R. Cleaveland, M. Klein, and B. Ste#en. Faster model checking for the modal mu-calculus. In Computer Aided Verification, volume 663 of Lecture Notes in Computer Science, pages 410--422, 1992.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....and the verification, it helps the verification task to be integrated with the the design process. Several techniques have been proposed for verifying processes against calculus properties. Most of these algorithms, tableau systems and proof systems are based on global state space exploration ([17, 39, 5, 11] and many more) Compositional systems have been developed for example in [27] or [2] However, most of these techniques are only applicable to finite state system. When modelling a concurrent system in a process algebra like CCS one easily encounters infinite state processes like unbounded ....

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mu-calculus. In G. von Bochmann and D. K. Probst, editors, Computer Aided Verification: Proc. of the Fourth International Workshop CAV'92, pages 410-- 422. Springer, Berlin, Heidelberg, 1993.

....expressiveness, it turns out that validity is decidable for the modal calculus, and for finite state processes the problem of deciding satisfaction between a process and an assertion is decidable too. A range of algorithms and proof systems for this problem has been given in the literature, e.g. [9, 4, 11, 18, 6, 25, 8, 2, 21, 12, 7, 1]. They mostly rely on globally Appears in: Proceedings of LICS 94, IEEE Computer Society Press. Supported by the Danish Technical Research Council. Basic Research in Computer Science, Centre of the Danish National Research Foundation. or locally computing the underlying transition system. ....

Rance Cleaveland, Marion Dreimuller, and Bernhard Steffen. Faster model checking for the modal mu-calculus. In v.Bochmann and Probst [20], pages 383--394.

....Goteborg email: martinw cs.chalmers.se 1 Introduction Many verification algorithms for finite transition systems are based on fixpoint approximation. This technique was introduced for model checking by Emerson and Lei [EmL86] It was applied by Andersen [And92] Cleaveland, Dreimuller and Steffen [CDS92], and Long et al. LBCJM94] to global model checking. Recently Vergauwen and Lewi [VeL94] introduced a local model checking algorithm using fixpoint approximation. These algorithms are based on efficient methods to calculate fixpoints for the non alternating case. The extension to nested fixpoints ....

....E 2 (X 0 ) X:E 1 (X; E 2 (X 0 ) 5) 3) 4) E 1 (X 0 ; E 2 (X 0 ) E 1 (E 2 (X 0 ) 6) 5) 2 6 Conclusion We have suggested an improved approximation technique for alternating fixpoints. It can be applied to all existing algorithms, as for example those presented in [EmL86] And92] [CDS92], LBCJM94] and [VeL94] The application consists of a simple extension of these algorithms which allows short cuts of approximation sequences. Our technique has the same worst case complexity as the old one. However, we have shown that it leads to very considerable time savings in many cases. ....

R. Cleaveland, M. Dreimuller and B. Steffen. "Faster Model Checking for the Modal Mu-Calculus." In Proc. of CAV'92, LNCS 663, 1993. 9

.... and proof systems for this problem has been given in the literature, e.g. Emerson and Lei, 1986, Arnold and Crubille, 1988, Larsen, 1988, Stirling and Walker, 1991, Cleaveland, 1990, Winskel, 1989, Cleaveland and Steffen, 1992, 5 Andersen, 1994, Vergauwen and Lewi, 1992, Larsen, 1992, Cleaveland et al. 1992, Andersen, 1993] They mostly rely on globally or locally computing the underlying transition system. However, what we seek here is a method that is compositional in the structure of processes, and which does not rely on computing the underlying transition system. Compositionality is important ....

Cleaveland, R., Dreimuller, M., and Steffen, B. (1992). Faster model checking for the modal mu-calculus. In [v.Bochmann and Probst, 1992], pages 383--394.

....surrounding fixpoint operator. It can be constructed in time O(j Phij) and the size of the resulting equational system jF j is the same as j Phij. The semantics for the root variable X 1 of F gives then the semantics for Phi. An optimized version of the translation operation is presented in [CKS92]. It is straight forward to define assertion based semantics also for a (hierarchical) equational system F . The interpretation of F with respect to some assertion Omega is obtained by interpreting the simple formulas, the right hand sides of each equation in F with respect to Omega Gamma Here, ....

....and the minimal equational block B. That scheme, called the transformer scheme, exploits the relations between the algorithmic transformers, and its solution will yield the semantic transformers. 2. Solving of the transformer scheme F G;B . This is a classic fixpoint computation, like the one in [CKS92] for the finite state case. The difference here is that the domain of iteration is second order, i.e. that we compute functions. Since we proceed a minimal block, the algorithmic transformers are first initialised with the minimal transformer, denoted by for any arity, which yields false for ....

