A fundamental difficulty in automatic formal verification of finite-state systems is the state explosion problem -- even relatively simple systems can produce very large state spaces, causing great difficulties for methods that rely on explicit state enumeration. We address the problem by exploiting structural symmetries in the description of the system to be verified. We make symmetries easy to detect by introducing a new data type scalarset, a finite and unordered set, to our description language. The operations on scalarsets are restricted so that states are guaranteed to have the same future behaviors, up to permutation of the elements of the scalarsets. Using the symmetries implied by scalarsets, a verifier can automatically generate a reduced state space, on the fly. We provide a proof of the soundness of the new symmetry-based verification algorithm based on a definition of the formal semantics of a simple description language with scalarsets. The algorithm has been implemented ...

Temporal logic model checking is an automatic technique for verifying finite-state concurrent systems. Specifications are expressed in a propositional temporal logic, and the concurrent system is modeled as a state-transition graph. An efficient search procedure is used to determine whether or not the state-transition graph satisfies the specification. When the technique was first developed ten years ago, it was only possible to handle concurrent systems with a few thousand states. In the last few years, however, the size of the concurrent systems that can be handled has increased dramatically. By representing transition relations and sets of states implicitly using binary decision diagrams, it is now possible to check concurrent systems with more than 10 120 states. In this paper we describe in detail how the new implementation works and

Abstract not found

. Practical experiences show that only timed and coloured Petri nets are capable of modelling large and complex real-time systems. This is the reason we present the Interval Timed Coloured Petri Net (ITCPN) model. An interval timed coloured Petri net is a coloured Petri net extended with time; time is in tokens and transitions determine a delay for each produced token. This delay is specified by an upper and lower bound, i.e. an interval. The ITCPN model allows the modelling of the dynamic behaviour of large and complex systems, without losing the possibility of formal analysis. In addition to the existing analysis techniques for coloured Petri nets, we propose a new analysis method to analyse the temporal behaviour of the net. This method constructs a reduced reachability graph and exploits the fact that delays are described by an interval. 1 Introduction Petri nets have been widely used for the modelling and analysis of concurrent systems (Reisig [25]). There are several factors whi...

Performance Evaluation Process Algebra (PEPA) is a formal language for performance modelling based on process algebra. It has previously been shown that using the process algebra apparatus compact performance models can be derived which retain the essential behavioural characteristics of the modelled system. However no efficient algorithm for this derivation was given. In this paper we present an efficient algorithm which recognises and takes advantage of symmetries within the model and avoids unnecessary computation. The algorithm is illustrated by a multiprocessor example. Keywords: Performance modelling, model aggregation, performance evaluation tools, stochastic process algebras. 1 Introduction In recent years several Markovian process algebras (MPAs) have been presented in the literature. These include PEPA [1], MTIPP [2], and EMPA [3]. As with classical process algebras, these formalisms allow models of systems to be constructed which are amenable to functional or behavioural an...

The class of Stochastic Well Formed Colored Nets (SWN) was de ned as a syntactic restriction of Stochastic High-Level Nets. The interest of the introduction of restrictions in the model de nition is the possibility of exploiting the Symbolic Reachability Graph (SRG) to reduce the complexity of Markovian performance evaluation with respect to classical Petri net techniques. It turns out that SWNs allow the representation of any color function in a structured form, so that any unconstrained high-level net can be transformed into a well formed net. Moreover, most constructs useful for the modeling of distributed computer systems and architectures directly match the "well form" restriction, without any need of transformation. A non trivial example of the usefulness of the technique in the performance modeling and evaluation of multiprocessor architectures is included.

In this paper we describe the use of symmetry for verification of transistor-level circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as structural symmetries, arising from similarities in circuit structure, data symmetries, arising from similarities in the handling of data values, and mixed structural-data symmetries. We use graph isomorphism testing and symbolic simulation to verify the symmetries in the original circuit. Using conservative approximations, we partition a circuit to expose the symmetries in its components, and construct reduced system models which can be verified efficiently. We have verified Static Random Access Memory circuits with up to 1.5 Million transistors.

Coloured Petri nets are well suited to the modelling of symmetric systems. Model symmetries can be usefully exploited for the sake of analysis efficiency as well as for modelling convenience.

The use of different High-level Petri net formalisms has made it possible to create Petri net models of large systems. Even though the use of such models allows the modeller to create compact representations of data and action, the size of models has been increasing. A large model can make it difficult to handle the complexity of the modelling as well as the analysis of the total model. It is well-known that the use of a modular approach to modelling has a lot of advantages. A modular approach allows the modeller to consider different parts of the system independently of one another and also to reuse the same module in different systems. A modular approach to analysis is also attractive. It often dramatically decreases the complexity of the analysis task. In this paper, we present modular CP-nets. They are not intended to be used for practical modelling purposes, but they constitute a formal and general framework for discussing different ways of composing individual CP-nets called modules. Modular CP-nets allow us to study composition without restricting the structure of the individual modules. Modular CP-nets are quite simple and do not include syntactical sugar which is convenient and often necessary when modelling in practice. Instead, they have only a few but very general composition constructs. The main result of the paper is the possibility of composing analysis results of the individual modules, in order to obtain results which are valid for the entire modular CP-net. For this purpose, we introduce place invariants at the level of modular CP-nets and we show how such place invariants can be obtained from those of the individual modules. The reader of this paper is assumed to be familiar with the basic definitions of CP-nets and the concept of place invariants. But it is not necessary to be familiar with hierarchical CP-nets.

Previously, we proposed a reduction technique [ID93] based on symmetries to alleviate the state explosion problem in automatic verification of concurrent systems. This paper describes the results of testing the technique on a wide range of algorithms and protocols, including realistic multiprocessor synchronization algorithms and cache coherence protocols. Memory requirements were reduced by amounts ranging from 83% to over 99%, and time requirements were often reduced as well. We also consider the effectiveness of the technique on different types of symmetries, such as symmetries in identical system components and symmetries in data values.