2,084 research outputs found
Procedure-modular specification and verification of temporal safety properties
This paper describes ProMoVer, a tool for fully automated procedure-modular verification of Java programs equipped with method-local and global assertions that specify safety properties of sequences of method invocations. Modularity at the procedure-level is a natural instantiation of the modular verification paradigm, where correctness of global properties is relativized on the local properties of the methods rather than on their implementations. Here, it is based on the construction of maximal models for a program model that abstracts away from program data. This approach allows global properties to be verified in the presence of code evolution, multiple method implementations (as arising from software product lines), or even unknown method implementations (as in mobile code for open platforms). ProMoVer automates a typical verification scenario for a previously developed tool set for compositional verification of control flow safety properties, and provides appropriate pre- and post-processing. Both linear-time temporal logic and finite automata are supported as formalisms for expressing local and global safety properties, allowing the user to choose a suitable format for the property at hand. Modularity is exploited by a mechanism for proof reuse that detects and minimizes the verification tasks resulting from changes in the code and the specifications. The verification task is relatively light-weight due to support for abstraction from private methods and automatic extraction of candidate specifications from method implementations. We evaluate the tool on a number of applications from the domains of Java Card and web-based application
Truly On-The-Fly LTL Model Checking
We propose a novel algorithm for automata-based LTL model checking that
interleaves the construction of the generalized B\"{u}chi automaton for the
negation of the formula and the emptiness check. Our algorithm first converts
the LTL formula into a linear weak alternating automaton; configurations of the
alternating automaton correspond to the locations of a generalized B\"{u}chi
automaton, and a variant of Tarjan's algorithm is used to decide the existence
of an accepting run of the product of the transition system and the automaton.
Because we avoid an explicit construction of the B\"{u}chi automaton, our
approach can yield significant improvements in runtime and memory, for large
LTL formulas. The algorithm has been implemented within the SPIN model checker,
and we present experimental results for some benchmark examples
Linear Encodings of Bounded LTL Model Checking
We consider the problem of bounded model checking (BMC) for linear temporal
logic (LTL). We present several efficient encodings that have size linear in
the bound. Furthermore, we show how the encodings can be extended to LTL with
past operators (PLTL). The generalised encoding is still of linear size, but
cannot detect minimal length counterexamples. By using the virtual unrolling
technique minimal length counterexamples can be captured, however, the size of
the encoding is quadratic in the specification. We also extend virtual
unrolling to Buchi automata, enabling them to accept minimal length
counterexamples.
Our BMC encodings can be made incremental in order to benefit from
incremental SAT technology. With fairly small modifications the incremental
encoding can be further enhanced with a termination check, allowing us to prove
properties with BMC. Experiments clearly show that our new encodings improve
performance of BMC considerably, particularly in the case of the incremental
encoding, and that they are very competitive for finding bugs. An analysis of
the liveness-to-safety transformation reveals many similarities to the BMC
encodings in this paper. Using the liveness-to-safety translation with
BDD-based invariant checking results in an efficient method to find shortest
counterexamples that complements the BMC-based approach.Comment: Final version for Logical Methods in Computer Science CAV 2005
special issu
Verifying Real-Time Systems using Explicit-time Description Methods
Timed model checking has been extensively researched in recent years. Many
new formalisms with time extensions and tools based on them have been
presented. On the other hand, Explicit-Time Description Methods aim to verify
real-time systems with general untimed model checkers. Lamport presented an
explicit-time description method using a clock-ticking process (Tick) to
simulate the passage of time together with a group of global variables for time
requirements. This paper proposes a new explicit-time description method with
no reliance on global variables. Instead, it uses rendezvous synchronization
steps between the Tick process and each system process to simulate time. This
new method achieves better modularity and facilitates usage of more complex
timing constraints. The two explicit-time description methods are implemented
in DIVINE, a well-known distributed-memory model checker. Preliminary
experiment results show that our new method, with better modularity, is
comparable to Lamport's method with respect to time and memory efficiency
From LTL and Limit-Deterministic B\"uchi Automata to Deterministic Parity Automata
Controller synthesis for general linear temporal logic (LTL) objectives is a
challenging task. The standard approach involves translating the LTL objective
into a deterministic parity automaton (DPA) by means of the Safra-Piterman
construction. One of the challenges is the size of the DPA, which often grows
very fast in practice, and can reach double exponential size in the length of
the LTL formula. In this paper we describe a single exponential translation
from limit-deterministic B\"uchi automata (LDBA) to DPA, and show that it can
be concatenated with a recent efficient translation from LTL to LDBA to yield a
double exponential, \enquote{Safraless} LTL-to-DPA construction. We also report
on an implementation, a comparison with the SPOT library, and performance on
several sets of formulas, including instances from the 2016 SyntComp
competition
Exploiting the Temporal Logic Hierarchy and the Non-Confluence Property for Efficient LTL Synthesis
The classic approaches to synthesize a reactive system from a linear temporal
logic (LTL) specification first translate the given LTL formula to an
equivalent omega-automaton and then compute a winning strategy for the
corresponding omega-regular game. To this end, the obtained omega-automata have
to be (pseudo)-determinized where typically a variant of Safra's
determinization procedure is used. In this paper, we show that this
determinization step can be significantly improved for tool implementations by
replacing Safra's determinization by simpler determinization procedures. In
particular, we exploit (1) the temporal logic hierarchy that corresponds to the
well-known automata hierarchy consisting of safety, liveness, Buechi, and
co-Buechi automata as well as their boolean closures, (2) the non-confluence
property of omega-automata that result from certain translations of LTL
formulas, and (3) symbolic implementations of determinization procedures for
the Rabin-Scott and the Miyano-Hayashi breakpoint construction. In particular,
we present convincing experimental results that demonstrate the practical
applicability of our new synthesis procedure
- ā¦