Abstraction in directed model checking

Abstraction is one of the most important issues to cope with large and infinite state spaces in model checking and to reduce the verification efforts. The abstract system is smaller than the original one and if the abstract system satisfies a correctness specification, so does the concrete one. However, abstractions may introduce a behavior violating the specification that is not present in the original system. This paper bypasses this problem by proposing the combination of abstraction with heuristic search to improve error detection. The abstract system is explored in order to create a database that stores the exact distances from abstract states to the set of abstract error states. To check, whether or not the abstract behavior is present in the original system, effcient exploration algorithms exploit the database as a guidance

Property-Based Testing - The ProTest Project

The ProTest project is an FP7 STREP on property based testing. The purpose of the project is to develop software engineering approaches to improve reliability of service-oriented networks; support fault-finding and diagnosis based on specified properties of the system. And to do so we will build automated tools that will generate and run tests, monitor execution at run-time, and log events for analysis. The Erlang / Open Telecom Platform has been chosen as our initial implementation vehicle due to its robustness and reliability within the telecoms sector. It is noted for its success in the ATM telecoms switches by Ericsson, one of the project partners, as well as for multiple other uses such as in facebook, yahoo etc. In this paper we provide an overview of the project goals, as well as detailing initial progress in developing property based testing techniques and tools for the concurrent functional programming language Erlang

Survey on Directed Model Checking

International audienceThis article surveys and gives historical accounts to the algorithmic essentials of directed model checking, a promising bug-hunting technique to mitigate the state explosion problem. In the enumeration process, successor selection is prioritized. We discuss existing guidance and methods to automatically generate them by exploiting system abstractions. We extend the algorithms to feature partial-order reduction and show how liveness problems can be adapted by lifting the search Space. For deterministic, finite domains we instantiate the algorithms to directed symbolic, external and distributed search. For real-time domains we discuss the adaption of the algorithms to timed automata and for probabilistic domains we show the application to counterexample generation. Last but not least, we explain how directed model checking helps to accelerate finding solutions to scheduling problems

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Symbolic search and abstraction heuristics for cost-optimal planning in automated planning

Mención Internacional en el título de doctorLa Planificación Automática puede ser definida como el problema de encontrar una secuencia de acciones (un plan) para conseguir una meta, desde un punto inicial, asumiendo que las acciones tienen efectos deterministas. La Planificación Automática es independiente de dominio porque los planificadores toman como información inicial una descripción del problema y deben resolverlo sin ninguna información adicional. Esta tesis trata en particular de planificación automática ´optima, en la cual las acciones tienen un coste asociado. Los planificadores óptimos deben encontrar un plan y probar que no existe ningún otro plan de menor coste. La mayoría de los planificadores óptimos están basados en la búsqueda de estados explícita. Sin lugar a dudas, esta aproximación ha sido la dominante en planificación automática óptima durante los últimos años. No obstante, la búsqueda simbólica se presenta como una alternativa interesante. En esta tesis, proponemos dos mejoras ortogonales para la planificación basada en búsqueda simbólica. En primer lugar, estudiamos diferentes métodos para mejorar la computación de la “imagen”, operación que calcula el conjunto de estados sucesores a partir de un conjunto de estados. Posteriormente, analizamos cómo explotar las invariantes de estado para mejorar el rendimiento de la búsqueda simbólica. Estas propuestas suponen una mejora significativa en el desempeño de los algoritmos simbólicos en la mayoría de los dominios analizados. Hemos analizado dos tipos de heurísticas de abstracción con el objetivo de extrapolar las mejoras que se han realizado en la búsqueda explícita durante los últimos años a la búsqueda simbólica. Las heurísticas analizadas son: las bases de datos de patrones (pattern databases, PDBs) y una generalización de estas, mergeand-shrink (M&S). Mientras que las PDBs se han utilizado con anterioridad en búsqueda simbólica, hemos estudiado el uso de M&S, que es más general. En esta tesis se muestra que determinados tipos de heurísticas de M&S (aquellas que son generadas mediante una estrategia de “merge” lineal) pueden ser representadas como BDDs, con un coste computacional polinomial en el tamaño de la abstracción y la descripción del problema; y por lo tanto, pueden ser utilizadas de forma eficiente en la búsqueda simbólica. También proponemos una nueva heurística”symbolic perimeter merge-andshrink” (SPM&S) que combina la fuerza de la búsqueda hacia atrás simbólica con la flexibilidad de M&S. Los resultados experimentales muestran que SPM&S es capaz de superar, no solo las dos técnicas que combina, sino también otras heurísticas del estado del arte. Finalmente, hemos integrado las abstracciones simbólicas de perímetro, SPM&S, en la búsqueda simbólica bidireccional. En resumen, esta tesis estudia diferentes propuestas para planificación óptima basada en Búsqueda simbólica. Hemos implementado diferentes planificadores simbólicos basados en la Búsqueda bidireccional y las abstracciones de perímetro. Los resultados experimentales muestran cómo los planificadores presentados como resultado de este trabajo son altamente competitivos y frecuentemente superan al resto de planificadores del estado del arte.Domain-independent planning is the problem of finding a sequence of actions for achieving a goal from an initial state assuming that actions have deterministic effects. It is domain-independent because planners take as input the description of a problem and must solve it without any additional information. In this thesis, we deal with cost-optimal planning problems, in which actions have an associated cost and the planner must find a plan and prove that no other plan of lower cost exists. Most cost-optimal planners are based on explicit-state search. While this has undoubtedly been the dominant approach to cost-optimal planning in the last years, symbolic search is an interesting alternative. In symbolic search, sets of states are succinctly represented as binary decision diagrams, BDDs. The BDD representation does not only reduce the memory needed to store sets of states, but also allows the planner to efficiently manipulate sets of states reducing the search time. We propose two orthogonal enhancements for symbolic search planning. On the one hand, we study different methods for image computation, which usually is the bottleneck of symbolic search planners. On the other hand, we analyze how to exploit state invariants to prune symbolic search. Our techniques significantly improve the performance of symbolic search algorithms in most benchmark domains. Moreover, the enhanced version of symbolic bidirectional search is one of the strongest approaches to domain-independent planning even though it does not use any heuristic. Explicit-state search planners are commonly guided with admissible heuristics, which optimistically estimate the cost from any state to the goal. Heuristics are automatically derived from the problem description and can be classified into different families according to their underlying ideas. In order to bring the improvements on heuristics that have been made in explicit-state search to symbolic search, we analyze two types of abstraction heuristics: pattern databases (PDBs) and a generalization of them, merge-and-shrink (M&S). While PDBs had already been used in symbolic search, we analyze the use of the more general M&S heuristics. We show that certain types of M&S heuristics (those generated with a linear merging strategy) can be represented as BDDs with at most a polynomial overhead and, thus, efficiently used in symbolic search. We also propose a new heuristic, symbolic perimeter merge-and-shrink (SPM&S) that combines the strength of symbolic regression search with the flexibility of M&S heuristics. Our experiments show that SPM&S is able to beat, not only the two techniques it combines, but also other state-of-the-art heuristics. Finally, we integrate our symbolic perimeter abstraction heuristics in symbolic bidirectional search. The heuristic used by the bidirectional search is computed by means of another symbolic bidirectional search in an abstract state space. We show how, even though the combination of symbolic bidirectional search and abstraction heuristics has an overall performance similar to the simpler symbolic bidirectional blind search, it can sometimes solve more problems in particular domains. In summary, this thesis studies different enhancements on symbolic search. We implement different symbolic search planners based on bidirectional search and perimeter abstraction heuristics. Experimental results show that the resulting planners are highly competitive and often outperform other state-of-the-art planners.Programa Oficial de Doctorado en Ciencia y Tecnología InformáticaPresidente: José Manuel Molina López..- Vocal: Malte Helmert .- Secretario: Andrés Jonsso

