Formally Verified Compositional Algorithms for Factored Transition Systems

Artificial Intelligence (AI) planning and model checking are two disciplines that found wide practical applications. It is often the case that a problem in those two fields concerns a transition system whose behaviour can be encoded in a digraph that models the system's state space. However, due to the very large size of state spaces of realistic systems, they are compactly represented as propositionally factored transition systems. These representations have the advantage of being exponentially smaller than the state space of the represented system. Many problems in AI~planning and model checking involve questions about state spaces, which correspond to graph theoretic questions on digraphs modelling the state spaces. However, existing techniques to answer those graph theoretic questions effectively require, in the worst case, constructing the digraph that models the state space, by expanding the propositionally factored representation of the syste\ m. This is not practical, if not impossible, in many cases because of the state space size compared to the factored representation. One common approach that is used to avoid constructing the state space is the compositional approach, where only smaller abstractions of the system at hand are processed and the given problem (e.g. reachability) is solved for them. Then, a solution for the problem on the concrete system is derived from the solutions of the problem on the abstract systems. The motivation of this approach is that, in the worst case, one need only construct the state spaces of the abstractions which can be exponentially smaller than the state space of the concrete system. We study the application of the compositional approach to two fundamental problems on transition systems: upper-bounding the topological properties (e.g. the largest distance between any two states, i.e. the diameter) of the state spa\ ce, and computing reachability between states. We provide new compositional algorithms to solve both problems by exploiting different structures of the given system. In addition to the use of an existing abstraction (usually referred to as projection) based on removing state space variables, we develop two new abstractions for use within our compositional algorithms. One of the new abstractions is also based on state variables, while the other is based on assignments to state variables. We theoretically and experimentally show that our new compositional algorithms improve the state-of-the-art in solving both problems, upper-bounding state space topological parameters and reachability. We designed the algorithms as well as formally verified them with the aid of an interactive theorem prover. This is the first application that we are aware of, for such a theorem prover based methodology to the design of new algorithms in either AI~planning or model checking

On the Magnitude of Completeness Thresholds in Bounded Model Checking

Bounded model checking (BMC) is a highly successful bug-finding method that examines paths of bounded length for violations of a given regular or omega-regular specification. A completeness threshold for a given model M and specification phi is a bound k such that, if no counterexample to phi of length k or less can be found in M, then M in fact satisfies phi. The quest for 'small' completeness thresholds in BMC goes back to the very inception of the technique, over a decade ago, and remains a topic of active research. For a fixed specification, completeness thresholds are typically expressed in terms of key attributes of the models under consideration, such as their diameter (length of the longest shortest path) and especially their recurrence diameter (length of the longest loop-free path). A recent research paper identified a large class of LTL specifications having completeness thresholds linear in the models' recurrence diameter. However, the authors left open the question of whether linearity is in general even decidable. In the present paper, we settle the problem in the affirmative, by showing that the linearity problem for both regular and omega-regular specifications (provided as automata and Buechi automata respectively is PSPACE-complete. Moreover, we establish the following dichotomies: for regular specifications, completeness thresholds are either linear or exponential, whereas for omega-regular specifications, completeness thresholds are either linear or at least quadratic. © 2012 IEEE

On the Magnitude of Completeness Thresholds in Bounded Model Checking

Bounded model checking (BMC) is a highly successful bug-finding method that examines paths of bounded length for violations of a given regular or omega-regular specification. A completeness threshold for a given model M and specification phi is a bound k such that, if no counterexample to phi of length k or less can be found in M, then M in fact satisfies phi. The quest for 'small' completeness thresholds in BMC goes back to the very inception of the technique, over a decade ago, and remains a topic of active research. For a fixed specification, completeness thresholds are typically expressed in terms of key attributes of the models under consideration, such as their diameter (length of the longest shortest path) and especially their recurrence diameter (length of the longest loop-free path). A recent research paper identified a large class of LTL specifications having completeness thresholds linear in the models' recurrence diameter. However, the authors left open the question of whether linearity is in general even decidable. In the present paper, we settle the problem in the affirmative, by showing that the linearity problem for both regular and omega-regular specifications (provided as automata and Buechi automata respectively is PSPACE-complete. Moreover, we establish the following dichotomies: for regular specifications, completeness thresholds are either linear or exponential, whereas for omega-regular specifications, completeness thresholds are either linear or at least quadratic. © 2012 IEEE