TY - JOUR
T1 - An automata-theoretic approach to modular model checking
AU - Kupferman, Orna
AU - Vardi, Moshe Y.
PY - 2000/1
Y1 - 2000/1
N2 - In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assume-guarantee paradigm. In this paper we consider assume-guarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in ∀CTL and ∀CTL*, the universal fragments of CTL and CTL*, and assumptions in LTL, ∀CTL, and ∀CTL*. We develop two fundamental techniques: building maximal models for ∀CTL and ∀CTL* formulas and using alternating automata to obtain space-efficient algorithms for fair model checking. Using these techniques we classify the complexity of satisfiability, validity, implication, and modular verification for ∀CTL and ∀CTL*. We show that modular verification is PSPACE-complete for ∀CTL and is EXPSPACE-complete for ∀CTL*. We prove that when the assumption is linear, these bounds hold also for guarantees in CTL and CTL*. On the other hand, the problem remains EXPSPACE-hard even when we restrict the assumptions to LTL and take the guarantee as a fixed ∀CTL formula.
AB - In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assume-guarantee paradigm. In this paper we consider assume-guarantee specifications in which the guarantee is specified by branching temporal formulas. We distinguish between two approaches. In the first approach, the assumption is specified by branching temporal formulas too. In the second approach, the assumption is specified by linear temporal logic. We consider guarantees in ∀CTL and ∀CTL*, the universal fragments of CTL and CTL*, and assumptions in LTL, ∀CTL, and ∀CTL*. We develop two fundamental techniques: building maximal models for ∀CTL and ∀CTL* formulas and using alternating automata to obtain space-efficient algorithms for fair model checking. Using these techniques we classify the complexity of satisfiability, validity, implication, and modular verification for ∀CTL and ∀CTL*. We show that modular verification is PSPACE-complete for ∀CTL and is EXPSPACE-complete for ∀CTL*. We prove that when the assumption is linear, these bounds hold also for guarantees in CTL and CTL*. On the other hand, the problem remains EXPSPACE-hard even when we restrict the assumptions to LTL and take the guarantee as a fixed ∀CTL formula.
KW - Algorithms
KW - Automata
KW - D.2.4 [Software Engineering]: Software/Program Verification
KW - Modular verification
KW - Temporal logic
KW - Verification
UR - http://www.scopus.com/inward/record.url?scp=0039332719&partnerID=8YFLogxK
U2 - 10.1145/345099.345104
DO - 10.1145/345099.345104
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:0039332719
SN - 0164-0925
VL - 22
SP - 87
EP - 128
JO - ACM Transactions on Programming Languages and Systems
JF - ACM Transactions on Programming Languages and Systems
IS - 1
ER -