Results 1  10
of
16
Hierarchical Set Decision Diagrams and Regular Models ⋆
"... Abstract. This paper presents algorithms and data structures that exploit a compositional and hierarchical specification to enable more efficient symbolic modelchecking. We encode the state space and transition relation using hierarchical Set Decision Diagrams (SDD) [9]. In SDD, arcs of the structur ..."
Abstract

Cited by 13 (10 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents algorithms and data structures that exploit a compositional and hierarchical specification to enable more efficient symbolic modelchecking. We encode the state space and transition relation using hierarchical Set Decision Diagrams (SDD) [9]. In SDD, arcs of the structure are labeled with sets, themselves stored as SDD. To exploit the hierarchy of SDD, a structured model representation is needed. We thus introduce a formalism integrating a simple notion of type and instance. Complex composite behaviors are obtained using a synchronization mechanism borrowed from process calculi. Using this relatively general framework, we investigate how to capture similarities in regular models. Experimental results are presented, showing that this approach can outperform in time and memory previous work in this area. 1
ModelChecking the Linux Virtual File System ⋆
"... Abstract. This paper presents a case study in modelling and verifying the Linux Virtual File System (VFS). Our work is set in the context of Hoare’s verification grand challenge and, in particular, Joshi and Holzmann’s minichallenge to build a verifiable file system. The aim of the study is to asse ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
(Show Context)
Abstract. This paper presents a case study in modelling and verifying the Linux Virtual File System (VFS). Our work is set in the context of Hoare’s verification grand challenge and, in particular, Joshi and Holzmann’s minichallenge to build a verifiable file system. The aim of the study is to assess the viability of retrospective verification of a VFS implementation using modelchecking technology. We show how to extract an executable model of the Linux VFS implementation, validate the model by employing the simulation capabilities of SPIN, and analyse it for adherence to data integrity constraints and deadlock freedom using the SMART model checker. 1
S.: Computing a Hierarchical Static order for Decision DiagramBased Representation from P/T Nets. ToPNoC: Transactions on Petri Nets and Other Models of Concurrency V
, 2012
"... Abstract. State space generation suffers from the typical combinatorial explosion problem when dealing with industrial specifications. In particular, memory consumption while storing the state space must be tackled to verify safety properties. Decision Diagrams are a way to tackle this problem. How ..."
Abstract

Cited by 8 (6 self)
 Add to MetaCart
(Show Context)
Abstract. State space generation suffers from the typical combinatorial explosion problem when dealing with industrial specifications. In particular, memory consumption while storing the state space must be tackled to verify safety properties. Decision Diagrams are a way to tackle this problem. However, their performance strongly rely on the way variables encode a system. Another way to fight combinatorial explosion is to hierarchically encode the state space of a system. This paper presents how we mix the two techniques via the hierarchization of a precomputed variable order. This way we obtain a hierarchical static order for the variables encoding a system. This heuristic was implemented and exhibits good performance.
Efficient VectorDescriptor Product ExploitingTimeMemory Tradeoffs
, 2010
"... The description of large state spaces through stochastic structured modelingformalismslikestochastic Petrinets,stochasticautomatanetworksand performance evaluation process algebra isusually maderepresenting theinfinitesimal generator of the underlying Markov chain as a Kronecker descriptor instead o ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
(Show Context)
The description of large state spaces through stochastic structured modelingformalismslikestochastic Petrinets,stochasticautomatanetworksand performance evaluation process algebra isusually maderepresenting theinfinitesimal generator of the underlying Markov chain as a Kronecker descriptor instead of a single large sparse matrix. Themost known algorithms used to compute iterative solutions of such structured models are: the pure sparsesolutionapproach,analgorithmthatcanbeverytime efficient,andalmost always memory prohibitive; the Shuffle algorithm which performs the product of a descriptor byaprobability vector withavery impressive memory efficiency; and a recent new option that offers a tradeoff between time and memory savings, the Split algorithm. This paper presents a full comparison of these algorithms solving some examples of structured Kronecker represented modelsinordertonumericallyillustratethegains achieved considering each model characteristics.
Symbolic CTL Model Checking of Asynchronous Systems Using Constrained Saturation ⋆
"... Abstract. The saturation statespace generation algorithm has demonstrated clear improvements over stateoftheart symbolic methods for asynchronous systems. This work is motivated by efficiently applying saturation to CTL model checking. First, we introduce a new “constrained saturation ” algorith ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
Abstract. The saturation statespace generation algorithm has demonstrated clear improvements over stateoftheart symbolic methods for asynchronous systems. This work is motivated by efficiently applying saturation to CTL model checking. First, we introduce a new “constrained saturation ” algorithm which constrains state exploration to a set of states satisfying given properties. This algorithm avoids the expensive afterthefact intersection operations and retains the advantages of saturation, namely, exploiting event locality and benefiting from recursive local fixpoint computations. Then, we employ constrained saturation to build the set of states satisfying EU and EG properties for asynchronous systems. The new algorithm can achieve ordersofmagnitude reduction in runtime and memory consumption with respect to methods based on breathfirst search, and even with a previouslyproposed hybrid approach that alternates between “safe ” saturation and “unsafe ” breadthfirst searches. Furthermore, the new approch is fully general, as it does not require the nextstate function to be expressable in Kronecker form. We conclude this paper with a discussion of some possible future work, such as building the set of states belonging to strongly connected components. 1
Partiallyshared zerosuppressed multiterminal bdds: concept, algorithms and applications
 Formal Methods in System Design
"... Abstract MultiTerminal Binary Decision Diagrams (MTBDDs) are a well accepted technique for the state graph (SG) based quantitative analysis of large and complex systems specified by means of highlevel model description techniques. However, this type of Decision Diagram (DD) is not always the best ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Abstract MultiTerminal Binary Decision Diagrams (MTBDDs) are a well accepted technique for the state graph (SG) based quantitative analysis of large and complex systems specified by means of highlevel model description techniques. However, this type of Decision Diagram (DD) is not always the best choice, since finite functions with small satisfaction sets, and where the fulfilling assignments possess many 0assigned positions, may yield relatively large MTBDD based representations. Therefore, this article introduces zerosuppressed MTBDDs and proves that they are canonical representations of multivalued functions on finite (input) sets. For manipulating DDs of this new type, possibly defined over different sets of function variables, the concept of partiallyshared zerosuppressed MTBDDs and respective algorithms are developed. The efficiency of this new approach is demonstrated by comparing it to the wellknown standard type of MTBDDs, where both types of DDs have been implemented by us within the C++based DDpackage Jinc. The benchmarking takes place in the context of Markovian analysis and probabilistic model checking of systems. In total, the presented work extends existing approaches, since it not only allows one to directly employ (multiterminal) zerosuppressed DDs in the field of quantitative verification, but also clearly demonstrates their efficiency.
SAN LITESOLVER: a userfriendly software tool to solve SAN models
"... Structured Markovian models are widely used to map and analyze the behavior of complex systems. However, the modeler must frequently need a deeply knowledge about specialized tools or limitations imposed on the solution of their models. This paper presents an easy and practical software tool, called ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
(Show Context)
Structured Markovian models are widely used to map and analyze the behavior of complex systems. However, the modeler must frequently need a deeply knowledge about specialized tools or limitations imposed on the solution of their models. This paper presents an easy and practical software tool, called SAN LITESOLVER, that applies the Power method to solve a Stochastic Automata Network (SAN) model, using a standard Multivalued Decision Diagram (MDD) structure to compute and to store the model’s reachable state space (RSS) and a HarwellBoeing format (HBF) matrix which represents the underlying Markov chain (MC). The performance analysis of this new tool (in terms of memory used and CPU time to solve models) is presented and compared to the current approach used to solve SAN models. 1.
Multicore and/or Symbolic Model Checking
, 2012
"... We review our progress in highperformance model checking. Our multicore model checker is based on a scalable hashtable design and parallel randomwalk traversal. Our symbolic model checker is based on Multiway Decision Diagrams and the saturation strategy. The LTSmin tool is based on the PINS arc ..."
Abstract
 Add to MetaCart
We review our progress in highperformance model checking. Our multicore model checker is based on a scalable hashtable design and parallel randomwalk traversal. Our symbolic model checker is based on Multiway Decision Diagrams and the saturation strategy. The LTSmin tool is based on the PINS architecture, decoupling model checking algorithms from the input specification language. Consequently, users can stay in their own specification language and postpone the choice between parallel or symbolic model checking. We support widely different specification languages including those of SPIN (Promela), mCRL2 and UPPAAL (timed automata). So far, multicore and symbolic algorithms had very little in common, forcing the user in the end to make a wise tradeoff between memory or speed. Recently, however, we designed a novel multicore BDD package called Sylvan. This forms an excellent basis for scalable parallel symbolic model checking.
Automated Verification of Executable UML Models
, 2010
"... We present a fully automated approach to verifying safety properties of Executable UML models (xUML). Our tool chain consists of a model transformation program which translates xUML models to the process algebra mCRL2, followed by symbolic model checking using LTSmin. If a safety violation is foun ..."
Abstract
 Add to MetaCart
(Show Context)
We present a fully automated approach to verifying safety properties of Executable UML models (xUML). Our tool chain consists of a model transformation program which translates xUML models to the process algebra mCRL2, followed by symbolic model checking using LTSmin. If a safety violation is found, an error trace is visualised as a UML sequence diagram. As a novel feature, our approach allows safety properties to be specified as UML state machines.
Bounded Model Checking Approaches for Verification of Distributed Time Petri Nets
"... We consider two symbolic approaches to bounded model checking (BMC) of distributed time Petri nets (DTPNs). We focus on the properties expressed in Linear Temporal Logic without the neXttime operator (LTL−X) and the existential fragment of Computation Tree Logic without the neXttime operator (ECT ..."
Abstract
 Add to MetaCart
(Show Context)
We consider two symbolic approaches to bounded model checking (BMC) of distributed time Petri nets (DTPNs). We focus on the properties expressed in Linear Temporal Logic without the neXttime operator (LTL−X) and the existential fragment of Computation Tree Logic without the neXttime operator (ECTL−X). We give a translation of BMC to SAT and describe a BDDbased BMC for both LTL−X and ECTL−X. The two translations have been implemented, tested, and compared with each other on two standard benchmarks. Our experimental results reveal the advantages and disadvantages of both the approaches.