Modular control-loop detection

This paper presents an efficient algorithm to detect control-loops in large finite-state systems. The proposed algorithm exploits the modular structure present in many models of practical relevance, and often successfully avoids the explicit synchronous composition of subsystems and thereby the state explosion problem. Experimental results show that the method can be used to verify industrial applications of considerable complexity

A parametric analysis of the state-explosion problem in model checking

AbstractIn model checking, the state-explosion problem occurs when one checks a nonflat system, i.e., a system implicitly described as a synchronized product of elementary subsystems. In this paper, we investigate the complexity of a wide variety of model-checking problems for nonflat systems under the light of parameterized complexity, taking the number of synchronized components as a parameter. We provide precise complexity measures (in the parameterized sense) for most of the problems we investigate, and evidence that the results are robust

Model Checking - My 27-Year Quest to Overcome the State Explosion Problem

Model Checking is an automatic verification technique for state-transition systems that are finite=state or that have finite-state abstractions. In the early 1980 s in a series of joint papers with my graduate students E.A. Emerson and A.P. Sistla, we proposed that Model Checking could be used for verifying concurrent systems and gave algorithms for this purpose. At roughly the same time, Joseph Sifakis and his student J.P. Queille at the University of Grenoble independently developed a similar technique. Model Checking has been used successfully to reason about computer hardware and communication protocols and is beginning to be used for verifying computer software. Specifications are written in temporal logic, which is particularly valuable for expressing concurrency properties. An intelligent, exhaustive search is used to determine if the specification is true or not. If the specification is not true, the Model Checker will produce a counterexample execution trace that shows why the specification does not hold. This feature is extremely useful for finding obscure errors in complex systems. The main disadvantage of Model Checking is the state-explosion problem, which can occur if the system under verification has many processes or complex data structures. Although the state-explosion problem is inevitable in worst case, over the past 27 years considerable progress has been made on the problem for certain classes of state-transition systems that occur often in practice. In this talk, I will describe what Model Checking is, how it works, and the main techniques that have been developed for combating the state explosion problem

Modelling and controlling traffic behaviour with continuous Petri nets

Traffic systems are discrete systems that can be heavily populated. One way of overcoming the state explosion problem inherent to heavily populated discrete systems is to relax the discrete model. Continuous Petri nets (PN) represent a relaxation of the original discrete Petri nets that leads to a compositional formalism to model traffic behaviour. This paper introduces some new features of continuous Petri nets that are useful to obtain realistic but compact models for traffic systems. Combining these continuous PN models with discrete PN models of traffic lights leads to a hybrid Petri net model that is appropriate for predicting traffic behaviour, and for designing trac light controllers that minimize the total delay of the vehicles in the system

Parameterized Reachability Graph for Software Model Checking Based on PDNet

Model checking is a software automation verification technique. However, the complex execution process of concurrent software systems and the exhaustive search of state space make the model-checking technique limited by the state-explosion problem in real applications. Due to the uncertain input information (called system parameterization) in concurrent software systems, the state-explosion problem in model checking is exacerbated. To address the problem that reachability graphs of Petri net are difficult to construct and cannot be explored exhaustively due to system parameterization, this paper introduces parameterized variables into the program dependence net (a concurrent program model). Then, it proposes a parameterized reachability graph generation algorithm, including decision algorithms for verifying the properties. We implement LTL-x verification based on parameterized reachability graphs and solve the problem of difficulty constructing reachability graphs caused by uncertain inputs

Symmetry reduction and heuristic search for error detection in model checking

The state explosion problem is the main limitation of model checking. Symmetries in the system being verified can be exploited in order to avoid this problem by defining an equivalence (symmetry) relation on the states of the system, which induces a semantically equivalent quotient system of smaller size. On the other hand, heuristic search algorithms can be applied to improve the bug finding capabilities of model checking. Such algorithms use heuristic functions to guide the exploration. Bestfirst is used for accelerating the search, while A* guarantees optimal error trails if combined with admissible estimates. We analyze some aspects of combining both approaches, concentrating on the problem of finding the optimal path to the equivalence class of a given error state. Experimental results evaluate our approach

Abstraction and Learning for Infinite-State Compositional Verification

Despite many advances that enable the application of model checking techniques to the verification of large systems, the state-explosion problem remains the main challenge for scalability. Compositional verification addresses this challenge by decomposing the verification of a large system into the verification of its components. Recent techniques use learning-based approaches to automate compositional verification based on the assume-guarantee style reasoning. However, these techniques are only applicable to finite-state systems. In this work, we propose a new framework that interleaves abstraction and learning to perform automated compositional verification of infinite-state systems. We also discuss the role of learning and abstraction in the related context of interface generation for infinite-state components.Comment: In Proceedings Festschrift for Dave Schmidt, arXiv:1309.455

Using heuristic search for finding deadlocks in concurrent systems

AbstractModel checking is a formal technique for proving the correctness of a system with respect to a desired behavior. This is accomplished by checking whether a structure representing the system (typically a labeled transition system) satisfies a temporal logic formula describing the expected behavior. Model checking has a number of advantages over traditional approaches that are based on simulation and testing: it is completely automatic and when the verification fails it returns a counterexample that can be used to pinpoint the source of the error. Nevertheless, model checking techniques often fail because of the state explosion problem: transition systems grow exponentially with the number of components. The aim of this paper is to attack the state explosion problem that may arise when looking for deadlocks in concurrent systems described through the calculus of communicating systems. We propose to use heuristics-based techniques, namely the A* algorithm, both to guide the search without constructing the complete transition system, and to provide minimal counterexamples. We have realized a prototype tool to evaluate the methodology. Experiments we have conducted on processes of different size show the benefit from using our technique against building the whole state space, or applying some other methods

ROSA Analyser: An automatized approach to analyse processes of ROSA

In this work we present the first version of ROSA Analyser, a tool designed to get closer to a fully automatic process of analysing the behaviour of a system specified as a process of the Markovian Process Algebra ROSA. In this first development stage, ROSA Analyser is able to generate the Labelled Transition System, according to ROSA Operational Semantics. ROSA Analyser performance starts with the Syntactic Analysis so generating a layered structure, suitable to then, apply the Operational Semantics Transition rules in the easier way. ROSA Analyser is able to recognize some states identities deeper than the Syntactic ones. This is the very first step in the way to reduce the size of the LTS and then to avoid the state explosion problem, so making this task more tractable. For the sake of better illustrating the usefulness of ROSA Analyser, a case study is also provided within this work.Comment: In Proceedings WS-FMDS 2012, arXiv:1207.1841. Formal model's too