Model Checking is Refinement — Relating Büchi Testing and Linear-time Temporal Logic —

This paper develops a semantic foundation for reasoning about reactive systems speci cations featuring combinations of labeled transition systems and formulas in linear{time temporal logic (LTL). Using B uchi automata as a semantic basis, the paper introduces two re nement preorders based on DeNicola and Hennessy's notion of may{ and must{testing. Alternative characterizations for these relations are provided and used to show that the new preorders are conservative extensions of the traditional DeNicola and Hennessy preorders. The paper then establishes a tight connection between LTL formula satisfaction and the B uchi must{preorder. More precisely, it is shown that a labeled transition system satis es an LTL formula if and only if it re nes an appropriately de ned B uchi automaton that can be constructed from the formula. Consequently, the B uchi must{preorder allows for a uniform treatment of traditional notions of process re nement and model checking. The implications of the novel theory are illustrated by means of a simple example system, in which some components are speci ed as transition systems and others as LTL formulas.