Results 1  10
of
321
The model checker SPIN
 IEEE Transactions on Software Engineering
, 1997
"... Abstract—SPIN is an efficient verification system for models of distributed software systems. It has been used to detect design errors in applications ranging from highlevel descriptions of distributed algorithms to detailed code for controlling telephone exchanges. This paper gives an overview of ..."
Abstract

Cited by 1505 (26 self)
 Add to MetaCart
(Show Context)
Abstract—SPIN is an efficient verification system for models of distributed software systems. It has been used to detect design errors in applications ranging from highlevel descriptions of distributed algorithms to detailed code for controlling telephone exchanges. This paper gives an overview of the design and structure of the verifier, reviews its theoretical foundation, and gives an overview of significant practical applications. Index Terms—Formal methods, program verification, design verification, model checking, distributed systems, concurrency.
Managing conflicts in goaldriven requirements engineering
 IEEE Transactions on Software Engineering
, 1998
"... Abstract A wide range of inconsistencies can arise during requirements engineering as goals and requirements are elicited from multiple stakeholders. Resolving such inconsistencies sooner or later in the process is a necessary condition for successful development of the software implementing those ..."
Abstract

Cited by 177 (25 self)
 Add to MetaCart
(Show Context)
Abstract A wide range of inconsistencies can arise during requirements engineering as goals and requirements are elicited from multiple stakeholders. Resolving such inconsistencies sooner or later in the process is a necessary condition for successful development of the software implementing those requirements. The paper first reviews the main types of inconsistency that can arise during requirements elaboration, defining them in an integrated framework and exploring their interrelationships. It then concentrates on the specific case of conflicting formulations of goals and requirements among different stakeholder viewpoints or within a single viewpoint. A frequent, weaker form of conflict called divergence is introduced and studied in depth. Formal techniques and heuristics are proposed for detecting conflicts and divergences from specifications of goals / requirements and of domain properties. Various techniques are then discussed for resolving conflicts and divergences systematically by introduction of new goals or by transformation of specifications of goals/objects towards conflictfree versions. Numerous examples are given throughout the paper to illustrate the practical relevance of the concepts and techniques presented. The latter are discussed in the framework of the KAOS methodology for goaldriven requirements engineering.
Model Checking of Safety Properties
, 1999
"... Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simp ..."
Abstract

Cited by 146 (20 self)
 Add to MetaCart
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proofbased approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixedpoint expression over the system's state space, and is often impossible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for ...
A Direct Symbolic Approach to Model Checking Pushdown Systems (Extended Abstract)
, 1997
"... This paper gives a simple and direct algorithm for computing the always regular set of reachable states of a pushdown system. It then exploits this algorithm for obtaining model checking algorithms for lineartime temporal logic as well as for the logic CTL. For the latter, a new technical tool is i ..."
Abstract

Cited by 139 (4 self)
 Add to MetaCart
This paper gives a simple and direct algorithm for computing the always regular set of reachable states of a pushdown system. It then exploits this algorithm for obtaining model checking algorithms for lineartime temporal logic as well as for the logic CTL. For the latter, a new technical tool is introduced: pushdown automata with transitions conditioned on regular predicates on the stack content. Finally, this technical tool is also used to establish that CTL model checking remains decidable when the formulas are allowed to include regular predicates on the stack content.
Efficient Büchi Automata from LTL Formulae
 CAV 2000, LNCS 1855:247–263
, 2000
"... We present an algorithm to generate small Büchi automata for LTL formulae. We describe a heuristic approach consisting of three phases: rewriting of the formula, an optimized translation procedure, and simplification of the resulting automaton. We present a translation procedure that is optimal w ..."
Abstract

Cited by 121 (13 self)
 Add to MetaCart
We present an algorithm to generate small Büchi automata for LTL formulae. We describe a heuristic approach consisting of three phases: rewriting of the formula, an optimized translation procedure, and simplification of the resulting automaton. We present a translation procedure that is optimal within a certain class of translation procedures. The simplification algorithm can be used for Buchi automata in general. It reduces the number of states and transitions, as well as the number and size of the accepting setspossibly reducing the strength of the resulting automaton. This leads to more efficient model checking of lineartime logic formulae. We compare our method to previous work, and show that it is significantly more efficient for both random formulae, and formulae in common use and from the literature.
DecSerFlow: Towards a Truly Declarative Service Flow Language
 International Conference on Web Services and Formal Methods (WSFM 2006), volume 4184 of Lecture Notes in Computer Science
, 2006
"... Abstract. The need for process support in the context of web services has triggered the development of many languages, systems, and standards. Industry has been developing software solutions and proposing standards such as BPEL, while researchers have been advocating the use of formal methods such a ..."
Abstract

