Results 1  10
of
28
Symbolic Model Checking of UML Activity Diagrams
 ACM Transactions on Software Engineering and Methodology
, 2006
"... Two translations from activity diagrams to the input language of NuSMV, a symbolic model verifier, are presented. Both translations map an activity diagram into a finite state machine and are inspired by existing statechart semantics. The requirementslevel translation defines state machines that ca ..."
Abstract

Cited by 37 (1 self)
 Add to MetaCart
(Show Context)
Two translations from activity diagrams to the input language of NuSMV, a symbolic model verifier, are presented. Both translations map an activity diagram into a finite state machine and are inspired by existing statechart semantics. The requirementslevel translation defines state machines that can be efficiently verified, but are a bit unrealistic since they assume the perfect synchrony hypothesis. The implementationlevel translation defines state machines that cannot be verified so efficiently, but that are more realistic since they do not use the perfect synchrony hypothesis. To justify the use of the requirementslevel translation, we show that for a large class of activity diagrams and certain properties, both translations are equivalent: regardless of which translation is used, the outcome of model checking is the same. Moreover, for linear stutteringclosed properties, the implementationlevel translation is equivalent to a slightly modified version of the requirementslevel translation. We use the two translations to model check data integrity constraints for an activity diagram and a set of class diagrams that specify the data manipulated in the activities. Both translations have been implemented in two tools. We discuss our experiences in applying both translations to model check some large example activity diagrams.
Locally Linear Time Temporal Logic
 In LICS '96
, 1996
"... We study linear time temporal logics of multiple agents, where the temporal modalities are local. These modalities not only refer to local nextinstants and local eventuality, but also global views of agents at any local instant, which are updated due to communication from other agents. Thus agentsa ..."
Abstract

Cited by 31 (7 self)
 Add to MetaCart
(Show Context)
We study linear time temporal logics of multiple agents, where the temporal modalities are local. These modalities not only refer to local nextinstants and local eventuality, but also global views of agents at any local instant, which are updated due to communication from other agents. Thus agentsalso reason about the future, present and past of other agents in the system. The models for these logics are simple : runs of networks of synchronizing automata. Problems like gossipping in interconnection networks are naturally described in the logics proposed here. We present solutions to the satisfiability and model checking problems for these logics. Further, since formulas are insensitive to different interleavings of runs, partial order based verification methods become applicable for properties described in these logics. 1. Introduction 1 The Propositional Temporal Logic of Linear Time (PTL) has proved to be a successful logical tool for specifying and reasoning about the behaviou...
Distributed Partial Order Reduction of State Spaces
 ELECTRONIC NOTES IN THEORETICAL COMPUTER SCIENCE (PDMC 2004) 128 (3) (2005) 63 – 74
, 2005
"... State space explosion is a fundamental obstacle in formal verification of concurrent systems. Several techniques for combating this problem have emerged in the past few years, among which the two we are interested in are: partial order reduction and distributed memory state exploration. While the fi ..."
Abstract

