Dingbao Xie,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1109/RTSS.2014.22

2014-01-01

Abstract:The behavior space of real time hybrid systems is very complex and hence expensive to conduct the classical full state space model checking. Compared to the classical model checking, bounded model checking (BMC) is much cheaper to conduct and has better scalability. This work presents a technique that can derive, in some cases, a proof of unbounded reach ability argument of Linear Hybrid Automata (LHA) from a BMC procedure. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, a.k.a. UC or IIS, in the constraint set according to the bounded continuous state space of LHA. Currently, such unsatisfiable constraints are only fed back to the constraint set to accelerate the BMC solving. In this paper, we propose that such unsatisfiable constraint core can be exploited to give general unbounded verification result of the system model. As each constraint can be mapped back to certain semantical elements of the system model, the unsatisfiable constraint cores can be mapped back into path segments, which are not feasible, in the graph structure of the LHA model. Clearly, if all the potential paths to reach the target location in the graph structure have to go through such infeasible path segments, the target location is not reachable in general, not only in the given bound. Based on this observation, we propose to encode the infeasible path segments as linear temporal logic (LTL) formulas, and present the graph structure, the discrete part, of the LHA model as a transition system. Then, we can take advantage of the mature off-the-shelf LTL model checking techniques to verify whether there exists a path to reach the target location without touching any detected IIS path segment in the graph structure of the LHA model. We implement this technique into a bounded LHA checker BACH. The experiments show that most of the benchmarks can be verified by the enhanced BACH with a clearly better performance and scalability.

Dingbao Xie,Lei Bu,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1007/s10703-014-0210-3

2014-01-01

Formal Methods in System Design

Abstract:As discrete jumps and continuous flows tangle in the behavior of linear hybrid automata (LHA), the bounded model checking (BMC) for reachability of LHA is a challenging problem. Current works try to handle this problem by encoding all the discrete and continuous behaviors in the bound into a set of SMT formulas which can then be solved by SMT solvers. However, when the system size is large, the object SMT problem could be huge and difficult to solve. Instead of encoding everything into one constraint set, this paper proposes a SAT–LP–IIS joint-directed solution to conduct the BMC for reachability of LHA in a layered way. First, the bounded graph structure of LHA is encoded into a propositional formula set, and solved by SAT solvers to find potential paths which can reach the target location on the graph. Then, the feasibility of certain path is encoded into a set of linear constraints which can then be solved by linear programming (LP) efficiently. If the path is not feasible, irreducible infeasible set (IIS) technique is deployed to locate an infeasible path segment which will be fed to the SAT solver to accelerate the enumerating process. Experiments show that by this SAT–LP–IIS joint-directed solution, the memory usage of the BMC of LHA is well-controlled and the performance outperforms the state-of-the-art SMT-style competitors significantly.

Lei Bu,You Li,Linzhang Wang,Xuandong Li

DOI: https://doi.org/10.1109/FMCAD.2008.ECP.13

2008-01-01

Abstract:Hybrid automata are well studied formal models for hybrid systems with both discrete and continuous state changes. However, the analysis of hybrid automata is quite difficult. Even for the simple class of linear hybrid automata, the reachability problem is undecidable. In the author's previous work, for linear hybrid automata we proposed a linear programming based approach to check one path at a time while the length of the path and the size of the automaton being checked can be large enough to handle problems of practical interest. Based on this approach, in this paper we present a prototype tool BACH to perform bounded reachability checking of linear hybrid automata. The experiment data shows that BACH has good performance and scalability, and supports our belief that BACH could become a powerful assistant to design engineers for the reachability analysis of linear hybrid automata.

Lei Bu,Jiawan Wang,Yuming Wu,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-55089-9_2

2019-01-01

Abstract:Hybrid Automata are a well-known framework used to model hybrid systems, containing both discrete and continuous dynamic behavior. However, reachability analysis of hybrid automata is difficult. Existing work does not scale well to the size of practical problems. This paper gives a review of how we handle the verification of hybrid systems in a path-oriented way. First, we propose a path-oriented bounded reachability analysis method to control the complexity of verification of linear hybrid automata. As we only check the reachability of one path at a time, the resulted state space for each computation is limited and hence can be solved efficiently. Then, we present an infeasible constraint guided path-pruning method to tailor the search space, a shallow synchronization semantics to handle compositional behavior, and a method based on linear temporal logic (LTL) to extend the bounded model checking (BMC) result to an unbounded state space. Such methods and tools are implemented in a tool, BACH, and have been used as the underlying decision procedure of our verification of cyber-physical systems (CPS) and Internet of Things (IoT).

Yang Yang,Lei Bu,Xuandong Li

2012-01-01

Abstract:Instead of encoding the bounded state space of a linear hybrid automaton(LHA) in given threshold k into SMT formulas then solving them by SMT solvers, the authors proposed a different approach to handle the bounded reachability verification(BMC) of LHA in the previous work. First, the reachability specification along one abstract path in LHA can be checked by linear programming (LP). Then, all the abstract paths under the threshold can be checked one by one by depth-first-search (DFS) traversing. This approach was implemented in a prototype tool BACH, and the experiment result shows it is efficient. As BACH uses DFS to traverse the bounded state space, clearly, if DFS traverses more quickly, the BMC can be finished more efficiently. Nevertheless, in many cases, the path segments which make the system infeasible are hidden “deeply” in the model or have many entry points which makes the DFS difficult to find them or has to traverse them many times. This burdens the DFS-style BMC approach a lot. To handle this problem, in this paper, the authors propose a backward-DFS BMC approach for LHA. First, reverse the graph structure of LHA. Then, conduct the DFS-style BMC on the reversed LHA. In this way, the “deep” path segments in the forward-DFS can be found very quickly to prune the DFS tree which is needed to be traversed. This backward-DFS approach is implemented into BACH. The experiment shows the performance of BACH is optimized significantly to handle large cases.

Lei Bu,You Li,Linzhang Wang,Xuandong Li

2008-01-01

Abstract:Hybrid automata are well studied formal models for hybrid systems with both discrete and continuous state changes. However, the analysis of hybrid automata is quite difficult. Even for the simple class of linear hybrid automata, the reachability problem is undecidable. In the author's previous work, for linear hybrid automata we proposed a linear programming based approach to check one path at a time while the length of the path and the size of the automaton being checked can be large enough to handle problems of practical interest. Based on this approach, in this paper we present a prototype tool BACH to perform bounded reachability checking of linear hybrid automata. The experiment data shows that BACH has good performance and scalability, and supports our belief that BACH could become a powerful assistant to design engineers for the reachability analysis of linear hybrid automata.

Yuming Wu,Lei Bu,Jiawan Wang,Xinyue Ren,Wen Xiong,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-94583-1_23

2022-01-01

Abstract:Due to the tangling of discrete and continuous behavior and the compositional state space explosion, bounded model checking (BMC) of compositional linear hybrid automata (CLHA) is a very challenging task. In this paper, we propose a mixed semantics guided layered method to handle this problem in a divide-and-conquer manner. Specifically, we first enumerate candidate compositional paths in the discrete layer of CLHA through the classical step semantics. Then, we remove all stutter transitions in the candidate paths to cover all interleaving cases, and check the reachability of the generalized paths in the continuous level through the shallow semantics. We only handle one shallow compositional path at a time, so that the memory usage in the checking can be well controlled. Besides, we propose two optimization methods to tailor infeasible paths to further improve the efficiency of our approach. We implement these techniques into an LHA reachability checker called BACH. The experimental results show that our method outperforms state-of-the-art tools significantly in the aspects of efficiency and scalability.

Lei Bu,Xuandong Li

DOI: https://doi.org/10.1007/s10009-010-0163-9

2010-01-01

International Journal on Software Tools for Technology Transfer

Abstract:The existing techniques for reachability analysis of linear hybrid systems do not scale well to the problem size of practical interest. The performance of existing techniques is even worse for reachability analysis of a composition of several linear hybrid automata. In this paper, we present an efficient path-oriented approach to bounded reachability analysis of composed systems modeled by linear hybrid automata with synchronization events. It is suitable for analyzing systems with many components by selecting critical paths, while this task was quite insurmountable before because of the state explosion problem. This group of paths will be transformed to a group of linear constraints, which can be solved by a linear programming solver efficiently. This approach of symbolic execution of paths allows design engineers to check important paths, and accordingly increase the faith in the correctness of the system. This approach is implemented into a prototype tool Bounded reAchability CHecker (BACH). The experimental data show that both the path length and the number of participant automata in a system checked using BACH can scale up greatly to satisfy practical requirements.

