equal
deleted
inserted
replaced
5 text{* |
5 text{* |
6 Model checking is a very popular technique for the verification of finite |
6 Model checking is a very popular technique for the verification of finite |
7 state systems (implementations) w.r.t.\ temporal logic formulae |
7 state systems (implementations) w.r.t.\ temporal logic formulae |
8 (specifications) \cite{Clark}. Its foundations are completely set theoretic |
8 (specifications) \cite{Clark}. Its foundations are completely set theoretic |
9 and this section shall develop them in HOL. This is done in two steps: first |
9 and this section shall develop them in HOL. This is done in two steps: first |
10 we consider a very simple ``temporal'' logic called propositional dynamic |
10 we consider a simple modal logic called propositional dynamic |
11 logic (PDL) which we then extend to the temporal logic CTL used in many real |
11 logic (PDL) which we then extend to the temporal logic CTL used in many real |
12 model checkers. In each case we give both a traditional semantics (@{text \<Turnstile>}) and a |
12 model checkers. In each case we give both a traditional semantics (@{text \<Turnstile>}) and a |
13 recursive function @{term mc} that maps a formula into the set of all states of |
13 recursive function @{term mc} that maps a formula into the set of all states of |
14 the system where the formula is valid. If the system has a finite number of |
14 the system where the formula is valid. If the system has a finite number of |
15 states, @{term mc} is directly executable, i.e.\ a model checker, albeit not a |
15 states, @{term mc} is directly executable, i.e.\ a model checker, albeit not a |