Ting Wang,Jun Sun,Xinyu Wang,Yang Liu,Yuanjie Si,Jin Song Dong,Xiaohu Yang,Xiaohong Li

DOI: https://doi.org/10.1109/tse.2014.2359893

IF: 7.4

2014-01-01

IEEE Transactions on Software Engineering

Abstract:Zeno runs, where infinitely many actions occur within finite time, may arise in Timed Automata models. Zeno runs are not feasible in reality and must be pruned during system verification. Thus it is necessary to check whether a run is Zeno or not so as to avoid presenting Zeno runs as counterexamples during model checking. Existing approaches on non-Zenoness checking include either introducing an additional clock in the Timed Automata models or additional accepting states in the zone graphs. In addition, there are approaches proposed for alternative timed modeling languages, which could be generalized to Timed Automata. In this work, we investigate the problem of non-Zenoness checking in the context of model checking LTL properties, not only evaluating and comparing existing approaches but also proposing a new method. To have a systematic evaluation, we develop a software toolkit to support multiple non-Zenoness checking algorithms. The experimental results show the effectiveness of our newly proposed algorithm, and demonstrate the strengths and weaknesses of different approaches.

Zhi-Hong Tao,Cong-Hua Zhou,Zhong Chen,Li-Fu Wang

DOI: https://doi.org/10.1007/s11390-007-9004-z

IF: 1.871

2007-01-01

Journal of Computer Science and Technology

Abstract:Bounded Model Checking has been recently introduced as an efficient verification method for reactive systems. This technique reduces model checking of linear temporal logic to propositional satisfiability. In this paper we first present how quantified Boolean decision procedures can replace BDDs. We introduce a bounded model checking procedure for temporal logic CTL* which reduces model checking to the satisfiability of quantified Boolean formulas. Our new technique avoids the space blow up of BDDs, and extends the concept of bounded model checking.

Tao Zhihong,Zhou Conghua,Kleine Buning Hans,Wang Lifu

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:Bounded model checking has been recently introduced as an efficient verification method for reactive systems. In this work we apply bounded model checking to asynchronous systems. More specifically, we translate the bounded model checking of ECTL-X, LTL-X formulas for bounded Petri nets into the propositional satisfiability decision problem. The ordinary encoding would yield a large formula due to the concurrent and asynchronous nature of Petri nets. We propose a new encoding method for bounded Petri nets. This method can reduce verification time by representing the behavior with very succinct formulas.

Zhou Conghua,Tao Zhihong,Ding Decheng,Wang Lifu

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:Bounded model checking (BMC) has been recently introduced as an efficient verification method for reactive systems. Propositional satisfiability (SAT)-based bounded model checking methods consists in searching for a counter- example of a particular length and generating a propositional formula that is satisfiable iff such a counterexample exists. Until now, SAT-based bounded model checking only concerns with universal properties. In this paper we focus on bounded model checking for Computation tree logic (CTL). We present how quantified Boolean decision procedures like Davis & Putnam Procedure can replaces Binary decision diagrams (BDDs). Our basic idea is to decide the validation of a CTL formula phi in finite executions of a system and reduce the validation to a Quantified Boolean formula (QBF) psi which is satisfiable if and only if phi is valid in finite executions of the system. QBF solvers based on Davis & Putnam Procedure do not blow up in space. Therefore, our new technique avoids the space blow up of BDDs, and sometimes speeds up the verification.

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

Junyan Qian,Baowen Xu

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is one of the most practical techniques for automatic formal verification to ensure the correctness of design specifications. Statecharts that extends the finite state machine is a visual language for specifying the behavior of complex reactive system. Model checking whether Statecharts model satisfies the required properties has become an important issue. The usual way to model checking Statecharts is to flat it and apply a model checking tool to verify the resulting model, but it exists state space explosion problem. In order to avoid the problem, we present an approach to model checking directly Statecharts without the flattening, a straightforward way to verify Statecharts. Based on the automata theory of model checking and the Statecharts operational semantics used labeled transition system, an algorithm for verifying LTL properties of the system, whose complexity is polynomial in the size of the Statecharts, was developed.

