L Aceto,A Burgueno,KG Larsen

DOI: https://doi.org/10.1007/bfb0054177

1998-01-01

Abstract:In this paper we develop an approach to model-checking for timed automata via reachability testing. As our specification formalism, we consider a dense-time logic with clocks. This logic may be used to express safety and bounded liveness properties of real-time systems. We show how to automatically synthesize, for every logical formula phi, a so-called test automaton T_phi in such a way that checking whether a system S satisfies the property phi can be reduced to a reachability question over the system obtained by making T_phi interact with S. The testable logic we consider is both of practical and theoretical interest. On the practical side, we have used the logic, and the associated approach to model-checking via reachability testing it supports, in the specification and verification in Uppaal of a collision avoidance protocol. On the theoretical side, we show that the logic is powerful enough to permit the definition of characteristic properties, with respect to a timed version ofthe ready simulation preorder, for nodes of deterministic, tau-free timed automata. This allows one to compute behavioural relations via our model-checking technique, therefore effectively reducing the problem of checking the existence of a behavioural relation among states of a timed automaton to a reachability problem.

Mingsong Lv,Wang Yi,Nan Guan,Ge Yu

DOI: https://doi.org/10.1109/rtss.2010.30

2010-01-01

Abstract:It is predicted that multicores will be increasingly used in future embedded real-time systems for high performance and low energy consumption. The major obstacle is that we may not predict and provide any guarantee on real-time properties of software on such platforms. The shared memory bus is among the most critical resources, which severely degrade the timing predictability of multicore software due to the access contention between cores. In this paper, we study a multicore architecture where each core has a local L1 cache and all cores use a shared bus to access the off-chip memory. We use Abstract Interpretation (AI) to analyze the local cache behavior of a program running on a dedicated core. Based on the cache analysis, we construct a Timed Automaton (TA) to model when the programs access the memory bus. Then we model the shared bus also using timed automata. The TA models for the bus and programs will be explored using the UPPAAL model checker to find the WECTs for the respective programs. Based on the presented techniques, we have developed a tool for multicore timing analysis, which allows automatic generation of the TA models from binary code and WCET estimation for any given TA model of the shared bus. Extensive experiments have been conducted, showing that the combined approach can significantly tighten the estimations. As examples, we have studied the TDMA and FCFS buses, of which the WCET bounds can be tightened by up to 240% and 82% respectively, compared with the worst-case bounds estimated based on worst-case bus access delay.

Yijun Feng,Joost-Pieter Katoen,Haokun Li,Bican Xia,Naijun Zhan

DOI: https://doi.org/10.1007/978-3-319-96145-3_27

2018-01-01

Abstract:This paper presents a numerical algorithm to verify continuous-time Markov chains (CTMCs) against multi-clock deterministic timed automata (DTA). These DTA allow for specifying properties that cannot be expressed in CSL, the logic for CTMCs used by state-of-the-art probabilistic model checkers. The core problem is to compute the probability of timed runs by the CTMC C that are accepted by the DTA A. These likelihoods equal reachability probabilities in an embedded piecewise deterministic Markov process (EPDP) obtained as product of C and A's region automaton. This paper provides a numerical algorithm to efficiently solve the PDEs describing these reachability probabilities. The key insight is to solve an ordinary differential equation (ODE) that exploits the specific characteristics of the product EPDP. We provide the numerical precision of our algorithm and present experimental results with a prototypical implementation.

Zhimin Wu,Yi Xu,Akin Gunay,Yang Liu,Shengchao Qin

DOI: https://doi.org/10.1109/iceccs.2016.025

2016-01-01

Abstract:Model checking is an automated technique for verifying temporal logic properties of finite state systems. Tarjan's algorithm for detecting Strongly Connected Components (SCCs) is a widely used depth-first search procedure for Automatabased (LTL) model checking. It works on the SCC detection on-the-fly with the composition of transition systems and Büchi Automaton (state space generation), which has been deployed as sequential implementations in many tools. However, these implementations suffer from heavy time cost for systems which involve a large number of SCC explorations. To address this issue, in this paper, we develop a concurrent SCC detection approach for the on-the-fly generated state space in LTL model checking by expanding the existing concurrent Tarjan's algorithm. Besides, we involve fairness checking. Different that the previous work, which performs fairness checking after the generation of a complete SCC, in our approach we perform fairness checking during SCC generation to improve efficiency. We implement our approach in PAT model checker. Our experimental results show that our approach achieves up to 2X speedup for the complete SCC detection in large-scale system models compared to the sequential on-the-fly model checking in PAT. Besides, our parallel on-the-fly fairness checking approach speedups fairness checking around 2X~45X.

