Courcoubetis C., Vardi M. Y., Wolper P. and Yannakakis M. [1992], `Memory ecient algorithms for the veri cation of temporal properties', Formal Methods in System Design 1, 275-288.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....This is widely known, and is supported by the measurements in Section 5. The most well known general purpose algorithm suitable for on the y veri cation Email: hansen cs.tut.fi Email: penczek ipipan.waw.pl Email: ava cs.tut.fi c 2002 Published by Elsevier Science B. V. is presented in [3]. It is based on a double search of the state space. The property under inspection is often expressed as a B uchi automaton. From the point of view of the algorithm, the local state of the B uchi automaton is a part of the global state, and as such has an impact on the total number of reachable ....

....(Another algorithm is the one in [8, pp. 235 237] but unlike the algorithm in [17] it requires a double state space search. When the veri ed property can be expressed in a form suitable for the single search algorithm, the algorithm has a tendency to nd an error sooner than the algorithm of [3], as the measurements in Section 5 show. In this research we develop an alternative formalism to B uchi automata, called testing automata, which makes it possible to use the algorithm of [17] in many veri cation tasks. The basic idea of testing automata is to observe changes in the values of ....

[Article contains additional citation context not shown here]

Courcoubetis, C., Vardi, M., Wolper, P., and Yannakakis, M.: \Memory-ecient algorithms for the veri cation of temporal properties", Formal Methods in System Design, vol. 1., pp. 275-288, 1992.

....the following: partial order reduction techniques ( God90, Val90, Pel93] try to avoid the representation of all the possible sequences of states. The key idea is the commutativity between concurrent transitions when they are equivalent under a speci c property, on the y approaches ( JJ91, CVWY92, Cou99] build only the section of the state space which is needed to check the temporal formula. Here we can say that the construction of the state space is guided by the property. symmetry ( ES93] takes advantage of the permutations on the components of a state which provoke the same ....

C. Courcoubetis, M. Y. Vardi, P. Wolper, and N. Yannakakis. Memorye cient algorithms for the veri cation of temporal properties. Formal Methods in System Design, 1(2-3):275-288, October 1992.

....L(M ) It is also possible to create an automaton on in nite words A which exactly accepts L( 48] Clearly, a system M has the property if the languages have no common words. This is equivalent to that L(M) L( The following procedure can thus be applied to model check M against [34, 10]. 1. Construct a B uchi automaton A : with the language L( 2. Construct the Kripke model M of the system, interpret it as a B uchi automaton. 3. Compute the product B uchi automaton B = M A : which is an automaton with the language L(M) L( 4. Check if L(B) If the the ....

....done in linear time [56] We remind the reader that a SCC is nontrivial if it contains more than one state or the single state has a self loop. The product is empty if no non trivial SCC contains a state belonging to the set of nal states. Another way is to use the nested depth rst algorithm of [10]. The SCC based algorithm has been extended in many ways to take into account di erent fairness constraints [43, 16, 39, 40] Model checking safety properties does not di er much from the procedure above. The steps are the same, but some of the procedures di er. In the rst step, instead of ....

[Article contains additional citation context not shown here]

C. Courcoubetis, M.Y. Vardi, P. Wolper, and M. Yannakakis. Memory ecient algorithms for the veri cation of temporal properties. Formal Methods in System Design, 1:275-288, 1992.

....ed) linear temporal logic, we can replace B uchi automata by Muller automata. Third, the speci cation automaton A can be used to cope with the state explosion problem by preventing the complete construction of the system automaton AP from happening, whenever possible (on the y model checking) [5, 23, 36]. More precisely, some system states, which are incompatible with or irrelevant to the speci cation, may not be generated at all; furthermore, a counterexample for AP A can be detected before the completion of AP construction, making such a completion no more necessary. Finally, the ....

C. Courcoubetis, M. Vardi, P. Wolper, and M. Yannakakis. Memory ecient algorithms for the veri cation of temporal properties. In Edmund M. Clarke and Robert P. Kurshan, editors, Proceedings of Computer-Aided Veri cation (CAV '90), volume 531 of LNCS, pages 233-242, Berlin, Germany, 1991. Springer.

