Academia.eduAcademia.edu

Outline

Title
Abstract
Introduction
Related Work
Experimental Results
Conclusion and Future Work
References
All Topics
Computer Science
Computational Theory and Mathematics

State/Event-Based Software Model Checking

Profile image of Natasha SharyginaNatasha Sharygina

2004, Lecture Notes in Computer Science

https://doi.org/10.1007/978-3-540-24756-2_8
visibility

description

20 pages

link

1 file

Abstract

We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexample-guided abstraction refinement and compositional reasoning. Our specification language is a state/event extension of linear temporal logic, and allows us to express many properties of software in a concise and intuitive manner. We show how standard automata-theoretic LTL model checking algorithms can be ported to our framework at no extra cost, enabling us to directly benefit from the large body of research on efficient LTL verification. We have implemented this work within our concurrent C model checker, MAGIC, and checked a number of properties of OpenSSL-0.9.6c (an open-source implementation of the SSL protocol) and Micro-C OS version 2 (a real-time operating system for embedded applications). Our experiments show that this new approach not only eases the writing of specifications, but also yields important gains both in space and in time during verification. In certain cases, we even encountered specifications that could not be verified using traditional pure event-based or state-based approaches, but became tractable within our state/event framework. We report a bug in the source code of Micro-C OS version 2, which was found during our experiments.

Related papers

A tool supporting efficient model checking of concurrent specifications
Nicoletta Francesco, Antonella Santone

Microprocessors and Microsystems, 2002

We show a tool supporting ef®cient model checking of LOTOS programs. LOTOS is a well-known speci®cation language for concurrent and distributed systems. The main functionality of the tool is the syntactic reduction of a program with respect to a logic formula expressing a property to be checked. The method is useful to reduce the state-explosion problem in model checking. The tool is integrated with the Concurrency Workbench of North Carolina. The tool also supports a windows user interface. q Since 1998, she has been an assistant professor with the Department of Information Engineering of the University of Pisa. Her research interests include formal methods for description and analysis of concurrent and distributed systems, modal and temporal logics, automatic veri®cation and operational semantics.

View PDFchevron_right
Model checking for concurrent software architectures
D. Giannakopoulou

1999

in the FSP language. We then introduce CRA, problems related to it, as well as the way in which software architecture is used to guide CRA. Chapter 4 motivates and describes the use of ALTL for expressing properties of LTSs. A generic mechanism is then provided for checking that a system satisfies properties expressed as ALTL formulas or Büchi automata. This mechanism is then adjusted to cope with issues that arise when CRA is used to construct the LTS of a system. Chapter 5 concentrates on the issue of safety-property checking. Safety properties can be specified with a less expressive model than Büchi automata. This model is amenable to an efficient checking mechanism, described in this chapter. A similar technique is presented, for checking correctness of user-specified interfaces in the context of CRA. Chapter 6 discusses the notion of fairness, and relates it to liveness property checking. It proposes efficient strategies for checking liveness properties expressed as deterministic Büchi automata, and for checking a class of liveness properties termed progress. Such checks are performed under specific fairness assumptions about the system execution, which can be refined with the use of an action priority scheme. The chapter concludes with a methodology that users are advised to follow for analysing their systems. The methodology encourages the gradual transition from efficient and inexpensive checks that may not detect all possible errors in the system, to tests that are more expensive but also more thorough. Chapter 7 describes the construction and use of our analysis tool, as well as the way in which it interacts with our other tools for the development of concurrent and distributed systems. The non-trivial case study of a Reliable Multicast Transport Protocol is used to evaluate the applicability, performance and efficiency of our approach, and to compare it with similar approaches. Chapter 8 summarises and evaluates the contribution of TRACTA to model checking, discusses open issues and explores directions for future work. Appendix A is a formal presentation of the LTS model. Appendix B is a quick reference for the FSP language. Appendix C provides the semantics of the FSP language. Finally, Appendix D presents the proofs of some theorems and lemmas used in the main body of the thesis. Model Checking 2 2.1 TEMPORAL MODEL CHECKING 28 2.2 AUTOMATA-THEORETIC METHODS 35 2.3 DISCUSSION 36 2.4 SYMBOLIC REPRESENTATION 39 2.5 ON-THE-FLY VERIFICATION 41 2.6 REDUCTION 43 2.7 COMPOSITIONAL REASONING 51 2.8 DISCUSSION 52

View PDFchevron_right
Deterministic Compilation of Temporal Safety Properties in Explicit State Model Checking
Moshe Vardi

Abstract. The translation of temporal logic specifications constitutes an essential step in model checking and a major influence on the efficiency of formal verification via model checking. We devise a new explicit-state translation of Linear Temporal Logic to automata for the class of LTL specifications that describe safety properties, arguably the most used formal specifications in real-world systems.