Cited by 12 (2 self)
 Add to MetaCart
State space explosion is a fundamental obstacle in formal verification of concurrent systems. Several techniques for combating this problem have emerged in the past few years, among which the two we are interested in are: partial order reduction and distributed memory state exploration. While the first one tries to reduce the problem to a smaller one, the other one tries to extend the computational power to solve the same problem. In this paper, we consider a combination of these two approaches and propose a distributed memory algorithm for partial order reduction.
Reconciling Statechart Semantics
, 2008
"... Statecharts are a visual technique for modelling reactive behaviour. Over the years, a plethora of statechart semantics have been proposed. The three most widely used are the fixpoint, Statemate, and UML semantics. These three semantics differ considerably from each other. In general, they interpret ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
Statecharts are a visual technique for modelling reactive behaviour. Over the years, a plethora of statechart semantics have been proposed. The three most widely used are the fixpoint, Statemate, and UML semantics. These three semantics differ considerably from each other. In general, they interpret the same statechart differently, which impedes the communication of statechart designs among both designers and tools. In this paper, we identify a set of constraints on statecharts that ensure that the fixpoint, Statemate and UML semantics coincide, if observations are restricted to linear, stutteringclosed, separable properties. Moreover, we show that for a subset of these constraints, a slight variation of the Statemate semantics coincides for linear stutteringclosed properties with the UML semantics.
An Efficient Verifier of Truly Concurrent Properties
 PROCEEDINGS OF PACT'95, LNCS 964
, 1995
"... We present a parametric tool for the analysis of distributed concurrent systems. Processes are internally represented as proved transition systems. Actually, we use a fragment of them, in which only one transition exits from a node among those mutually concurrent. This permits to have compact repres ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
We present a parametric tool for the analysis of distributed concurrent systems. Processes are internally represented as proved transition systems. Actually, we use a fragment of them, in which only one transition exits from a node among those mutually concurrent. This permits to have compact representations that are linear in average with the number of actions in the term of the language that describes the system. Another important property of these compact transition systems is that they preserve truly concurrent bisimulations, that can be checked in average in polynomial time. Parametricity is achieved by resorting to the rich labelling of the transitions encoding the parallel structure of processes. These labels are then "observed" for retrieving the interleaving, causal and locational semantics.
Detecting Malicious Logic Through Structural Checking
"... Abstract—Hardware is just as susceptible as software to “hacker attacks”, through inclusion of malicious logic; and the consequences of such an attack could be disastrous! The impact of software viruses has been felt, at one time or another, by the entire computerized world, through loss of producti ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract—Hardware is just as susceptible as software to “hacker attacks”, through inclusion of malicious logic; and the consequences of such an attack could be disastrous! The impact of software viruses has been felt, at one time or another, by the entire computerized world, through loss of productivity, loss of system resources or data, or mere inconvenience. However, the nature of malicious logic and defending against it is fundamentally different from its software counterpart. Malicious logic has the added dimension of not being removable once encapsulated in the system. This paper will identify hardware vulnerabilities and will outline an automated method, called Structural Checking, to detect and prevent malicious logic from becoming incorporated into an ASIC, which could cause catastrophic system failure, security breaches, or other dire consequences. I.
Model Checking with formuladependent abstract models
 In ComputerAided Verification (CAV), volume 2102 of LNCS
, 2001
"... We present a model checking algorithm for ∀CTL (and full CTL) which uses an iterative abstraction refinement strategy. In each iteration we call a standard model checker for the abstract models A_i. If A_i does not satisfy Φ we refine the abstract model A_i yielding another abstra ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We present a model checking algorithm for &forall;CTL (and full CTL) which uses an iterative abstraction refinement strategy. In each iteration we call a standard model checker for the abstract models A_i. If A_i does not satisfy &Phi; we refine the abstract model A_i yielding another abstract model A_i+1 and (re)call the model checker to A_i+1. Otherwise the formula holds for the original system M. Our algorithm terminates at least for all transition systems M that have a finite simulation or bisimulation quotient. In contrast to other abstraction refinement algorithms, we always work with abstract models whose size just depend on the length of the formula &Phi; (but not on the size of the system which might be infinite).
Employing Multiple CUDA Devices to Accelerate LTL Model Checking
 In 16th International Conference on Parallel and Distributed Systems (ICPADS 2010
, 2010
"... Recently, the CUDA technology has been used to accelerate many computation demanding tasks. For example, in [7] we have shown how CUDA technology can be employed to accelerate the process of Linear Temporal Logic (LTL) Model Checking. While the raw computing power of a CUDA enabled device is tremend ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Recently, the CUDA technology has been used to accelerate many computation demanding tasks. For example, in [7] we have shown how CUDA technology can be employed to accelerate the process of Linear Temporal Logic (LTL) Model Checking. While the raw computing power of a CUDA enabled device is tremendous, the applicability of the technology is quite often limited to small or middlesized instances of the problems being solved. This is because the memory that a single device is equipped with, is simply not large enough to cope with large or realistic instances of the problem, which is also the case of our CUDAaware LTL Model Checking solution. In this paper we suggest how to overcome this limitations by employing multiple (two in our case) CUDA devices for acceleration of our finegrained communicationintensive parallel algorithm for LTL Model Checking. 1.
Symmetry and induction in model checking
 In Computer Science Today: Recent Trends and Developments
, 1995
"... ..."
(Show Context)