R. Cleaveland, M. Klein, and B. Steffen. Faster Model Checking for the Modal MuCalculus. In CAV '92, LNCS 663, pages 410--422, 1992.

....is more complicated and the resulting boolean expressions are also more complicated since they involve maximal and minimal fixpoint operators. The idea of reducing satisfaction to a system of boolean equations is not uncommon in model checking for the pure modal calculus; examples can be found in [2, 3]. A similar logic was presented in [4] for describing properties of mobile processes. This logic also featured parameterised fixpoints although the language of boolean expressions used there was restricted to basic statements about name matching and the parameters were just vectors of names. A ....

R. Cleaveland, M. Dreimuller, and B. Steffen. Faster model checking for the modal mu-calculus. In CAV'92, volume 663 of Lecture Notes in Computer Science, pages 383--394. Springer-Verlag, 1993.

....fixed points. In particular, we introduce Partitioned Dependency Graphs (PDGs) whose generality subsumes that of similarly proposed models of nested fixed point computation, such as Boolean graphs [And94] Boolean equation systems [VL94] the modal mu calculus, and the equational calculus [CKS92, BC96b] A PDG is a directed hypergraph G with hyper edges from vertices to sets of vertices. A PDG vertex x can be viewed as a kind of disjunctive normal form (DNF) with each of x s target sets of vertices representing a disjunct (conjunctive term) of x. Moreover, the vertices of G are ....

.... the simplicity of previously proposed induction based algorithms (such as Winskel s tableau method for calculus model checking [Win89] with the efficiency of semantics based algorithms (such as the bit vector method of Cleaveland, Klein, and Steffen for equational calculus model checking [CKS92] LAFP takes as input a PDG G and a vertex x 0 of G and determines, in a need driven fashion, whether or not x 0 is in the solution of G. LAFP thereby avoids the a priori construction of G. In contrast, global algorithms by definition require the a priori construction of a system s state space, ....

[Article contains additional citation context not shown here]

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mu-calculus. In G.v. Bochmann and D.K. Probst, editors, Proceedings of the Fourth International Conference on Computer Aided Verification (CAV '92), Vol. 663 of Lecture Notes in Computer Science, pages 410--422. Springer-Verlag, 1992.

....(including and ) are monotonic. For top assertions which contain no free variables (free meaning with no defining equation) we define: E # X] E] X) 2 With the given semantics it can be shown that the expressive power of our logic is equivalent to that of the modal calculus ( 1] [15]) 3 A labelled transition system t = S; i) is said to satisfy a top assertion E # X, if i 2 [ E # X] We write t j= E # X in this case. To construct models of concurrent systems we shall use three operations on labelled transition systems. To make sense of them we need a little structure ....

....taken as the starting point of the recursively defined semantics for E # X. 3 The notion of alternation depth for the modal calculus (originally defined in [22] also has a correlate in our logic relating to the number of alternating sequences of and equations. See for example [1] or [15] for discussions of this point. E # X) L;M t = E= L;M t) # X i ffl= L;M t = ffl (X = oe A E) L;M t = 8 : X s1 = oe A= L;M s 1 Delta Delta Delta X sn = oe A= L;M s n E= L;M t X= L;M s = X s hffiA= L;M s = hffi(A= L;M s) s ff s 0 A= L;M s 0 if ff 6= ....

Rance Cleaveland, Marion Dreimuller, and Bernhard Steffen. Faster model checking for the modal mu-calculus. In v. Bochmann and Probst [32], pages 383--394.

....notion of alternation depth and give an algorithm requiring only about O(n d ) iterations, where d is the alternation depth. In an implementation, bookkeeping and set manipulations may add another factor of n or so to the time required. Subsequent work by Cleaveland, Klein, Steffen, and Andersen [1, 9, 10] has reduced this extra complexity, but the overall number of iterations has remained about O(n d ) In [14] the authors have improved on this by giving an algorithm that uses only O(n d=2 ) iterations to compute a formula with alternation depth d, thus requiring only about the square root of ....

.... or from until the result does not change. The alternation depth of a formula is intuitively equal to the number of alternations in the nesting of least and greatest fixpoints, when all negations are applied only to propositions. There are other more elaborate definitions of alternation depth [1, 2, 9], that take into account the possibility that nested fixpoints may still be independent. Such fixpoints do not depend on the value of approximations to outer fixpoints. Consequently, they only need to be evaluated once. This type of nesting does not increase the effective alternation depth. ....

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mucalculus. In Bochmann and Probst [3].

