Dingbao Xie,Wen Xiong,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1109/TC.2016.2604308

IF: 3.183

2017-01-01

IEEE Transactions on Computers

Abstract:Reachability analysis of linear hybrid automata (LHA) is an important problem. Classical model checking (CMC) technique is not scalable and not guaranteed to terminate. On the other hand, bounded model checking (BMC) is more cost-effective to conduct but can not guarantee the safety beyond the bound. In this paper, we seek to bridge the gap between BMC and CMC for reachability analysis of LHA. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, which can be mapped back to path segments in the graph structure of LHA. If every path connecting the initial and target location has to go through such infeasible path segment, the target location is entirely not reachable. Based on this characteristic, we propose a LTL model checking based approach to check whether the target location is blocked. To further optimize the performance, we propose an automata based solution to check the LTL specification incrementally and adopt an on-the-fly algorithm to check the accepting condition to avoid an explicit construction of product automata.

Dingbao Xie,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1109/RTSS.2014.22

2014-01-01

Abstract:The behavior space of real time hybrid systems is very complex and hence expensive to conduct the classical full state space model checking. Compared to the classical model checking, bounded model checking (BMC) is much cheaper to conduct and has better scalability. This work presents a technique that can derive, in some cases, a proof of unbounded reach ability argument of Linear Hybrid Automata (LHA) from a BMC procedure. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, a.k.a. UC or IIS, in the constraint set according to the bounded continuous state space of LHA. Currently, such unsatisfiable constraints are only fed back to the constraint set to accelerate the BMC solving. In this paper, we propose that such unsatisfiable constraint core can be exploited to give general unbounded verification result of the system model. As each constraint can be mapped back to certain semantical elements of the system model, the unsatisfiable constraint cores can be mapped back into path segments, which are not feasible, in the graph structure of the LHA model. Clearly, if all the potential paths to reach the target location in the graph structure have to go through such infeasible path segments, the target location is not reachable in general, not only in the given bound. Based on this observation, we propose to encode the infeasible path segments as linear temporal logic (LTL) formulas, and present the graph structure, the discrete part, of the LHA model as a transition system. Then, we can take advantage of the mature off-the-shelf LTL model checking techniques to verify whether there exists a path to reach the target location without touching any detected IIS path segment in the graph structure of the LHA model. We implement this technique into a bounded LHA checker BACH. The experiments show that most of the benchmarks can be verified by the enhanced BACH with a clearly better performance and scalability.

Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/s10009-010-0163-9

2010-01-01

International Journal on Software Tools for Technology Transfer

Abstract:The existing techniques for reachability analysis of linear hybrid systems do not scale well to the problem size of practical interest. The performance of existing techniques is even worse for reachability analysis of a composition of several linear hybrid automata. In this paper, we present an efficient path-oriented approach to bounded reachability analysis of composed systems modeled by linear hybrid automata with synchronization events. It is suitable for analyzing systems with many components by selecting critical paths, while this task was quite insurmountable before because of the state explosion problem. This group of paths will be transformed to a group of linear constraints, which can be solved by a linear programming solver efficiently. This approach of symbolic execution of paths allows design engineers to check important paths, and accordingly increase the faith in the correctness of the system. This approach is implemented into a prototype tool Bounded reAchability CHecker (BACH). The experimental data show that both the path length and the number of participant automata in a system checked using BACH can scale up greatly to satisfy practical requirements.

Yang Yang,Lei Bu,Xuandong Li

2012-01-01

Abstract:Instead of encoding the bounded state space of a linear hybrid automaton(LHA) in given threshold k into SMT formulas then solving them by SMT solvers, the authors proposed a different approach to handle the bounded reachability verification(BMC) of LHA in the previous work. First, the reachability specification along one abstract path in LHA can be checked by linear programming (LP). Then, all the abstract paths under the threshold can be checked one by one by depth-first-search (DFS) traversing. This approach was implemented in a prototype tool BACH, and the experiment result shows it is efficient. As BACH uses DFS to traverse the bounded state space, clearly, if DFS traverses more quickly, the BMC can be finished more efficiently. Nevertheless, in many cases, the path segments which make the system infeasible are hidden “deeply” in the model or have many entry points which makes the DFS difficult to find them or has to traverse them many times. This burdens the DFS-style BMC approach a lot. To handle this problem, in this paper, the authors propose a backward-DFS BMC approach for LHA. First, reverse the graph structure of LHA. Then, conduct the DFS-style BMC on the reversed LHA. In this way, the “deep” path segments in the forward-DFS can be found very quickly to prune the DFS tree which is needed to be traversed. This backward-DFS approach is implemented into BACH. The experiment shows the performance of BACH is optimized significantly to handle large cases.

