François Laroussinie,Kim G. Larsen

DOI: https://doi.org/10.7146/brics.v2i19.19921

1995-01-01

BRICS Report Series

Abstract:A major problem in applying model checking to finite-state systems is the potential combinatorial explosion of the state space arising from parallel composition. Solutions of this problem have been attempted for practical applications using a variety of techniques. Recent work by Andersen [And95] proposes a very promising compositional model checking technique, which has experimentally been shown to improve results obtained using Binary Decision Diagrams. In this paper we make Andersen's technique applicable to systems described by networks of timed automata. We present a quotient construction, which allows timed automata components to be gradually moved from the network expression into the specification. The intermediate specifications are kept small using minimization heuristics suggested by Andersen. The potential of the combined technique is demonstrated using a prototype implemented in CAML.

KG Larsen,P Pettersson,W Yi

DOI: https://doi.org/10.1109/real.1995.495198

1995-01-01

Abstract:Efficient automatic model-checking algorithms for real-time systems have been obtained in recent years based on the state-region graph technique of Alur, Courcoubetis and Dill (1990). However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in the space of control nodes, and explosion in the region space over clock-variables. In this paper we attack these explosion problems by developing and combining compositional and symbolic model-checking techniques. The presented techniques provide the foundation for a new automatic verification tool UPPAAL. Experimental results indicate that UPPAAL performs time- and space-wise favorably compared with other real-time verification tools.

Kim G. Larsen

DOI: https://doi.org/10.1007/978-3-642-11486-1_3

2010-01-01

Abstract:This paper gives a survey of a composition model checking methodology and its succesfull instantiation to the model checking of networks of finite-state, timed, hybrid and probabilistic systems with respect to suitable quantitative versions of the modal μ-calculus [Koz82]. The method is based on the existence of a quotient construction, allowing a property φ of a parallel system A|B to be transformed into a sufficient and necessary quotient-property φ/ A to be satisfied by the component B. Given a model checking problem involving a network P 1|...|P n and a property φ, the method gradually move (by quotienting) components P i from the network into the formula φ. Crucial to the success of the method is the ability to manage the size of the intermediate quotient-properties by a suitable collection of efficient minimization heuristics.

Fei He,He Zhu,William N. N. Hung,Xiaoyu Song,Ming Gu

DOI: https://doi.org/10.1109/tase.2010.27

2010-01-01

Abstract:Model checking suffers from the state explosion problem. Compositional abstraction and abstraction refinement have been investigated in many areas to address this problem. This paper considers the compositional model checking for timed systems. We present an automated approach which combines compositional abstraction and counter-example guided abstraction refinement (CEGAR). The proposed approach exploits the semantics of a timed automaton to procure its over-approximative abstraction. Any safety property which holds on the abstraction is guaranteed to hold on the concrete model. In the case of a spurious counter-example, our proposed approach refines and strengthens the abstraction in a component-wise method. We implemented our method with the model checking tool Uppaal. Experimental results show promising improvements.

DONG Wei,WANG Ji,QI Zhi-Chang

2001-01-01

Abstract:Model checking is an important technology of automatic verification. It verifies the modal/proposition properties of concurrent or real-time systems through explicit state exploration or implicit fixpoint computation. It can ensure the correctness of critical application such as communication protocol and digital circuit. In this paper, the development and state-of-art of model checking are expatiated. Two main tactics separately based on automata theory and symbolic structure for concurrent systems are described and the methods to solve state explosion problem are given. Then the methods of model checking for real-time systems and object-oriented designs are introduced. The corresponding known tools for every method are also presented. Finally, the difficulties faced by model checking and its developing trend are analyzed.

Wei Dong,Ji Wang,Zhichang Qi,Ni Rong

DOI: https://doi.org/10.1109/aspec.2007.25

2007-01-01

Abstract:UML dynamic models are important for software analysis and design. Verifying UML dynamic models to find design errors earlier is a key issue for ensuring software quality. Because of the characteristics such as concurrency and hierarchy, model checking of UML Statecharts and collaboration diagrams faces the problem of state explosion. In this paper, UML Statecharts is firstly structurally expressed by hierarchical automata and its semantics for open systems is introduced. Then, the synchronization composition of objects in UML collaboration diagrams is expatiated, based on which the global system behaviors can be constructed. Based on hierarchical automata and simulation relation between semantics structures, the compositional rules for verifying concurrent object systems are proposed. It makes possible that the construction of global state space will be unnecessary in model checking of UML collaboration diagrams. The hierarchical structures of UML Statecharts are also brought into the compositional verification, which makes the model checking of implementation models can be carried out through replacing detailed components by abstract specifications.

Jun Sun,Yang Liu,Jin Song Dong,Jing Sun

DOI: https://doi.org/10.1109/tase.2008.12

2008-01-01

Abstract:Verification techniques like SAT-based bounded model checking have been successfully applied to a variety of system models. Applying bounded model checking to compositional process algebras is, however, not a trivial task. One challenge is that the number of system states for process algebra models is not statically known, whereas exploring the full state space is computationally expensive. This paper presents a compositional encoding of hierarchical processes as SAT problems and then applies state-of-the-art SAT solvers for bounded model checking. The encoding avoids exploring the full state space for complex systems so as to deal with state space explosion. We developed an automated analyzer which combines complementing model checking techniques (i.e., bounded model checking and explicit on-the-fly model checking) to validate system models against event-based temporal properties. The experiment results show the analyzer handles large systems.

Kim G. Larsen,Fredrik Larsson,Paul Pettersson,Wang Yi

DOI: https://doi.org/10.1023/a:1025132427497

2003-01-01

Real-Time Systems

Abstract:During the past few years, a number of verification tools have been developed for real-time systems in the framework of timed automata. One of the major problems in applying these tools to industrial-sized systems is the huge memory-usage for the exploration of the state-space of a network (or product) of timed automata, as the model-checkers must keep information about not only the control structure of the automata but also the clock values specified by clock constraints. In this paper, we present a compact data structure for representing clock constraints. The data structure is based on an O(n3) algorithm which, given a constraint system over real-valued variables consisting of bounds on differences, constructs an equivalent system with a minimal number of constraints. In addition, we have developed an on-the-fly reduction technique to minimize the space-usage. Based on static analysis of the control structure of a network of timed automata, we are able to compute a set of symbolic states that cover all the dynamic loops of the network in an on-the-fly searching algorithm, and thus ensure termination in reachability analysis. The two techniques and their combination have been implemented in the tool UPPAAL. Our experimental results demonstrate that the techniques result in truly significant space-reductions: for six examples from the literature, the space saving is between 75% and 94%, and in (nearly) all examples time-performance is improved. Noteworthy is also the observation that the two techniques are completely orthogonal.

Yuhong Zhao,Franz J. Rammig

DOI: https://doi.org/10.1109/isorc.2012.28

2012-01-01

Abstract:This paper presents a lightweight verification technique, which is applicable to dependable real-time systems, provided that the (abstract) model and the (concrete) implementation of the system under test are given in advance. In addition to the usual quality assurance techniques at design time (e.g., formal verification) and at implementation time (e.g., testing), we provide a special form of model checking at run time. That is, we check the correctness of an actual system execution by means of exploring a partial model space covering the current execution trace. In doing so, concrete state information is observed from time to time while the system to be checked is running. This runtime information is used to guide model checking to reduce the model space to be explored. In this sense, we call this method online model checking. Since we do not directly check the execution trace itself, our online checking at model level is capable of checking a running system some steps ahead of the actual state of execution. In this paper, we describe online model checking as well as the underlying system architecture in general, explain the basic algorithm and its extension to improve performance, and provide experimental results.

Zhao Jianhua,Dang Van Hung

DOI: https://doi.org/10.1007/bf02950405

1998-01-01

Abstract:The major problem of checking a parallel composition of real-time systems for a real-time property is the explosion of untimed states and time regions. To attack this problem, one can use bisimulation equivalence w.r.t. the property to be checked to minimise the system state space. In this paper, we define such equivalence for the integrated linear duration properties of real-time automaton networks with shared variables. To avoid exhaustive state space exploration, we define a compatibility relation, which is a one-direction simulation relation between configurations. Based on this technique, we develop an algorithm for checking a real-time automaton network with shared variables w.r.t. a linear duration property. Our algorithm can avoid exhaustive state space exploration significantly when applied to Fischer’s mutual exclusion protocol.

Kim G. Larsen,Paul Pettersson,Wang Yi

1995-01-01

Abstract:E cient automatic model{checking algorithms for real-time systems have been obtained in recent years based on the state{region graph technique of Alur, Courcoubetis and Dill. However, these algorithms are faced with two potential types of explosion arising from parallel composition: explosion in the space of control nodes, and explosion in the region space over clock-variables. This paper reports on work attacking these explosion problems by developing and combining compositional and symbolic model{checking techniques. The presented techniques provide the foundation for a new automatic veri cation tool Uppaal . Experimental results show that Uppaal is not only substantially faster than other real-time veri cation tools but also able to handle much larger systems.

Fei Yan,Tao Tang

DOI: https://doi.org/10.1109/icves.2007.4456386

2007-01-01

Abstract:The safety of control systems are becoming increasingly important as computers pervade them on which human life depends. In rail transportation fields, this has become more complex and the methods to ensure the correctness of train control system have been slow in development. The failure to meet time deadline can have serious or even fatal consequences. This paper presents a new method for performing this verification task. In the proposed method the real-time system is modeled by Timed Automata Network (TAN) and verified by model checking which explores the state space to determine whether the system satisfies a given specification. The case study of ATP (Automatic Train Protection) shows how the method can assist in designing more efficient and reliable real-time systems. Firstly, the state transitions and multi-tasks ATP onboard model will be modeled with Timed Automata Network (TAN) model, and then the time sequences of each task are expressed in UML Sequence Diagrams. Finally, the timing characteristics will be verified to meet the requirement by SMV model checker. A major conclusion of the survey is that formal methods, while still immature in some respects, can be used successfully to model and verify real-time concurrent systems.

Xuandong Li,Jianhua Zhao,Gong Jiayu,Shi Yaoxin,Guoliang Zheng

DOI: https://doi.org/10.1109/ISORC.2004.1300367

2004-01-01

Abstract:In this paper we use net-works of UML statechart diagrams to model compositional designs for real-time systems, and present an algorithm for checking networks of statechart diagrams for the scenario-based specifications expressed by UML sequence diagrams with timing constraints. The algorithm is based on investigating the reach-ability graph of the integer state space of a network of statechart diagrams.

Hanyue Chen,Yu Su,Miaomiao Zhang,Zhiming Liu,Junri Mi

DOI: https://doi.org/10.1007/978-3-031-37706-8_3

2023-01-01

Abstract:Compositional verification, such as the technique of assume-guarantee reasoning (AGR), is to verify a property of a system from the properties of its components. It is essential to address the state explosion problem associated with model checking. However, obtaining the appropriate assumption for AGR is always a highly mental challenge, especially in the case of timed systems. In this paper, we propose a learning-based compositional verification framework for deterministic timed automata. In this framework, a modified learning algorithm is used to automatically construct the assumption in the form of a deterministic one-clock timed automaton, and an effective scheme is implemented to obtain the clock reset information for the assumption learning. We prove the correctness and termination of the framework and present two kinds of improvements to speed up the verification. We discuss the results of our experiments to evaluate the scalability and effectiveness of the framework. The results show that the framework we propose can reduce state space effectively, and it outperforms traditional monolithic model checking for most cases.

Xianli Jin,Huadong Ma,Zonghua Gu

DOI: https://doi.org/10.1109/QSIC.2007.44

2007-01-01

Abstract:In component-based software development, it is important to use formal models to describe component composition. However, the existing component composition models generally ignore real-time issues. We present a formal integration model based on Hierarchical Timed Automata (HTA) for real-time software system. We present formal definition of components and different component composition techniques. We then introduce the notions of composable and compatible composition, and use Multiset Labeled Transition Systems to represent the interface actions of HTA to perform compositional verification. This hierarchical and unified framework establishes the foundation for formal analysis of real-time properties of the system.

