Statecharts: A visual formalism for complex systems
Science of Computer Programming
Tableau-based model checking in the propositional mu-calculus
Acta Informatica
Filter-based model checking of partial systems
SIGSOFT '98/FSE-6 Proceedings of the 6th ACM SIGSOFT international symposium on Foundations of software engineering
Information and Computation - Special issue on FLOC '96
Software reliability methods
Forced simulation: A technique for automating component reuse in embedded systems
ACM Transactions on Design Automation of Electronic Systems (TODAES)
CAV '97 Proceedings of the 9th International Conference on Computer Aided Verification
CAV '96 Proceedings of the 8th International Conference on Computer Aided Verification
Efficient On-the-Fly Model Checking for CTL
LICS '95 Proceedings of the 10th Annual IEEE Symposium on Logic in Computer Science
The temporal logic of programs
SFCS '77 Proceedings of the 18th Annual Symposium on Foundations of Computer Science
Hi-index | 0.00 |
Model checking is a well known technique for the verification of finite state models using temporal logic specification. While model checking is suitable for transformational systems (also called closed systems), it is unsuitable for open systems (also known as reactive systems) where the nondeterminism in the environment must be considered during verification. Module checking is an approach for the verification of open systems which have both closed (internal) and open (environment or external) states. It has been demonstrated in [Orna Kupferman, Moshe Y. Vardi, and Pierre Wolper. Module checking. Information and Computation, 164:322-344, 2001] that the complexity of module checking branching time logic CTL is EXPTIME-complete. The approach to module checking is global and the method tries to establish that the property in question holds over all possible environments. This papers develops a local approach to CTL module checking using tableau rules. The proposed approach tries to determine a single environment under which the negation of the property is satisfied over the given module. Such a strategy, thus, leads to a local approach to module checking where we only explore states that are relevant to proving that the negation of the property can be satisfied over the given module using an appropriate witness (environment) that the algorithm also generates. While the worst case complexity of our algorithm is identical to the earlier complexity, we demonstrate that practical implementation of the proposed approach is feasible and yields much better results than the global approach.