218 research outputs found
Rich Counter-Examples for Temporal-Epistemic Logic Model Checking
Model checking verifies that a model of a system satisfies a given property,
and otherwise produces a counter-example explaining the violation. The verified
properties are formally expressed in temporal logics. Some temporal logics,
such as CTL, are branching: they allow to express facts about the whole
computation tree of the model, rather than on each single linear computation.
This branching aspect is even more critical when dealing with multi-modal
logics, i.e. logics expressing facts about systems with several transition
relations. A prominent example is CTLK, a logic that reasons about temporal and
epistemic properties of multi-agent systems. In general, model checkers produce
linear counter-examples for failed properties, composed of a single computation
path of the model. But some branching properties are only poorly and partially
explained by a linear counter-example.
This paper proposes richer counter-example structures called tree-like
annotated counter-examples (TLACEs), for properties in Action-Restricted CTL
(ARCTL), an extension of CTL quantifying paths restricted in terms of actions
labeling transitions of the model. These counter-examples have a branching
structure that supports more complete description of property violations.
Elements of these counter-examples are annotated with parts of the property to
give a better understanding of their structure. Visualization and browsing of
these richer counter-examples become a critical issue, as the number of
branches and states can grow exponentially for deeply-nested properties.
This paper formally defines the structure of TLACEs, characterizes adequate
counter-examples w.r.t. models and failed properties, and gives a generation
algorithm for ARCTL properties. It also illustrates the approach with examples
in CTLK, using a reduction of CTLK to ARCTL. The proposed approach has been
implemented, first by extending the NuSMV model checker to generate and export
branching counter-examples, secondly by providing an interactive graphical
interface to visualize and browse them.Comment: In Proceedings IWIGP 2012, arXiv:1202.422
Variations of model checking
The logic ATCTL is a convenient logic to specify properties with actions and real-time. It is intended as a property language for Lightweight UML models [12], which consist mainly of simplified class diagrams and statecharts. ATCTL combines two known extensions of CTL, namely ACTL and TCTL. The reason to extend CTL with both actions and real time is that in LUML state¿transition diagrams, we specify states, actions and real time, and our properties refer to all of these elements. The analyst therefore needs a property language that contains constructs for all these elements. ATCTL can be reduced to ACTL as well as to TCTL, and therefore also to CTL. This gives us a choice of tools for model checking; we have used is Kronos [13], a TCTL model checker
Towards modular verification of pathways: fairness and assumptions
Modular verification is a technique used to face the state explosion problem
often encountered in the verification of properties of complex systems such as
concurrent interactive systems. The modular approach is based on the
observation that properties of interest often concern a rather small portion of
the system. As a consequence, reduced models can be constructed which
approximate the overall system behaviour thus allowing more efficient
verification.
Biochemical pathways can be seen as complex concurrent interactive systems.
Consequently, verification of their properties is often computationally very
expensive and could take advantage of the modular approach.
In this paper we report preliminary results on the development of a modular
verification framework for biochemical pathways. We view biochemical pathways
as concurrent systems of reactions competing for molecular resources. A modular
verification technique could be based on reduced models containing only
reactions involving molecular resources of interest.
For a proper description of the system behaviour we argue that it is
essential to consider a suitable notion of fairness, which is a
well-established notion in concurrency theory but novel in the field of pathway
modelling. We propose a modelling approach that includes fairness and we
identify the assumptions under which verification of properties can be done in
a modular way.
We prove the correctness of the approach and demonstrate it on the model of
the EGF receptor-induced MAP kinase cascade by Schoeberl et al.Comment: In Proceedings MeCBIC 2012, arXiv:1211.347
Enhancing Test Coverage by Back-tracing Model-checker Counterexamples
AbstractThe automatic detection of unreachable coverage goals and generation of tests for "corner-case" scenarios is crucial to make testing and simulation based verification more effective. In this paper we address the problem of coverability analysis and test case generation in modular and component based systems. We propose a technique that, given an uncovered branch in a component, either establishes that the branch cannot be covered or produces a test case at the system level which covers the branch. The technique is based on the use of counterexamples returned by model checkers, and exploits compositionality to cope with large state spaces typical of real applications
Practical Abstraction for Model Checking of Multi-Agent Systems
Model checking of multi-agent systems (MAS) is known to be hard, both
theoretically and in practice. A smart abstraction of the state space may
significantly reduce the model, and facilitate the verification. In this paper,
we propose and study an intuitive agent-based abstraction scheme, based on the
removal of variables in the representation of a MAS. This allows to do the
reduction without generating the global model of the system. Moreover, the
process is easy to understand and control even for domain experts with little
knowledge of computer science. We formally prove the correctness of the
approach, and evaluate the gains experimentally on models of a postal voting
procedure
- …