View PDFchevron_right
On using temporal logic for refinement and compositional verification of concurrent systems
Dominique Méry

Theoretical Computer Science, 1995

A simple and elegant formulation of compositional proof systems for concurrent programs results from a refinement of temporal logic semantics. The refined temporal language we propose is closed under w-stuttering and, thus, provides a fully abstract semantics with respect to some chosen observation level w. This avoids incorporating irrelevant detail in the temporal semantics of parallel programs. Besides compositional verification, concurrent program design and implementation of a coarser-grained program by a finer-grained one, are easily practicable in the setting of the new temporal logic.

View PDFchevron_right
Verification of temporal properties in concurrent systems
Wiktor B Daszczuk

2003

Rapid growth of distributed systems stimulates many attempts to describe precisely the behavior of concurrent systems. The target of the research is to model complex systems, to automatically generate an executable code from abstract models, and to check the correctness of concurrent systems. In this thesis, a new concept of concurrent system verification is presented. The idea is based on building a new version of CTL temporal logic (QsCTL) over reachability graphs of systems defined by concurrent automata CSM. The proposed method is addressed to verify control-dominated systems. Many questions on concurrent system behavior may be asked easier in QsCTL than in traditional CTL. An original algorithm CBS (Checking By Spheres) for automatic evaluation of temporal formulas in this logic is presented. Another algorithm of state space reduction is designed. The presented ideas are implemented in TempoRG program, the element of the COSMA environment developed in ICS, WUT. The purpose of COSMA is to integrate formal verification methodology with concurrent systems design environment. The formulated theoretical concepts are illustrated with several examples concerning verification processes including quite complex industrial system.

View PDFchevron_right
Model checking LTL properties over ANSI-C programs with bounded traces
Lucas Cordeiro

Software & Systems Modeling, 2013

Context-bounded model checking has been used successfully to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages such as C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL). Our approach checks the actual C program, rather than an extracted abstract model. It converts the LTL formulas into Büchi automata for the corresponding never claims and then further into C monitor threads that are interleaved with the execution of the program under analysis. This combined system is then checked using the ESBMC model checker. We use an extended, fourvalued LTL semantics to handle the finite traces that bounded model checking explores; we thus check the combined system several times with different acceptance criteria to derive the correct truth value. In order to mitigate the state space Communicated by Dr.

View PDFchevron_right
A state/event-based model-checking approach for the analysis of abstract system properties
Maurice ter Beek, Alessandro Fantechi

Science of Computer Programming, 2011

We present the UMC framework for the formal analysis of concurrent systems specified by collections of UML state machines. The formal model of a system is given by a doubly labelled transition system, and the logic used to specify its properties is the state-based and event-based logic UCTL. UMC is an on-the-fly analysis framework which allows the user to interactively explore a UML model, to visualize abstract behavioural slices of it and to perform local model checking of UCTL formulae. An automotive scenario from the serviceoriented computing (SOC) domain is used as case study to illustrate our approach.

View PDFchevron_right
SALT—Structured Assertion Language for Temporal Logic
Jonathan Streit

Lecture Notes in Computer Science, 2006

This paper presents Salt. Salt is a general purpose specification and assertion language developed for creating concise temporal specifications to be used in industrial verification environments. It incorporates ideas of existing approaches, such as specification patterns, but also provides nested scopes, exceptions, support for regular expressions and real-time. The latter is needed in particular for verification tasks to do with reactive systems imposing strict execution times and deadlines. However, unlike other formalisms used for temporal specification of properties, Salt does not target a specific domain. The paper details on the design rationale, syntax and semantics of Salt in terms of a translation to temporal (real-time) logic, as well as on the realisation in form of a compiler. Our results will show that the higher level of abstraction introduced with Salt does not deprave the efficiency of the subsequent verification tools-rather, on the contrary.

