Article

Modular Model Checking

Authors:

Orna Kupferman,

Moshe Y. VardiAuthors Info & Claims

COMPOS'97: Revised Lectures from the International Symposium on Compositionality: The Significant Difference

Pages 381 - 401

Published: 08 September 1997 Publication History

Abstract

In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assume-guarantee paradigm. In this paper we consider assume-guarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in ∀CTL and ∀CTL*, the universal fragments of CTL and CTL*, and assumptions in LTL, ∀CTL, and ∀CTL*. We describe a reduction of modular model checking to standard model checking. Using the reduction, we show that modular model checking is PSPACE-complete for ∀CTL and is EXPSPACE-complete for ∀CTL*. We then show that the case of LTL assumption is a special case of the case of ∀CTL* assumption, but that the EXPSPACE-hardness result apply already to assumptions in LTL.

References

[1]

M. Abadi and L. Lamport. Composing specifications. ACM Transactions on Programming Languages and Systems, 15(1):73-132, 1993.

[2]

A. Aziz, T.R. Shiple, V. Singhal, and A.L. Sangiovanni-Vincentelli. Formula-dependent equivalence for compositional CTL model checking. In Proc. 6th Conf. on Computer Aided Verification, volume 818 of Lecture Notes in Computer Science, pages 324-337, Stanford, CA, June 1994. Springer-Verlag.

[3]

J.R. Burch, E.M. Clarke, K.L. McMillan, D.L. Dill, and L.J. Hwang. Symbolic model checking: 10²⁰ states and beyond. In Proc. 5th Symposium on Logic in Computer Science, pages 428-439, Philadelphia, June 1990.

[4]

E.M. Clarke, E.A. Emerson, and A.P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems, 8(2):244-263, January 1986.

[5]

E.M. Clarke and O. Grumberg. Research on automatic verification of finite-state concurrent systems. In Annual Review of Computer Science, volume 2, pages 269-290, 1987.

[6]

E.M. Clarke, O. Grumberg, and D. Long. Verification tools for finite-state concurrent systems. In J.W. de Bakker, W.-P. de Roever, and G. Rozenberg, editors, Decade of Concurrency - Reflections and Perspectives (Proceedings of REX School), volume 803 of Lecture Notes in Computer Science, pages 124-175. Springer-Verlag, 1993.

[7]

E.M. Clarke, D.E. Long, and K.L. McMillan. Compositional model checking. In R. Parikh, editor, Proc. 4th IEEE Symposium on Logic in Computer Science, pages 353-362. IEEE Computer Society Press, 1989.

[8]

W. Damm, G. Döhmen, V. Gerstner, and B. Josko. Modular verification of Petri nets: the temporal logic approach. In Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness (Proceedings of REX Workshop), volume 430 of Lecture Notes in Computer Science, pages 180- 207, Mook, The Netherlands, May/June 1989. Springer-Verlag.

[9]

D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proc. 5th Conf. on Computer Aided Verification, volume 697 of Lecture Notes in Computer Science, pages 479-490. Springer-Verlag, June 1993.

[10]

E.A. Emerson and J.Y. Halpern. Decision procedures and expressiveness in the temporal logic of branching time. Journal of Computer and System Sciences, 30:1-24, 1985.

[11]

E.A. Emerson and J.Y. Halpern. Sometimes and not never revisited: On branching versus linear time. Journal of the ACM, 33(1):151-178, 1986.

[12]

E.A. Emerson and C. Jutla. The complexity of tree automata and logics of programs. In Proc. 29th IEEE Symposium on Foundations of Computer Science, pages 368-377, White Plains, October 1988.

[13]

E.A. Emerson and C.-L. Lei. Modalities for model checking: Branching time logic strikes back. In Proc. 20th ACM Symposium on Principles of Programming Languages, pages 84-96, New Orleans, January 1985.

[14]

E.A. Emerson and C.-L. Lei. Temporal model checking under generalized fairness constraints. In Proc. 18th Hawaii International Conference on System Sciences, North Holywood, 1985. Western Periodicals Company.

[15]

E.A. Emerson and C.-L. Lei. Modalities for model checking: Branching time logic strikes back. Science of Computer Programming, 8:275-306, 1987.

[16]

O. Grumberg and D.E. Long. Model checking and modular verification. In Proc. 2nd Conferance on Concurrency Theory, volume 527 of Lecture Notes in Computer Science, pages 250-265. Springer-Verlag, 1991.

[17]

O. Grumberg and D.E. Long. Model checking and modular verification. ACM Trans. on Programming Languages and Systems, 16(3):843-871, 1994.

[18]

C.B. Jones. Specification and design of (parallel) programs. In R.E.A. Mason, editor, Information Processing 83: Proc. IFIP 9th World Congress, pages 321-332. IFIP, North-Holland, 1983.