Kim G. Larsen,Fredrik Larsson,Paul Pettersson,Wang Yi

DOI: https://doi.org/10.1023/a:1025132427497

2003-01-01

Real-Time Systems

Abstract:During the past few years, a number of verification tools have been developed for real-time systems in the framework of timed automata. One of the major problems in applying these tools to industrial-sized systems is the huge memory-usage for the exploration of the state-space of a network (or product) of timed automata, as the model-checkers must keep information about not only the control structure of the automata but also the clock values specified by clock constraints. In this paper, we present a compact data structure for representing clock constraints. The data structure is based on an O(n3) algorithm which, given a constraint system over real-valued variables consisting of bounds on differences, constructs an equivalent system with a minimal number of constraints. In addition, we have developed an on-the-fly reduction technique to minimize the space-usage. Based on static analysis of the control structure of a network of timed automata, we are able to compute a set of symbolic states that cover all the dynamic loops of the network in an on-the-fly searching algorithm, and thus ensure termination in reachability analysis. The two techniques and their combination have been implemented in the tool UPPAAL. Our experimental results demonstrate that the techniques result in truly significant space-reductions: for six examples from the literature, the space saving is between 75% and 94%, and in (nearly) all examples time-performance is improved. Noteworthy is also the observation that the two techniques are completely orthogonal.

Dong Wang,Jing Liu,Haiying Sun,Jin Xu,Jiexiang Kang

DOI: https://doi.org/10.1142/S0218194021400210

IF: 1.007

2021-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Model checking is a verification technique that explores all possible system states in a brute-force manner. However, the state space can be extremely large for many practical systems and the verification time grows exponentially with the size of systems. It is a major limitation for state-space search algorithms of model checking. This paper presents a novel approach to perform Linear Temporal Logic (LTL) and Computation Tree Logic (CTL) model checking by using the connective probe machine, which is a fully parallel computing model. Our state-space search algorithm is based on the semantics of CTL properties and we design transformation algorithms to transform the model of a system into the structure that can run on the existing probe machine. We propose another approach to find multiple accepting cycles in linear time, which greatly shortens the verification time of LTL model checking. Compared to the traditional model checker, our approach can find multiple counterexamples according to the given property, which can trace as many system defects as possible. Simultaneously, it can greatly reduce the verification time for systems with large state spaces. We develop a model checker called MC2PROBE based on our approach and prove the feasibility and efficiency of our checker by experiments.

Gerd Behrmann,Kim Guldstrand Larsen,Justin Pearson,Carsten Weise,Wang Yi

DOI: https://doi.org/10.1007/3-540-48683-6_30

1998-01-01

BRICS Report Series

Abstract:One of the major problems in applying automatic verification tools to industrial-size systems is the excessive amount of memory required during the state-space exploration of a model. In the setting of real-time, this problem of state-explosion requires extra attention as information must be kept not only on the discrete control structure but also on the values of continuous clock variables. In this paper, we exploit Clock Difference Diagrams, CDD's, a BDD-like data-structure for representing and effectively manipulating certain nonconvex subsets of the Euclidean space, notably those encountered during verification of timed automata. A version of the real-time verification tool Uppaal using CDD's as a compact data-structure for storing explored symbolic states has been implemented. Our experimental results demonstrate significant spacesavings: for eight industrial examples, the savings are in average 42% with moderate increase in runtime. We further report on how the symbolic state-space exploration itself may be carried out using CDD's.

Zhengkui Zhang,Brian Nielsen,Kim G. Larsen

DOI: https://doi.org/10.1007/978-3-319-44878-7_10

2016-01-01

Abstract:Time optimal reachability analysis is a novel model based technique for solving scheduling and planning problems. After modeling them as reachability problems using timed automata, a real-time model checker can compute the fastest trace to the goal states which constitutes a time optimal schedule. We propose distributed computing to accelerate time optimal reachability analysis. We develop five distributed state exploration algorithms, implement them in Uppaal enabling it to exploit the compute resources of a dedicated model-checking cluster. We experimentally evaluate the implemented algorithms with four models in terms of their ability to compute near-or proven-optimal solutions, their scalability, time and memory consumption and communication overhead. Our results show that distributed algorithms work much faster than sequential algorithms and have good speedup in general.

A David,G Behrmann,Kg Larsen,W Yi

DOI: https://doi.org/10.1007/3-540-44829-2_15

2003-01-01

Abstract:We present work on unifying the two main data structures involved during reachability analysis of timed automata. We also present result on sharing common elements between states. The experimental evaluations show speedups of up to 60% and memory savings of up to 80% compared to previous implementations.