....algebra [Wal89] and in Petri nets [Bra92] Proving whether a property expressed in the modal calculus holds for particular states of a process is called model checking [CE81, CES86] Various algorithms are available. The main approaches are model checkers based on the fixpoint approximation [EmL86, CDS92, And92, BCMDH92, LBCJM94] and tableau based model checkers [StW89, Cle90, Lar92, Mad92] One important technique consists of the transformation of a property and a model to a (Boolean) equation system [AC88, And92, CDS92, Lar92, VeL92] Then model checking is equivalent to the computation of a certain fixpoint. In fact, ....

.... The main approaches are model checkers based on the fixpoint approximation [EmL86, CDS92, And92, BCMDH92, LBCJM94] and tableau based model checkers [StW89, Cle90, Lar92, Mad92] One important technique consists of the transformation of a property and a model to a (Boolean) equation system [AC88, And92, CDS92, Lar92, VeL92]. Then model checking is equivalent to the computation of a certain fixpoint. In fact, various correctness problems may be represented in this way. In this paper we present a novel, algebraic approach for solving Boolean equation systems. It does not use approximation techniques and therefore does ....

[Article contains additional citation context not shown here]

R. Cleaveland, M. Dreimuller and B. Steffen. Faster Model Checking for the Modal Mu-Calculus. In Proc. of CAV'92, LNCS 663, 1993.

....at least a logarithmic increase in the CHAPTER 1. INTRODUCTION 4 worst case run time. A number of model checking algorithms have been developed and implemented in verification tools. The most efficient global algorithms include [29, 23, 82] for the alternation free mu calculus. The algorithms in [21, 51] have the best time complexities for the full modal mu calculus. Several local algorithms exist, e.g. 73, 20, 48, 9, 83, 14] to name just a few. Of these, the first two handle the full mu calculus, but exhibit exponential worst case behaviour, even for alternation free formulas. 48] and [9] ....

R. Cleaveland, M. Dreimuller, and B. Steffen. Faster model checking for the modal mu-calculus. In Proceedings of CAV '92, 1992.

....notion of alternation depth, and they gave an algorithm requiring only about n d steps, where d is the alternation depth. In an implementation, bookkeeping and set manipulations may add another factor of n or so to the time required. Subsequent work by Cleaveland, Klein, Steffen, and Andersen [1, 10, 11] has reduced this extra complexity, but the overall number of steps has remained at about n d . Our new algorithm is also a global method. By using extensive monotonicity considerations, we are able to show that only about n d=2 steps are required to evaluate a formula with alternation depth ....

....the formula. The best previously known algorithms required about n d steps. A straightforward implementation of our algorithm would require an extra factor of n or so for bookkeeping and set manipulations, but we believe that methods such as those used by Cleaveland, Klein, Steffen, and Andersen [1, 10, 11] could be used to reduce this extra complexity. It is not as clear whether efficient local procedures can be developed that make use of our ideas, but this is an interesting question. It would also be interesting to see whether it is possible to make even more use of monotonicity considerations. ....

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mu-calculus. In Bochmann and Probst [3].

....most) 1 with actions in Act Theta N such that T j= A , pr( T ) j= pr(A) Hence, if each of the T i are finite, so is pr( T ) and we have reduced the problem of model checking in p K to model checking in K. Using the algorithm from Andersen [And94] or Cleaveland, Dreimuller and Steffen [CDS92] we get from this reduction: Theorem 2 There exists an algorithm for deciding T j= A, for A closed and T an m tuple of finite transition systems with states S 1 ; Sm , which runs in time O(jAj k (jS 1 j Delta Delta Delta jS m j) k Gamma1 jT 1 j Delta Delta Delta jT m ....

....be evaluated globally in time O(n k Gamma1 m) and locally in time O(n k Gamma1 m log n) where n is the number of variables in the assertion, k 1 is the alternation depth, and m n is the total size of the assertion. Alternatively, the global algorithm of Cleaveland, Dreimuller and Steffen [CDS92] and the local of Larsen [Lar92] could be applied. Hence, it is of major concern to keep the size of these small. It is for this purpose, we included simultaneous fixed points in p K 9 . Moreover, we shall convert any assertion into positive, normal form. This is done by allowing as proper ....

Rance Cleaveland, Marion Dreimuller, and Bernhard Steffen. Faster model checking for the modal mu-calculus. In v.Bochmann and Probst [vP92], pages 383--394.

