共查询到20条相似文献,搜索用时 15 毫秒
1.
Efficient symbolic and explicit-state model checking approaches have been developed for the verification of linear time temporal logic (LTL) properties. Several attempts have been made to combine the advantages of the various algorithms. Model checking LTL properties usually poses two challenges: one must compute the synchronous product of the state space and the automaton model of the desired property, then look for counterexamples that is reduced to finding strongly connected components (SCCs) in the state space of the product. In case of concurrent systems, where the phenomenon of state space explosion often prevents the successful verification, the so-called saturation algorithm has proved its efficiency in state space exploration. This paper proposes a new approach that leverages the saturation algorithm both as an iteration strategy constructing the product directly, as well as in a new fixed-point computation algorithm to find strongly connected components on-the-fly by incrementally processing the components of the model. Complementing the search for SCCs, explicit techniques and component-wise abstractions are used to prove the absence of counterexamples. The resulting on-the-fly, incremental LTL model checking algorithm proved to scale well with the size of models, as the evaluation on models of the Model Checking Contest suggests. 相似文献
2.
Patrice Godefroid Nir Piterman 《International Journal on Software Tools for Technology Transfer (STTT)》2011,13(6):571-584
Given a 3-valued abstraction of a program (possibly generated using static program analysis and predicate abstraction) and
a temporal logic formula, generalized model checking (GMC) checks whether there exists a concretization of that abstraction
that satisfies the formula. In this paper, we revisit generalized model checking for linear time (LTL) properties. First,
we show that LTL GMC is 2EXPTIME-complete in the size of the formula and polynomial in the model, where the degree of the
polynomial depends on the formula, instead of EXPTIME-complete and quadratic as previously believed. The standard definition
of GMC depends on a definition of concretization which is tailored for branching-time model checking. We then study a simpler
linear completeness preorder for relating program abstractions. We show that LTL GMC with this weaker preorder is only EXPSPACE-complete in the size of
the formula, and can be solved in linear time and logarithmic space in the size of the model. Finally, we identify classes
of formulas for which the model complexity of standard GMC is reduced. 相似文献
3.
Flash memory efficient LTL model checking 总被引:1,自引:0,他引:1
S. EdelkampD. Sulewski J. BarnatL. Brim P. Šime?ek 《Science of Computer Programming》2011,76(2):136-157
As the capacity and speed of flash memories in form of solid state disks grow, they are becoming a practical alternative for standard magnetic drives. Currently, most solid-state disks are based on NAND technology and much faster than magnetic disks in random reads, while in random writes they are generally not.So far, large-scale LTL model checking algorithms have been designed to employ external memory optimized for magnetic disks. We propose algorithms optimized for flash memory access. In contrast to approaches relying on the delayed detection of duplicate states, in this work, we design and exploit appropriate hash functions to re-invent immediate duplicate detection.For flash memory efficient on-the-fly LTL model checking, which aims at finding any counter-example to the specified LTL property, we study hash functions adapted to the two-level hierarchy of RAM and flash memory. For flash memory efficient off-line LTL model checking, which aims at generating a minimal counterexample and scans the entire state space at least once, we analyze the effect of outsourcing a memory-based perfect hash function from RAM to flash memory.Since the characteristics of flash memories are different to magnetic hard disks, the existing I/O complexity model is no longer sufficient. Therefore, we provide an extended model for the computation of the I/O complexity adapted to flash memories that has a better fit to the observed behavior of our algorithms. 相似文献
4.
We establish a decidability boundary of the model checking problem for infinite-state
systems defined by Process Rewrite Systems (PRS) or weakly extended Process Rewrite Systems (wPRS), and properties described by basic fragments of action-based Linear Temporal Logic (LTL) with both future and past operators. It is known that the problem for general LTL properties is decidable for Petri
nets and for pushdown processes, while it is undecidable for PA processes.We show that the problem is decidable for wPRS if
we consider properties defined by LTL formulae with only modalities strict eventually, strict always, and their past counterparts. Moreover, we show that the problem remains undecidable for PA processes even with respect to
the LTL fragment with the only modality until or the fragment with modalities next and infinitely often. 相似文献
5.
J. Barnat L. Brim P. Ročkai 《International Journal on Software Tools for Technology Transfer (STTT)》2010,12(2):139-153
Recent development in computer hardware has brought more widespread emergence of shared memory, multi-core systems. These architectures offer opportunities to speed up various tasks—model checking and reachability analysis among others. In this paper, we present a design for a parallel shared memory LTL model checker that is based on a distributed memory algorithm. To improve the scalability of our tool, we have devised a number of implementation techniques which we present in this paper. We also report on a number of experiments we conducted to analyse the behaviour of our tool under different conditions using various models. We demonstrate that our tool exhibits significant speedup in comparison with sequential tools, which improves the workflow of verification in general. 相似文献
6.