Benoit Barbot,Taolue Chen,Tingting Han,Joost-Pieter Katoen,Alexandru Mereacre

DOI: https://doi.org/10.1007/978-3-642-19835-9_12

2011-01-01

Abstract:This paper makes verifying continuous-time Markov chains (CTMCs) against deterministic timed automata (DTA) objectives practical. We show that verifying 1-clock DTA can be done by analyzing subgraphs of the product of CTMC C and the region graph of DTA A. This improves upon earlier results and allows to only use standard analysis algorithms. Our graph decomposition approach naturally enables bisimulation minimization as well as parallelization. Experiments with various examples confirm that these optimizations lead to significant speed-ups. We also report on experiments with multiple-clock DTA objectives. The objectives and the size of the problem instances that can be checked with our prototypical tool go (far) beyond what could be checked so far.

Jianhua Zhao,Xiuyi Zhou,Xuandong Li,Guoliang Zheng

DOI: https://doi.org/10.1109/IPDPS.2005.146

2005-01-01

Abstract:Many real-time systems are modelled as timed automaton networks, which are parallel compositions of timed automata. Those timed automata interact with each other through shared variables and/or communication channels. In the literate, symbolic states with different shared variable valuations are treated as distinct ones. This paper presents a compatibility relation between shared variable valuations. Using this relation, the reachability analysis algorithm can avoid exploring all the states with different shared variable valuations. An algorithm is presented in this paper to detect compatible shared variable valuations. A compact data structure is also proposed to record the shared variable valuation sets found by this algorithm. Based on these results, an optimized reachability analysis algorithm is presented. Case studies show that our technique improves the space-efficiency of reachability analysis significantly.

Wei Wang,Dong Guo,Zhigang Deng,Guosun Zeng,Wei Liu,Huanliang Xiong

DOI: https://doi.org/10.1145/2578948.2560695

2014-01-01

Abstract:As the ongoing scaling of semiconductor technology causing severe increase of on-chip power density in microprocessors, this leads for urgent requirement for power management during each level of computer system design. In this paper, we describe an approach for solving the general class of energy optimal task graph scheduling problems using cost-reward timed automata. We propose a formal technique based on model checking using extended timed automata to solve the processor frequency assignment problem in an energy-constrained multitasking system. To handle the problem of "state space explosion" in symbolic model checking, we also provide an efficient zone-based algorithm for minimum-cost reachability. Our approach is capable of finding efficient solutions under various constraints and applicable to other problem variants as well. Experimental results demonstrate the usefulness and effectiveness of our approach.

Qi Lu,Michael Madsen,Martin Milata,Soren Ravn,Uli Fahrenberg,Kim G. Larsen

DOI: https://doi.org/10.1016/j.jlap.2011.10.004

2011-01-01

The Journal of Logic and Algebraic Programming

Abstract:We show that max-plus polyhedra are usable as a data structure in reachability analysis of timed automata. Drawing inspiration from the extensive work that has been done on difference bound matrices, as well as previous work on max-plus polyhedra in other areas, we develop the algorithms needed to perform forward and backward reachability analysis using maxplus polyhedra. To show that the approach works in practice and theory alike, we have created a proof-of-concept implementation on top of the model checker opaal.

Alexandre David,Gerd Behrmann,Kim Guldstrand Larsen,Wang Yi

DOI: https://doi.org/10.1007/978-3-540-40007-3_22

2003-01-01

Abstract:We present the design of the model-checking engine and internal data structures for the next generation of UPPAAL. The design is based on a pipeline architecture where each stage represents one independent operation in the verification algorithms. The architecture is based on essentially one shared data structure to reduce redundant computations in state exploration, which unifies the so-called passed and waiting lists of the traditional reachability algorithm. In the implementation, instead of using standard memory management functions from general-purpose operating systems, we have developed a special-purpose storage manager to best utilize sharing in physical storage. We present experimental results supporting these design decisions. It is demonstrated that the new design and implementation improves the efficiency of the current distributed version Of UPPAAL by about 60% in time and 80% in space.

