Formal Aspects of Computing

, Volume 28, Issue 3, pp 345–379

Component-wise incremental LTL model checking

  • Vince Molnár
  • András Vörös
  • Dániel Darvas
  • Tamás Bartha
  • István Majzik
Original Article

Abstract

Efficient symbolic and explicit-state model checking approaches have been developed for the verification of linear time temporal logic (LTL) properties. Several attempts have been made to combine the advantages of the various algorithms. Model checking LTL properties usually poses two challenges: one must compute the synchronous product of the state space and the automaton model of the desired property, then look for counterexamples that is reduced to finding strongly connected components (SCCs) in the state space of the product. In case of concurrent systems, where the phenomenon of state space explosion often prevents the successful verification, the so-called saturation algorithm has proved its efficiency in state space exploration. This paper proposes a new approach that leverages the saturation algorithm both as an iteration strategy constructing the product directly, as well as in a new fixed-point computation algorithm to find strongly connected components on-the-fly by incrementally processing the components of the model. Complementing the search for SCCs, explicit techniques and component-wise abstractions are used to prove the absence of counterexamples. The resulting on-the-fly, incremental LTL model checking algorithm proved to scale well with the size of models, as the evaluation on models of the Model Checking Contest suggests.

Keywords

Symbolic model checking LTL Saturation Component-wise abstraction SCC computation Incremental algorithm 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. BZC99.
    Biere A, Zhu Y, Clarke EM (1999) Multiple state and single state tableaux for combining local and global model checking. In: Olderog E-R, Steffen B (eds) Correct system design, Lecture notes in computer science, vol 1710. Springer, Berlin, pp 163–179Google Scholar
  2. BCCZ99.
    Biere A, Cimatti A, Clarke EM, Zhu Y (1999) Symbolic model checking without BDDs. In: Cleaveland WR (ed) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 1579. Springer, Berlin, pp 193–207Google Scholar
  3. Bry86.
    Bryant RE (1986) Graph-based algorithms for Boolean function manipulation. IEEE Trans Comput C-35 8: 677–691CrossRefMATHGoogle Scholar
  4. BSHZ11.
    Bradley AR, Somenzi F, Hassan Z, Zhang Y (2011) An incremental approach to model checking progress properties. In: Bjesse P, Slobodová A (eds) Proceedings of the international conference on formal methods in computer-aided design. FMCAD Inc, pp 144–153Google Scholar
  5. Büc62.
    Büchi JR (1962) On a decision method in restricted second order arithmetic. In: Nagel E, Suppes P, Tarski A (eds) Proceedings of the 1960 international congress on logic, methodology and philosophy of science. Stanford University Press, Stanford, pp 1–11Google Scholar
  6. BCM+92.
    Burch JR, Clarke EM, McMillan KL, Dill DL, Hwang LJ (1992) Symbolic model checking: 1020 states and beyond. Inf Comput 98(2): 142–170MathSciNetCrossRefMATHGoogle Scholar
  7. CCD+14.
    Cavada R, Cimatti A, Dorigatti M, Mariotti A, Micheli A, Mover S, Griggio A, Roveri M, Tonetta S (2014) The nuXmv symbolic model checker. Technical report, Fondazione Bruno KesslerGoogle Scholar
  8. CCG+02.
    Cimatti A, Clarke E, Giunchiglia E, Giunchiglia F, Pistore M, Roveri M, Sebastiani R, Tacchella T (2002) NuSMV 2: an opensource tool for symbolic model checking. In: Brinksma E, Larsen KG (eds) Computer aided verification, Lecture notes in computer science, vol 2404. Springer, Berlin, pp 359–364Google Scholar
  9. CLS01.
    Ciardo G, Lüttgen G, Siminiceanu R (2001) Saturation: an efficient iteration strategy for symbolic state space generation. In: Margaria T, Yi W (eds) Tools and algorithms for the construction and analysis of systems, vol 2031 of Lecture notes in computer science. Springer, Berlin, pp 328–342Google Scholar
  10. CMS03.
    Ciardo G, Marmorstein R, Siminiceanu R (2003) Saturation unbound. In: Garavel H, Hatcliff J (eds) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 2619. Springer, Berlin, pp 379–393Google Scholar
  11. CLY07.
    Ciardo G, Lüttgen G, Yu AJ (2007) Improving static variable orders via invariants. In: Kleijn J, Yakovlev A (eds) Petri nets and other models of concurrency – ICATPN 2007, Lecture Notes in Computer Science, vol 4546. Springer, Berlin, pp 83–103Google Scholar
  12. CMS06.
    Ciardo G, Marmorstein R, Siminiceanu R (2006) The saturation algorithm for symbolic state-space exploration. Int J Softw Tools Technol Transf 8(1): 4–25CrossRefGoogle Scholar
  13. CGH97.
    Clarke EM, Grumberg O, Hamaguchi K (1997) Another look at LTL model checking. Formal Methods Syst Des 10(1): 47–71CrossRefGoogle Scholar
  14. CGP99.
    Clarke EM, Grumberg O, Peled DA (1999) Model checking. MIT Press, CambridgeGoogle Scholar
  15. CMCH96.
    Clarke EM, McMillan KL, Campos SV, Hartonas-Garmhausen V (1996) Symbolic model checking. In: Alur R, Henzinger TA (eds) Computer aided verification, Lecture notes in computer science, vol 1102. Springer, Berlin, pp 419–422Google Scholar
  16. CGJ+00.
    Clarke E, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Emerson EA, Sistla AP (eds) Computer aided verification, Lecture notes in computer science, vol 1855. Springer, Berlin, pp 154–169Google Scholar
  17. CVWY91.
    Courcoubetis CA, Vardi MY, Wolper P, Yannakakis M (1991) Memory efficient algorithms for the verification of temporal properties. In: Clarke EM, Kurshan RP (eds) Computer-aided verification, Lecture notes in computer science, vol 531. Springer, Berlin, pp 233–242Google Scholar
  18. DP04.
    Duret-Lutz A, Poitrenaud D (2004) SPOT: an extensible model checking library using transition-based generalized Büchi automata. In: Proceedings of the IEEE international symposium on modeling, analysis, and simulation of computer and telecommunications systems, pp 76–83Google Scholar
  19. DKPT11a.
    Duret-Lutz A, Klai K, Poitrenaud D, Thierry-Mieg Y (2011) Combining explicit and symbolic approaches for better on-the-fly LTL model checking. CoRR, abs/1106.5700. http://arxiv.org/abs/1106.5700
  20. DKPT11b.
    Duret-Lutz A, Klai K, Poitrenaud D, Thierry-Mieg Y (2011) Self-loop aggregation product—a new hybrid approach to on-the-fly LTL model checking. In: Bultan T, Hsiung P-A (eds) Automated technology for verification and analysis, Lecture notes in computer science, vol 6996. Springer, Berlin, pp 336–350Google Scholar
  21. EC80.
    Emerson EA, Clarke EM (1980) Characterizing correctness properties of parallel programs using fixpoints. In: Bakker J, Leeuwen J (eds) Automata, languages and programming, Lecture notes in computer science, vol 85. Springer, Berlin, pp 169–181Google Scholar
  22. GO01.
    Gastin P, Oddoux D (2001) Fast LTL to Büchi automata translation. In: Berry G, Comon H, Finkel A (eds) Computer aided verification, Lecture notes in computer science, vol 2102. Springer, Berlin, pp 53–65Google Scholar
  23. GPVW95.
    Gerth R, Peled D, Vardi MY, Wolper P (1995) Simple on-the-fly automatic verification of linear temporal logic. In: Dembinski P, Sredniawa M (eds) Proceedings of the international symposium on protocol specification, testing and verification. Chapman & Hall, Ltd, pp 3–18Google Scholar
  24. God96.
    Godefroid P (1996) Partial-order methods for the verification of concurrent systems: an approach to the state-explosion problem. Springer, SecaucusCrossRefMATHGoogle Scholar
  25. HIK04.
    Haddad S, Ilié J-M, Klai K (2004) Design and evaluation of a symbolic and abstraction-based model checker. In: Wang F (ed) Automated technology for verification and analysis, Lecture notes in computer science, vol 3299. Springer, Berlin, pp 196–210Google Scholar
  26. HJMS02.
    Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 58–70Google Scholar
  27. HKK+09.
    Hillah LM, Kindler E, Kordon F, Petrucci L, Treves N et al (2009) A primer on the Petri Net Markup Language and ISO/IEC 15909-2. Petri Net Newsl 76:9–28Google Scholar
  28. HPY97.
    Holzmann GJ, Peled D, Yannakakis M (1997) On nested depth first search. In: Holzmann GJ, Grégoire J-C, Peled D-A (eds) The spin verification system, DIMACS series in discretemathematics and theoretical computer science, vol 32. AMS, pp 81–89Google Scholar
  29. KP08.
    Klai K, Poitrenaud D (2008) MC-SOG: An LTL model checker based on symbolic observation graphs. In: Hee KM, Valk R (eds) Applications and theory of Petri nets, Lecture notes in computer science, vol 5062. Springer, Berlin, pp 288–306Google Scholar
  30. Kri63.
    Kripke SA (1963) Semantical considerations on modal logic. Acta Philos Fenn 16: 83–94MathSciNetMATHGoogle Scholar
  31. MP92.
    Manna Z, Pnueli A (1992) The temporal logic of reactive and concurrent systems. Springer, New YorkCrossRefMATHGoogle Scholar
  32. McM92.
    McMillan KL (1992) Symbolic model checking: an approach to the state explosion problem. PhD thesis, Carnegie Mellon University, UMI Order No. GAX92-24209Google Scholar
  33. McM03.
    McMillan KL (2003) Interpolation and SAT-based model checking. In: Hunt WA, Jr, Somenzi F (eds) Lecture notes in computer science, vol 2725, pp 1–13Google Scholar
  34. MD98.
    Miller DM, Drechsler R (1998) Implementing a multiple-valued decision diagram package. In: Proceedings of the 28th IEEE international symposium on multiple-valued logic, pp 52–57Google Scholar
  35. MDVB15.
    Molnár V, Darvas D, Vörös A, Bartha T (2015) Saturation-based incremental LTL model checking with inductive proofs. In: Baier C, Tinelli C (eds) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 9035. Springer, Berlin, pp 643–657Google Scholar
  36. Mur89.
    Murata T (1989) Petri nets: properties, analysis and applications. Proc IEEE 77(4): 541–580CrossRefGoogle Scholar
  37. Pel98.
    Peled D (1998) Ten years of partial order reduction. In: Hu AJ, Vardi MY (eds) Computer aided verification, Lecture notes in computer science, vol 1427. Springer, Berlin, pp 17–28Google Scholar
  38. Pnu77.
    Pnueli A (1977) The temporal logic of programs. In: Proceedings of the 18th annual symposium on foundations of computer science. IEEE Computer Society, pp 46–57Google Scholar
  39. STV05.
    Sebastiani R, Tonetta S, Vardi MY (2005) Symbolic systems, explicit properties: on hybrid approaches for LTL symbolic model checking. In: Etessami K, Rajamani SK (eds) Computer aided verification, Lecture notes in computer science, vol 3576. Springer, Berlin, pp 350–363Google Scholar
  40. SSS00.
    Sheeran M, Singh S, Stålmarck G (2000) Checking safety properties using induction and a SAT-solver. In: Hunt WA, Johnson SD (eds) Formal methods in computer-aided design, Lecture notes in computer science, vol 1954. Springer, Berlin, pp 108–125Google Scholar
  41. SC06.
    Siminiceanu RI, Ciardo G (2006) New metrics for static variable ordering in decision diagrams. In: Hermanns H, Palsberg J (eds) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 3920. Springer, Berlin, pp 90–104Google Scholar
  42. SRB02.
    Somenzi v, Ravi K, Bloem R (2002) Analysis of symbolic SCC hull algorithms. In: Aagaard MD, O’Leary JW (eds) Formal methods in computer-aided design, Lecture notes in computer science, vol 2517. Springer, Berlin, pp 88–105Google Scholar
  43. SBJ14.
    Szpyrka M, Biernacka A, Jerzy B (2014) Methods of translation of Petri nets to NuSMV language. In: Popova-Zeugmann L (ed) Concurrency, specification and programming, CEUR workshop proceedings, vol 1269, pp 245–256Google Scholar
  44. Tar72.
    Tarjan R (1972) Depth-first search and linear graph algorithms. SIAM J Comput 1(2): 146–160MathSciNetCrossRefMATHGoogle Scholar
  45. TMIP04.
    Thierry-Mieg Y, Ilié J-M, Poitrenaud D (2004) A symbolic symbolic state space representation. In: Frutos-Escrig D, Núñez M (eds) Formal techniques for networked and distributed systems – FORTE 2004, Lecture notes in computer science, vol 3235. Springer, Berlin, pp 276–291Google Scholar
  46. Var96.
    Vardi MY (1996) An automata-theoretic approach to linear temporal logic. In: Moller F, Birtwistle G (eds) Logics for concurrency, Lecture notes in computer science, vol 1043. Springer, Berlin, pp 238–266Google Scholar
  47. VW86.
    Vardi MY, Wolper P (1986) An automata-theoretic approach to automatic program verification. In: Proceedings of the symposium on logic in computer science. IEEE Computer Society, pp 332–344Google Scholar
  48. WBH+06.
    Wang C, Bloem R, Hachtel GD, Ravi K, Somenzi F (2006) Compositional SCC analysis for language emptiness. Form Methods Syst Des 28(1): 5–36CrossRefMATHGoogle Scholar
  49. ZC09.
    Zhao Y, Ciardo G (2009) Symbolic CTL model checking of asynchronous systems using constrained saturation. In: Liu Z, Ravn AP (eds) Automated technology for verification and analysis, Lecture notes in computer science, vol 5799. Springer, Berlin, pp 368–381Google Scholar
  50. ZC11.
    Zhao Y, Ciardo G (2011) Symbolic computation of strongly connected components and fair cycles using saturation. Innov Syst Softw Eng 7(2): 141–150CrossRefGoogle Scholar

Copyright information

© British Computer Society 2015

Authors and Affiliations

  • Vince Molnár
    • 1
  • András Vörös
    • 1
  • Dániel Darvas
    • 1
  • Tamás Bartha
    • 2
  • István Majzik
    • 1
  1. 1.Department of Measurement and Information SystemsBudapest University of Technology and EconomicsBudapestHungary
  2. 2.Institute for Computer Science and ControlHungarian Academy of SciencesBudapestHungary

Personalised recommendations