....This means that all model checking algorithms for the propositional mu calculus can be used for model checking CTL. Several linear time model checking algorithms for the alternation free subset of mu calculus have indeed been presented: Cleaveland and Steoeen [10] Cleaveland, Klein and Steoeen [9], Andersen [1] and Bhat, Cleaveland and Grunberg [3] Other approaches which uses the mu calculus xed point representation of CTL formulas are the model checkers based on the BDD data structure [4] This data structure is used to eOEciently compute the xed point formulas which can be used to ....

Cleaveland, R., Klein, M., Steoeen, B.: Faster Model Checking for the Modal Mu-Calculus. In v. Bochmann, G., Probst D. K. (eds.): Proceedings of the Fourth International Workshop on Computer Aided Veriøcation, Lecture Notes in Computer Science 663, Spriger-Verlag, Berlin, 1992, pp. 410422.

.... fixed point evaluation in dependency graphs subsumes that of many other problems of maximal and minimal fixed point computation, such as those found in Boolean graphs [And94] Boolean equation systems [VL94] the alternation free modal mu calculus, and the alternation free equational mu calculus [CKS92, BC96]. Our algorithms are very simple in nature, perhaps deceptively so, and this is partially a consequence of the abstractness of the dependency graph framework. We describe our algorithms both at an abstract level of dependency graph computation, and at a lower level in terms of arrays and lists, ....

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mu-calculus. In G.v. Bochmann and D.K. Probst, editors, Proceedings of the Fourth International Conference on Computer Aided Verification (CAV '92), Vol. 663 of Lecture Notes in Computer Science, pages 410--422. Springer-Verlag, 1992.

No context found.

R. Cleaveland, M. Klein, and B. Steffen. Faster Model Checking for the Modal MuCalculus. In CAV '92, LNCS 663, pages 410--422, 1992.

....a path on which the action c is always enabled. This property can formally be expressed by the alternation free modal calculus formula OE = df Z:haiZ hcitt The first step of the second order model checking algorithm consists now of transforming the formula into an equivalent equational form [43] which explicitly names all subformulae, yielding in our case f Z 1 = Z 2 Z 3 ; Z 2 = haiZ 1 ; Z 3 = hciZ 4 ; Z 4 = tt g Defining Z = df f Z 1 ; Z 2 ; Z 3 ; Z 4 g, the property transformers to be computed for the nonterminals X and B are thus mappings D OE Gamma D OE where D OE = 2 Z . For ....

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mu-calculus. In G. Bochmann and D.K. Probst, editors, CAV'92, LNCS 663, pages 410--422, Montreal, 1992. Springer.

....the strongly connected components of the dependence graph. Of course, these constraints form in general a DAG structure. However, as in the hierarchical case, we can simply collapse this DAG to a list without runtime penalty. 2 This choice is an elaboration of the block graphs presented in [ClSt91b, ClKS92]. ffl The DAG structure reflects part of the ordering constraints within a strongly connected component: a constraint between two equations e 1 and e 2 is only kept if the row of e 1 precedes the row of e 2 in the value array. This DAG of equations is then collapsed by combining all equations ....

....case. However, in contrast to the previous two cases, this computation must be repeated according to changes in blocks of different parity that are higher in the hierarchy but still in the same strongly connected component. A detailed description of this procedure is rather complicated (cf. [ClSt91b, ClKS92]) and omitted here. 5.2 Second Order (and Higher Order) Fixpoints Structurally, these fixpoint computations follow exactly the same lines as the first order case. Only the domain of the value array components is now second order, i.e. instead of determining properties for states of the ....

[Article contains additional citation context not shown here]

R. Cleaveland, M. Klein, B. Steffen: "Faster Model Checking for the Modal Mu-Calculus", Proc. of CAV '92, Montreal (Canada) LNCS 663, pp. 410-422, Springer V., 1992.

.... calculus [13] which is capable of encoding numerous existing temporal logics [12] When systems are finite state, mu calculus model checking becomes decidable; for such systems, a variety of model checking algorithms have been developed. Two major approaches may be identified. Global routines [6, 12, 14] require the a priori construction of the entire state space of the system being analyzed; a subsequent pass over the state space then determines the truth or falsity of the formula. Such algorithms typically exhibit good worst case behavior; however, in practice, the overhead of computing the ....

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mu-calculus. In G.v. Bochmann and D.K. Probst, editors, Computer Aided Verification (CAV '92), volume 663 of Lecture Notes in Computer Science, pages 410--422, Montr'eal, June/July 1992. Springer-Verlag.