Fei Yan,Tao Tang

DOI: https://doi.org/10.1109/wcica.2008.4592925

2008-01-01

Abstract:The next few years will see distributed real-time computer systems playing an important role in control systems of high-dependability applications, such as rail transportation. In these applications a failure in the temporal domain can be as critical as a failure in the value domain. In rail transportation, train control system has become more complex and the methods to ensure its correctness of have been considered outmoded. The safety of train control system is becoming increasingly important as computers pervade them on which human life depends and the failure to meet time deadline can have serious or even fatal consequences. This paper proposes a formal modeling and verification approach for real-time system. In the proposed method the real-time system is modeled by timed automata network (TAN) and verified by model checking which explores the state space to determine whether the system satisfies a given specification. The case study of ATP (automatic train protection) shows how the method can assist in designing more efficient and reliable real-time systems. Firstly, automatic train protection (ATP) system and timed automata network (TAN) model is proposed; secondly, the state transitions and multi-tasks ATP onboard model was modeled with TAN model, and then the time sequences of each task are expressed in UML sequence diagrams. Finally, the timing characteristics was verified to meet the requirement by UPPAAL model checker. A major conclusion of the survey is that formal methods, while still immature in some respects, can be used successfully to model and verify real-time systems.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.1007/11562436_20

2005-01-01

Abstract: Timed Statecharts, which can efficiently specify explicit dense time, is an extension to the visual specification language Statecharts with real-time constructs. We give a definition of timed Statecharts that specifies explicit temporal behavior as timed automata does. It is very difficult to verify directly whether timed Statecharts satisfies the required properties. However, by compiling it into timed automata, timed Statecharts may be checked using Uppaal tool. In the paper, the state of timed Statecharts is represented by inductive term, and a step semantics of timed Statecharts is briefly described. The translation rules are shown by a compositional approach for formalizing the timed Statecharts semantics directly on sequences of micro steps. Timed automata corresponding to timed Statecharts was also discussed.

Yanhua Du,Benyuan Yang,Wei Tan

DOI: https://doi.org/10.1109/icws.2015.81

IF: 8.5

2018-01-01

Expert Systems with Applications

Abstract:Recently, the mediation-aided approach is attracting more attention in Web service composition, in the meanwhile, temporal constraints are regarded as an important aspect to ensure the correctness and QoS in service compositions. This combination leads to a new challenge in analyzing the timed compatibility of mediation-aided service composition. Unfortunately, existing model checking based approaches are lack of the ability of transform mediation-aided service composition to Time Automata (TA) models, and suffer from state space explosion for large-scale and complex compositions. In this paper, we present a new model checking approach to analyzing timed compatibility. Firstly, mediation-aided service composition is automatically decomposed into fragments. Secondly, each fragment is transformed into a TA. Finally, the temporal constraints are checked by the queries of observing TAs. Compared with existing approaches, our approach is able to check timed compatibility of mediation-aided service composition, and is more efficient than them.

Jianhua Zhao,Xiuyi Zhou,Xuandong Li,Guoliang Zheng

DOI: https://doi.org/10.1109/IPDPS.2005.146

2005-01-01

Abstract:Many real-time systems are modelled as timed automaton networks, which are parallel compositions of timed automata. Those timed automata interact with each other through shared variables and/or communication channels. In the literate, symbolic states with different shared variable valuations are treated as distinct ones. This paper presents a compatibility relation between shared variable valuations. Using this relation, the reachability analysis algorithm can avoid exploring all the states with different shared variable valuations. An algorithm is presented in this paper to detect compatible shared variable valuations. A compact data structure is also proposed to record the shared variable valuation sets found by this algorithm. Based on these results, an optimized reachability analysis algorithm is presented. Case studies show that our technique improves the space-efficiency of reachability analysis significantly.

Kim G. Larsen,Axel Legay,Marius Mikucionis,Brian Nielsen,Ulrik Nyman

DOI: https://doi.org/10.1007/978-3-319-68270-9_6

2017-01-01

Abstract:In this paper we revisit the notion of compositional testing in the setting of real-time systems. In particular, we introduce crucial notions of real-time conformance testing and compositional verification of real-time systems. We illustrate these notions on a Small University example, and show how the tools Uppaal Tron, Uppaal Ecdar and Uppaal SMC provide strong support for an efficient compositional testing methodology.