We propose a parallel distributed memory on-the-fly algorithm for enumerative LTL model checking. The algorithm is designed for networks of workstations communicating via MPI. The detection of cycles (faulty runs) effectively employs the so-called back-level edges. In particular, a parallel level synchronized breadth-first search of the graph is performed to discover all back-level edges, and for each level the back-level edges are checked in parallel by a nested search procedure to confirm or refute the presence of a cycle. Several improvements of the basic algorithm are presented and advantages and drawbacks of their application to distributed LTL model checking are discussed.Research partially supported by grant No. 1ET-408050503 and the Grant Agency of Czech Republic grant No. 201/03/0509.
相似文献
相似文献
7.
Innovations in Systems and Software Engineering - We present in this paper a new approach to the static analysis of concurrent programs with procedures. To this end, we model multi-threaded... 相似文献
8.
SpaceWire是应用于航空航天领域的高速通信总线协议,对SpaceWire设计正确性与可靠性要求极高,由于传统的验证方法,存在不完备性等缺陷,对SpaceWire的严格验证一直是备受关注的问题之一。模型检验以其验证的完备性得到设计人员的重视。提出用线性时态逻辑(LTL)模型检验的方法验证SpaceWire系统的检错机制。在检错模块中,该方法与用分支时态逻辑(CTL)验证方法相比,BDD分配数和状态数明显减少,提高了验证效率,还验证了错误优先级;对检错模块处理的五种错误的发生进行验证,验证结果均为正确。该方法实现了对检错机制的完备性验证。 相似文献
9.
Parosh Aziz Abdulla Bengt Jonsson Marcus Nilsson Julien d’Orso Mayank Saksena 《International Journal on Software Tools for Technology Transfer (STTT)》2012,14(2):223-241
Regular model checking is a form of symbolic model checking for parameterized and infinite-state systems whose states can
be represented as words of arbitrary length over a finite alphabet, in which regular sets of words are used to represent sets
of states. We present LTL(MSO), a combination of the logics monadic second-order logic (MSO) and LTL as a natural logic for expressing the temporal properties to be verified in regular model checking. In other words, LTL(MSO) is a natural specification language for both the system and the property under consideration. LTL(MSO) is a two-dimensional modal logic, where MSO is used for specifying properties of system states and transitions, and LTL is used for specifying temporal properties. In addition, the first-order quantification in MSO can be used to express properties parameterized on a position or process. We give a technique for model checking LTL(MSO), which is adapted from the automata-theoretic approach: a formula is translated to a buchi regular transition system with a regular set of accepting states, and regular model checking techniques are used to search for models. We have implemented
the technique, and show its application to a number of parameterized algorithms from the literature. 相似文献
10.
Certain behavioral properties of distributed systems are difficult to express in interleaving semantics, whereas they are naturally expressed in terms of partial orders of events or, equivalently, Mazurkiewicz traces. Two examples of such properties are serializability of a database and global snapshots of concurrent systems. Recently, a modest extension for LTL by an operator that expresses snapshots, has been proposed. It combines the ease of linear (interleaving) specification with this useful partial order concept. The new construct allows one to assert that a global snapshot appeared in the past, perhaps not in the observed execution sequence, but possibly in an equivalent one. 相似文献
11.
Jiří BarnatAuthor Vitae Petr BauchAuthor VitaeLuboš BrimAuthor Vitae Milan Češka 《Journal of Parallel and Distributed Computing》2012
Recent technological developments made various many-core hardware platforms widely accessible. These massively parallel architectures have been used to significantly accelerate many computation demanding tasks. In this paper, we show how the algorithms for LTL model checking can be redesigned in order to accelerate LTL model checking on many-core GPU platforms. Our detailed experimental evaluation demonstrates that using the NVIDIA CUDA technology results in a significant speedup of the verification process. Together with state space generation based on shared hash-table and DFS exploration, our CUDA accelerated model checker is the fastest among state-of-the-art shared memory model checking tools. 相似文献
12.
部德振 《计算机工程与设计》2011,32(2):564-567
针对当前的模型检测工具不能对时间自动机直接检测带时间约束的线性时序逻辑性质的问题,对带时间约束的线性时序逻辑性质的模型检测进行了研究。带时间约束的线性时序逻辑公式转Büchi自动机后,性质自动机的迁移边上含有了时间约束,在对性质自动机和模型自动机的复合进行空性检测时,通过使用不同方法对如何获取性质自动机迁移边上的时间约束进行了研究,实现了对带时间约束的线性时序逻辑性质的检测,扩展了工具CATV的检测范围,方便了用户的使用。 相似文献
13.
