Directed explicit-state model checking in the validation of communication protocols

  • Stefan EdelkampEmail author
  • Stefan LeueEmail author
  • Alberto Lluch-LafuenteEmail author
Regular contribution


The success of model checking is largely based on its ability to efficiently locate errors in software designs. If an error is found, a model checker produces a trail that shows how the error state can be reached, which greatly facilitates debugging. However, while current model checkers find error states efficiently, the counterexamples are often unnecessarily lengthy, which hampers error explanation. This is due to the use of “naive” search algorithms in the state space exploration.

In this paper we present approaches to the use of heuristic search algorithms in explicit-state model checking. We present the class of A* directed search algorithms and propose heuristics together with bitstate compression techniques for the search of safety property violations. We achieve great reductions in the length of the error trails, and in some instances render problems analyzable by exploring a much smaller number of states than standard depth-first search. We then suggest an improvement of the nested depth-first search algorithm and show how it can be used together with A* to improve the search for liveness property violations. Our approach to directed explicit-state model checking has been implemented in a tool set called HSF-SPIN. We provide experimental results from the protocol validation domain using HSF-SPIN.


Model checking Directed search Protocol validation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Behrmann, G., Fehnker, A., Hune, T., Larsen, K.G., Petterson, P., Romijn, J., Vaandrager, F.W.: Efficient guiding towards cost-imality in uppaal. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Lecture Notes in Computer Science, vol. 2031. Springer, 2001 Google Scholar
  2. 2.
    Bertoli, P., Cimatti, A., Roveri, M.: Heuristic search symbolic model checking = efficient conformant planning. In: International Joint Conference on Artificial Intelligence (IJCAI), 2001 Google Scholar
  3. 3.
    Biere, A.: μcke - efficient μ-calculus model checking. In: Computer Aided Verification (CAV), 1997, pp. 468–471 Google Scholar
  4. 4.
    Bloem, R., Ravi, K., Somenzi, F.: Symbolic guided search for CTL model checking. In: Design Automation Conference (DAC). ACM/IEEE, 2000, pp. 29–34 Google Scholar
  5. 5.
    Brand, D., Zafiropulo, P.: On communicating finite-state machines. Journal of the ACM, 30(2): 323–342, Apr 1983 Google Scholar
  6. 6.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, 2000 Google Scholar
  7. 7.
    Cobleigh, J.M., Clarke, L.A., Osterweil, L.J.: The right algorithm at the right time: Comparing data flow analysis algorithms for finite s tate verification. In: 23rd International Conference on Software Engineering (ICSE). IEEE Computer Society, 2001, pp. 37–46 Google Scholar
  8. 8.
    Cormen, T.H., Leiserson, C.E., Rivest, R.L.: Introduction to Algorithms. The MIT Press, 1990 Google Scholar
  9. 9.
    Dijkstra, E.W.: A note on two problems in connection with graphs. Numerische Mathematik, 1: 269–271, 1959 Google Scholar
  10. 10.
    Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: 21st International Conference on Software Engineering (ICSE). IEEE Computer Society, 1999, pp. 411–420 Google Scholar
  11. 11.
    Edelkamp, S.: Data Structures, and Learning Algorithms in State Space Search. PhD thesis, University of Freiburg, 1999. Infix. Google Scholar
  12. 12.
    Edelkamp, S., Lluch-Lafuente, A., Leue, S.: Directed explicit model checking with HSF-SPIN. In: 8th International SPIN Workshop on Model Checking Software, Lecture Notes in Computer Science 2057. Springer Verlag, 2001 Google Scholar
  13. 13.
    Edelkamp, S., Lluch-Lafuente, A., Leue, S.: Protocol verification with heuristic search. In: AAAI Symposium on Model-based Validation of Intelligence, 2001 Google Scholar
  14. 14.
    Edelkamp, S., Lluch-Lafuente, A., Leue, S.: Trail-directed model checking. In: Workshop on Software Model Checking, Electrical Notes in Theoretical Computer Science. Elsevier, 2001 Google Scholar
  15. 15.
    Edelkamp, S., Reffel, F.: OBDDs in heuristic search. In: German Conference on Artificial Intelligence (KI), 1998, pp. 81–92 Google Scholar
  16. 16.
    Edelkamp, S., Schrödl, S.: Localizing A*. In: National Conference on Artificial Intelligence (AAAI), 2000, pp. 885–890 Google Scholar
  17. 17.
    Gouda, M.G.: Protocol verification made simple: a tutorial. Computer Networks and ISDN Systems, 25(9): 969–980, 1993 Google Scholar
  18. 18.
    Groce, A., Visser, W.: Model checking java programs using structural heuristics. In: International Symposium on Software Testing and Analysis (ISSTA). ACM Press, 2002 Google Scholar
  19. 19.
    Hart, P.E., Nilsson, N.J., Raphael, B.: A formal basis for heuristic determination of minimum path cost. IEEE Transactions on on Systems Science and Cybernetics, 4: 100–107, 1968 Google Scholar
  20. 20.
    Holzmann, G.J.: Design and Validation of Computer Protocols. Prentice Hall, 1990 Google Scholar
  21. 21.
    Holzmann, G.J.: The model checker Spin. IEEE Transactions on Software Engineering, Special issue on Formal Methods in Software Practice, 23(5):279–295, May 1997 Google Scholar
  22. 22.
    Kamel, M., Leue, S.: Formalization and validation of the general inter-orb protocol (GIOP) using Promela and SPIN. In: Software Tools for Technology Transfer (STTT), 2: 394–409, 2000 Google Scholar
  23. 23.
    Kamel, M., Leue, S.: Vip: A visual editor and compiler for v-promela. In: 6th International Conference, Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Lecture Notes in Computer Science, vol. 1785. Springer, 2000, pp. 471–486 Google Scholar
  24. 24.
    Korf, R.E.: Depth-first iterative-deepening: An optimal admissible tree search. International Joint Conference on Artificial Intelligence (IJCAI), 27(1): 97–109, 1985 Google Scholar
  25. 25.
    Lin, F.J., Chu, P.M., Liu, M.T.: Protocol verification using reachability analysis: the state space explosion problem and relief strategies. In: ACM SIGCOMM, 1987, pp. 126–135 Google Scholar
  26. 26.
    Lluch-Lafuente, A., Leue, S., Edelkamp, S.: Partial order reduction in directed model checking. In: SPIN Workshop on Model Checking Software, Lecture Notes in Computer Science, vol. 2318. Springer, 2002, pp. 112–127 Google Scholar
  27. 27.
    Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer-Verlag, 1992 Google Scholar
  28. 28.
    McMillan, K.L.: Symbolic Model Checking. Kluwer Academic Press, 1993 Google Scholar
  29. 29.
    McVitie, D.G., Wilson, L.B.: The stable marriage problem. Communications of the ACM, 14(7): 486–492, 1971 Google Scholar
  30. 30.
    Muller, D.E., Saoudi, A., Schnupp, P.E.: Alternating automata. The weak monadic theory of the tree, its complexity. In: Laurent Kott (ed.) International Colloquium on Automata, Languages and Programming. Springer, 1986, pp. 275–283 Google Scholar
  31. 31.
    Khurshid, S, Khurshid, P.: Exploring very large state spaces using genetic algorithms. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS), Lecture Notes in Computer Science, vol. 2280. Springer, 2002, pp. 266–280 Google Scholar
  32. 32.
    Reffel, F., Edelkamp, S.: Error detection with directed symbolic model checking. In: World Congress on Formal Methods. Springer, 1999, pp. 195–211 Google Scholar
  33. 33.
    Somenzi, F., Bloem, R.: Efficient buchi automata from LTL formulae. In: Computer Aided Verification, 2000 Google Scholar
  34. 34.
    Visser, W., Barringer, H.: Practical CTL* model checking: Should SPIN be extended? Int J Softw Tools Technol Transfer 2(4): 350–365, 2000 CrossRefGoogle Scholar
  35. 35.
    Yang, C.H., Dill, D.L.: Validation with guided search of the state space. In: Design Automatin Conference (DAC). ACM/IEEE, 1998, pp. 599–604Google Scholar

Copyright information

© Springer-Verlag 2003

Authors and Affiliations

  1. 1.Institut für InformatikAlbert-Ludwigs-Universität FreiburgFreiburgGermany

Personalised recommendations