Skip to main content
Log in

Scientific Theories of Computational Systems in Model Checking

  • Published:
Minds and Machines Aims and scope Submit manuscript

Abstract

Model checking, a prominent formal method used to predict and explain the behaviour of software and hardware systems, is examined on the basis of reflective work in the philosophy of science concerning the ontology of scientific theories and model-based reasoning. The empirical theories of computational systems that model checking techniques enable one to build are identified, in the light of the semantic conception of scientific theories, with families of models that are interconnected by simulation relations. And the mappings between these scientific theories and computational systems in their scope are analyzed in terms of suitable specializations of the notions of model of experiment and model of data. Furthermore, the extensively mechanized character of model-based reasoning in model checking is highlighted by a comparison with proof procedures adopted by other formal methods in computer science. Finally, potential epistemic benefits flowing from the application of model checking in other areas of scientific inquiry are emphasized in the context of computer simulation studies of biological information processing.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. For the sake of definiteness, this issue is explored in connection with Kripke structures only. However, one should be careful to note that the analysis carried out here can be extended to other sorts of representations used in model checking, in view of formal relationships holding between computational paths in Kripke structures and processes carried out by certain kinds of automata. Trajectories (behaviours) of a KS M = (S, S 0 , R, L) can be transformed into infinite words forming a language accepted by some automaton A operating on infinite words and with all of its states designated as accepting states. More specifically, A = (Σ, Q, Δ, Q 0, F); the alphabet Σ is such that |Σ | = 2AP, so that one can denote all subsets of the set AP of labels of M by symbols of Σ; the set of states Q of A is identical to the set of states S of M; the transition relation Δ is defined on the basis of R and L: (s, α, s′) ∈ Δ (where both s and s′ belong to Q and therefore to S, and α ∈ Σ is the symbol read by A) holds iff R (s, s′) and α = L (s′). Q 0 is the set of initial states of A and coincides with the set of initial states S 0 of M; finally the set of accepting states F coincides with Q (and hence with S), that is, every state of A is required to be accepting. This crucial requirement enables one to transform all behaviours of M into infinite words accepted by A. (Clarke et al. 1999, p. 123).

  2. Moreover, this set-theoretic structure “realizes”, in general, some set S of syntactically individuated linguistic items, that is, some subset of atomic and non-atomic syntactically individuated formulas expressible in some formal system of temporal logic. See section “Learning About Target Systems in Model Checking” below in connection with the interpretation of propositional temporal logic statements in a KS.

  3. And concerning, e.g., the difficulty of drawing a satisfactory observational-theoretical distinction, and the difficulty of singling out the intended interpretations of scientific theories.

  4. Given two KSs M = (S, S 0, R, L) and M′ = (S′, S′ 0 , R′, L′) defined on the same set AP of atomic propositions, the binary relation B ⊆ S × S′ is a bisimulation relation between states of structures M and M ′ iff for all states sS and s′S′ if B (s, s′) then: 1. L (s) = L′ (s′); 2. if R (s n, s n+1) then R′ (s′ n, s′ n+1) and B (s n+1, s′ n+1); 3. if R′ (s′ n, s′ n+1) then R (s n, s n+1) and B (s n+1, s′ n+1). Structures M and M′ are said to be bisimulation equivalent (in symbols M ≡ M ′) when for all initial states s 0S there exists an initial state s′ 0S′ such that B (s 0, s′ 0 ) and for every initial state s′ 0S′ there is an initial state s 0S such that B (s 0, s 0 ). (Clarke et al. 1999, Chap. 11, p. 171; Baier and Katoen 2008, Chap. 7, p. 451). Bisimulation is an equivalence (reflexive, transitive and symmetric) relation; a simulation relation is required to be reflexive and transitive only. Given two KSs M = (S, S 0, R, L) and M′ = (S′, S′ 0, R′, L′) with AP ⊇ AP′, the binary relation H ⊆ S × S′ is a simulation relation between states of structures M and M ′ iff for all states sS and s′S′ if H (s, s′) then: 1. L (s) ∩ AP′ = L′ (s′); 2. if R (s n, s n+1) then R′ (s′ n, s′ n+1) and H (s n+1, s′ n+1). Structure M is said to simulate M ′ (in symbols M ≤ M′) if for all initial states s 0S there exists an initial state s′ 0S′ such that H (s 0, s′ 0). (Clarke et al. 1999, Chap. 11, p. 176; Baier and Katoen 2008, Chap. 7, p. 497).

  5. This use of simulating and simulated models is a significant exemplification of the use of nested models in computer science discussed in connection with the multi-level modelling of computational processes in (Fetzer 1999).

  6. Irrelevant information hiding is the central element in Colburn and Shute’s characterization of abstraction (Colburn and Shute 2007).

  7. This account of the cascade of models between a KS and a target system through the intermediary of models of experiment and data can be further extended by observing that a KS is often generated automatically from a model description which, in its turn, is specified in some appropriate programming language (usually Java for software systems and Verilog or VHDL for hardware systems).

  8. More precisely, given a KS M and a temporal logic formula f, the model checking problem consists of finding the set of all states in S that satisfy f, that is, the set \( \{ {\text{s}} \in S\mid M,s\, \vDash\, f\} \).

  9. The refinement process is, in most cases, manual and requires the skills of the modellers. Groce et al. (2002) introduced an algorithm, called Adaptive Model Checking, which refines an automaton for some reactive system, if a false counterexample is encountered, by feeding the latter into a learning algorithm (Angluin 1987) which updates the model.

  10. For additional discussion of the epistemic status of the results of formal methods in computer science, see Colburn and Shute 2007, p. 174; Turner 2008, section “Learning About Target Systems in Model Checking”.

References

  • Angluin, D. (1987). Learning regular sets from queries and counter examples. Information and Computation, 75, 87–106.

    Article  MathSciNet  MATH  Google Scholar 

  • Armando A., Carbone R., Compagna L., Cuellar J., & Tolbarra, L. A. (2008). Formal analysis of SAML 2.0 web browser single sign-on: Breaking the SAML-based single sign-on for google apps.In Proceeding of FMSE 2008 (pp. 1–10).

  • Baier, C., & Katoen, J. P. (2008). Principles of model checking. Cambridge, MA: The MIT Press.

    MATH  Google Scholar 

  • Cantwell Smith, B. (1985). Limits of correctness in computers. Technical report 85-35. Stanford, CA: CSLI, Center for the Study of Language and Information.

    Google Scholar 

  • Clarke, E. M., Emerson, E. A. (1981). Design and synthesis of synchronization skeletons using branching time temporal logic, paper presented at Logic of programs: Workshop, Yorktown Heights, NY, May 1981, LNCS 131. Berlin: Springer.

  • Clarke, E. M., & Lerda, F. (2007). Model checking: Software and beyond. Journal of Universal Computer Science, 13, 639–649.

    MathSciNet  Google Scholar 

  • Clarke, E. M., & Wing, J. M. (1996). Formal methods: State of the art and future directions. ACM Computing Surveys (CSUR), 28, 626–643.

    Article  Google Scholar 

  • Clarke, E. M., Grumberg, O., & Peled, D. A. (1999). Model checking. Cambridge, MA: The MIT Press.

    MATH  Google Scholar 

  • Colburn, T., & Shute, G. (2007). Abstraction in computer science. Minds and Machines, 17, 169–184.

    Article  Google Scholar 

  • Da Costa, N. C. A., & French, S. (1990). The model theoretic approach in philosophy of science. Philosophy of Science, 57, 248–265.

    Article  MathSciNet  Google Scholar 

  • Danchin, A. (2009). Bacteria as computers making computers. FEMS Microbiology Reviews, 33, 3–26.

