SUMMARYIn this paper, I will show how multi-valued logics are used for model checking. Model checking is an automatic technique to analyze correctness of hardware and software systems. A model checker is based on a temporal logic or a modal fixed point logic. That is to say, a system to be checked is formalized as a Kripke model, a property to be satisfied by the system is formalized as a temporal formula or a modal formula, and the model checker checks that the Kripke model satisfies the formula. Although most existing model checkers are based on 2-valued logics, recently new attempts have been made to extend the underlying logics of model checkers to multi-valued logics. I will summarize these new results. key words: fixed point logic, De Morgan algebra, Heyting algebra, minplus algebra
IntroductionIn order to discover bugs of hardware or software, various formal methods have been studied. Model checking [6] is the most successful as the technique to automatically verify transition systems modelling hardware and software against temporal formulas expressing specifications. The specifications for model checking are described in modal logics, temporal logics, and modal fixed point logics [4], [16], [17], [22], [27]. Until the 1990s, the logics used for model checking were based on only two truth values, i.e., 'true' and 'false'. However, in the 2000s, multi-valued logics for model checking are studied extensively. This paper introduces their logics.First, we introduce the ordinary logics for model checking. The system to be verified is formalized as a Kripke structure. A Kripke structure consists of a set S, a subset → of S × S, and a subset ρ of S × Atom, where Atom is called the set of atomic propositions. The elements of S are called states and → are called the transition relation. We write s → t for (s, t) ∈ →.To formalize the specification for verified systems, various modal logics and temporal logics are used. However, most of them are included in modal μ-calculus [16] which is a powerful logic equipped with modalities and the least fixpoints. Therefore, this paper introduces only modal μ-calculus (both of 2-valued and multi-valued). The formulae of modal μ-calculus are generated by the following grammar. Here, P is an atomic proposition. ¬ and ∧ are the negation operator and the conjunction operator. So, modal μ-calculus includes the propositional logic. We write ϕ ∧ ψ for ¬(¬ϕ ∨ ¬ψ), ϕ ⇒ ψ for ¬ϕ ∨ ψ, ϕ for ¬♦¬ϕ, and νX.ϕ for ¬μX.¬ϕ[¬X/X]. ♦ is a modal operator interpreted by using the transition relation of a Kripke structure. A state s satisfies ♦ϕ if and only if there exists a state t satisfying ϕ and s → t. μ is called least fixed point operator. μX.ϕ represents the strongest formula ψ which is equal to the result of replacing X in ϕ with ψ. For example, μX.P ∨ ♦X is interpreted as follows.Therefore, a state s satisfies μX.P ∨ ♦X if and only if there exists a path from s to a state t satisfying P. The grammar of formulae of modal μ-calculus is subject to the side condition that μX.ϕ has no free negat...