View PDFchevron_right
Fluent model checking for event-based systems
Jeff Magee

ACM SIGSOFT Software Engineering Notes, 2003

Model checking is an automated technique for verifying that a system satisfies a set of required properties. Such properties are typically expressed as temporal logic formulas, in which atomic propositions are predicates over state variables of the system. In event-based system descriptions, states are not characterized by state variables, but rather by the behavior that originates in these states in terms of actions. In this context, it is natural for temporal formulas to be built from atomic propositions that are predicates on the occurrence of actions. The paper identifies limitations in this approach and introduces "fluent" propositions that permit formulas to naturally express properties that combine state and action. A fluent is a property of the world that holds after it is initiated by an action and ceases to hold when terminated by another action. The paper describes an approach to model checking fluent-based linear-temporal logic properties, with its implementati...

View PDFchevron_right
Verifying SystemC: a software model checking approach
Alessandro Cimatti

formal methods in computer-aided design, 2010

SystemC is becoming a de-facto standard for the development of embedded systems. Verification of SystemC designs is critical since it can prevent error propagation down to the hardware. SystemC allows for very efficient simulations before synthesizing the RTL description, but formal verification is still at a preliminary stage. Recent works translate SystemC into the input language of finite-state model checkers, but they abstract away relevant semantic aspects, and show limited scalability. In this paper, we approach formal verification of SystemC by reduction to software model checking. We explore two directions. First, we rely on a translation from SystemC to a sequential C program, that contains both the mapping of the SystemC threads in form of C functions, and the coding of relevant semantic aspects (e.g. of the SystemC kernel). In terms of verification, this enables the "off-the-shelf" use of model checking techniques for sequential software, such as lazy abstraction. Second, we propose an approach that exploits the intrinsic structure of SystemC. In particular, each SystemC thread is translated into a separate sequential program and explored with lazy abstraction, while the overall verification is orchestrated by the direct execution of the SystemC scheduler. The technique can be seen as generalizing lazy abstraction to the case of multi-threaded software with exclusive threads and cooperative scheduling. The above approaches have been implemented in a new software model checker. An experimental evaluation carried out on several case studies taken from the SystemC distribution and from the literature demonstrate the potential of the approach.

View PDFchevron_right

References (47)

