....1 candidates. This k can be adjusted according to n, which provides a simple and reasonable method to prune the search. 5 Experimental Results We implemented the algorithm from section 4. 2 in an experimental version of the Mocha verification tool [jmo00] a predecessor was implemented in C, see [AHMQ98]) We extended the recent Java implementation, which make use of native libraries for symbolic model checking. Since our experiments only employ the enumerative check, given run times and memory requirements are those of the Java Virtual Machine, executing on a Sun Enterprise 450 with ....

R. Alur, T. A. Henzinger, F. Y. C. Mang, and S. Qadeer. MOCHA: Modularity in model checking. Lecture Notes in Computer Science, 1427:521--525, 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha: modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computeraided Verification, Lecture Notes in Computer Science, pages 521--525. Springer-Verlag, 1998.

....properties using the global algorithm described in [48] Daws and Tripakis [31] present a reachability algorithm for real time systems that uses state space abstractions. A prototype of their approach has been implemented in Kronos. Other tools for veri cation of real time systems include Mocha [5], which allows reachability analysis of real time systems through the use of timed modules. PARAGON [80] and VERSA [23] allows reachability analysis and equivalence checking for real time systems described using ACSR [61] ASTRAL [30] is a language for the formal speci cation of real time systems. ....

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: modularity in model checking. In Proceedings of the 10th International Conference on Computer-Aided Verication (CAV '98), volume 1427 of Lecture Notes in Computer Science, pages 516-520. SpringerVerlag, 1998.

....the subtyping logic of the type system. The proof technique for establishing the soundness of our assume guarantee rule builds on ideas from our earlier work in [24] and [13] An alternative approach to reason with context sensitive abstractions is given in [18] We are aware of two model checkers [4, 20] that provide tool support for assume guarantee reasoning. Both these systems do not support dynamic channel creation and channel passing, which are important features in distributed software. In addition, the novel aspects of this paper are the integration of assume guarantee reasoning into the ....

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha : Modularity in model checking. In CAV 98: Computer Aided Verication, LNCS, pages 521-525. Springer-Verlag, 1998.

....state in all environment states. This problem appears in contexts such as module checking and its variants [9, 10] and the definition of alternating temporal logic [2] Such gamebased model checking for restricted formulas such as always p has already been implemented in the software Mocha [3], and shown to be useful in construction of the most general environments for automating assume guarantee reasoning [1] We focus on the game version of model checking: given a game graph G and an Ltl formula , what is the complexity of deciding whether a given player has a winning strategy ....

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the Tenth Int. Conference on Computer Aided Verification, LNCS 1427, pages 521 -- 525. Springer-Verlag, 1998.

....for specification, simulation, and verification, and is intended as a vehicle for the development of new verification algorithms and approaches. MOCHA is available in two versions, CMOCHA (Version 1.0.1) and JMOCHA (Version 2. 0) This paper describes JMOCHA (for an introduction to CMOCHA, see [2]) Like its predecessor, JMOCHA offers the following: ffl Support for modular specification and reasoning about heterogeneous systems with both synchronous and asynchronous components. ffl System execution by randomized or manual trace generation. ffl Requirement verification by model checking. ....

R. Alur, T.A. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. 10th CAV, LNCS 1427, pages 516--520, 1998.

No context found.

Alur , R., Henzinger, T.A., Mang, F.Y.C., Qadeer, S. , Rajamani, S., Tasiran, S. , 1998. Mocha: Modularity in Model Checking. In: Proceedings of 10International Conference on Computer Aided Verification, Volume 1427 of LNCS, pp 521-525, Springer-Verlag.

No context found.

Alur, R., Henzinger, T., Mang, F., Qadeer, S., Rajamani, S., Tasiran, S.: Mocha: Modularity in model checking. In: CAV. LNCS. Springer (1998) 521--525

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the Tenth Int. Conference on Computer Aided Veri cation, LNCS 1427, pages 521 - 525. SpringerVerlag, 1998.

No context found.

Alur. R., T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran, Mocha: Modularity in model checking, in CAV 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, S. Tasiran, Mocha: Modularity in model checking, in: CAV 1998.

No context found.

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In CAV 1998.

No context found.

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In CAV 1998.

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer-aided Verification, Lecture Notes in Computer Science 1427, pages 521--525. Springer-Verlag, 1998.

No context found.

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the Tenth Int. Conf. on ComputerAided Verification, pages 521--525, June 28--July 2, 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In CAV 98: Computer-Aided Veri cation, Lecture Notes in Computer Science 1427, pages 521-525. Springer-Verlag, 1998.

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: Modularity in Model Checking. In Proc. 10th International Conference on Computer Aided Verification (CAV'98), pages 521--525, Vancouver, 1998. Available as Volume 1427 of LNCS. 44

No context found.

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the Tenth Int. Conf. on Comp.-Aided Verification (CAV), pages 521--525, June 28--July 2, 1998.

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In Proceedings of 10th International Conference on Computer Aided Verification, volume 1427 of Lecture Notes in Computer Science, pages 521--525. Springer Verlag, 1998.

No context found.

Alur, R., Henzinger, T., Mang, F., Qadeer, S., Rajamani, S., and Tasiran, S. (1998). Mocha: Modularity in model checking. In Hu, A. and Vardi, M., editors, Proceedings of CAV 98: Computer Aided Verification, number 1427 in Lecture Notes in Computer Science, pages 521--525. Springer Verlag.

No context found.

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. Mocha: Modularity in model checking. In CAV 1998.

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer-aided Verification, Lecture Notes in Computer Science 1427, pages 521--525. Springer-Verlag, 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. Mocha: modularity in model checking. In A.J. Hu and M.Y. Vardi, editors, CAV 98: Computer-aided Verification, Lecture Notes in Computer Science 1427, pages 521--525. Springer-Verlag, 1998.

No context found.

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the Tenth Int. Conf. on Comp.-Aided Verification (CAV), pages 521--525, June 28--July 2, 1998.

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. Mocha: modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer-aided Verification, Lecture Notes in Computer Science 1427, pages 521--525. Springer-Verlag, 1998.

No context found.

R. Alur, et al., \MOCHA: Modularity in Model Checking. " LNCS 1427, pp. 521-525, Springer-Verlag, 1998.

No context found.

R. Alur, T. A. Henzinger, F. Y. C. Mang, S. Qadeer, S. K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the Tenth Int. Conf. on Computer-Aided Verification, pages 521--525, June 28--July 2, 1998.

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proc. of the Tenth Int. Conference on Computer Aided Veri cation, LNCS 1427, pages 521 - 525. SpringerVerlag, 1998.

No context found.

R. Alur, T.A. Henzinger, F.Y.C. Mang, S. Qadeer, S.K. Rajamani, and S. Tasiran. MOCHA: Modularity in model checking. In Proceedings of the 10th International Conference on Computer-aided Verification (CAV

No context found.

R. Alur, T. Henzinger, F. Mang, S. Qadeer, S. Rajamani, and S. Tasiran. Mocha: modularity in model checking. In A. Hu and M. Vardi, editors, CAV 98: Computer-aided Verication, Lecture Notes in Computer Science 1427, pages 521-525. Springer-Verlag, 1998.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC