686 research outputs found
Verify LTL with Fairness Assumptions Efficiently
© 2016 IEEE. This paper deals with model checking problems with respect to LTL properties under fairness assumptions. We first present an efficient algorithm to deal with a fragment of fairness assumptions and then extend the algorithm to handle arbitrary ones. Notably, by making use of some syntactic transformations, our algorithm avoids constructing corresponding Büchi automata for the whole fairness assumptions, which can be very large in practice. We implement our algorithm in NuSMV and consider a large selection of formulas. Our experiments show that in many cases our approach exceeds the automata-theoretic approach up to several orders of magnitude, in both time and memory
Quantitative multi-objective verification for probabilistic systems
We present a verification framework for analysing multiple quantitative objectives of systems that exhibit both nondeterministic and stochastic behaviour. These systems are modelled as probabilistic automata, enriched with cost or reward structures that capture, for example, energy usage or performance metrics. Quantitative properties of these models are expressed in a specification language that incorporates probabilistic safety and liveness properties, expected total cost or reward, and supports multiple objectives of these types. We propose and implement an efficient verification framework for such properties and then present two distinct applications of it: firstly, controller synthesis subject to multiple quantitative objectives; and, secondly, quantitative compositional verification. The practical applicability of both approaches is illustrated with experimental results from several large case studies
Counter Attack on Byzantine Generals: Parameterized Model Checking of Fault-tolerant Distributed Algorithms
We introduce an automated parameterized verification method for
fault-tolerant distributed algorithms (FTDA). FTDAs are parameterized by both
the number of processes and the assumed maximum number of Byzantine faulty
processes. At the center of our technique is a parametric interval abstraction
(PIA) where the interval boundaries are arithmetic expressions over parameters.
Using PIA for both data abstraction and a new form of counter abstraction, we
reduce the parameterized problem to finite-state model checking. We demonstrate
the practical feasibility of our method by verifying several variants of the
well-known distributed algorithm by Srikanth and Toueg. Our semi-decision
procedures are complemented and motivated by an undecidability proof for FTDA
verification which holds even in the absence of interprocess communication. To
the best of our knowledge, this is the first paper to achieve parameterized
automated verification of Byzantine FTDA
Automatic Generation of Minimal Cut Sets
A cut set is a collection of component failure modes that could lead to a
system failure. Cut Set Analysis (CSA) is applied to critical systems to
identify and rank system vulnerabilities at design time. Model checking tools
have been used to automate the generation of minimal cut sets but are generally
based on checking reachability of system failure states. This paper describes a
new approach to CSA using a Linear Temporal Logic (LTL) model checker called BT
Analyser that supports the generation of multiple counterexamples. The approach
enables a broader class of system failures to be analysed, by generalising from
failure state formulae to failure behaviours expressed in LTL. The traditional
approach to CSA using model checking requires the model or system failure to be
modified, usually by hand, to eliminate already-discovered cut sets, and the
model checker to be rerun, at each step. By contrast, the new approach works
incrementally and fully automatically, thereby removing the tedious and
error-prone manual process and resulting in significantly reduced computation
time. This in turn enables larger models to be checked. Two different
strategies for using BT Analyser for CSA are presented. There is generally no
single best strategy for model checking: their relative efficiency depends on
the model and property being analysed. Comparative results are given for the
A320 hydraulics case study in the Behavior Tree modelling language.Comment: In Proceedings ESSS 2015, arXiv:1506.0325
Using Indexed and Synchronous Events to Model and Validate Cyber-Physical Systems
Timed Transition Models (TTMs) are event-based descriptions for modelling,
specifying, and verifying discrete real-time systems. An event can be
spontaneous, fair, or timed with specified bounds. TTMs have a textual syntax,
an operational semantics, and an automated tool supporting linear-time temporal
logic. We extend TTMs and its tool with two novel modelling features for
writing high-level specifications: indexed events and synchronous events.
Indexed events allow for concise description of behaviour common to a set of
actors. The indexing construct allows us to select a specific actor and to
specify a temporal property for that actor. We use indexed events to validate
the requirements of a train control system. Synchronous events allow developers
to decompose simultaneous state updates into actions of separate events. To
specify the intended data flow among synchronized actions, we use primed
variables to reference the post-state (i.e., one resulted from taking the
synchronized actions). The TTM tool automatically infers the data flow from
synchronous events, and reports errors on inconsistencies due to circular data
flow. We use synchronous events to validate part of the requirements of a
nuclear shutdown system. In both case studies, we show how the new notation
facilitates the formal validation of system requirements, and use the TTM tool
to verify safety, liveness, and real-time properties.Comment: In Proceedings ESSS 2015, arXiv:1506.0325
Being correct is not enough: efficient verification using robust linear temporal logic
While most approaches in formal methods address system correctness, ensuring
robustness has remained a challenge. In this paper we present and study the
logic rLTL which provides a means to formally reason about both correctness and
robustness in system design. Furthermore, we identify a large fragment of rLTL
for which the verification problem can be efficiently solved, i.e.,
verification can be done by using an automaton, recognizing the behaviors
described by the rLTL formula , of size at most , where is the length of . This
result improves upon the previously known bound of
for rLTL verification and is closer to
the LTL bound of . The usefulness of
this fragment is demonstrated by a number of case studies showing its practical
significance in terms of expressiveness, the ability to describe robustness,
and the fine-grained information that rLTL brings to the process of system
verification. Moreover, these advantages come at a low computational overhead
with respect to LTL verification.Comment: arXiv admin note: text overlap with arXiv:1510.08970. v2 notes: Proof
on the complexity of translating rLTL formulae to LTL formulae via the
rewriting approach. New case study on the scalability of rLTL formulae in the
proposed fragment. Accepted to appear in ACM Transactions on Computational
Logi
- …