Dynamic Cut-Off Algorithm for Parameterised Refinement Checking

  • Antti SiirtolaEmail author
  • Keijo Heljanko
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11222)


The verification of contemporary software systems is challenging, because they are heavily parameterised containing components, the number and connections of which cannot be a priori fixed. We consider the multi-parameterised verification of safety properties by refinement checking in the context of labelled transition systems (LTSs). The LTSs are parameterised by using first-order constructs, sorts, variables, and predicates, while preserving compositionality. This allows us to parameterise not only the number of replicated components but also the system topology, the connections between the components. We aim to solve a verification task in the parameterised LTS formalism by determining cut-offs for the parameters. As the main contribution, we convert this problem into the unsatisfiability of a first-order formula and provide a SAT modulo theories (SMT)-based semi-algorithm for dynamically, i.e., iteratively, computing the cut-offs. The algorithm will always terminate for topologies expressible in the \(\exists ^*\forall ^*\) fragment of first-order logic. It also enables us to consider systems with topologies beyond this fragment, but for these systems, the algorithm is not guaranteed to terminate. We have implemented the approach on top of the Z3 SMT solver and successfully applied it to several system models. As a running example, we consider the leader election phase of the Raft consensus algorithm and prove a cut-off of three servers which we conjecture to be the optimal one.


Labelled transition systems Refinement checking Safety properties Compositional verification Parameterized systems Cut-off First-order logic Satisfiability modulo theories 


  1. 1.
    Abadi, A., Rabinovich, A., Sagiv, M.: Decidable fragments of many-sorted logic. J. Symb. Comput. 45(2), 153–172 (2010)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Creese, S.J.: Data Independent Induction: CSP Model Checking of Arbitrary Sized Networks. Ph.D. thesis, Oxford University (2001)Google Scholar
  3. 3.
    de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008). Scholar
  4. 4.
    Emerson, E.A., Kahlon, V.: Reducing model checking of the many to the few. In: McAllester, D. (ed.) CADE 2000. LNCS (LNAI), vol. 1831, pp. 236–254. Springer, Heidelberg (2000). Scholar
  5. 5.
    Finkel, A., Schnoebelen, P.: Well-structured transition systems everywhere!. Theor. Comput. Sci. 256(1), 63–92 (2001)MathSciNetCrossRefGoogle Scholar
  6. 6.
    Gallier, J.H.: Logic for Computer Science: Foundations of Automatic Theorem Proving. Courier Dover Publications, New York (2015)Google Scholar
  7. 7.
    Gibson-Robinson, T., Armstrong, P., Boulgakov, A., Roscoe, A.W.: FDR3: a parallel refinement checker for CSP. STTT 18(2), 149–167 (2016)CrossRefGoogle Scholar
  8. 8.
    Gurevich, Y.: On the classical decision problem. In: Rozenberg, G., Salomaa, A. (eds.) Current Trends in Theoretical Computer Science: Essays and Tutorials. World Scientific Series in Computer Science, vol. 40, pp. 254–265. World Scientific, Singapore (1993)CrossRefGoogle Scholar
  9. 9.
    Hanna, Y., Samuelson, D., Basu, S., Rajan, H.: Automating cut-off for multi-parameterized systems. In: Dong, J.S., Zhu, H. (eds.) ICFEM 2010. LNCS, vol. 6447, pp. 338–354. Springer, Heidelberg (2010). Scholar
  10. 10.
    Haustein, M., Härder, T.: Optimizing lock protocols for native XML processing. Data Knowl. Eng. 65(1), 147–173 (2008)CrossRefGoogle Scholar
  11. 11.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, New York (1985)zbMATHGoogle Scholar
  12. 12.
    Kaiser, A., Kroening, D., Wahl, T.: Dynamic cutoff detection in parameterized concurrent programs. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 645–659. Springer, Heidelberg (2010). Scholar
  13. 13.
    Lazić, R.: A Semantic Study of Data Independence with Applications to Model Checking. Ph.D. thesis, Oxford University (1999)Google Scholar
  14. 14.
    Lazić, R., Nowak, D.: A unifying approach to data-independence. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 581–596. Springer, Heidelberg (2000). Scholar
  15. 15.
    Marić, O., Sprenger, C., Basin, D.: Cutoff bounds for consensus algorithms. In: Majumdar, R., Kunčak, V. (eds.) CAV 2017. LNCS, vol. 10427, pp. 217–237. Springer, Cham (2017). Scholar
  16. 16.
    McKay, B.D., Piperno, A.: Practical graph isomorphism II. J. Symb. Comput. 60, 94–112 (2014)MathSciNetCrossRefGoogle Scholar
  17. 17.
    Ongaro, D., Ousterhout, J.: In search of an understandable consensus algorithm. In: Gibson, G., Zeldovich, N. (eds.) USENIX ATC 2014, pp. 305–320. USENIX Association (2014)Google Scholar
  18. 18.
    Roscoe, A.W.: Understanding Concurrent Systems. Springer, Berlin (2010)CrossRefGoogle Scholar
  19. 19.
    Siirtola, A.: Algorithmic Multiparameterised Verification of Safety Properties. Process Algebraic Approach. Ph.D. thesis, University of Oulu (2010)Google Scholar
  20. 20.
    Siirtola, A.: Bounds2: a tool for compositional multi-parametrised verification. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 599–604. Springer, Heidelberg (2014). Scholar
  21. 21.
    Siirtola, A.: Refinement checking parameterised quorum systems. In: Legay, A., Schneider, K. (eds.) ACSD 2017, pp. 39–48. IEEE (2017)Google Scholar
  22. 22.
    Siirtola, A., Heljanko, K.: Online appendix,
  23. 23.
    Siirtola, A., Heljanko, K.: Parametrised modal interface automata. ACM Trans. Embed. Comput. Syst. 14(4), 65:1–65:25 (2015)CrossRefGoogle Scholar
  24. 24.
    Siirtola, A., Kortelainen, J.: Multi-parameterised compositional verification of safety properties. Inform. Comput. 244, 23–48 (2015)MathSciNetCrossRefGoogle Scholar
  25. 25.
    Valmari, A., Tienari, M.: An improved failures equivalence for finite-state systems with a reduction algorithm. In: Jonsson, B., Parrow, J., Pehrson, B. (eds.) PSTV 1991, pp. 3–18. North-Holland (1991)Google Scholar
  26. 26.
    Yang, Q., Li, M.: A cut-off approach for bounded verification of parameterized systems. In: Kramer, J., Bishop, J., Devanbu, P.T., Uchitel, S. (eds.) ICSE 2010, pp. 345–354. ACM (2010)Google Scholar
  27. 27.
    Zuck, L., Pnueli, A.: Model checking and abstraction to the aid of parameterized systems (a survey). Comput. Lang. Syst. Struct. 30(3), 139–169 (2004)zbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Faculty of Information Technology and Electrical Engineering, M3S Research GroupUniversity of OuluOuluFinland
  2. 2.Department of Computer ScienceAalto UniversityHelsinkiFinland
  3. 3.Department of Computer ScienceUniversity of HelsinkiHelsinkiFinland
  4. 4.Helsinki Institute for Information Technology (HIIT)HelsinkiFinland

Personalised recommendations