  1. T. S. Anantharaman, E. M. Clarke, M. J. Foster, and B. Mishra. Compil- ing path expressions into VLSI circuits. In Proceedings of POPL, pages 191-204, 1985.
  2. BLAST website. http://www-cad.eecs.berkeley.edu/∼rupak/blast.
  3. S. Bensalem, Y. Lakhnech, and S. Owre. Computing abstractions of in- finite state systems compositionally and automatically. In Proceedings of CAV, volume 1427, pages 319-331. Springer LNCS, 1998.
  4. T. Ball, R. Majumdar, T. D. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In SIGPLAN Conference on Pro- gramming Language Design and Implementation, pages 203-213, 2001.
  5. T. Ball and S. K. Rajamani. Automatically validating temporal safety properties of interfaces. In Proceedings of SPIN, volume 2057, pages 103- 122. Springer LNCS, 2001.
  6. M. C. Browne. Automatic verification of finite state machines using tem- poral logic. PhD thesis, Carnegie Mellon University, 1989. Technical report no. CMU-CS-89-117.
  7. J. Bradfield and C. Stirling. Modal Logics and Mu-Calculi : An Introduc- tion, pages 293-330. Handbook of Process Algebra. Elsevier, 2001.
  8. J. Burch. Trace algebra for automatic verification of real-time concurrent systems. PhD thesis, Carnegie Mellon University, 1992. Technical report no. CMU-CS-92-179.
  9. CCG + 03] S. Chaki, E. M. Clarke, A. Groce, S. Jha, and H. Veith. Modular verifi- cation of software components in C. In Proceedings of ICSE 2003, pages 385-395, 2003.
  10. CCK + 02] P. Chauhan, E. M. Clarke, J. H. Kukula, S. Sapra, H. Veith, and D. Wang. Automated abstraction refinement for model checking large state spaces using SAT based conflict analysis. In Proceedings of FMCAD, pages 33- 51, 2002.
  11. CDH + 00] J. C. Corbett, M. B. Dwyer, J. Hatcliff, S. Laubach, C. S. Pȃsȃreanu, Robby, and H. Zheng. Bandera: extracting finite-state models from Java source code. In Proceedings of ICSE, pages 439-448. IEEE Computer Society, 2000.
  12. E. M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. Lecture Notes in Computer Science, 131, 1981.
  13. E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic verifica- tion of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems, 8(2):244- 263, 1986.
  14. E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample- guided abstraction refinement. In Computer Aided Verification, pages 154-169, 2000.
  15. E. M. Clarke, A. Gupta, J. H. Kukula, and O. Shrichman. SAT based abstraction-refinement using ILP and machine learning techniques. In Proceedings of CAV, pages 265-279, 2002.
  16. E. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, December 1999.
  17. J. M. Cobleigh, D. Giannakopoulou, and C. S. Pȃsȃreanu. Learning as- sumptions for compositional verification. In Proceedings of TACAS, vol- ume 2619, pages 331-346. Springer LNCS, 2003.
  18. S. Chaki, J. Ouaknine, K. Yorav, and E. M. Clarke. Automated com- positional abstraction refinement for concurrent C programs: A two-level approach. In Proceedings of SoftMC 03. ENTCS 89(3), 2003.
  19. D. L. Dill. Trace theory for automatic hierarchical verification of speed- independent circuits. PhD thesis, Carnegie Mellon University, 1988. Tech- nical report no. CMU-CS-88-119.
  20. O. Grumberg and D.E. Long. Model checking and modular verification. ACM Trans. on Programming Languages and Systems, 16(3):843-871, 1994.
  21. D. Giannakopoulou and J. Magee. Fluent model checking for event-based systems. In Proceedings of FSE. ACM Press, 2003.
  22. R. Gerth, D. Peled, M. Y. Vardi, and P. Wolper. Simple on-the-fly au- tomatic verification of linear temporal logic. In Protocol Specification Testing and Verification, pages 3-18, Warsaw, Poland, 1995. Chapman & Hall.
  23. T. A. Henzinger, R. Jhala, R. Majumdar, and S. Qadeer. Thread-modular abstraction refinement. In Proceedings of CAV, volume 2725. Springer LNCS, 2003.
  24. T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Proceedings of POPL, pages 58-70, 2002.
  25. M. Huth, R. Jagadeesan, and D. Schmidt. Modal transition systems: A foundation for three-valued program analysis. In Proceedings of ESOP 01. LNCS 2028, 2001.
  26. C. A. R. Hoare. Communicating Sequential Processes. Prentice Hall, 1985.
  27. T. A. Henzinger, S. Qadeer, and S. K. Rajamani. Decomposing refinement proofs using assume-guarantee reasoning. In Proceedings of ICCAD, pages 245-252. IEEE Computer Society Press, 2000.
  28. D. Kozen. Results on the propositional mu-calculus. Theoretical Com- puter Science, 27:333-354, 1983.
  29. R. P. Kurshan. Computer-aided verification of coordinating processes: the automata-theoretic approach. Princeton University Press, 1994.
  30. E. Kindler and T. Vesper. ESTL: A temporal logic for events and states. In Proceedings of ATPN 98, pages 365-383. LNCS 1420, 1998.
  31. Y. Lakhnech, S. Bensalem, S. Berezin, and S. Owre. Incremental veri- fication by abstraction. In Proceedings of TACAS, volume 2031, pages 98-112. Springer LNCS, 2001.
  32. O. Lichtenstein and A. Pnueli. Checking that finite state concurrent programs satisfy their linear specification. In Proceedings of POPL, 1985.
  33. MAG] MAGIC website. http://www.cs.cmu.edu/∼chaki/magic.
  34. K. L. McMillan. A compositional rule for hardware design refinement. In Proceedings of CAV, volume 1254, pages 24-35. Springer LNCS, 1997.
  35. R. Milner. Communication and Concurrency. Prentice-Hall International, London, 1989.
  36. G. Naumovich, L. A. Clarke, L. J. Osterweil, and M. B. Dwyer. Verifi- cation of concurrent software with FLAVERS. In Proceedings of ICSE, pages 594-595. ACM Press, 1997.
  37. R. De Nicola, A. Fantechi, S. Gnesi, and G. Ristori. An action-based framework for verifying logical and behavioural properties of concurrent systems. Computer Networks and ISDN Systems, 25(7):761-778, 1993.
  38. R. De Nicola and F. Vaandrager. Three logics for branching bisimulation. Journal of the ACM (JACM), 42(2):458-487, 1995.
  39. C. S. Pȃsȃreanu, M. B. Dwyer, and W. Visser. Finding feasible counter- examples when model checking abstracted Java programs. In Proceedings of TACAS, volume 2031, pages 284-298. Springer LNCS, 2001.
  40. A. Pnueli. Application of temporal logic to the specification and verifica- tion of reactive systems: A survey of current trends. In J.W. de Bakker, W. P. de Roever, and G. Rozenburg, editors, Current Trends in Concur- rency, volume 224 of Lecture Notes in Computer Science, pages 510-584. Springer, 1986.
  41. J.P. Quielle and J. Sifakis. Specification and verification of concurrent systems in CESAR. In proceedings of Fifth Intern. Symposium on Pro- gramming, pages 337-350, 1981.
  42. A. W. Roscoe. The Theory and Practice of Concurrency. Prentice-Hall International, London, 1997.
  43. F. Somenzi and R. Bloem. Efficient Büchi automata from LTL formulae. In Computer-Aided Verification, pages 248-263, 2000.
  44. SLAM website. http://research.microsoft.com/slam.
  45. SSL] OpenSSL. http://wp.netscape.com/eng/ssl3/ssl-toc.html.
  46. S. D. Stoller. Model-checking multi-threaded distributed Java programs. International Journal on Software Tools for Technology Transfer, 4(1):71- 91, 2002.
  47. Wring website. http://vlsi.colorado.edu/∼rbloem/wring.html.