Yuming Wu,Lei Bu,Jiawan Wang,Xinyue Ren,Wen Xiong,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-94583-1_23

2022-01-01

Abstract:Due to the tangling of discrete and continuous behavior and the compositional state space explosion, bounded model checking (BMC) of compositional linear hybrid automata (CLHA) is a very challenging task. In this paper, we propose a mixed semantics guided layered method to handle this problem in a divide-and-conquer manner. Specifically, we first enumerate candidate compositional paths in the discrete layer of CLHA through the classical step semantics. Then, we remove all stutter transitions in the candidate paths to cover all interleaving cases, and check the reachability of the generalized paths in the continuous level through the shallow semantics. We only handle one shallow compositional path at a time, so that the memory usage in the checking can be well controlled. Besides, we propose two optimization methods to tailor infeasible paths to further improve the efficiency of our approach. We implement these techniques into an LHA reachability checker called BACH. The experimental results show that our method outperforms state-of-the-art tools significantly in the aspects of efficiency and scalability.

Lei Bu,Yang Yang,Xuandong Li

DOI: https://doi.org/10.1007/978-3-642-34188-5_7

2011-01-01

Abstract:In the authors’ previous work, we proposed a linear programming (LP) based approach to check the reachability specification along one abstract path in a linear hybrid automaton (LHA) at a time by translating the reachability problem into the satisfiability problem of a linear constraint set. Then a depth-first-search (DFS) is deployed on the graph structure of the LHA to check all the paths with length in the threshold to answer the question of bounded reachability.

Xuandong Li,Sumit Jha Aanand,Lei Bu

DOI: https://doi.org/10.1016/j.entcs.2006.12.023

2007-01-01

Electronic Notes in Theoretical Computer Science

Abstract:The existing techniques for reachability analysis of linear hybrid automata do not scale well to problem sizes of practical interest. Instead of developing a tool to perform reachability check on all the paths of a linear hybrid automaton, a complementary approach is to develop an efficient path-oriented tool to check one path at a time where the length of the path being checked can be made very large and the size of the automaton can be made large enough to handle problems of practical interest. This approach of symbolic execution of paths can be used by design engineers to check important paths and thereby, increase the faith in the correctness of the system. Unlike simple testing, each path in our framework represents a dense set of possible trajectories of the system being analyzed. In this paper, we develop the linear programming based techniques towards an efficient path-oriented tool for the bounded reachability analysis of linear hybrid systems.

Lei Bu,Jiawan Wang,Yuming Wu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-55089-9_2

2019-01-01

Abstract:Hybrid Automata are a well-known framework used to model hybrid systems, containing both discrete and continuous dynamic behavior. However, reachability analysis of hybrid automata is difficult. Existing work does not scale well to the size of practical problems. This paper gives a review of how we handle the verification of hybrid systems in a path-oriented way. First, we propose a path-oriented bounded reachability analysis method to control the complexity of verification of linear hybrid automata. As we only check the reachability of one path at a time, the resulted state space for each computation is limited and hence can be solved efficiently. Then, we present an infeasible constraint guided path-pruning method to tailor the search space, a shallow synchronization semantics to handle compositional behavior, and a method based on linear temporal logic (LTL) to extend the bounded model checking (BMC) result to an unbounded state space. Such methods and tools are implemented in a tool, BACH, and have been used as the underlying decision procedure of our verification of cyber-physical systems (CPS) and Internet of Things (IoT).

