An automata-theoretic approach to branching-time model checking
Journal of the ACM (JACM)
An automata-theoretic approach to modular model checking
ACM Transactions on Programming Languages and Systems (TOPLAS)
Assume-Guarantee Model Checking of Software: A Comparative Case Study
Proceedings of the 5th and 6th International SPIN Workshops on Theoretical and Practical Aspects of SPIN Model Checking
Compositional Verification in Linear-Time Temporal Logic
FOSSACS '00 Proceedings of the Third International Conference on Foundations of Software Science and Computation Structures: Held as Part of the Joint European Conferences on Theory and Practice of Software,ETAPS 2000
Computer-assisted assume/guarantee reasoning with VeriSoft
Proceedings of the 25th International Conference on Software Engineering
Model checking on state transition diagram
Proceedings of the 2004 Asia and South Pacific Design Automation Conference
Hybrid Verification of Protocol Bridges
IEEE Design & Test
Action-based discovery of satisfying subsets: A distributed method for model correction
Information and Software Technology
Hi-index | 0.00 |
In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the environment with which the module is interacting. This is called the assume-guarantee paradigm. Even when one specifies the guaranteed behavior of the module in a branching temporal logic, the assumption in the assume-guarantee pair concerns the interaction of the environment with the module along each computation, and is therefore often naturally expressed in linear temporal logic. In this paper we consider assume-guarantee specifications in which the assumption is given by an LTL formula and the guarantee is given by a CTL formula. Verifying modules with respect to such specifications is called the linear-branching model-checking problem. We apply automata-theoretic techniques to obtain a model-checking algorithm whose running time is linear in the size of the module and the size of the CTL guarantee, but doubly exponential in the size of the LTL assumption. We also show that the high complexity in the size of the LTL specification is inherent by proving that the problem is EXPSPACE-complete. The lower bound applies even if the branching temporal guarantee is restricted to be specified in /spl forall/CTL, the universal fragment of CTL.