Zonghua Gu,Zhu Wang,Haolan Chen,Haibin Cai

DOI: https://doi.org/10.1504/ijes.2014.063815

2014-01-01

International Journal of Embedded Systems

Abstract:It is an active research topic to determine schedulability of a real-time sporadic or periodic taskset on a multicore processor with global scheduling policies such as global fixed-priority (FP) or earliest deadline first (EDF) algorithms. Analytical techniques such as utilisation bound tests and response time analysis algorithms generally suffer from excessive pessimism, and may cause low system utilisation. In this paper, we apply model-checking to address the restricted task model of periodic tasks with fixed release offsets and possible release jitter. We believe that this restricted task model is more realistic for current industry practice than the more general sporadic task model, since it can achieve higher CPU utilisation and better predicability. We present an approach to schedulability analysis of this restricted task model using the timed automata model-checker UPPAAL. This modelling framework is flexible and expressive, and can achieve reasonable scalability.

KG Larsen,P Pettersson,W Yi

DOI: https://doi.org/10.1109/real.1995.495198

1995-01-01

Abstract:Efficient automatic model-checking algorithms for real-time systems have been obtained in recent years based on the state-region graph technique of Alur, Courcoubetis and Dill (1990). However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in the space of control nodes, and explosion in the region space over clock-variables. In this paper we attack these explosion problems by developing and combining compositional and symbolic model-checking techniques. The presented techniques provide the foundation for a new automatic verification tool UPPAAL. Experimental results indicate that UPPAAL performs time- and space-wise favorably compared with other real-time verification tools.

Kim G. Larsen,Paul Pettersson,Wang Yi

1995-01-01

Abstract:E cient automatic model{checking algorithms for real-time systems have been obtained in recent years based on the state{region graph technique of Alur, Courcoubetis and Dill. However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in the space of control nodes, and explosion in the region space over clock-variables. This paper reports on work attacking these explosion problems by developing and combining compositional and symbolic model{checking techniques. The presented techniques provide the foundation for a new automatic veri cation tool Uppaal . Experimental results show that Uppaal is not only substantially faster than other real-time veri cation tools but also able to handle much larger systems.

KG Larsen,F Larsson,P Pettersson,W Yi

DOI: https://doi.org/10.1109/real.1997.641265

1997-01-01

Abstract:During the past few years, a number of verification tools have been developed for real-time systems in the framework of timed automata (e.g. KRONOS and UPPAAL). One of the major problems in applying these tools to industrial-size systems is the huge memory-usage for the exploration of the state-space of a network (or product) of timed automata, as the model-checkers must keep information on not only the control structure of the automata but also the clock values specified by clock constraints. In this paper, we present a compact data structure for representing clock constraints. The data structure is based on an O(n/sup 3/) algorithm which, given a constraint system over real-valued variables consisting of bounds on differences, constructs an equivalent system with a minimal number of constraints. In addition, we have developed an on-the-fly, reduction technique to minimize the space-usage. Based on static analysis of the control structure of a network of timed automata, we are able to compute a set of symbolic states that cover all the dynamic loops of the network in an on-the-fly searching algorithm, and thus ensure termination in reachability analysis. The two techniques and their combination have been implemented in the tool UPPAAL. Our experimental results demonstrate that the techniques result in truly significant space-reductions: for six examples from the literature, the space saving is between 75% and 94%, and in (nearly) all examples time-performance is improved. Also noteworthy is the observation that the two techniques are completely orthogonal.

Jianhua Zhao,Bin Lei,Xuandong Li,Guoliang Zheng

DOI: https://doi.org/10.1109/ISoLA.2006.28

2006-01-01

Abstract:In this paper, we present a timed automaton reachability analysis algorithm which can use some other properties to improve the model checking efficiency. If the model checker aborts because of memory or CPU time limitation when checking a property P, the users can still use a set of auxiliary properties P_1, P_2, \dots, P_n about the system to reduce the space and time requirement. People can verify these auxiliary properties by either model checking or other methods like theorem proving. This algorithm gives the users a way to reduce the space and time requirement of model checking using their knowledge about the system under check.

Przemysław Daca,Thomas A. Henzinger,Jan Křetínský,Tatjana Petrov

DOI: https://doi.org/10.48550/arXiv.1504.05739

2016-03-03

Abstract:We present a new algorithm for the statistical model checking of Markov chains with respect to unbounded temporal properties, such as reachability and full linear temporal logic. The main idea is that we monitor each simulation run on the fly, in order to detect quickly if a bottom strongly connected component is entered with high probability, in which case the simulation run can be terminated early. As a result, our simulation runs are often much shorter than required by termination bounds that are computed a priori for a desired level of confidence and size of the state space. In comparison to previous algorithms for statistical model checking, for a given level of confidence, our method is not only faster in many cases but also requires less information about the system, namely, only the minimum transition probability that occurs in the Markov chain, thus enabling almost complete black-box verification. In addition, our method can be generalised to unbounded quantitative properties such as mean-payoff bounds.

Logic in Computer Science