Edmund M. Clarke

Learn More
We give an efficient procedure for verifying that a finite-state concurrent system meets a specification expressed in a (propositional, branching-time) temporal logic. Our algorithm has complexity linear in both the size of the specification and the size of the global state graph for the concurrent system. We also show how this approach can be adapted to(More)
We propose a method of constructing concurrent programs in which the synchronization skeleton of the program ~s automatically synthesized from a high-level (branching time) Temporal Logic specification. The synchronization skeleton is an abstraction of the actual program where detail irrelevant to synchronization is suppressed. For example, in the(More)
Symbolic Model Checking [3, 14] has proven to be a powerful technique for the verification of reactive systems. BDDs [2] have traditionally been used as a symbolic representation of the system. In this paper we show how boolean decision procedures, like Stälmarck's Method [16] or the Davis & Putnam Procedure [7], can replace BDDs. This new technique avoids(More)
for Symbolic Model Checking Alessandro Cimatti1, Edmund Clarke2, Enrico Giunchiglia3, Fausto Giunchiglia4, Marco Pistore1, Marco Roveri1, Roberto Sebastiani4, and Armando Tacchella3 1 ITC-IRST, Via Sommarive 18, 38050 Trento, Italy fcimatti,pistore,roverig@irst.itc.it 2 Carnegie Mellon University, 5000 Forbes Avenue, Pittsburgh (PA), USA emc@cs.cmu.edu 3(More)
Many diierent methods have been devised for automatically verifying nite state systems by examining state-graph models of system behavior. These methods all depend on decision procedures that explicitly represent the state space using a list or a table that grows in proportion to the number of states. We describe a general method that represents the state(More)
W l f h f l ifi i f ANSI C i e present a too or t e orma ver cat on o programs us ng Bounded Model Checking (BMC). The emphasis is on usability: the tool supports almost all ANSI-C language features, including pointer constructs, d i ll ti i d th fl t d d bl d t t ynam c memory a oca on, recurs on, an e oa an ou e a a ypes. From the perspective of the user,(More)
The complexity of satisfiability and determination of truth in a particular finite structure are considered for different propositional linear temporal logics. It is shown that these problems are NP-complete for the logic with F and are PSPACE-complete for the logics with F, X, with U, with U, S, X operators and for the extended logic with regular operators(More)
We present an automatic iterative abstraction-refinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or “spurious”) counterexamples. We devise new symbolic techniques which analyze such counterexamples and refine the(More)
The state explosion problem remains a major hurdle in applying symbolic model checking to large hardware designs. State space abstraction, having been essential for verifying designs of industrial complexity, is typically a manual process, requiring considerable creativity and insight.In this article, we present an automatic iterative abstraction-refinement(More)
This paper describes NUSMV, a new symbolic model checker developed as a joint project between Carnegie Mellon University (CMU) and Istituto per la Ricerca Scientifica e Tecnolgica (IRST). NUSMV is designed to be a well structured, open, flexible and documented platform for model checking. In order to make NUSMV applicable in technology transfer projects, it(More)