Computer Aided Verification

The open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency

Optimal Planning with State Constraints

In the classical planning model, state variables are assigned values in the initial state and remain unchanged unless explicitly affected by action effects. However, some properties of states are more naturally modelled not as direct effects of actions but instead as derived, in each state, from the primary variables via a set of rules. We refer to those rules as state constraints. The two types of state constraints that will be discussed here are numeric state constraints and logical rules that we will refer to as axioms. When using state constraints we make a distinction between primary variables, whose values are directly affected by action effects, and secondary variables, whose values are determined by state constraints. While primary variables have finite and discrete domains, as in classical planning, there is no such requirement for secondary variables. For example, using numeric state constraints allows us to have secondary variables whose values are real numbers. We show that state constraints are a construct that lets us combine classical planning methods with specialised solvers developed for other types of problems. For example, introducing numeric state constraints enables us to apply planning techniques in domains involving interconnected physical systems, such as power networks. To solve these types of problems optimally, we adapt commonly used methods from optimal classical planning, namely state-space search guided by admissible heuristics. In heuristics based on monotonic relaxation, the idea is that in a relaxed state each variable assumes a set of values instead of just a single value. With state constraints, the challenge becomes to evaluate the conditions, such as goals and action preconditions, that involve secondary variables. We employ consistency checking tools to evaluate whether these conditions are satisfied in the relaxed state. In our work with numerical constraints we use linear programming, while with axioms we use answer set programming and three value semantics. This allows us to build a relaxed planning graph and compute constraint-aware version of heuristics based on monotonic relaxation. We also adapt pattern database heuristics. We notice that an abstract state can be thought of as a state in the monotonic relaxation in which the variables in the pattern hold only one value, while the variables not in the pattern simultaneously hold all the values in their domains. This means that we can apply the same technique for evaluating conditions on secondary variables as we did for the monotonic relaxation and build pattern databases similarly as it is done in classical planning. To make better use of our heuristics, we modify the A* algorithm by combining two techniques that were previously used independently – partial expansion and preferred operators. Our modified algorithm, which we call PrefPEA, is most beneficial in cases where heuristic is expensive to compute, but accurate, and states have many successors