Another look at LTL model checking

  • E. Clarke
  • O. Grumberg
  • K. Hamaguchi
Model Checking 2
Part of the Lecture Notes in Computer Science book series (LNCS, volume 818)


We show how LTL model checking can be reduced to CTL model checking with fairness constraints. Using this reduction, we also describe how to construct a symbolic LTL model checker that appears to be quite efficient in practice. In particular, we show how the SMV model checking system developed by McMillan [16] can be extended to permit LTL specifications. The results that we have obtained are quite surprising. For the examples we considered, the LTL model checker required at most twice as much time and space as the CTL model checker. Although additional examples still need to be tried, it appears that efficient LTL model checking is possible when the specifications are not excessively complicated.


automatic verification temporal logic model checking binary decision diagrams 


  1. 1.
    M. Ben-Ari, Z. Manna, and A. Pnueli. The temporal logic of branching time. Acta Informatica, 20:207–226, 1983.CrossRefGoogle Scholar
  2. 2.
    K. S. Brace, R. L. Rudell, and R. E. Bryant. Efficient implementation of a BDD package. In Proceedings of the 27th ACM/IEEE Design Automation Conference. IEEE Computer Society Press, June 1990.Google Scholar
  3. 3.
    R. E. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers, C-35(8), 1986.Google Scholar
  4. 4.
    J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and L. J. Hwang. Symbolic model checking: 1020 states and beyond. Information and Computation, 98(2):142–170, June 1992.CrossRefGoogle Scholar
  5. 5.
    E. Clarke, O. Grumberg, and D. Long. Verification tools for finite-state concurrent systems systems. In A Decade of Concurrency, Noordwijkerhout, The Netherlands, June 1993. To appear in Springer Lecture Notes In Computer Science.Google Scholar
  6. 6.
    E. M. Clarke and I. A. Draghicescu. Expressibility results for linear time and branching time logics. In Linear Time, Branching Time, and Partial Order in Logics and Models for Concurrency, volume 354, pages 428–437. Springer-Verlag: Lecture Notes in Computer Science, 1988.Google Scholar
  7. 7.
    E. M. Clarke, I. A. Draghicescu, and R. P. Kurshan. A unified approach for showing language containment and equivalence between various types of Ω-automata. Information Processing Letters, 46:301–308, 1993.CrossRefGoogle Scholar
  8. 8.
    E. M. Clarke and E. A. Emerson. Synthesis of synchronization skeletons for branching time temporal logic. In Logic of Programs: Workshop, Yorktown Heights, NY, May 1981, volume 131 of Lecture Notes in Computer Science. Springer-Verlag, 1981.Google Scholar
  9. 9.
    E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems, 8(2):244–263, 1986.CrossRefGoogle Scholar
  10. 10.
    E. M. Clarke, O. Grumberg, H. Hiraishi, S. Jha, D. E. Long, K. L. McMillan, and L. A. Ness. Verification of the Futurebus+ cache coherence protocol. In L. Claesen, editor, Proceedings of the Eleventh International Symposium on Computer Hardware Description Languages and their Applications. North-Holland, April 1993.Google Scholar
  11. 11.
    O. Coudert, J. C. Madre, and C. Berthet. Verifying temporal properties of sequential machines without building their state diagrams. In R. P. Kurshan and E. M. Clarke, editors, Proceedings of the 1990 Workshop on Computer-Aided Verification, June 1990.Google Scholar
  12. 12.
    E. A. Emerson and J. Y. Halpern. “Sometimes” and “Not Never” revisited: On branching time versus linear time. Journal of the ACM, 33:151–178, 1986.CrossRefGoogle Scholar
  13. 13.
    E.A. Emerson and Chin Laung Lei. Modalities for model checking: Branching time strikes back. Twelfth Symposium on Principles of Programming Languages, New Orleans, La., January 1985.Google Scholar
  14. 14.
    O. Lichtenstein and A. Pnueli. Checking that finite state concurrent programs satisfy their linear specification. In Proceedings of the Twelfth Annual ACM Symposium on Principles of Programming Languages, January 1985.Google Scholar
  15. 15.
    A. J. Martin. The design of a self-timed circuit for distributed mutual exclusion. In H. Fuchs, editor, Proceedings of the 1985 Chapel Hill Conference on Very Large Scale Integration, 1985.Google Scholar
  16. 16.
    K. L. McMillan. Symbolic Model Checking: An Approach to the State Explosion Problem. PhD thesis, Carnegie Mellon University, 1992.Google Scholar
  17. 17.
    A. P. Sistla and E.M. Clarke. Complexity of propositional temporal logics. Journal of the ACM, 32(3):733–749, July 1986.Google Scholar
  18. 18.
    M. Y. Vardi and P. Wolper. An automata-theoretic approach to automatic program verification. In Proceedings of the First Annual Symposium on Logic in Computer Science. IEEE Computer Society Press, June 1986.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1994

Authors and Affiliations

  • E. Clarke
    • 1
  • O. Grumberg
    • 2
  • K. Hamaguchi
    • 1
  1. 1.Carnegie MellonPittsburgh
  2. 2.The TechnionHaifa

Personalised recommendations