....graph into nontrivial strongly connected components (SCCs) which can be done in time linear in the size of the graph using the Tarjan s algorithm [10] However, constructing SCCs is not memory ecient since the states in the SCCs must be explicitly stored during the procedure. Courcoubetis et al. [3] have proposed an elegant way to avoid the explicit computation of SCCs. The idea is to use a nested depth rst search to nd accepting states that are reachable from themselves (to compute accepting path) The pseudo code of the NestedDFS algorithm is given in Fig. 1. Only two bits need to be ....

....Removing states from the VisitedStates table has direct impact on the time complexity of the algorithm as re visiting a state removed from the table invokes a new search from this state. The correctness of the NestedDFSReSt algorithm follows from the correctness of the NestedDFS algorithm [3]. The additional key arguments it depends on are summarized in the following two lemmas. Lemma 1. During the whole computation the sequence of states with which the DFS procedure is called (DFSstack) forms a path in the graph G. The same is true for the NDFS procedure and NDFSstack. Proof: The ....

C. Courcoubetis, M. Vardi, P. Wolper, and M. Yannakakis. Memory-Ecient Algorithms for the Verication of Temporal Properties. Formal Methods in System Design, 1:275-288, 1992.

....that the class of POR algorithms to which the Spin s POR algorithm belongs, is compatible with the generic symmetry reduction algorithm. With a straightforward modi cation, the theorem s proof is valid for our algorithm as well. It can be shown [1] that the nested depth rst search algorithm of [6], which is used in Spin for cycle detection, remains correct with the symmetry reduction. This implies that we can go beyond safety properties, or more precisely, the full class of regular correctness properties can be handled by Spin. 4 4 In fact, as pointed out in [4, 10] the property to ....

C. Courcoubetis, M. Vardi, P. Wolper, M. Yannakakis, Memory ecient algorithm for the verication of temporal properties, Formal Methods in System Design I, pp. 275-288, 1992.

....of approaches have been studied to counteract (i.e. delay) state explosion: memory saving and auxiliary storage. In a memory saving approach, one essentially tries to reduce the amount of memory needed to represent the set of visited states. Examples of the memory saving approach are, e.g. in [6, 38, 14, 15, 27, 28, 10]. In an auxiliary storage approach, one tries to exploit disk storage as well as distributed processors (network storage) to enlarge the available memory (and CPU) Examples of this approach are, e.g. in [25, 26, 21, 30, 22] In this paper we explore the possibility of trading space with time ....

C. Courcoubetis, M.Y. Vardi, P. Wolper, and M. Yannakakis. Memory ecient algorithms for the verication of temporal properties. Formal Methods in System Design, (1):275-288, 1992.

....of the input formulae) and then applies the (polynomial) emptiness test to this large automaton. To overcome this problem, one must try to construct the automaton on the y while performing the emptiness test. Whereas this idea has successfully been used for automata that perform model checking [9, 5], to the best of our knowledge it has not yet been applied to satis ability checking. The original motivation of this work was to compare the automata and the tableaux approaches, with the ultimate goal of obtaining an approach that combines the advantages of both, without possessing any of the ....

C. Courcoubetis, M. Y. Vardi, P. Wolper, and M. Yannakakis. Memory ecient algorithms for the verication of temporal properties. In E. M. Clarke and R. P. Kurshan, editors, Proc. of Computer-Aided Verication (CAV '90), volume 531 of LNCS, pages 233-242. Springer Verlag, 1991.

....deals with the Spin s weak fairness algorithm. After location of the problem and the comparison with the unless case, we again propose both kind of solutions. The last section is a standard summary with some considerations about the future work. 2 Preliminaries In this section following [11] and [5] we give semantics of the Promela programs (models) and their veri cation in terms of nite labeled transition systems. We represent the programs as collections of processes. The semantics of the process P i can be represented as a labeled transition system (LTS) An LTS is a quadruple (S i ; s ....

....the formula can now be proven by showing that there are no acceptance executions of the extended LTS. On the other hand, the existence of acceptance executions sequences means that the formula is not satis ed. From the de nition of B uchi automata and extended LTS and following the reasoning from [5], for instance, it is straightforward to conclude that the extended LTS has an acceptance execution i it has some state f 2 Acc that is reachable from the initial state and reachable from itself (in one or more steps) 5] In the sequel we will call the underlying graph a state space. Thus, we ....

[Article contains additional citation context not shown here]

Courcoubetis, C., Vardi, M., Wolper, P., Yannakakis, M., Memory Ecient Algorithms for the Verication of Temporal Properties, Formal Methods in System Design I, pp. 275-288, 1992

....of the input formulae) and then applies the (polynomial) emptiness test to this large automaton. To overcome this problem, one must try to construct the automaton on the y while performing the emptiness test. Whereas this idea has successfully been used for automata that perform model checking [9, 5], to the best of our knowledge it has not yet been applied to satis ability checking. The original motivation of this work was to compare the automata and the tableaux approaches, with the ultimate goal of obtaining an approach that combines the advantages of both, without possessing any of the ....

C. Courcoubetis, M. Vardi, P. Wolper, and M. Yannakakis. Memory ecient algorithms for the verication of temporal properties. In E. M. Clarke and R. P. Kurshan, editors, Proc. of CAV '90, volume 531 of LNCS, pages 233-242. Springer Verlag, 1991.

....work bottom up and not top down. The construction of ecient methods for testing emptiness i.e. unsatis ability on the y while constructing a tree automata, is still an active area of research. The problem has been solved only for PSPACE problems such as satis ability of linear temporal logic [12, 29]. In contrast, proposed tableau methods [7] which explore a space of candidate models for KB and C starting from simple ones, can take advantage of such cases. However, there can be an exponential number of possibly exponential size candidate models. Hence, a straightforward implementation based ....

Courcoubetis, C., Vardi, M., Wolper, P., and Yannakakis, M. Memory ecient algorithms for the verication of temporal properties. Formal Methods in System Design 1 (1992), 275-288.

....checking that this product is empty we can determine whether M satis es . If the product is not empty the FTS contains at least one path that violates . The rst automata based model checking algorithms were developed for LTL by Vardi and Wolper in 1986 [55] other algorithms for LTL appear in [3, 12], an algorithm for CTL appears in [4] and for CTL in [5] 2.3.2 Structure based algorithms Several algorithms have been developed that direct the exploration of the state graph based on the structure of the temporal logic formula itself. Such structure based algorithms (also known as ....

C. Courcoubetis, M. Y. Vardi, P. Wolper, and M. Yannakakis. Memory-ecient algorithms for the verication of temporal properties. In CAV'90: Proceedings of the 2nd International Conference on Computer-Aided Verication, Lecture Notes in Computer Science #531, pages 233-242. Springer-Verlag, June 1990.

....using the Vasilevskii Chou (VC) algorithm [3, 10] At any stage we have a model that approximates the actual system. We apply model checking to this model. In our case we use the nested depth rst search algorithm to check for emptiness of the product of the system with a B uchi automaton [6]. We can thus handle general LTL properties, under the assumption that the upper bound on the size of the real system is correct. Because the complexity of learning is dependent on the length of the counterexamples generated, we apply iterative deepening to the nested depth rst search. If we nd ....

Courcoubetis, C., Vardi, M.Y., Wolper, P., Yannakakis, M., Memory ecient algorithms for the veri cation of temporal properties, Formal Methods in System Design 1(1992), pp. 275-288.

.... result follows from two facts: rst, that most model checking techniques reduce to the problem of locating cycles through a given set of nodes in a graph [3, 18] second, that cycle detection is solvable in linear time using a depth rst search that identi es strongly connected components (cf, [4]) This depth rst strategy provides a suitable approach to cycle detection in explicit state model checking, and has been implemented in several tools [7, 11] Depth rst approaches to cycle detection are not suitable for BDD based symbolic model checking because BDDs represent sets of states ....

Courcoubetis, C., M. Y. Vardi, P. Wolper and M. Yannakakis. Memory ecient algorithms for the verication of temporal properties. Formal Methods in System Design, 1:275-288, 1992.

No context found.

Courcoubetis C., Vardi M. Y., Wolper P. and Yannakakis M. [1992], `Memory ecient algorithms for the veri cation of temporal properties', Formal Methods in System Design 1, 275-288.

No context found.

C. Courcoubetis, M. Vardi, P. Wolper, and M. Yannakakis. Memorye cient algorithms for the veri cation of temporal properties. Formal Methods in System Design, 1:275-288, 1992.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC