Verifying that a temporal logic specification satisfies a temporal property requires some form of theorem proving. However, although proof procedures exist for such logics, many are either unsuitable for automatic implementation or only deal with small fragments of the logic. In this thesis the algorithms for, and strategies to guide, a fully automated temporal resolution theorem prover are given, proved correct and evaluated. An approach to applying resolution, a proof method for classical logics suited to mechanisation, to temporal logics has been developed by Fisher. The method involves translation to a normal form, classical style resolution within states and temporal resolution over states. It has only one temporal resolution rule and is therefore particularly suitable as the basis of an automated temporal resolution theorem prover. As the application of the temporal resolution rule is the most costly part of the method, involving search amongst graphs, different algorithms on w...

This report describes the design and implementation of a model checker for linear time temporal logic. The model checker uses a depth-first search algorithm that attempts to find a minimal satisfying model and uses as little space as possible during the checking procedure. The depth-first nature of the algorithm enables the model checker to be used where space is at a premium. 1 Introduction Temporal logic has been widely used for the specification and verification of reactive systems. It has been successfully used to describe verifiable properties of state-machines derived from practical applications [CES83, BCDM84, GB88]. In this report we consider the verification of temporal properties of such state-machines through model-checking [CES83] (also known as satisfiability checking). Using this approach, a finite state-machine, often derived from some practical system, is checked to see if it satisfies various properties represented by temporal formulae. The satisfaction of these prope...

A process algebraic foundation is developed, for formal analysis of synchronous hardware designs using the commercially available hardware design language, ELLA. An underlying semantic foundation, based on input/outputtrace sets, is presented first through the use of state machines. Such a representation enables direct application of standard, fully automated, trace equivalence checking tools. However, to overcome the computational limitations imposed by such analysis methods, the input/output trace semantics is re-presented through a synchronous process algebra, EPA. Primitive processes in EPA denote the behaviour of primitive hardware components, such as delays or multiplexers, with composition operators corresponding to the different ways in which behaviours may be built. Of particular significance is the parallel composition operator which captures the machinery for building networks from other components/networks. Actions in EPA are structured and signify the state of input and ou...

A model checker is a program that verifies, without human assistance, that the formal description of a system has specified, desirable properties. The development of model checking algorithms is an active area of research, but most implementations are still prototypical in nature. In consequence, knowledge about the design and implementation of a practical, efficient model checker is limited. In this thesis the most important design decisions involved in creating an efficient on-the-fly model checker are identified and discussed. In short, there are three major tasks: 1. the generation of program states, 2. the detection of revisited states, and 3. the representation of states. In all three cases the central goal is to generate as many states as possible and to generate states as fast as possible. For each task, alternatives are described and compared. The discussion of design issues is further supported in two ways. First, a detailed design and implementation for a model checker is described to illustrate how design decisions affect each other and ultimate the implementation. Second, the design arguments, based on more or less realistic models, are validated through a thorough study of the performance of the various components of the model checker.

os de Datos Generales . . . . . . . . . . . . . . . . . . . . . . . 66 7.2 Implementaci'on del M'etodo del Tablero . . . . . . . . . . . . . . . . . . . . . 71 7.3 Implementaci'on del M'etodo Buchi . . . . . . . . . . . . . . . . . . . . . . . . 74 7.4 Implementaci'on de los Algoritmos de Model-Checking . . . . . . . . . . . . . 74 7.4.1 LTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 7.4.2 CTL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 List of Figures 2.1 Grafo de transiciones de la planificaci'on de recursos no compartibles con dos procesos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 3.1 Tablero de la f'ormula F 1 j (fl 8 3a flflb) . . . . . . . . . . . . . . . . . . . 15 3.2 Modelo de la f'ormula F 1 j (fl 8 3a flflb) . . . . . . . . . . . . . . . . . . . 16 3.3 Tablero de la f'ormula F 2 j (2fla (bUc)) . . . . . . . . . . . . . . . . . . . . 16 3.4 Estructura Hintikka de la f...

We present a novel state evolution method for establishing standard (strong) bisimulation, which gives a tractable verification approach for deterministic machines, possibly with infinite state-spaces, and operates at an abstract level. The problem of establishing equivalence is reduced to one of proving the validity of a set of simpler (first-order) logical verification conditions, generated from the state evolution expressions. The approach maintains a high degree of automation, a feature of state-based methods, whilst offering the potential of containing the usual growth in complexity of verification, one advantage of using theorem-proving techniques. Keywords: symbolic verification, automatic hardware verification, theorem-proving, hardware design aids. 1 Introduction One approach commonly used for establishing the behavioural equivalence of hardware systems uses state-space exploration to establish a bisimulation relation between the systems, modelled as labelled transit...