Luca Geatti,Nicola Gigante,Angelo Montanari,Gabriele Venturato

DOI: https://doi.org/10.1007/s10817-023-09691-1

2024-03-16

Journal of Automated Reasoning

Abstract:Linear temporal logic ( ) and its variant interpreted on finite traces ( ) are among the most popular specification languages in the fields of formal verification, artificial intelligence, and others. In this paper, we focus on the satisfiability problem for and formulas, for which many techniques have been devised during the last decades. Among these are tableau systems , of which the most recent is Reynolds' tree-shaped tableau. We provide a SAT-based algorithm for and satisfiability checking based on Reynolds' tableau, proving its correctness and discussing experimental results obtained through its implementation in the BLACK satisfiability checker.

computer science, artificial intelligence

Keijo Heljanko,Ilkka Niemelä

DOI: https://doi.org/10.48550/arXiv.cs/0305040

2003-05-24

Abstract:In this paper bounded model checking of asynchronous concurrent systems is introduced as a promising application area for answer set programming. As the model of asynchronous systems a generalisation of communicating automata, 1-safe Petri nets, are used. It is shown how a 1-safe Petri net and a requirement on the behaviour of the net can be translated into a logic program such that the bounded model checking problem for the net can be solved by computing stable models of the corresponding program. The use of the stable model semantics leads to compact encodings of bounded reachability and deadlock detection tasks as well as the more general problem of bounded model checking of linear temporal logic. Correctness proofs of the devised translations are given, and some experimental results using the translation and the Smodels system are presented.

Logic in Computer Science,Artificial Intelligence

Fei He,Yuan Gao,Liangze Yin

DOI: https://doi.org/10.1007/s11704-016-6048-7

IF: 2.6688

2018-01-01

Frontiers of Computer Science

Abstract:Software product line (SPL) engineering is increasingly being adopted in safety-critical systems. It is highly desirable to rigorously show that these systems are designed correctly. However, formal analysis for SPLs is more difficult than for single systems because an SPL may contain a large number of individual systems. In this paper, we propose an efficient model-checking technique for SPLs using induction and a SAT (Boolean satisfiability problem) solver. We show how an induction-based verification method can be adapted to the SPLs, with the help of a SAT solver. To combat the state space explosion problem, a novel technique that exploits the distinguishing characteristics of SPLs, called feature cube enlargement, is proposed to reduce the verification efforts. The incremental SAT mechanism is applied to further improve the efficiency. The correctness of our technique is proved. Experimental results show dramatic improvement of our technique over the existing binary decision diagram (BDD)-based techniques.

Tang Shan,Peng Xin,Zhao Wen-yun,Liu Yi-ming

2006-01-01

Abstract:One of the urgent problems in software engineering is how to guarantee the correctness of software architecture evolution. Model checking is an approach which is used to verify properties of systems. Generally, it checks whether a given model satisfies some special property which are expressed by linear temporal logic through checking all of states of the target model. Since the complexity of the model checking mainly depends on the amount of number of the states, the most intractable problems of the approach are lack of memory and the state space explosion. There are few effective model checking approaches for large scale dynamic software architecture, this paper proposes a modular model checking strategy based on linear temporal logic. From two different levels: the component composing the system and the whole system, this paper discusses how to verify dynamic software architecture in detail, gives the corresponding algorithms and introduces an e-business case to illustrate the availability of our approach. Keyword: Dynamic Software Architecture, Model Checking, Linear Temporal Logic, Automaton

E. M. Clarke,E. A. Emerson,A. P. Sistla

DOI: https://doi.org/10.1145/5397.5399

IF: 1.714

1986-04-01

ACM Transactions on Programming Languages and Systems

Abstract:We give an efficient procedure for verifying that a finite-state concurrent system meets a specification expressed in a (propositional, branching-time) temporal logic. Our algorithm has complexity linear in both the size of the specification and the size of the global state graph for the concurrent system. We also show how this approach can be adapted to handle fairness. We argue that our technique can provide a practical alternative to manual proof construction or use of a mechanical theorem prover for verifying many finite-state concurrent systems. Experimental results show that state machines with several hundred states can be checked in a matter of seconds.

computer science, software engineering

Liangze Yin,Fei He,Ming Gu

DOI: https://doi.org/10.1109/TASE.2013.11

2013-01-01

Abstract:This paper considers bounded model checking for extended labeled transition systems. Bounded model checking relies on a SAT solver to prove (or disprove) the existence of a counterexample with a bounded length. During the translation of a BMC problem to a SAT problem, much useful information is lost. This paper proposes an algorithm to analyze the transition system model, and then utilize the structure information hidden in the model to refine the decision ordering of variables in SAT solving. The basic idea is to guide the search process of SAT solving by the structure of the transition system. Experiments with this heuristic on real industrial designs show 5-12 times speedup over standard bounded model checking.