Lei Bu,You Li,Linzhang Wang,Xin Chen,Xuandong Li

DOI: https://doi.org/10.1109/date.2010.5457051

2010-01-01

Abstract:Existing reachability analysis techniques are easy to fail when applied to large compositional linear hybrid systems, since their memory usages rise up quickly with the increase of systems' size. To address this problem, we propose a tool BACH 2 that adopts a path-oriented method for bounded reachability analysis of compositional linear hybrid systems. For each component, a path is selected and all selected paths compose a path set for reachability analysis. Each path is independently encoded to a set of constraints while synchronization controls are encoded as a set of constraints too. By merging all the constraints into one set, the path-oriented reachability problem of a path set can be transformed to the feasibility problem of this resulting linear constraint set, which can be solved by linear programming efficiently. Based on this path-oriented method, BACH 2 adopts a shared label sequence guided depth first search (SLS-DFS) method to perform bounded reachability analysis of compositional linear hybrid system, where all potential path sets within the bound limit are identified and verified one by one. By this means, since only the structure of a system and the recently visited one path in each component need to be stored in memory, memory consumption of BACH 2 is very small at runtime. As a result, BACH 2 enables the verification of extremely large systems, as is demonstrated in our experiments.

Dingbao XIE,Yuexiang ZHOU,Lei BU,Linzhang WANG,Xuandong LI

DOI: https://doi.org/10.1360/N112016-00042

2017-01-01

Abstract:Hybrid systems include both discrete and continuous behavior and are widely used to model control systems.The reachability analysis of its unsafe state is an important method for guaranteeing the safety of a system.However,the current techniques do not scale well to the problems of practical interest.Due to the synchronization of components and the combinatorial explosion of state space,the reachability analysis of compositional linear hybrid system is extremely complex.In order to reduce the complexity,a path-oriented approach was proposed in a previous work,which conducted bounded reachability analysis of a compositional linear hybrid system.By enumerating and verifying each potential path one by one,the size of the problem that can be solved will be increased substantially.This path-oriented approach will become quite inefficient due to a sharp increase in the number of candidate paths when analyzing complex systems.The path explosion problem in model checking is also famous.To solve this problem,we propose a state-space reduction technique,which accelerates the verification process.We propose a method to locate the cause of infeasibility,when a composed infeasible path segment after a path set is proved to be infeasible.As we can simply falsify a path set that contains a composed infeasible path segment,the number of candidate paths can be reduced significantly.Furthermore,to avoid such composed path segments efficiently,we propose an approach based on satisfiability modulo theories (SMT),to traverse the bounded graph structure of the composed linear hybrid system.The results of the experiment show that the performance of the path-oriented bounded reachability analysis can be optimized significantly and that the overall performance of the proposed approach is better than that of the state-of-the-art competitor.

Lei Bu,You Li,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1109/FMCAD.2008.ECP.13

2008-01-01

Abstract:Hybrid automata are well studied formal models for hybrid systems with both discrete and continuous state changes. However, the analysis of hybrid automata is quite difficult. Even for the simple class of linear hybrid automata, the reachability problem is undecidable. In the author's previous work, for linear hybrid automata we proposed a linear programming based approach to check one path at a time while the length of the path and the size of the automaton being checked can be large enough to handle problems of practical interest. Based on this approach, in this paper we present a prototype tool BACH to perform bounded reachability checking of linear hybrid automata. The experiment data shows that BACH has good performance and scalability, and supports our belief that BACH could become a powerful assistant to design engineers for the reachability analysis of linear hybrid automata.

Lei Bu,You Li,Linzhang Wang,Xuandong Li

2008-01-01

Abstract:Hybrid automata are well studied formal models for hybrid systems with both discrete and continuous state changes. However, the analysis of hybrid automata is quite difficult. Even for the simple class of linear hybrid automata, the reachability problem is undecidable. In the author's previous work, for linear hybrid automata we proposed a linear programming based approach to check one path at a time while the length of the path and the size of the automaton being checked can be large enough to handle problems of practical interest. Based on this approach, in this paper we present a prototype tool BACH to perform bounded reachability checking of linear hybrid automata. The experiment data shows that BACH has good performance and scalability, and supports our belief that BACH could become a powerful assistant to design engineers for the reachability analysis of linear hybrid automata.

