10,882 research outputs found
Model Checker Execution Reports
Software model checking constitutes an undecidable problem and, as such, even
an ideal tool will in some cases fail to give a conclusive answer. In practice,
software model checkers fail often and usually do not provide any information
on what was effectively checked. The purpose of this work is to provide a
conceptual framing to extend software model checkers in a way that allows users
to access information about incomplete checks. We characterize the information
that model checkers themselves can provide, in terms of analyzed traces, i.e.
sequences of statements, and safe cones, and present the notion of execution
reports, which we also formalize. We instantiate these concepts for a family of
techniques based on Abstract Reachability Trees and implement the approach
using the software model checker CPAchecker. We evaluate our approach
empirically and provide examples to illustrate the execution reports produced
and the information that can be extracted
Compositional nonblocking verification with always enabled events and selfloop-only events
This paper proposes to improve compositional nonblocking verification through the use of always enabled and selfloop-only events. Compositional verification involves abstraction to simplify parts of a system during verification. Normally, this abstraction is based on the set of events not used in the remainder of the system, i.e., in the part of the system not being simplified. Here, it is proposed to exploit more knowledge about the system and abstract events even though they are used in the remainder of the system. Abstraction rules from previous work are generalised, and experimental results demonstrate the applicability of the resulting algorithm to verify several industrial-scale discrete event system models, while achieving better state-space reduction than before
The language of certain conflicts of a nondeterministic process
The language of certain conflicts is the most general set of behaviours of a nondeterministic process, which certainly lead to a livelock or deadlock when accepted by another process running in parallel. It is of great use in model checking to detect livelocks or deadlocks in very large systems, and in process-algebra to obtain abstractions preserving livelock and deadlock. Unfortunately, the language of certain conflicts is difficult to compute and has only been approximated in previous work. This paper presents an effective algorithm to calculate the language of certain conflicts for any given nondeterministic finite-state process and discusses its properties. The algorithm is shown to be correct and of exponential complexity
A Story of Parametric Trace Slicing, Garbage and Static Analysis
This paper presents a proposal (story) of how statically detecting
unreachable objects (in Java) could be used to improve a particular runtime
verification approach (for Java), namely parametric trace slicing. Monitoring
algorithms for parametric trace slicing depend on garbage collection to (i)
cleanup data-structures storing monitored objects, ensuring they do not become
unmanageably large, and (ii) anticipate the violation of (non-safety)
properties that cannot be satisfied as a monitored object can no longer appear
later in the trace. The proposal is that both usages can be improved by making
the unreachability of monitored objects explicit in the parametric property and
statically introducing additional instrumentation points generating related
events. The ideas presented in this paper are still exploratory and the
intention is to integrate the described techniques into the MarQ monitoring
tool for quantified event automata.Comment: In Proceedings PrePost 2017, arXiv:1708.0688
PKind: A parallel k-induction based model checker
PKind is a novel parallel k-induction-based model checker of invariant
properties for finite- or infinite-state Lustre programs. Its architecture,
which is strictly message-based, is designed to minimize synchronization delays
and easily accommodate the incorporation of incremental invariant generators to
enhance basic k-induction. We describe PKind's functionality and main features,
and present experimental evidence that PKind significantly speeds up the
verification of safety properties and, due to incremental invariant generation,
also considerably increases the number of provable ones.Comment: In Proceedings PDMC 2011, arXiv:1111.006
Proving Abstractions of Dynamical Systems through Numerical Simulations
A key question that arises in rigorous analysis of cyberphysical systems
under attack involves establishing whether or not the attacked system deviates
significantly from the ideal allowed behavior. This is the problem of deciding
whether or not the ideal system is an abstraction of the attacked system. A
quantitative variation of this question can capture how much the attacked
system deviates from the ideal. Thus, algorithms for deciding abstraction
relations can help measure the effect of attacks on cyberphysical systems and
to develop attack detection strategies. In this paper, we present a decision
procedure for proving that one nonlinear dynamical system is a quantitative
abstraction of another. Directly computing the reach sets of these nonlinear
systems are undecidable in general and reach set over-approximations do not
give a direct way for proving abstraction. Our procedure uses (possibly
inaccurate) numerical simulations and a model annotation to compute tight
approximations of the observable behaviors of the system and then uses these
approximations to decide on abstraction. We show that the procedure is sound
and that it is guaranteed to terminate under reasonable robustness assumptions
Proving Termination Starting from the End
We present a novel technique for proving program termination which introduces
a new dimension of modularity. Existing techniques use the program to
incrementally construct a termination proof. While the proof keeps changing,
the program remains the same. Our technique goes a step further. We show how to
use the current partial proof to partition the transition relation into those
behaviors known to be terminating from the current proof, and those whose
status (terminating or not) is not known yet. This partition enables a new and
unexplored dimension of incremental reasoning on the program side. In addition,
we show that our approach naturally applies to conditional termination which
searches for a precondition ensuring termination. We further report on a
prototype implementation that advances the state-of-the-art on the grounds of
termination and conditional termination.Comment: 16 page
- ā¦