Kuanjiu Zhou,Jiawei Yong,Xiaolong Wang,Longtao Ren,Gang Hou,Junwang Chang

DOI: https://doi.org/10.1007/978-3-642-45293-2_26

2013-01-01

Abstract:Model checking technique has been gradually applied to verify the reliability of software systems. However, as to software with large scale and complex structure, the verification procedure suffers from the state space explosion, thus leading to a low efficiency or resource exhaustion. In this paper, we propose a method of accelerating software model checking based on program backbone to verify the properties in ANSI-C source codes. We prune the program with respect to the assertion property, and compress the circular paths by maximal strongly connected components to extract the program backbone. Subsequently, the Hoare theory is used to generate an invariant from the compressed circular nodes, which reduces the length of path encoding. The assertion property is finally translated into a quantifier-free formula and checked for satisfiability by the SMT solver Z3. The experiments show that this method substantially improves the efficiency of program verification.

Dexi Wang,Chao Zhang,Guang Chen,Ming Gu,Jiaguang Sun

2016-01-01

Abstract:The C programming language is widely used in safety-critical software systems. With its large appliance and increasing complexity, the need of ensuring the correctness of C codes emerged. This paper presents Ceagle , a fully automated program verifier for finding assertion violations in C programs. It is decent in both accuracy and efficiency by using a semantically equivalent program model language that is specifically designed for C program, together with various optimizations that make the satisfiability checking faster and memoryfriendly. More specifically, Ceagle uses LLVM clang as front-end parser, an extended labeled transition system as program model, and Z3 SMT solver as the back-end satisfiability checker. Ceagle is designed to be fully automatic and requires no user interaction as long as the assertions are provided. For evaluation, we compare Ceagle with existing C program verifiers based on open benchmarks. Ceagle outperforms others in terms of accuracy, and time and memory consumption.

Dingbao Xie,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1109/RTSS.2014.22

2014-01-01

Abstract:The behavior space of real time hybrid systems is very complex and hence expensive to conduct the classical full state space model checking. Compared to the classical model checking, bounded model checking (BMC) is much cheaper to conduct and has better scalability. This work presents a technique that can derive, in some cases, a proof of unbounded reach ability argument of Linear Hybrid Automata (LHA) from a BMC procedure. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, a.k.a. UC or IIS, in the constraint set according to the bounded continuous state space of LHA. Currently, such unsatisfiable constraints are only fed back to the constraint set to accelerate the BMC solving. In this paper, we propose that such unsatisfiable constraint core can be exploited to give general unbounded verification result of the system model. As each constraint can be mapped back to certain semantical elements of the system model, the unsatisfiable constraint cores can be mapped back into path segments, which are not feasible, in the graph structure of the LHA model. Clearly, if all the potential paths to reach the target location in the graph structure have to go through such infeasible path segments, the target location is not reachable in general, not only in the given bound. Based on this observation, we propose to encode the infeasible path segments as linear temporal logic (LTL) formulas, and present the graph structure, the discrete part, of the LHA model as a transition system. Then, we can take advantage of the mature off-the-shelf LTL model checking techniques to verify whether there exists a path to reach the target location without touching any detected IIS path segment in the graph structure of the LHA model. We implement this technique into a bounded LHA checker BACH. The experiments show that most of the benchmarks can be verified by the enhanced BACH with a clearly better performance and scalability.

Elaheh Ghassabani,Mohammad Abdollahi Azgomi

DOI: https://doi.org/10.48550/arXiv.1603.03535

2016-03-11

Abstract:Verification of large and complicated concurrent programs is an important issue in the software world. Stateless model checking is an appropriate method for systematically and automatically testing of large programs, which has proved its power in verifying code of large programs. Another well-known method in this area is runtime verification. Both stateless model checking and runtime verification are similar in some ways. One common approach in runtime verification is to construct runtime monitors for properties expressed in linear temporal logic. Currently, there are some semantics to check linear temporal logic formulae on finite paths proposed in the field of runtime verification, which can also be applied to stateless model checking. However, existing stateless model checkers do not support LTL formulae. In some settings, it is more advantageous to make use of stateless model checking instead of runtime verification. This paper proposes a novel encoding of one of the recent LTL semantics on finite paths into an actor-based system. We take a truly parallel approach without saving any program states or traces, which not only addresses important problems in runtime verification, but can also be applied to stateless model checking.