[19]

B. Josko. MCTL - an extension of CTL for modular verification of concurrent systems. In Temporal Logic in Specification, Proceedings, volume 398 of Lecture Notes in Computer Science, pages 165-187, Altrincham, UK, April 1987. Springer-Verlag.

[20]

B. Josko. Model checking of CTL formulae under liveness assumptions. In Proc. 14th Colloq. on Automata, Programming, and Languages (ICALP), volume 267 of Lecture Notes in Computer Science, pages 280-289. Springer-Verlag, July 1987.

[21]

B. Josko. Verifying the correctness of AADL modules using model chekcing. In Stepwise Refinement of Distributed Systems: Models, Formalisms, Correctness (Proceedings of REX Workshop), volume 430 of Lecture Notes in Computer Science, pages 386-400, Mook, The Netherlands, May/June 1989. Springer-Verlag.

[22]

B. Jonsson and Y.-K. Tsay. Assumption/guarantee specifications in linear-time temporal logic. In P.D. Mosses, M. Nielsen, and M.I. Schwartzbach, editors, TAPSOFT '95: Theory and Practice of Software Development, volume 915 of Lecture Notes in Computer Science, pages 262-276, Aarhus, Denmark, May 1995. Springer-Verlag.

[23]

O. Kupferman and M.Y. Vardi. On the complexity of branching modular model checking. In Proc. 6th Conferance on Concurrency Theory, volume 962 of Lecture Notes in Computer Science, pages 408-422, Philadelphia, August 1995. Springer-Verlag.

[24]

L. Lamport. Sometimes is sometimes "not never" - on the temporal logic of programs. In Proc. 7th ACM Symposium on Principles of Programming Languages, pages 174-185, January 1980.

[25]

L. Lamport. Specifying concurrent program modules. ACM Trans. on Programming Languages and Systenms, 5:190-222, 1983.

[26]

O. Lichtenstein and A. Pnueli. Checking that finite state concurrent programs satisfy their linear specification. In Proc. 12th ACM Symposium on Principles of Programming Languages, pages 97-107, New Orleans, January 1985.

[27]

B. Misra and K.M. Chandy. Proofs of networks of processes. IEEE Trans. on Software Engineering, 7:417-426, 1981.

[28]

R. Milner. An algebraic definition of simulation between programs. In Proc. 2nd International Joint Conference on Artificial Intelligence, pages 481-489. British Computer Society, September 1971.

[29]

A. Pnueli. The temporal logic of programs. In Proc. 18th IEEE Symposium on Foundation of Computer Science, pages 46-57, 1977.

[30]

A. Pnueli. The temporal semantics of concurrent programs. Theoretical Computer Science, 13:45-60, 1981.

[31]

A. Pnueli. Applications of temporal logic to the specification and verification of reactive systems: A survey of current trends. In Proc. Advanced School on Current Trends in Concurrency, pages 510-584, Berlin, 1985. Volume 224, LNCS, Springer-Verlag.

[32]

A. Pnueli. In transition from global to modular temporal reasoning about programs. In K. Apt, editor, Logics and Models of Concurrent Systems, volume F-13 of NATO Advanced Summer Institutes, pages 123-144. Springer-Verlag, 1985.

[33]

J.P. Queille and J. Sifakis. Specification and verification of concurrent systems in Cesar. In Proc. 5th International Symp. on Programming, volume 137, pages 337-351. Springer-Verlag, Lecture Notes in Computer Science, 1981.

[34]

S. Safra. Complexity of automata on infinite objects. PhD thesis, Weizmann Institute of Science, Rehovot, Israel, 1989.

[35]

A.P. Sistla and E.M. Clarke. The complexity of propositional linear temporal logic. Journal ACM, 32:733-749, 1985.

[36]

M.Y. Vardi and L. Stockmeyer. Improved upper and lower bounds for modal logics of programs. In sProc 17th ACM Symp. on Theory of Computing, pages 240-251, 1985.

[37]

M.Y. Vardi and P. Wolper. An automata-theoretic approach to automatic program verification. In Proc. First Symposium on Logic in Computer Science, pages 322-331, Cambridge, June 1986.

[38]

M.Y. Vardi and P. Wolper. Reasoning about infinite computations. Information and Computation, 115(1):1-37, November 1994.

[39]

P. Wolper. On the relation of programs and computations to models of temporal logic. In B. Banieqbal, H. Barringer, and A. Pnueli, editors, Proc. Temporal Logic in Specification, volume 398, pages 75-123. Lecture Notes in Computer Science, Springer-Verlag, 1989.

Cited By

Ben-Rayana SBozga MBensalem SCombaz J(2016)RTD-FinderProceedings of the 22nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems - Volume 963610.1007/978-3-662-49674-9_23(394-406)Online publication date: 2-Apr-2016
https://dl.acm.org/doi/10.1007/978-3-662-49674-9_23
ter Beek Mde Vink EGnesi SFantechi A(2014)Software product line analysis with mCRL2Proceedings of the 18th International Software Product Line Conference: Companion Volume for Workshops, Demonstrations and Tools - Volume 210.1145/2647908.2655970(78-85)Online publication date: 15-Sep-2014
https://dl.acm.org/doi/10.1145/2647908.2655970
Kupferman OPiterman NVardi M(2010)An automata-theoretic approach to infinite-state systemsTime for verification10.5555/1880443.1880454(202-259)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.5555/1880443.1880454
Show More Cited By

Index Terms

Modular Model Checking

Index terms have been assigned to the content through auto-classification.

Recommendations

An automata-theoretic approach to modular model checking

In modular verification the specification of a module consists of two part. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the ...
Thread-modular model checking
SPIN'03: Proceedings of the 10th international conference on Model checking software

We present thread-modular model checking, a novel technique for verifying correctness properties of loosely-coupled multithreaded software systems. Thread-modular model checking verifies each thread separately using an automatically inferred environment ...
Model Checking CTL*[DC]
TACAS 2001: Proceedings of the 7th International Conference on Tools and Algorithms for the Construction and Analysis of Systems

We define a logic called CTL*[DC] which extends CTL* with ability to specify past-time and quantitative timing properties using the formulae of Quantified Discrete-time Duration Calculus (QDDC). Alternately, we can consider CTL*[DC] as extending logic ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

COMPOS'97: Revised Lectures from the International Symposium on Compositionality: The Significant Difference

September 1997

646 pages

ISBN:3540654933

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 08 September 1997

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

18
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 01 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ben-Rayana SBozga MBensalem SCombaz J(2016)RTD-FinderProceedings of the 22nd International Conference on Tools and Algorithms for the Construction and Analysis of Systems - Volume 963610.1007/978-3-662-49674-9_23(394-406)Online publication date: 2-Apr-2016
https://dl.acm.org/doi/10.1007/978-3-662-49674-9_23
ter Beek Mde Vink EGnesi SFantechi A(2014)Software product line analysis with mCRL2Proceedings of the 18th International Software Product Line Conference: Companion Volume for Workshops, Demonstrations and Tools - Volume 210.1145/2647908.2655970(78-85)Online publication date: 15-Sep-2014
https://dl.acm.org/doi/10.1145/2647908.2655970
Kupferman OPiterman NVardi M(2010)An automata-theoretic approach to infinite-state systemsTime for verification10.5555/1880443.1880454(202-259)Online publication date: 1-Jan-2010
https://dl.acm.org/doi/10.5555/1880443.1880454
Zhang JGoldsby HCheng BSullivan KGray JMoreira ASchwanninger CBaillargeon RGrechanik M(2009)Modular verification of dynamically adaptive systemsProceedings of the 8th ACM international conference on Aspect-oriented software development10.1145/1509239.1509262(161-172)Online publication date: 2-Mar-2009
https://dl.acm.org/doi/10.1145/1509239.1509262
Groot PHommersom ALucas PMerk Rten Teije Avan Harmelen FSerban R(2009)Using model checking for critiquing based on clinical guidelinesArtificial Intelligence in Medicine10.1016/j.artmed.2008.07.00746:1(19-36)Online publication date: 1-May-2009
https://dl.acm.org/doi/10.1016/j.artmed.2008.07.007
Metzler B(2007)Decomposing integrated specifications for verificationProceedings of the 6th international conference on Integrated formal methods10.5555/1770498.1770522(459-479)Online publication date: 2-Jul-2007
https://dl.acm.org/doi/10.5555/1770498.1770522
Groot PHommersom ALucas PSerban RTeije AHarmelen F(2007)The Role of Model Checking in Critiquing Based on Clinical GuidelinesProceedings of the 11th conference on Artificial Intelligence in Medicine10.1007/978-3-540-73599-1_55(411-420)Online publication date: 7-Jul-2007
https://dl.acm.org/doi/10.1007/978-3-540-73599-1_55
Tiplea FTiplea A(2006)Petri net reactive modulesTheoretical Computer Science10.1016/j.tcs.2006.02.001359:1(77-100)Online publication date: 14-Aug-2006
https://dl.acm.org/doi/10.1016/j.tcs.2006.02.001
Thang NKatayama TLeavens G(2005)Specification and verification of inter-component constraints in CTLProceedings of the 2005 conference on Specification and verification of component-based systems10.1145/1123058.1123067(8-es)Online publication date: 5-Sep-2005
https://dl.acm.org/doi/10.1145/1123058.1123067
Thang NKatayama T(2005)Specification and verification of inter-component constraints in CTLACM SIGSOFT Software Engineering Notes10.1145/1118537.112306731:2(8-es)Online publication date: 5-Sep-2005
https://dl.acm.org/doi/10.1145/1118537.1123067
Show More Cited By

View Options

View options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents