17 research outputs found
On computing fixpoints in well-structured regular model checking, with applications to lossy channel systems
We prove a general finite convergence theorem for "upward-guarded" fixpoint
expressions over a well-quasi-ordered set. This has immediate applications in
regular model checking of well-structured systems, where a main issue is the
eventual convergence of fixpoint computations. In particular, we are able to
directly obtain several new decidability results on lossy channel systems.Comment: 16 page
On model checking data-independent systems with arrays without reset
A system is data-independent with respect to a data type X iff the operations
it can perform on values of type X are restricted to just equality testing. The
system may also store, input and output values of type X. We study model
checking of systems which are data-independent with respect to two distinct
type variables X and Y, and may in addition use arrays with indices from X and
values from Y . Our main interest is the following parameterised model-checking
problem: whether a given program satisfies a given temporal-logic formula for
all non-empty nite instances of X and Y . Initially, we consider instead the
abstraction where X and Y are infinite and where partial functions with finite
domains are used to model arrays. Using a translation to data-independent
systems without arrays, we show that the u-calculus model-checking problem is
decidable for these systems. From this result, we can deduce properties of all
systems with finite instances of X and Y . We show that there is a procedure
for the above parameterised model-checking problem of the universal fragment of
the u-calculus, such that it always terminates but may give false negatives. We
also deduce that the parameterised model-checking problem of the universal
disjunction-free fragment of the u-calculus is decidable. Practical motivations
for model checking data-independent systems with arrays include verification of
memory and cache systems, where X is the type of memory addresses, and Y the
type of storable values. As an example we verify a fault-tolerant memory
interface over a set of unreliable memories.Comment: Appeared in Theory and Practice of Logic Programming, vol. 4, no.
5&6, 200
Multiply-Recursive Upper Bounds with Higman's Lemma
We develop a new analysis for the length of controlled bad sequences in
well-quasi-orderings based on Higman's Lemma. This leads to tight
multiply-recursive upper bounds that readily apply to several verification
algorithms for well-structured systems
Generalizing the Paige-Tarjan Algorithm by Abstract Interpretation
The Paige and Tarjan algorithm (PT) for computing the coarsest refinement of
a state partition which is a bisimulation on some Kripke structure is well
known. It is also well known in model checking that bisimulation is equivalent
to strong preservation of CTL, or, equivalently, of Hennessy-Milner logic.
Drawing on these observations, we analyze the basic steps of the PT algorithm
from an abstract interpretation perspective, which allows us to reason on
strong preservation in the context of generic inductively defined (temporal)
languages and of possibly non-partitioning abstract models specified by
abstract interpretation. This leads us to design a generalized Paige-Tarjan
algorithm, called GPT, for computing the minimal refinement of an abstract
interpretation-based model that strongly preserves some given language. It
turns out that PT is a straight instance of GPT on the domain of state
partitions for the case of strong preservation of Hennessy-Milner logic. We
provide a number of examples showing that GPT is of general use. We first show
how a well-known efficient algorithm for computing stuttering equivalence can
be viewed as a simple instance of GPT. We then instantiate GPT in order to
design a new efficient algorithm for computing simulation equivalence that is
competitive with the best available algorithms. Finally, we show how GPT allows
to compute new strongly preserving abstract models by providing an efficient
algorithm that computes the coarsest refinement of a given partition that
strongly preserves the language generated by the reachability operator.Comment: Keywords: Abstract interpretation, abstract model checking, strong
preservation, Paige-Tarjan algorithm, refinement algorith
Generalized Strong Preservation by Abstract Interpretation
Standard abstract model checking relies on abstract Kripke structures which
approximate concrete models by gluing together indistinguishable states, namely
by a partition of the concrete state space. Strong preservation for a
specification language L encodes the equivalence of concrete and abstract model
checking of formulas in L. We show how abstract interpretation can be used to
design abstract models that are more general than abstract Kripke structures.
Accordingly, strong preservation is generalized to abstract
interpretation-based models and precisely related to the concept of
completeness in abstract interpretation. The problem of minimally refining an
abstract model in order to make it strongly preserving for some language L can
be formulated as a minimal domain refinement in abstract interpretation in
order to get completeness w.r.t. the logical/temporal operators of L. It turns
out that this refined strongly preserving abstract model always exists and can
be characterized as a greatest fixed point. As a consequence, some well-known
behavioural equivalences, like bisimulation, simulation and stuttering, and
their corresponding partition refinement algorithms can be elegantly
characterized in abstract interpretation as completeness properties and
refinements
Sampling-based motion planning with deterministic u-calculus specifications
In this paper, we propose algorithms for the online
computation of control programs for dynamical systems
that provably satisfy a class of temporal logic specifications.
Such specifications have recently been proposed in the literature
as a powerful tool to synthesize provably correct
control programs, for example for embedded systems and
robotic applications. The proposed algorithms, generalizing
state-of-the-art algorithms for point-to-point motion planning,
incrementally build finite transition systems representing a
discrete subset of dynamically feasible trajectories. At each
iteration, local -calculus model-checking methods are used
to establish whether the current transition system satisfies
the specifications. Efficient sampling strategies are presented,
ensuring the probabilistic completeness of the algorithms. We
demonstrate the effectiveness of the proposed approach on
simulation examples.Michigan/AFRL Collaborative Center on Control Sciences, AFOSR (grant no. FA 8650-07-2-3744
A Deductive Approach towards Reasoning about Algebraic Transition Systems
Algebraic transition systems are extended from labeled transition systems by allowing transitions labeled by algebraic equations for modeling more complex systems in detail. We present a deductive approach for specifying and verifying algebraic transition systems. We modify the standard dynamic logic by introducing algebraic equations into modalities. Algebraic transition systems are embedded in modalities of logic formulas which specify properties of algebraic transition systems. The semantics of modalities and formulas is defined with solutions of algebraic equations. A proof system for this logic is constructed to verify properties of algebraic transition systems. The proof system combines with inference rules decision procedures on the theory of polynomial ideals to reduce a proof-search problem to an algebraic computation problem. The proof system proves to be sound but inherently incomplete. Finally, a typical example illustrates that reasoning about algebraic transition systems with our approach is feasible
Quasipolynomial Set-Based Symbolic Algorithms for Parity Games
Solving parity games, which are equivalent to modal -calculus model
checking, is a central algorithmic problem in formal methods. Besides the
standard computation model with the explicit representation of games, another
important theoretical model of computation is that of set-based symbolic
algorithms. Set-based symbolic algorithms use basic set operations and one-step
predecessor operations on the implicit description of games, rather than the
explicit representation. The significance of symbolic algorithms is that they
provide scalable algorithms for large finite-state systems, as well as for
infinite-state systems with finite quotient. Consider parity games on graphs
with vertices and parity conditions with priorities. While there is a
rich literature of explicit algorithms for parity games, the main results for
set-based symbolic algorithms are as follows: (a) an algorithm that requires
symbolic operations and symbolic space; and (b) an improved
algorithm that requires symbolic operations and symbolic
space. Our contributions are as follows: (1) We present a black-box set-based
symbolic algorithm based on the explicit progress measure algorithm. Two
important consequences of our algorithm are as follows: (a) a set-based
symbolic algorithm for parity games that requires quasi-polynomially many
symbolic operations and symbolic space; and (b) any future improvement
in progress measure based explicit algorithms imply an efficiency improvement
in our set-based symbolic algorithm for parity games. (2) We present a
set-based symbolic algorithm that requires quasi-polynomially many symbolic
operations and symbolic space. Moreover, for the important
special case of , our algorithm requires only polynomially many
symbolic operations and poly-logarithmic symbolic space.Comment: Published at LPAR-22 in 201
Model checking with abstraction refinement for well-structured systems
Abstraction plays an important role in the verification of infinite-state systems. One of the most promising and popular abstraction techniques is predicate abstraction. The right abstraction, i.e. the one that is sufficiently precise to prove or disprove the property under consideration, is automatically constructed by iterative abstraction refinement. The abstract-check-refine loop is not guaranteed to terminate in general. This results in the construction of semi-algorithms that may not terminate on some inputs. For the class of well-structured transition systems, a large class of infinitestate systems, general decidability results hold. These are transition systems equipped with a well-quasi ordering on the set of states which is compatible with the transition relation. In particular coverability, i.e. reachability of an upward-closed set, is known to be decidable for this class of systems. In this work we study the verification of well-structured systems w.r.t. the coverability property by means of predicate abstraction and refinement. We investigate the conditions under which the abstract-check-refine loop is guaranteed to terminate on instances of this class, provide a model checking method based on predicate abstraction and abstraction refinement and prove its completeness for this class of systems.nicht vorhande