• Proceedings of the Korean Information Science Society Conference
• /
• 2000.10a
• /
• pp.442-444
• /
• 2000

이 논문에서는 산업계의 표준으로 널리 사용되고 있는 객체 지향 시스템의 명세 언어인 UML의 sequence diagram을 이용하여 객체 지향 시스템을 검증하는 방법과 이 방법을 테스팅 오라클을 생성하는데 사용할 수 있는 프레임웍을 제시하였다. 우리는 sequence diagram을 테스팅 결과의 검증에 사용하기 위하여 정형적으로 재정의 하였다. 그리고 시제 논리의 강력한 검증 능력을 사용하기 위해서 Half-Order Dynamic Temporal Logic(HDTL)이라 불리는 새로운 시제 논리를 정의하였고 sequence diagram을 HDTL 논리식으로 변화시키는 의미 함수(semantic function)를 정의하였다. HDTL에서 오토마톤을 생성하기 위해서 Tableau 방법을 변형하여 적용시켰다. 이 결과 생성된 오토마톤은 이상 상태(anomaly), 즉 sequence diagram에 표현되지 않은 사건(evevt)의 발생을 검색하는 오라클로 사용할 수 있다. 테스팅의 결과를 수작업으로 검증하는 것은 매우 어렵고 오류가 발생하기 쉬운 작업이므로 제안한 방법은 유용하게 사용될 수 있다.

• Journal of KIISE:Software and Applications
• /
• v.30 no.7_8
• /
• pp.642-648
• /
• 2003

In this paper, we are interested in checking equivalence of FSMs(finite state machines). Two FSMs are equivalent if and only if their responses are always equal with each other with respect to the same external stimuli. Equivalence checking FSMs makes complicated FSM be substituted for simpler one, if they are equivalent. We can also determine the system satisfies the requirements, if they are all written in FSMs. In this paper, we regard equivalence checking problem as model checking one. For doing so, we construct the product model $M ={M_A} {\beta}{M_B} from two FSMs ${M_A} and {M_B}$. And we also get the temporal logic formula ${\Phi}$ from the equivalence checking definition. Then, we can check with model checker whether if satisfies ${\Phi}$, written $M= {.\Phi}$. Two FSMs are equivalent, if $M= {.\Phi}$ Otherwise, it is not equivalent. In that case, model checker generates counterexamples which explain why FSMs are not equivalent. In summary, we solve the equivalence checking problem with model checking techniques. As a result of applying to several examples, we have many satisfiable results.

• Journal of KIISE:Software and Applications
• /
• v.31 no.11
• /
• pp.1560-1567
• /
• 2004

In temporal logic model checking, the number of states is exponentially increased by the size of a model. This is called the state explosion problem. Abstraction, partial order, symmetric, etc. are widely used to avoid the problem. They reduce a number of states by exploiting structural information in a model. Instead, this paper proposes the relay model checking that decomposes a temporal formula to be verified into several sub-formulas and then model checking them one by one. As a result, we solve complex games that can't handle with previous techniques.

• Journal of KIISE:Computer Systems and Theory
• /
• v.26 no.12
• /
• pp.1485-1492
• /
• 1999

대규모 시스템 명세의 올바름을 검증하기 위한 유한 상태 LTS에 기반을 둔 CTL논리 적용에 있어 가장 큰 문제점은, 시스템 내부의 병렬 프로세스간의 상호작용으로 인한 상태폭발이다. 그러나 Modal mu-calculus 논리를 시스템 안전성 및 필연성 특성 명세에 사용하면, 행위에 의한 순환적 정의가 가능하므로 상태폭발 문제가 해결 가능하다. 본 논문에서는 LTS로 명세화된 통신 프로토콜 시스템 모델의 안전성 및 필연성 특성을 모형 검사 기법에 의해 검증함에 있어, 시제 논리로 사용된 Modal mu-calculus 안전성 및 필연성 논리식과 CTL 의 안전성 및 필연성 논리식의 극한값이 동일함을 두 논리식을 만족하는 상태 집합이 같다는 것을 보임으로써 증명한다. 증명된 결과는 I/O FSM 모델로 표현된 통신 프로토콜의 안전성 및 필연성 검사를 위해 이론적인 기반으로서, 컴퓨터를 이용한 모형검사 기법에 효과적인 방법으로 응용이 가능하다.Abstract In applying CTL-based model checking approach to correctness verification of large state transition system specifications, the major obstacle is the combinational explosion of the state space arising due to interaction of many loosely coupled parallel processes. If, however, the modal mu-calculus viewed as a CTL-based logic with recursion, is used to specify the safety and liveness property of a given system, it is possible to resolve this problem. In this paper, we discuss the problem of verifying communication protocol system specified in LTS, and prove that a logic expression specifying safety and liveness in modal mu-calculus is semantically identical to the maximum value of the expression in CTL. This relation is verified by the proof that the sets of states satisfying the two logic expressions are equivalent. The proof can be used as a theoretical basis for verifying safety and liveness of communication protocols represented as I/O FSM model.

• Journal of KIISE:Software and Applications
• /
• v.30 no.3_4
• /
• pp.212-218
• /
• 2003

State invariant is a property that holds in every reachable state. It can be used not only in understanding and analyzing complex software systems, but it can also be used for system verifications such as checking safety, liveness, and consistency. For these reasons, there are many vital researches for deriving state invariant from finite state machine models. In previous works every reachable state is to be considered to generate state invariant. Thus it is likely to be too complex for the user to understand. This paper seeks to answer the question `how to simplify state invariant\ulcorner`. Since the complexity of state invariant is strongly dependent upon the size of states to be considered, so the smaller the set of states to be considered is, the shorter the length of state invariant is. For doing so, we let the user focus on some interested scopes rather than a whole state space in a model. Computation Tree Logic(CTL) is used to specify scopes in which he/she is interested. Given a scope in CTL, mixed reachability analysis is used to find out a set of states inside it. Obviously, a set of states calculated in this way is a subset of every reachable state. Therefore, we give a weaker, but comprehensible, state invariant.

• Journal of Korea Game Society
• /
• v.4 no.1
• /
• pp.58-66
• /
• 2004

This paper uses counterexamples for solving reachability games. An objective. of the game we consider here is to find out a minimal path from an initial state to the goal state. We represent initial states and game rules as finite state model and the goal state as temporal logic formula. Then, model checking is used to determine whether the model satisfies the formula. In case the model does not satisfy the formula, model checking generates a counterexample that shows how to reach the goal state from an initial state. In this way, we solve many of small-sized Push Push games. However, we cannot handle larger-sized games due to the state explosion problem. To mitigate the problem, abstraction is used to reduce the state space to be che cked. As a result, unsolved games are solved with the abstraction technique we propose inthis paper.