    Article  Google Scholar 

  • Fetzer, J. H. (1988). Program verification: The very idea. Communications of the ACM, 31, 1048–1063.

    Article  Google Scholar 

  • Fetzer, J. H. (1999). The role of models in computer science. The Monist, 82, 20–36.

    Google Scholar 

  • Fisher, J., & Henzinger, T. A. (2007). Executable biology. Nature Biotechnology, 25, 1239–1249.

    Article  Google Scholar 

  • Frigg, R., & Hartmann, S. (2006). Models in science. Stanford encyclopedia of philosophy. Available at http://plato.stanford.edu/entries/computer-science/.

  • Garzillo, C., & Trautteur, G. (2008). Computational virtuality in biological systems. Theoretical Computer Science, 410, 323–331.

    Article  MathSciNet  Google Scholar 

  • Groce, A., Peled, D., & Yannakakis, M. (2002). Adaptive model checking. In Proceedings of the eighth International conference on tools and algorithm for the construction and analysis of systems (pp. 357–370).

  • Hoare, C. A. R. (1969). An axiomatic basis for computer programming. Communications ACM, 12, 576–583.

    Article  MATH  Google Scholar 

  • Hughes, R. I. G. (1997). Models and representation. Philosophy of Science, 64, 325–336.

    Article  Google Scholar 

  • Kröger, F., & Merz, S. (2008). Temporal logics and state systems. Berlin: Springer.

    Google Scholar 

  • Magnani, L., Nersessian, N., & Thagard, P. (1999). Model based reasoning in scientific discovery. Dordrecht: Kluwer.

    Google Scholar 

  • Monin, J. F., & Hinchey, M. G. (2003). Understanding formal methods. Berlin: Springer.

    MATH  Google Scholar 

  • Nagel, E. (1979). The structure of science. Problems in the logic of scientific explanation (2nd ed.). Indianapolis: Hackett Pub. Co.

    Google Scholar 

  • Newell, A., & Simon, H. A. (1972). Human problem solving. Englewood Cliffs, NJ: Prentice-Hall.

    Google Scholar 

  • Quielle, J. P., & Sifakis, J. (1981). Specification and verification of concurrent systems in CESAR, In Proceedings of the 5th International symposium on programming, LNCS, 137 (pp. 337–350). Berlin: Springer.

  • Suppe, F. (1989). The semantic conception of theories and scientific realism. Urbana: University of Illinois Press.

    Google Scholar 

  • Suppes, P. (1960). A comparison of the meaning and uses of models in mathematics and the empirical sciences. Synthèse, 12, 287–301.

    Article  MathSciNet  MATH  Google Scholar 

  • Suppes, P. (1962). Models of data. In E. Nagel, P. Suppes, & A. Tarski (Eds.), Logic, methodology, and philosophy of science: Proceedings of the 1960 International congress (pp. 252–261). Stanford University Press: Stanford.

    Google Scholar 

  • Swoyer, C. (1991). Structural representation and surrogative reasoning. Synthese, 87, 449–508.

    Article  MathSciNet  Google Scholar 

  • Tedre, M. (2007), Lecture notes in the philosophy of computer science. Department of Computer science and Statistics, University of Joensuu, Finland. Available at http://cs.joensuu.fi/~mmeri/teaching/2007/philcs/.

  • Van Fraassen, B. C. (1980). The scientific image. Oxford: Oxford University Press.

    Book  Google Scholar 

  • Van Fraassen, B. C. (1989). Laws and symmetry. Oxford: Oxford University Press.

    Book  Google Scholar 

  • Van Leeuwen, J. (Ed.). (1990). Handbook of theoretical computer science, Vol B: Formal models and semantics. Cambridge, MA: The Mit Press.

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Nicola Angius.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Angius, N., Tamburrini, G. Scientific Theories of Computational Systems in Model Checking. Minds & Machines 21, 323–336 (2011). https://doi.org/10.1007/s11023-011-9231-5

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11023-011-9231-5

Keywords

Navigation