Programming Languages

Zhengwei Qi,Liang Liu,Alei Liang,Hao Wang,Ying Chen

DOI: https://doi.org/10.1109/ICPADS.2008.73

2008-01-01

Abstract:Modern software model checkers are usually used to find safety violations. However, checking liveness properties can offer a more natural and effective way to detect errors, particularly in complex concurrent and distributed e-business systems. Specifying global liveness properties which should always eventually be true proves to be more desirable, but it is hard for existing software model checkers to verify liveness in real codes because doing so requires finding an infinite execution. For solving such a challenge, this paper proposes an online checking tool to verify the safety and liveness properties of complex systems. We adopt the linear temporal logic to describe the semantics of the finite model checking, use binary instrumentation to obtain the distribute states and apply a checking engine to dynamically verify the finite trace linear temporal logic properties. At last, we demonstrate the method in a distributed system using distributed protocol Paxos and achieve good results by experiments.

Longlong Lu,Minxue Pan,Tian Zhang,Xuandong Li

DOI: https://doi.org/10.1007/s10270-022-00980-8

2022-01-01

Abstract:Open environmental software systems are often time-sensitive, as they need to respond to other entities within the systems and/or in the environments promptly. The timing requirements are therefore an essential part of the system correctness. Scenario-based specifications (SBS) such as message sequence charts and UML interaction models play an important role in specifying open environmental software systems since they intuitively model interactions between different entities. While modelling these systems, the timing requirements can be specified as timing constraints. In this paper, we study the problem of checking the timing consistency of SBS with timing constraints. Although this problem can be transformed into a reachability analysis problem, checking its reachability can still be time-consuming. Therefore, we propose a novel SAT and linear programming (LP) collaborative timing analysis approach named Tassat for the bounded timing analysis of SBS. Instead of using depth-first traversal algorithms, Tassat encodes the structures of the SBS into propositional formulas and adopts SAT solvers to find candidate paths. The timing analysis of candidate paths is then transformed to LP problems, where the irreducible infeasible set of the infeasible paths can be utilized to filter out candidate paths for checking. In addition, we propose an enhanced version of the approach that extends the bounded analysis results to the entire models if the infeasible path segments do not contain intermediate loops. The enhanced algorithm can prove that the given SBS satisfy the required properties on any bound condition. The experimental results show that Tassat is effective and has better performance than existing tools in terms of both time consumption and memory footprint.

Yong Li,Lei Song,Yuan Feng,Lijun Zhang

DOI: https://doi.org/10.1109/time.2016.12

2016-01-01

Abstract:This paper deals with model checking problems with respect to LTL properties under fairness assumptions. We first present an efficient algorithm to deal with a fragment of fairness assumptions and then extend the algorithm to handle arbitrary ones. Notably, by making use of some syntactic transformations, our algorithm avoids constructing corresponding Büchi automata for the whole fairness assumptions, which can be very large in practice. We implement our algorithm in NuSMV and consider a large selection of formulas. Our experiments show that in many cases our approach exceeds the automata-theoretic approach up to several orders of magnitude, in both time and memory.

Ramy Medhat,Yogi Joshi,Borzoo Bonakdarpour,Sebastian Fischmeister

DOI: https://doi.org/10.48550/arXiv.1411.2239

2014-11-09

Abstract:Runtime verification is an effective automated method for specification-based offline testing and analysis as well as online monitoring of complex systems. The specification language is often a variant of regular expressions or a popular temporal logic, such as LTL. This paper presents a novel and efficient parallel algorithm for verifying a more expressive version of LTL specifications that incorporates counting semantics, where nested quantifiers can be subject to numerical constraints. Such constraints are useful in evaluating thresholds (e.g., expected uptime of a web server). The significance of this extension is that it enables us to reason about the correctness of a large class of systems, such as web servers, OS kernels, and network behavior, where properties are required to be instantiated for parameterized requests, kernel objects, network nodes, etc. Our algorithm uses the popular {\em MapReduce} architecture to split a program trace into variable-based clusters at run time. Each cluster is then mapped to its respective monitor instances, verified, and reduced collectively on a multi-core CPU or the GPU. Our algorithm is fully implemented and we report very encouraging experimental results, where the monitoring overhead is negligible on real-world data sets.

Logic in Computer Science