Related papers

Concurrent software verification with states, events, and deadlocks
Natasha Sharygina

Formal Aspects of Computing, 2005

We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexample-guided abstraction refinement and compositional reasoning. Our specification language is a state/event extension of linear temporal logic, and allows us to express many properties of software in a concise and intuitive manner. We show how standard automata-theoretic LTL model checking algorithms can be ported to our framework at no extra cost, enabling us to directly benefit from the large body of research on efficient LTL verification.

View PDFchevron_right
An Expressive Verification Framework for State/Event
Natasha Sharygina

Specification languages for concurrent software systems need to combine practical algorithmic efficiency with high expressive power and the ability to reason about both states and events. We address this question by defining a new branching-time temporal logic SE-AΩ which integrates both state-based and action-based properties. SE-AΩ is universal, i.e., preserved by the simulation relation, and thus amenable to counterexample-guided abstraction refinement. We provide a model-checking algorithm for this logic, and describe a compositional abstraction-refinement loop which exploits the natural decomposition of the concurrent system; the abstraction and refinement steps are performed over each component separately, and only the model checking step requires an explicit composition of the abstracted components. For experimental evaluation, we have integrated the presented algorithms in the software verification tool MAGIC, and determined a previously unknown race condition error in a piece of an industrial robot control software. sets Ω of ω-regular path operators. A subtle property of AΩ is the monotonicity of the path operators: the semantics guarantees that the extended path operators cannot be used to implicitly define negation. While this property comes for free with the standard temporal path operators, its presence is crucial for obtaining extended universal branching logics. Such logics are preserved by simulation, and are therefore amenable to existential abstraction .

View PDFchevron_right
Towards Support for Software Model Checking: Improving the Efficiency of Formal Specifications
Ann Gates

Advances in Software Engineering, 2011

The Property Specification (Prospec) tool uses patterns and scopes defined by Dwyer et al., to generate formal specifications in Linear Temporal Logic (LTL) and other languages. The work presented in this paper provides improved LTL specifications for patterns and scopes over those originally provided by Prospec. This improvement comes in the efficiency of the LTL formulas as measured in terms of the number of states in the Büchi automaton generated for the formula. Minimizing the size of the Büchi automata for an LTL specification provides a significant improvement for model checking software systems using such tools as the highly acclaimed Spin model checker.