The state space explosion problem is still the key obstacle for applying model checking to systems of industrial size. Abstraction-based methods have been particularly successful in this regard. This paper presents an approach based on refinement of search space partition and abstraction which combines these two techniques for reducing the complexity of model checking. The refinement depends on the representation of each portion of search space. Especially, search space can be refined stepwise to get a better reduction. As reported in the case study, the integration of search space partition and abstraction improves the efficiency of verification with respect to the requirement of memory and obtains significant advantage over the use of each of them in isolation. 相似文献
14.
15.
Roberto Sebastiani Stefano Tonetta Moshe Y. Vardi 《International Journal on Software Tools for Technology Transfer (STTT)》2011,13(4):319-335
In this work we study hybrid approaches to LTL symbolic model checking; that is, approaches that use explicit representations of the property automaton,
whose state space is often quite manageable, and symbolic representations of the system, whose state space is typically exceedingly
large. We compare the effects of using, respectively, (i) a purely symbolic representation of the property automaton, (ii)
a symbolic representation, using logarithmic encoding, of explicitly compiled property automaton, and (iii) a partitioning
of the symbolic state space according to an explicitly compiled property automaton. We apply this comparison to three model-checking
algorithms: the doubly-nested fixpoint algorithm of Emerson and Lei, the reduction of emptiness to reachability of Biere et al.,
and the singly-nested fixpoint algorithm of Bloem et al. for weak automata. The emerging picture from our study is quite clear,
hybrid approaches outperform pure symbolic model checking, while partitioning generally performs better than logarithmic encoding.
The conclusion is that the hybrid approaches benefit from state-of-the-art techniques in semantic compilation of LTL properties.
Partitioning gains further from the fact that the image computation is applied to smaller sets of states. 相似文献
16.
The state space explosion problem is still the key obstacle for applying model checking to systems of industrial size.Abstraction-based methods have been particularly successful in this regard.This paper presents an approach based on refinement of search space partition and abstraction which combines these two techniques for reducing the complexity of model checking.The refinement depends on the representation of each portion of search space. Especially, search space can be refined stepwise to get a better reduction. As reported in the case study, the Integration of search space partition and abstraction improves the efficiencyof verification with respect to the requirement of memory and obtains significant advantage over the use of each of them in isolation. 相似文献
17.
18.
Souheib Baarir Cécile Braunstein Emmanuelle Encrenaz Jean-Michel Ilié Isabelle Mounier Denis Poitrenaud Sana Younes 《Formal Methods in System Design》2011,39(2):165-184
We propose and investigate a robustness evaluation procedure for sequential circuits subject to particle strikes inducing bit-flips in memory elements. We define a general fault model, a parametric reparation model and quantitative measures reflecting the robustness capability of the circuit with respect to these fault and reparation models. We provide algorithms to compute these metrics and show how they can be interpreted in order to better understand the robustness capability of several circuits (a simple circuit coming from the VIS distribution, circuits from the itc-99 benchmarks and a CAN-Bus interface). 相似文献
19.
Many applications, for instance the MS .NET Global Assembly Cache (GAC), are naturally expressed as 3-valued models where an additional third truth value models uncertainty or under-specification. An example of under-specification is that a component in a GAC may or may not have a main method. Models described in this manner can then be analyzed to refute or verify properties about the concrete systems they intend to model. This approach to system validation traditionally considers only one model at a time, even though this model may evolve if subjected to analysis. Many applications, however, benefit from or require the simultaneous consideration of multiple models of systems. We mention here requirements from different stake holders, and data drawn from federated databases. 相似文献
20.
Local model checking and protocol analysis 总被引:1,自引:1,他引:1
Xiaoqun Du Scott A. Smolka Rance Cleaveland 《International Journal on Software Tools for Technology Transfer (STTT)》1999,2(3):219-241
This paper describes a local model-checking algorithm for the alternation-free fragment of the modal mu-calculus that has
been implemented in the Concurrency Factory and discusses its application to the analysis of a real-time communications protocol.
The protocol considered is RETHER, a software-based, real-time Ethernet protocol developed at SUNY at Stony Brook. Its purpose is to provide guaranteed bandwidth
and deterministic, periodic network access to multimedia applications over commodity Ethernet hardware. Our model-checking
results show that (for a particular network configuration) RETHER makes good on its bandwidth guarantees to real-time nodes without exposing non-real-time nodes to the possibility of starvation.
Our data also indicate that, in many cases, the state-exploration overhead of the local model checker is significantly smaller
than the total amount that would result from a global analysis of the protocol. In the course of specifying and verifying
RETHER, we also identified an alternative design of the protocol that warranted further study due to its potentially smaller run-time
overhead in servicing requests for data transmission. Again, using local model checking, we showed that this alternative design
also possesses the properties of interest. This observation points out one of the often-overlooked benefits of formal verification:
by forcing designers to understand their designs rigorously and abstractly, these techniques often enable the designers to
uncover interesting design alternatives. 相似文献