MinXue Pan,You Li,Lei Bu,XuanDong Li

DOI: https://doi.org/10.1007/s11432-012-4726-0

2012-01-01

Science China Information Sciences

Abstract:The problem of reachability analysis of linear hybrid automata (LHA) is very difficult. This paper considers to improve the efficiency of the reachability analysis by optimizing the structures of LHA. We identify two types of loops called the flexible loops and the zero loops, and present the techniques to replace the repetitions of those loops in the behavior of LHA with finite sequences of locations and in the meantime simplify the associated constraints. The techniques work not only for the polyhedral computing based algorithms but also for the bounded model checkers.

Xuandong Li,Sumit Jha Aanand,Lei Bu

DOI: https://doi.org/10.1016/j.entcs.2006.12.023

2007-01-01

Electronic Notes in Theoretical Computer Science

Abstract:The existing techniques for reachability analysis of linear hybrid automata do not scale well to problem sizes of practical interest. Instead of developing a tool to perform reachability check on all the paths of a linear hybrid automaton, a complementary approach is to develop an efficient path-oriented tool to check one path at a time where the length of the path being checked can be made very large and the size of the automaton can be made large enough to handle problems of practical interest. This approach of symbolic execution of paths can be used by design engineers to check important paths and thereby, increase the faith in the correctness of the system. Unlike simple testing, each path in our framework represents a dense set of possible trajectories of the system being analyzed. In this paper, we develop the linear programming based techniques towards an efficient path-oriented tool for the bounded reachability analysis of linear hybrid systems.

Lei Bu,Jianhua Zhao,Xuandong Li

DOI: https://doi.org/10.1007/978-3-642-11319-2_9

2010-01-01

Abstract:Hybrid automata are well-studied formal models for dynamical systems. However, the analysis of hybrid automata is extremely difficult, and even state-of-the-art tools can only analyze systems with few continuous variables and simple dynamics. Because the reachability problem for general hybrid automata is undecidable, we give a path-oriented reachability analysis procedure for a class of nonlinear hybrid automata called convex hybrid automata. Our approach encodes the reachability problem along a path of a convex hybrid automaton as a convex feasibility problem, which can be efficiently solved by off-the-shelf convex solvers, such as CVX. Our path-oriented reachability verification approach can be applied in the frameworks of bounded model checking and counterexample-guided abstraction refinement with the goal of achieving significant performance improvement for this subclass of hybrid automata.

Lei Bu,Yang Yang,Xuandong Li

DOI: https://doi.org/10.1007/978-3-642-34188-5_7

2011-01-01

Abstract:In the authors’ previous work, we proposed a linear programming (LP) based approach to check the reachability specification along one abstract path in a linear hybrid automaton (LHA) at a time by translating the reachability problem into the satisfiability problem of a linear constraint set. Then a depth-first-search (DFS) is deployed on the graph structure of the LHA to check all the paths with length in the threshold to answer the question of bounded reachability.

Lei Bu,You Li,Linzhang Wang,Xin Chen,Xuandong Li

DOI: https://doi.org/10.1109/date.2010.5457051

2010-01-01

Abstract:Existing reachability analysis techniques are easy to fail when applied to large compositional linear hybrid systems, since their memory usages rise up quickly with the increase of systems' size. To address this problem, we propose a tool BACH 2 that adopts a path-oriented method for bounded reachability analysis of compositional linear hybrid systems. For each component, a path is selected and all selected paths compose a path set for reachability analysis. Each path is independently encoded to a set of constraints while synchronization controls are encoded as a set of constraints too. By merging all the constraints into one set, the path-oriented reachability problem of a path set can be transformed to the feasibility problem of this resulting linear constraint set, which can be solved by linear programming efficiently. Based on this path-oriented method, BACH 2 adopts a shared label sequence guided depth first search (SLS-DFS) method to perform bounded reachability analysis of compositional linear hybrid system, where all potential path sets within the bound limit are identified and verified one by one. By this means, since only the structure of a system and the recently visited one path in each component need to be stored in memory, memory consumption of BACH 2 is very small at runtime. As a result, BACH 2 enables the verification of extremely large systems, as is demonstrated in our experiments.

Tzu-Han Hsu,César Sánchez,Sarai Sheinvald,Borzoo Bonakdarpour

DOI: https://doi.org/10.48550/arXiv.2301.06209

2023-01-26

Abstract:Bounded model checking (BMC) is an effective technique for hunting bugs by incrementally exploring the state space of a system. To reason about infinite traces through a finite structure and to ultimately obtain completeness, BMC incorporates loop conditions that revisit previously observed states. This paper focuses on developing loop conditions for BMC of HyperLTL- a temporal logic for hyperproperties that allows expressing important policies for security and consistency in concurrent systems, etc. Loop conditions for HyperLTL are more complicated than for LTL, as different traces may loop inconsistently in unrelated moments. Existing BMC approaches for HyperLTL only considered linear unrollings without any looping capability, which precludes both finding small infinite traces and obtaining a complete technique. We investigate loop conditions for HyperLTL BMC, where the HyperLTL formula can contain up to one quantifier alternation. We first present a general complete automata-based technique which is based on bounds of maximum unrollings. Then, we introduce alternative simulation-based algorithms that allow exploiting short loops effectively, generating SAT queries whose satisfiability guarantees the outcome of the original model checking problem. We also report empirical evaluation of the prototype implementation of our BMC techniques using Z3py.

Logic in Computer Science

Dingbao XIE,Yuexiang ZHOU,Lei BU,Linzhang WANG,Xuandong LI

DOI: https://doi.org/10.1360/N112016-00042

2017-01-01

Abstract:Hybrid systems include both discrete and continuous behavior and are widely used to model control systems.The reachability analysis of its unsafe state is an important method for guaranteeing the safety of a system.However,the current techniques do not scale well to the problems of practical interest.Due to the synchronization of components and the combinatorial explosion of state space,the reachability analysis of compositional linear hybrid system is extremely complex.In order to reduce the complexity,a path-oriented approach was proposed in a previous work,which conducted bounded reachability analysis of a compositional linear hybrid system.By enumerating and verifying each potential path one by one,the size of the problem that can be solved will be increased substantially.This path-oriented approach will become quite inefficient due to a sharp increase in the number of candidate paths when analyzing complex systems.The path explosion problem in model checking is also famous.To solve this problem,we propose a state-space reduction technique,which accelerates the verification process.We propose a method to locate the cause of infeasibility,when a composed infeasible path segment after a path set is proved to be infeasible.As we can simply falsify a path set that contains a composed infeasible path segment,the number of candidate paths can be reduced significantly.Furthermore,to avoid such composed path segments efficiently,we propose an approach based on satisfiability modulo theories (SMT),to traverse the bounded graph structure of the composed linear hybrid system.The results of the experiment show that the performance of the path-oriented bounded reachability analysis can be optimized significantly and that the overall performance of the proposed approach is better than that of the state-of-the-art competitor.

Lei Bu,Hui Jiang,Xin Chen,Enyi Tang,Xuandong Li

DOI: https://doi.org/10.1007/978-3-030-01461-2_5

2018-01-01

Abstract:Linear Hybrid Automata (LHA) is a natural modeling language for real-time embedded systems. However, due to the existences of both discrete and continuous behaviors, formal analysis of LHA is recognized as a very challenging task. Despite decades of active research, the kinds of LHA problems that can be efficiently analyzed is rather limited. On the other hand, Labelled Linear Transition System (LTS) is a widely used modeling language to describe the state changes of the system before and after certain transitions. Lots of research efforts have been devoted into the verification of LTS models. Many off-the-shelf formal techniques and tools are available for analyzing different kinds of problems for LTS systems. In this paper, we propose to express an LHA as an equivalent LTS model explicitly. Then, we can take advantage of all the off-the-shelf formal checkers of LTS to answer different problems of the LHA model. A prototype tool HAT is implemented under this idea. By integrating typical LTS checkers like ARMC and Interproc, we conduct considerably difficult checking problems like reachability verification, termination analysis, and invariant generation of LHA successfully and efficiently. It shows the open possibility of analyzing more kinds of difficult problems of LHA by LTS checkers easily in the future.

Luan V. Nguyen,Wesam Haddad,Taylor T. Johnson

DOI: https://doi.org/10.4204/EPTCS.361.4

2022-07-14

Abstract:Satisfiability Modulo Theories (SMT) solvers have been successfully applied to solve many problems in formal verification such as bounded model checking (BMC) for many classes of systems from integrated circuits to cyber-physical systems. Typically, BMC is performed by checking satisfiability of a possibly long, but quantifier-free formula. However, BMC problems can naturally be encoded as quantified formulas over the number of BMC steps. In this approach, we then use decision procedures supporting quantifiers to check satisfiability of these quantified formulas. This approach has previously been applied to perform BMC using a Quantified Boolean Formula (QBF) encoding for purely discrete systems, and then discharges the QBF checks using QBF solvers. In this paper, we present a new quantified encoding of BMC for rectangular hybrid automata (RHA), which requires using more general logics due to the real (dense) time and real-valued state variables modeling continuous states. We have implemented a preliminary experimental prototype of the method using the HyST model transformation tool to generate the quantified BMC (QBMC) queries for the Z3 SMT solver. We describe experimental results on several timed and hybrid automata benchmarks, such as the Fischer and Lynch-Shavit mutual exclusion algorithms. We compare our approach to quantifier-free BMC approaches, such as those in the dReach tool that uses the dReal SMT solver, and the HyComp tool built on top of nuXmv that uses the MathSAT SMT solver. Based on our promising experimental results, QBMC may in the future be an effective and scalable analysis approach for RHA and other classes of hybrid automata as further improvements are made in quantifier handling in SMT solvers such as Z3.

Logic in Computer Science,Formal Languages and Automata Theory,Symbolic Computation

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1007/978-3-540-72863-4_31

2007-01-01

Abstract:Bounded Model Checking (BMC) based on SAT is a complementary technique to BDD-based Symbolic Model Checking, and it is useful for finding counterexamples of minimum length. However, for model checking of large real world systems, BMC is still limited by the state explosion problem, thus abstraction is essential. In this paper, BMC is implemented on a higher abstraction level - Register Transfer Level (RTL) within an abstraction framework of symbolic trajectory evaluation and hybrid three-valued SAT solving. An efficient SAT solver for RTL circuits is presented, and it is modified into a three-valued solver for the cooperative BMC application. The experimental results comparing with the ordinary BMC without abstraction show the efficiency of our method.

Yu Pei,Xuandong Li,Guoliang ZHENG

DOI: https://doi.org/10.1360/crad20050105

2005-01-01

Journal of Computer Research and Development

Abstract:Hybrid systems are real-time systems that allow both continuous state changes over time periods of positive durations and discrete state changes in zero time. Being an important subclass of hybrid systems, linear hybrid systems are usually modeled using linear hybrid automata. Linear hybrid automata are undecidable in general, but for a subclass of linear hybrid automata called positive loop-closed automata, the satisfaction problem for linear duration properties can be solved by linear programming. To support automatic checking of linear hybrid automata for linear duration properties, a tool named LDPChecker implementing the checking algorithm has been developed. The tool LDPChecker can identify positive loop-closed automaton and perform checking on it. Its key features includes its ability to check real-time and hybrid system for many real-time properties including reachability property, and to generate diagnostic information automatically.

XD Li,JH Zhao,Y Pei,Y Li,T Zheng,GL Zheng

DOI: https://doi.org/10.1016/s1567-8326(02)00024-3

2002-01-01

Abstract:The model-checking problem for real-time and hybrid systems is very difficult, even for a well-formed class of hybrid systems—the class of linear hybrid automata—the problem is still undecidable in general. So an important question for the analysis and design of real-time and hybrid systems is the identification of subclasses of such systems and corresponding restricted classes of analysis problems that can be settled algorithmically. In this paper, we show that for a class of linear hybrid automata called positive loop-closed automata, the satisfaction problem for linear duration properties can be solved by linear programming. We extend the traditional regular expressions with duration constraints and use them as a language to describe the behaviour of this class of linear hybrid automata. The extended notation is called duration-constrained regular expressions. Based on this formalism, we show that the model-checking problem can be reduced formally to linear programs.