MinXue Pan,You Li,Lei Bu,XuanDong Li

DOI: https://doi.org/10.1007/s11432-012-4726-0

2012-01-01

Science China Information Sciences

Abstract:The problem of reachability analysis of linear hybrid automata (LHA) is very difficult. This paper considers to improve the efficiency of the reachability analysis by optimizing the structures of LHA. We identify two types of loops called the flexible loops and the zero loops, and present the techniques to replace the repetitions of those loops in the behavior of LHA with finite sequences of locations and in the meantime simplify the associated constraints. The techniques work not only for the polyhedral computing based algorithms but also for the bounded model checkers.

Weiqiang Kong,Leyuan Liu,Takahiro Ando,Hirokazu Yatsu,Kenji Hisazumi,Akira Fukuda

DOI: https://doi.org/10.1109/apsec.2013.55

2013-01-01

Abstract:We propose a hybrid approach to improving the verification performance of SMT-based bounded model checking for LTL properties. In this approach, stateless explicit-state exploration is utilized to traverse, under the constraints of bounded context switches, the state space of a system design and memorize legal execution paths. These paths are classified according to certain predicates into path clusters, which are then encoded into propositional formulas representing, together with the encoded formula for an LTL property, independent BMC instances. Such BMC instances are solved with SMT solvers running on mutilcores in parallel. Once a counterexample is found for one of the instances, the entire model checking terminates. This hybrid checking procedure progresses in an incremental fashion until either a counterexample is found or the user-specified bound is reached. We have implemented this proposed hybrid approach in a tool called Garakabu2 with CVC4 as its backend solver. The experimental results show that Garakabu2 often outperforms the state-of-the-art pure BMC methods implemented in SAL infinite bounded model checker for both safety and liveness properties.

Lei Bu,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1007/978-3-642-11319-2_9

2010-01-01

Abstract:Hybrid automata are well-studied formal models for dynamical systems. However, the analysis of hybrid automata is extremely difficult, and even state-of-the-art tools can only analyze systems with few continuous variables and simple dynamics. Because the reachability problem for general hybrid automata is undecidable, we give a path-oriented reachability analysis procedure for a class of nonlinear hybrid automata called convex hybrid automata. Our approach encodes the reachability problem along a path of a convex hybrid automaton as a convex feasibility problem, which can be efficiently solved by off-the-shelf convex solvers, such as CVX. Our path-oriented reachability verification approach can be applied in the frameworks of bounded model checking and counterexample-guided abstraction refinement with the goal of achieving significant performance improvement for this subclass of hybrid automata.

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1007/978-3-540-72863-4_31

2007-01-01

Abstract:Bounded Model Checking (BMC) based on SAT is a complementary technique to BDD-based Symbolic Model Checking, and it is useful for finding counterexamples of minimum length. However, for model checking of large real world systems, BMC is still limited by the state explosion problem, thus abstraction is essential. In this paper, BMC is implemented on a higher abstraction level - Register Transfer Level (RTL) within an abstraction framework of symbolic trajectory evaluation and hybrid three-valued SAT solving. An efficient SAT solver for RTL circuits is presented, and it is modified into a three-valued solver for the cooperative BMC application. The experimental results comparing with the ordinary BMC without abstraction show the efficiency of our method.

Lei Bu,Hui Jiang,Xin Chen,Enyi Tang,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-01461-2_5

2018-01-01

Abstract:Linear Hybrid Automata (LHA) is a natural modeling language for real-time embedded systems. However, due to the existences of both discrete and continuous behaviors, formal analysis of LHA is recognized as a very challenging task. Despite decades of active research, the kinds of LHA problems that can be efficiently analyzed is rather limited. On the other hand, Labelled Linear Transition System (LTS) is a widely used modeling language to describe the state changes of the system before and after certain transitions. Lots of research efforts have been devoted into the verification of LTS models. Many off-the-shelf formal techniques and tools are available for analyzing different kinds of problems for LTS systems. In this paper, we propose to express an LHA as an equivalent LTS model explicitly. Then, we can take advantage of all the off-the-shelf formal checkers of LTS to answer different problems of the LHA model. A prototype tool HAT is implemented under this idea. By integrating typical LTS checkers like ARMC and Interproc, we conduct considerably difficult checking problems like reachability verification, termination analysis, and invariant generation of LHA successfully and efficiently. It shows the open possibility of analyzing more kinds of difficult problems of LHA by LTS checkers easily in the future.