Cited by 115 (7 self)
 Add to MetaCart
(Show Context)
Abstract. The need for process support in the context of web services has triggered the development of many languages, systems, and standards. Industry has been developing software solutions and proposing standards such as BPEL, while researchers have been advocating the use of formal methods such as Petri nets and πcalculus. The languages developed for service flows, i.e., process specification languages for web services, have adopted many concepts from classical workflow management systems. As a result, these languages are rather procedural and this does not fit well with the autonomous nature of services. Therefore, we propose DecSerFlow as a Declarative Service Flow Language. DecSerFlow can be used to specify, enact, and monitor service flows. The language is extendible (i.e., constructs can be added without changing the engine or semantical basis) and can be used to enforce or to check the conformance of service flows. Although the language has an appealing graphical representation, it is grounded in temporal logic.
The Maude 2.0 system
 Rewriting Techniques and Applications, Proceedings of the 14th International Conference
, 2003
"... Abstract. This paper gives an overviewof the Maude 2.0 system. We emphasize the full generality with which rewriting logic and membership equational logic are supported, operational semantics issues, the new builtin modules, the more general Full Maude module algebra, the new METALEVEL module, the ..."
Abstract

Cited by 109 (18 self)
 Add to MetaCart
(Show Context)
Abstract. This paper gives an overviewof the Maude 2.0 system. We emphasize the full generality with which rewriting logic and membership equational logic are supported, operational semantics issues, the new builtin modules, the more general Full Maude module algebra, the new METALEVEL module, the LTL model checker, and newimplementation techniques yielding substantial performance improvements in rewriting modulo. We also comment on Maude’s formal tool environment and on applications. 1
AutomataBased Verification of Temporal Properties on Running Programs
 IN PROCEEDINGS, INTERNATIONAL CONFERENCE ON AUTOMATED SOFTWARE ENGINEERING (ASE’01
, 2001
"... This paper presents an approach to checking a running program against its Linear Temporal Logic (LTL) specifications. LTL is a widely used logic for expressing properties of programs viewed as sets of executions. Our approach consists of translating LTL formulae to finitestate automata, which ar ..."
Abstract

Cited by 77 (8 self)
 Add to MetaCart
This paper presents an approach to checking a running program against its Linear Temporal Logic (LTL) specifications. LTL is a widely used logic for expressing properties of programs viewed as sets of executions. Our approach consists of translating LTL formulae to finitestate automata, which are used as observers of the program behavior. The translation algorithm we propose modifies standard LTL to Bfichi automata conversion techniques to generate automata that check finite program traces. The algorithm has been implemented in a tool, which has been integrated with the generic JPaX framework for runtime analysis of Java programs
Optimizing Büchi automata
, 2000
"... We describe a family of optimizations implemented in a translation from a linear temporal logic to Büchi automata. Such optimized automata can enhance the efficiency of explicit state model checking, as practiced in tools such as SPIN. Some of our optimizations are applicable to... ..."
Abstract

Cited by 73 (3 self)
 Add to MetaCart
(Show Context)
We describe a family of optimizations implemented in a translation from a linear temporal logic to Büchi automata. Such optimized automata can enhance the efficiency of explicit state model checking, as practiced in tools such as SPIN. Some of our optimizations are applicable to...
Fluent Model Checking for Eventbased Systems
 In Proceedings of FSE
, 2003
"... Model checking is an automated technique for verifying that a system satisfies a set of required properties. Such properties are typically expressed as temporal logic formulas, in which atomic propositions are predicates over state variables of the system. In eventbased system descriptions, states ..."
Abstract

Cited by 72 (9 self)
 Add to MetaCart
Model checking is an automated technique for verifying that a system satisfies a set of required properties. Such properties are typically expressed as temporal logic formulas, in which atomic propositions are predicates over state variables of the system. In eventbased system descriptions, states are not characterized by state variables, but rather by the behavior that originates in these states in terms of actions. In this context, it is natural for temporal formulas to be built from atomic propositions that are predicates on the occurrence of actions. The paper identifies limitations in this approach and introduces "fluent" propositions that permit formulas to naturally express properties that combine state and action. A fluent is a property of the world that holds after it is initiated by an action and ceases to hold when terminated by another action. The paper describes an approach to model checking fluentbased lineartemporal logic properties, with its implementation and application in the LTSA tool.