View PDFchevron_right
Techniques for Temporal Logic Model Checking
David Déharbe

Refinement Techniques in Software Engineering, 2006

View PDFchevron_right
State/Event Software Verification for Branching-Time Specifications
Natasha Sharygina

Lecture Notes in Computer Science, 2005

In the domain of concurrent software verification, there is an evident need for specification formalisms and efficient algorithms to verify branching-time properties that involve both data and communication. We address this problem by defining a new branching-time temporal logic SE-AΩ which integrates both state-based and action-based properties. SE-AΩ is universal, i.e., preserved by the simulation relation, and thus amenable to counterexample-guided abstraction refinement. We provide a model-checking algorithm for this logic, based upon a compositional abstraction-refinement loop which exploits the natural decomposition of the concurrent system into its components. The abstraction and refinement steps are performed over each component separately, and only the model checking step requires an explicit composition of the abstracted components. For experimental evaluation, we have integrated our algorithm within the ComFoRT reasoning framework and used it to verify a piece of industrial robot control software.

View PDFchevron_right

Related topics

  • Linear Temporal Logic
  • Real Time Operating System

    • Cited by

    State/Event Software Verification for Branching-Time Specifications
    Natasha Sharygina

    Lecture Notes in Computer Science, 2005

    In the domain of concurrent software verification, there is an evident need for specification formalisms and efficient algorithms to verify branching-time properties that involve both data and communication. We address this problem by defining a new branching-time temporal logic SE-AΩ which integrates both state-based and action-based properties. SE-AΩ is universal, i.e., preserved by the simulation relation, and thus amenable to counterexample-guided abstraction refinement. We provide a model-checking algorithm for this logic, based upon a compositional abstraction-refinement loop which exploits the natural decomposition of the concurrent system into its components. The abstraction and refinement steps are performed over each component separately, and only the model checking step requires an explicit composition of the abstracted components. For experimental evaluation, we have integrated our algorithm within the ComFoRT reasoning framework and used it to verify a piece of industrial robot control software.

    View PDFchevron_right
    The ComFoRT Reasoning Framework
    Natasha Sharygina

    Lecture Notes in Computer Science, 2005

    Model checking is a promising technology for verifying critical behavior of software. However, software model checking is hamstrung by scalability issues and is difficult for software engineers to use directly. The second challenge arises from the gap between model checking concepts and notations, and those used by engineers to develop large-scale systems. ComFoRT [15] addresses both of these challenges. It provides a model checker, Copper, that implements a suite of complementary complexity management techniques to address state space explosion. But ComFoRT is more than a model checker. The ComFoRT reasoning framework includes additional support for building systems in a particular component-based idiom. This addresses transition issues.

    View PDFchevron_right
    Partial Order Reduction for State/Event LTL
    Barbora Buhnova, Ivana Cerná

    Lecture Notes in Computer Science, 2009

    Software systems assembled from a large number of autonomous components become an interesting target for formal verification due to the issue of correct interplay in component interaction. State/event LTL [6, 5] incorporates both states and events to express important properties of component-based software systems.

    View PDFchevron_right
    Model Checking of Control-User Component-Based Parametrised Systems
    Ivana Cerná

    Lecture Notes in Computer Science, 2008

    Many real component-based systems, so called Control-User systems, are composed of a stable part (control component) and a number of dynamic components of the same type (user components). Models of these systems are parametrised by the number of user components and thus potentially infinite. Model checking techniques can be used to verify only specific instances of the systems. This paper presents an algorithmic technique for verification of safety interaction properties of Control-User systems. The core of our verification method is a computation of a cutoff. If the system is proved to be correct for every number of user components lower than the cutoff then it is correct for any number of users. We present an on-the-fly model checking algorithm which integrates computation of a cutoff with the verification itself. Symmetry reduction can be applied during the verification to tackle the state explosion of the model. Applying the algorithm we verify models of several previously published component-based systems.

    View PDFchevron_right
    States and Events in KandISTI - A Retrospective
    Franco Mazzanti

    2018

    Early work on automated formal verification produced pioneering model-checking algorithms, in which system computations were modelled either as sequences of distinguished states in which the system evolves or as sequences of events or actions occurring during the system’s state transitions. In both cases, automata-like structures generally known as transition systems were exploited to capture all possible computations, but still either state-based or event-based. Many years later, both views were combined in descriptions of computations as the evolution between distinguished states by means of transitions characterised by the occurrence of events, and verification tools were adapted to this more general setting. Meanwhile, the most important drive in improving verification tools concerned the complexity of models, which was attacked by algorithms capable of minimising the information needed for deciding the verification questions. One of the outcomes of this quest was local, on-the-...

    View PDFchevron_right
    580 California St., Suite 400
    San Francisco, CA, 94104
    © 2025 Academia. All rights reserved