Tzu-Han Hsu,César Sánchez,Sarai Sheinvald,Borzoo Bonakdarpour

DOI: https://doi.org/10.48550/arXiv.2301.06209

2023-01-26

Abstract:Bounded model checking (BMC) is an effective technique for hunting bugs by incrementally exploring the state space of a system. To reason about infinite traces through a finite structure and to ultimately obtain completeness, BMC incorporates loop conditions that revisit previously observed states. This paper focuses on developing loop conditions for BMC of HyperLTL- a temporal logic for hyperproperties that allows expressing important policies for security and consistency in concurrent systems, etc. Loop conditions for HyperLTL are more complicated than for LTL, as different traces may loop inconsistently in unrelated moments. Existing BMC approaches for HyperLTL only considered linear unrollings without any looping capability, which precludes both finding small infinite traces and obtaining a complete technique. We investigate loop conditions for HyperLTL BMC, where the HyperLTL formula can contain up to one quantifier alternation. We first present a general complete automata-based technique which is based on bounds of maximum unrollings. Then, we introduce alternative simulation-based algorithms that allow exploiting short loops effectively, generating SAT queries whose satisfiability guarantees the outcome of the original model checking problem. We also report empirical evaluation of the prototype implementation of our BMC techniques using Z3py.

Logic in Computer Science

Longlong Lu,Minxue Pan,Tian Zhang,Xuandong Li

DOI: https://doi.org/10.1007/s10270-022-00980-8

2022-01-01

Abstract:Open environmental software systems are often time-sensitive, as they need to respond to other entities within the systems and/or in the environments promptly. The timing requirements are therefore an essential part of the system correctness. Scenario-based specifications (SBS) such as message sequence charts and UML interaction models play an important role in specifying open environmental software systems since they intuitively model interactions between different entities. While modelling these systems, the timing requirements can be specified as timing constraints. In this paper, we study the problem of checking the timing consistency of SBS with timing constraints. Although this problem can be transformed into a reachability analysis problem, checking its reachability can still be time-consuming. Therefore, we propose a novel SAT and linear programming (LP) collaborative timing analysis approach named Tassat for the bounded timing analysis of SBS. Instead of using depth-first traversal algorithms, Tassat encodes the structures of the SBS into propositional formulas and adopts SAT solvers to find candidate paths. The timing analysis of candidate paths is then transformed to LP problems, where the irreducible infeasible set of the infeasible paths can be utilized to filter out candidate paths for checking. In addition, we propose an enhanced version of the approach that extends the bounded analysis results to the entire models if the infeasible path segments do not contain intermediate loops. The enhanced algorithm can prove that the given SBS satisfy the required properties on any bound condition. The experimental results show that Tassat is effective and has better performance than existing tools in terms of both time consumption and memory footprint.

Weiqiang Kong,Leyuan Liu,Yamagata, Y.,Taguchi, K.

DOI: https://doi.org/10.1109/APSEC.2012.38

2012-01-01

Abstract:Hierarchical State Transition Matrix (HSTM) is a table-based modeling language for developing designs of software systems. We have proposed a Satisfiability Modulo Theory (SMT) based Bounded Model Checking (BMC) approach in [1] to provide formal verification supports for conducting rigorous and automatic analysis to improve reliability of HSTM designs. In this paper, we continue that work by developing and evaluating approaches to accelerating BMC of HSTM designs. The approaches center around an unrolled Bounded Reach ability Tree (BRT) of a HSTM design that is built with stateless explicit state exploration. Specifically, reach ability of invalid cells (representing undesired states) of a HSTM design, which occurs within the bound concerned, could be discovered during construction of the BRT, and furthermore, if no such occurrence, the constructed BRT could be utilized to rule out unnecessary subformulas of a BMC instance for verification of LTL properties. We have implemented these approaches in a tool called Garakabu2 with the state-of-the-art SMT solver CVC3 as its back-ended solver. Our preliminary experiments show that verification could be accelerated substantially.