Component-wise incremental LTL model checking

Abstract

Efficient symbolic and explicit-state model checking approaches have been developed for the verification of linear time temporal logic (LTL) properties. Several attempts have been made to combine the advantages of the various algorithms. Model checking LTL properties usually poses two challenges: one must compute the synchronous product of the state space and the automaton model of the desired property, then look for counterexamples that is reduced to finding strongly connected components (SCCs) in the state space of the product. In case of concurrent systems, where the phenomenon of state space explosion often prevents the successful verification, the so-called saturation algorithm has proved its efficiency in state space exploration. This paper proposes a new approach that leverages the saturation algorithm both as an iteration strategy constructing the product directly, as well as in a new fixed-point computation algorithm to find strongly connected components on-the-fly by incrementally processing the components of the model. Complementing the search for SCCs, explicit techniques and component-wise abstractions are used to prove the absence of counterexamples. The resulting on-the-fly, incremental LTL model checking algorithm proved to scale well with the size of models, as the evaluation on models of the Model Checking Contest suggests.

This is a preview of subscription content, access via your institution.

References

  1. BZC99

    Biere A, Zhu Y, Clarke EM (1999) Multiple state and single state tableaux for combining local and global model checking. In: Olderog E-R, Steffen B (eds) Correct system design, Lecture notes in computer science, vol 1710. Springer, Berlin, pp 163–179

    Google Scholar 

  2. BCCZ99

    Biere A, Cimatti A, Clarke EM, Zhu Y (1999) Symbolic model checking without BDDs. In: Cleaveland WR (ed) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 1579. Springer, Berlin, pp 193–207

    Google Scholar 

  3. Bry86

    Bryant RE (1986) Graph-based algorithms for Boolean function manipulation. IEEE Trans Comput C-35 8: 677–691

    Article  MATH  Google Scholar 

  4. BSHZ11

    Bradley AR, Somenzi F, Hassan Z, Zhang Y (2011) An incremental approach to model checking progress properties. In: Bjesse P, Slobodová A (eds) Proceedings of the international conference on formal methods in computer-aided design. FMCAD Inc, pp 144–153

  5. Büc62

    Büchi JR (1962) On a decision method in restricted second order arithmetic. In: Nagel E, Suppes P, Tarski A (eds) Proceedings of the 1960 international congress on logic, methodology and philosophy of science. Stanford University Press, Stanford, pp 1–11

    Google Scholar 

  6. BCM+92

    Burch JR, Clarke EM, McMillan KL, Dill DL, Hwang LJ (1992) Symbolic model checking: 1020 states and beyond. Inf Comput 98(2): 142–170

    MathSciNet  Article  MATH  Google Scholar 

  7. CCD+14

    Cavada R, Cimatti A, Dorigatti M, Mariotti A, Micheli A, Mover S, Griggio A, Roveri M, Tonetta S (2014) The nuXmv symbolic model checker. Technical report, Fondazione Bruno Kessler

  8. CCG+02

    Cimatti A, Clarke E, Giunchiglia E, Giunchiglia F, Pistore M, Roveri M, Sebastiani R, Tacchella T (2002) NuSMV 2: an opensource tool for symbolic model checking. In: Brinksma E, Larsen KG (eds) Computer aided verification, Lecture notes in computer science, vol 2404. Springer, Berlin, pp 359–364

    Google Scholar 

  9. CLS01

    Ciardo G, Lüttgen G, Siminiceanu R (2001) Saturation: an efficient iteration strategy for symbolic state space generation. In: Margaria T, Yi W (eds) Tools and algorithms for the construction and analysis of systems, vol 2031 of Lecture notes in computer science. Springer, Berlin, pp 328–342

    Google Scholar 

  10. CMS03

    Ciardo G, Marmorstein R, Siminiceanu R (2003) Saturation unbound. In: Garavel H, Hatcliff J (eds) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 2619. Springer, Berlin, pp 379–393

    Google Scholar 

  11. CLY07

    Ciardo G, Lüttgen G, Yu AJ (2007) Improving static variable orders via invariants. In: Kleijn J, Yakovlev A (eds) Petri nets and other models of concurrency – ICATPN 2007, Lecture Notes in Computer Science, vol 4546. Springer, Berlin, pp 83–103

    Google Scholar 

  12. CMS06

    Ciardo G, Marmorstein R, Siminiceanu R (2006) The saturation algorithm for symbolic state-space exploration. Int J Softw Tools Technol Transf 8(1): 4–25

    Article  Google Scholar 

  13. CGH97

    Clarke EM, Grumberg O, Hamaguchi K (1997) Another look at LTL model checking. Formal Methods Syst Des 10(1): 47–71

    Article  Google Scholar 

  14. CGP99

    Clarke EM, Grumberg O, Peled DA (1999) Model checking. MIT Press, Cambridge

    Google Scholar 

  15. CMCH96

    Clarke EM, McMillan KL, Campos SV, Hartonas-Garmhausen V (1996) Symbolic model checking. In: Alur R, Henzinger TA (eds) Computer aided verification, Lecture notes in computer science, vol 1102. Springer, Berlin, pp 419–422

    Google Scholar 

  16. CGJ+00

    Clarke E, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Emerson EA, Sistla AP (eds) Computer aided verification, Lecture notes in computer science, vol 1855. Springer, Berlin, pp 154–169

    Google Scholar 

  17. CVWY91

    Courcoubetis CA, Vardi MY, Wolper P, Yannakakis M (1991) Memory efficient algorithms for the verification of temporal properties. In: Clarke EM, Kurshan RP (eds) Computer-aided verification, Lecture notes in computer science, vol 531. Springer, Berlin, pp 233–242

    Google Scholar 

  18. DP04

    Duret-Lutz A, Poitrenaud D (2004) SPOT: an extensible model checking library using transition-based generalized Büchi automata. In: Proceedings of the IEEE international symposium on modeling, analysis, and simulation of computer and telecommunications systems, pp 76–83

  19. DKPT11a

    Duret-Lutz A, Klai K, Poitrenaud D, Thierry-Mieg Y (2011) Combining explicit and symbolic approaches for better on-the-fly LTL model checking. CoRR, abs/1106.5700. http://arxiv.org/abs/1106.5700

  20. DKPT11b

    Duret-Lutz A, Klai K, Poitrenaud D, Thierry-Mieg Y (2011) Self-loop aggregation product—a new hybrid approach to on-the-fly LTL model checking. In: Bultan T, Hsiung P-A (eds) Automated technology for verification and analysis, Lecture notes in computer science, vol 6996. Springer, Berlin, pp 336–350

    Google Scholar 

  21. EC80

    Emerson EA, Clarke EM (1980) Characterizing correctness properties of parallel programs using fixpoints. In: Bakker J, Leeuwen J (eds) Automata, languages and programming, Lecture notes in computer science, vol 85. Springer, Berlin, pp 169–181

    Google Scholar 

  22. GO01

    Gastin P, Oddoux D (2001) Fast LTL to Büchi automata translation. In: Berry G, Comon H, Finkel A (eds) Computer aided verification, Lecture notes in computer science, vol 2102. Springer, Berlin, pp 53–65

    Google Scholar 

  23. GPVW95

    Gerth R, Peled D, Vardi MY, Wolper P (1995) Simple on-the-fly automatic verification of linear temporal logic. In: Dembinski P, Sredniawa M (eds) Proceedings of the international symposium on protocol specification, testing and verification. Chapman & Hall, Ltd, pp 3–18

    Google Scholar 

  24. God96

    Godefroid P (1996) Partial-order methods for the verification of concurrent systems: an approach to the state-explosion problem. Springer, Secaucus

    Google Scholar 

  25. HIK04

    Haddad S, Ilié J-M, Klai K (2004) Design and evaluation of a symbolic and abstraction-based model checker. In: Wang F (ed) Automated technology for verification and analysis, Lecture notes in computer science, vol 3299. Springer, Berlin, pp 196–210

    Google Scholar 

  26. HJMS02

    Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on principles of programming languages. ACM, New York, pp 58–70

  27. HKK+09

    Hillah LM, Kindler E, Kordon F, Petrucci L, Treves N et al (2009) A primer on the Petri Net Markup Language and ISO/IEC 15909-2. Petri Net Newsl 76:9–28

  28. HPY97

    Holzmann GJ, Peled D, Yannakakis M (1997) On nested depth first search. In: Holzmann GJ, Grégoire J-C, Peled D-A (eds) The spin verification system, DIMACS series in discretemathematics and theoretical computer science, vol 32. AMS, pp 81–89

  29. KP08

    Klai K, Poitrenaud D (2008) MC-SOG: An LTL model checker based on symbolic observation graphs. In: Hee KM, Valk R (eds) Applications and theory of Petri nets, Lecture notes in computer science, vol 5062. Springer, Berlin, pp 288–306

    Google Scholar 

  30. Kri63

    Kripke SA (1963) Semantical considerations on modal logic. Acta Philos Fenn 16: 83–94

    MathSciNet  MATH  Google Scholar 

  31. MP92

    Manna Z, Pnueli A (1992) The temporal logic of reactive and concurrent systems. Springer, New York

    Google Scholar 

  32. McM92

    McMillan KL (1992) Symbolic model checking: an approach to the state explosion problem. PhD thesis, Carnegie Mellon University, UMI Order No. GAX92-24209

  33. McM03

    McMillan KL (2003) Interpolation and SAT-based model checking. In: Hunt WA, Jr, Somenzi F (eds) Lecture notes in computer science, vol 2725, pp 1–13

  34. MD98

    Miller DM, Drechsler R (1998) Implementing a multiple-valued decision diagram package. In: Proceedings of the 28th IEEE international symposium on multiple-valued logic, pp 52–57

  35. MDVB15

    Molnár V, Darvas D, Vörös A, Bartha T (2015) Saturation-based incremental LTL model checking with inductive proofs. In: Baier C, Tinelli C (eds) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 9035. Springer, Berlin, pp 643–657

    Google Scholar 

  36. Mur89

    Murata T (1989) Petri nets: properties, analysis and applications. Proc IEEE 77(4): 541–580

    Article  Google Scholar 

  37. Pel98

    Peled D (1998) Ten years of partial order reduction. In: Hu AJ, Vardi MY (eds) Computer aided verification, Lecture notes in computer science, vol 1427. Springer, Berlin, pp 17–28

    Google Scholar 

  38. Pnu77

    Pnueli A (1977) The temporal logic of programs. In: Proceedings of the 18th annual symposium on foundations of computer science. IEEE Computer Society, pp 46–57

  39. STV05

    Sebastiani R, Tonetta S, Vardi MY (2005) Symbolic systems, explicit properties: on hybrid approaches for LTL symbolic model checking. In: Etessami K, Rajamani SK (eds) Computer aided verification, Lecture notes in computer science, vol 3576. Springer, Berlin, pp 350–363

    Google Scholar 

  40. SSS00

    Sheeran M, Singh S, Stålmarck G (2000) Checking safety properties using induction and a SAT-solver. In: Hunt WA, Johnson SD (eds) Formal methods in computer-aided design, Lecture notes in computer science, vol 1954. Springer, Berlin, pp 108–125

    Google Scholar 

  41. SC06

    Siminiceanu RI, Ciardo G (2006) New metrics for static variable ordering in decision diagrams. In: Hermanns H, Palsberg J (eds) Tools and algorithms for the construction and analysis of systems, Lecture notes in computer science, vol 3920. Springer, Berlin, pp 90–104

    Google Scholar 

  42. SRB02

    Somenzi v, Ravi K, Bloem R (2002) Analysis of symbolic SCC hull algorithms. In: Aagaard MD, O’Leary JW (eds) Formal methods in computer-aided design, Lecture notes in computer science, vol 2517. Springer, Berlin, pp 88–105

    Google Scholar 

  43. SBJ14

    Szpyrka M, Biernacka A, Jerzy B (2014) Methods of translation of Petri nets to NuSMV language. In: Popova-Zeugmann L (ed) Concurrency, specification and programming, CEUR workshop proceedings, vol 1269, pp 245–256

  44. Tar72

    Tarjan R (1972) Depth-first search and linear graph algorithms. SIAM J Comput 1(2): 146–160

    MathSciNet  Article  MATH  Google Scholar 

  45. TMIP04

    Thierry-Mieg Y, Ilié J-M, Poitrenaud D (2004) A symbolic symbolic state space representation. In: Frutos-Escrig D, Núñez M (eds) Formal techniques for networked and distributed systems – FORTE 2004, Lecture notes in computer science, vol 3235. Springer, Berlin, pp 276–291

    Google Scholar 

  46. Var96

    Vardi MY (1996) An automata-theoretic approach to linear temporal logic. In: Moller F, Birtwistle G (eds) Logics for concurrency, Lecture notes in computer science, vol 1043. Springer, Berlin, pp 238–266

    Google Scholar 

  47. VW86

    Vardi MY, Wolper P (1986) An automata-theoretic approach to automatic program verification. In: Proceedings of the symposium on logic in computer science. IEEE Computer Society, pp 332–344

  48. WBH+06

    Wang C, Bloem R, Hachtel GD, Ravi K, Somenzi F (2006) Compositional SCC analysis for language emptiness. Form Methods Syst Des 28(1): 5–36

    Article  MATH  Google Scholar 

  49. ZC09

    Zhao Y, Ciardo G (2009) Symbolic CTL model checking of asynchronous systems using constrained saturation. In: Liu Z, Ravn AP (eds) Automated technology for verification and analysis, Lecture notes in computer science, vol 5799. Springer, Berlin, pp 368–381

    Google Scholar 

  50. ZC11

    Zhao Y, Ciardo G (2011) Symbolic computation of strongly connected components and fair cycles using saturation. Innov Syst Softw Eng 7(2): 141–150

    Article  Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Vince Molnár.

Additional information

Stephan Merz, Jun Pang, and Jin Song Dong

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Molnár, V., Vörös, A., Darvas, D. et al. Component-wise incremental LTL model checking. Form Asp Comp 28, 345–379 (2016). https://doi.org/10.1007/s00165-015-0347-x

Download citation

Keywords

  • Symbolic model checking
  • LTL
  • Saturation
  • Component-wise abstraction
  • SCC computation
  • Incremental algorithm