....alternating fixed points. The worst case time complexity for formulas with alternating fixpoints, i.e. with ad( Phi) 2, is O( jT j j Phij ( jS jj Phij ad( Phi) Gamma1 ) ad( Phi) Gamma1 ) where jT j = jSj j j, j Phij is the size of Phi, and ad( Phi) is the alternation depth of Phi [5]. This outperforms the classical model checking algorithm of Emerson and Lei [11] Recently, Andersen [1] has also proposed an algorithm for the full mu calculus that improves on the one in [11] his time complexity is O( jT j j Phij (jSj j Phij) ad( Phi) Gamma1 ) Regarding future work, we ....

R. Cleaveland, M. Dreimuller and B. Steffen. "Faster Model-Checking for the Modal Mu-Calculus." To appear in Proceedings of the 1992 Workshop on Computer-Aided Verification, Lecture Notes in Computer Science.

....strict discipline involving backtracking. This observation motivates the structure of our block graphs, which are lists of DAGs 4 (directed acyclic graphs) where edges represent ordering constraints and nodes collect the set 4 This choice is an elaboration of the block graphs presented in [ClSt91b, ClKS92] of all equations which need not be distinguished according to these constraints. This graph structure is already sufficient to uniformly capture even strongly optimized organizations of the fixpoint computation for the alternating case. Technically, the need for blocks, which are collections of ....

....In the case of a min block it successively updates the initial minimal predicate transformers until the smallest fixpoint is reached. The handling of max blocks is completely dual, and the global algorithm, which deals with a hierarchy of blocks proceeds hierarchically as described in [ClSt91, ClKS92]. The iteration mechanism as such is essentially the same as for usual iterative algorithms, except for: ffl the handling of the procedural identifiers (non terminals) They are dealt with by applying the currently valid approximation for their defining procedural transition systems. ffl the ....

R. Cleaveland, M. Klein, B. Steffen: "Faster Model Checking for the Modal Mu-Calculus," Proc. of CAV '92, Montreal (Canada) LNCS 663, pp. 410--422, Springer Verlag, 1992.

....for CTL formulas and single exponential for ECTL formulas, and these complexities substantially exceed those for model checking algorithms that have been developed for these logics. In this paper we elaborate on the calculus program by showing how an equational variant of the calculus [3, 4, 11, 13] may be used as a uniform basis for efficient model checking in linear as well as branchingtime logics. More specifically, we show how formulas in CTL may be translated into the equational calculus in time that is exponential in the size of the input formula and then efficiently checked ....

....the equational calculus. We now investigate efficiency issues involved in checking Kripke structures against these translations. It is straightforward to extend existing model checkers for the calculus to handle the equational variant; indeed, many already work on similar equational notation [3, 4, 11, 13]. It is also known that using these model checkers in conjunction with translation procedures into the calculus gives routines that are equivalent in terms of worst case behavior to the most efficient model checking algorithms for pure branching logics CTL and PDL ffi. This follows from the ....

R. Cleaveland, M. Klein, and B. Steffen. Faster model checking for the modal mu-calculus. In G.v. Bochmann and D.K. Probst, editors, Computer Aided Verification (CAV '92), volume 663 of Lecture Notes in Computer Science, pages 410--422, Montreal, June/July 1992. Springer-Verlag.

.... this can be done in a straightforward manner (cf. CS1] ffl translation into positive normal form, i.e. into a formula with distinct variable naming, where only atomic propositions are negated: this can be done by some ff conversions and some applications of de Morgan like laws (cf. [CKS]) ffl translation into a system of greatest and least fixpoint equations: this is described in some detail in [CKS] We will not go into formal detail here, because this translation step is not important for this paper. In fact, the graph representation of the specifying formula in the following ....

.... into a formula with distinct variable naming, where only atomic propositions are negated: this can be done by some ff conversions and some applications of de Morgan like laws (cf. CKS] ffl translation into a system of greatest and least fixpoint equations: this is described in some detail in [CKS]. We will not go into formal detail here, because this translation step is not important for this paper. In fact, the graph representation of the specifying formula in the following section is the same for the low level representation and the equational representation. 2. Construct a (higher ....

[Article contains additional citation context not shown here]

R. Cleaveland, M. Dreimuller, B. Steffen. Faster Model Checking for the Modal MuCalculus. In Proceedings CAV'92, 1992

No context found.

R. Cleaveland, M. Klein, and B. Ste#en. Faster model checking for the modal mu-calculus. In Computer Aided Verification, volume 663 of Lecture Notes in Computer Science, pages 410--422, 1992.

No context found.

R. Cleaveland, M. Klein, and B. Steen. Faster model checking for the modal mu-calculus. In G. v. Bochmann and D. K. Probst, editors, Computer Aided Veri - cation (CAV'92), volume 663 of Lecture Notes in Computer Science, pages 410-422. Springer-Verlag, June/July 1992.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC