A Livelock Freedom Analysis for Infinite State Asynchronous Reactive Systems

  • Stefan Leue
  • Alin Ştefănescu
  • Wei Wei
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4137)


We describe an incomplete but sound and efficient livelock freedom test for infinite state asynchronous reactive systems. The method abstracts a system into a set of simple control flow cycles labeled with their message passing effects. From these cycles, it constructs a homogeneous integer programming problem (IP) encoding a necessary condition for the existence of livelock runs. Livelock freedom is assured by the infeasibility of the generated homogeneous IP, which can be checked in polynomial time. In the case that livelock freedom cannot be proved, the method proposes a counterexample given as a set of cycles. We apply an automated cycle dependency analysis to counterexamples to check their spuriousness and to refine the abstraction. We illustrate the application of the method to Promela models using our prototype implementation named aLive.


Multicast Group Integer Programming Problem Concurrent System Simple Cycle Liveness Property 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Brand, D., Zafiropulo, P.: On communicating finite-state machines. Journal of the ACM 30(2), 323–342 (1983)CrossRefMathSciNetMATHGoogle Scholar
  2. 2.
    Corbett, J.C., Avrunin, G.S.: Using integer programming to verify general safety and liveness properties. Formal Methods in System Design 6(1), 97–123 (1995)CrossRefMATHGoogle Scholar
  3. 3.
    Dellacherie, S., Devulder, S., Lambert, J.-L.: Software Verification Based on Linear Programming. In: Woodcock, J.C.P., Davies, J., Wing, J.M. (eds.) FM 1999. LNCS, vol. 1709, pp. 1147–1165. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  4. 4.
    Dong, Y., Du, X., Holzmann, G.J., Smolka, S.A.: Fighting livelock in the GNU i-Protocol: a case study in explicit-state model checking. Int. Journal on Software Tools for Technology Transfer (STTT) 4(4), 505–528 (2003)CrossRefGoogle Scholar
  5. 5.
    Esparza, J., Melzer, S.: Model checking LTL using constraint programming. In: Azéma, P., Balbo, G. (eds.) ICATPN 1997. LNCS, vol. 1248, pp. 1–20. Springer, Heidelberg (1997)Google Scholar
  6. 6.
    Esparza, J., Melzer, S.: Verification of safety properties using integer programming: Beyond the state equation. Formal Methods in System Design 16(2), 159–189 (2000)CrossRefGoogle Scholar
  7. 7.
    FDR2 tool. Formal Systems (Europe) Ltd.,
  8. 8.
    Godefroid, P.: Software model checking: The VeriSoft approach. Formal Methods in System Design 26(2), 77–101 (2005)CrossRefGoogle Scholar
  9. 9.
    Hansen, H., Penczek, W., Valmari, A.: Stuttering-insensitive automata for on-the-fly detection of livelock properties. ENTCS 66(2) (2002)Google Scholar
  10. 10.
    Ho, A., Smith, S., Hand, S.: On deadlock, livelock, and forward progress. Technical Report UCAM-CL-TR-633, Cambridge University, Computer Laboratory, p. 8 (2005),
  11. 11.
    Holzmann, G.J.: The SPIN model checker: Primer and reference manual. Addison-Wesley, Reading (2004)Google Scholar
  12. 12.
    Kamel, M., Leue, S.: Formalization and validation of the general Inter-ORB protocol (GIOP) using PROMELA and SPIN. Int. Journal on Software Tools for Technology Transfer (STTT) 2(4), 394–409 (2000)CrossRefMATHGoogle Scholar
  13. 13.
    Leue, S., Mayr, R., Wei, W.: A Scalable Incomplete Test for Message Buffer Overflow in Promela Models. In: Graf, S., Mounier, L. (eds.) SPIN 2004. LNCS, vol. 2989, pp. 216–233. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  14. 14.
    Leue, S., Mayr, R., Wei, W.: A Scalable Incomplete Test for the Boundedness of UML RT Models. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 327–341. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  15. 15.
    Leue, S., Wei, W.: Counterexample-Based Refinement for a Boundedness Test for CFSM Languages. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 58–74. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    Leue, S., Wei, W.: A Region Graph Based Approach to Termination Proofs. In: Hermanns, H., Palsberg, J. (eds.) TACAS 2006. LNCS, vol. 3920, pp. 318–333. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  17. 17.
    Manna, Z., Pnueli, A.: The Temporal Logic of Reactive and Concurrent Systems – Specification. Springer, Heidelberg (1992)Google Scholar
  18. 18.
    Nakatani, T.: Verification of group address registration protocol using PROMELA and SPIN. In: Proc. of SPIN (1997), Available at:
  19. 19.
    Papadimitriou, C.H., Steiglitz, K.: Combinatorial optimization: algorithms and complexity. Prentice-Hall, Englewood Cliffs (1982)MATHGoogle Scholar
  20. 20.
    Siegel, S.F., Avrunin, G.S.: Improving the precision of INCA by eliminating solutions with spurious cycles. IEEE Trans. Software Eng. 28(2), 115–128 (2002)CrossRefGoogle Scholar
  21. 21.
    S.L.A.P tool (version 0.1): A static livelock analyzer for CSP processes, Webpage:
  22. 22.
    von Bochmann, G.: Finite state description of communication protocols. Computer Networks 2, 361–372 (1978)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Stefan Leue
    • 1
  • Alin Ştefănescu
    • 1
  • Wei Wei
    • 1
  1. 1.Department of Computer and Information ScienceUniversity of KonstanzKonstanzGermany

Personalised recommendations