Results 1  10
of
67
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 3252 (70 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Saturation: an efficient iteration strategy for symbolic state space generation
 PROC. TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS), LNCS 2031
, 2001
"... We present a novel algorithm for generating state spaces of asynchronous systems using Multi–valued Decision Diagrams. In contrast to related work, we encode the next–state function of a system not as a single Boolean function, but as cross–products of integer functions. This permits the applicati ..."
Abstract

Cited by 64 (32 self)
 Add to MetaCart
(Show Context)
We present a novel algorithm for generating state spaces of asynchronous systems using Multi–valued Decision Diagrams. In contrast to related work, we encode the next–state function of a system not as a single Boolean function, but as cross–products of integer functions. This permits the application of various iteration strategies to build a system’s state space. In particular, we introduce a new elegant strategy, called saturation, and implement it in the tool SMART. On top of usually performing several orders of magnitude faster than existing BDD–based state–space generators, our algorithm’s required peak memory is often close to the final memory needed for storing the overall state space.
Regular Tree Model Checking
"... In this paper, we present an approach for algorithmic verification of infinitestate systems with a parameterized tree topology. Our work is a generalization of regular model checking, where we extend the work done with strings toward trees. States are represented by trees over a finite alphabet, an ..."
Abstract

Cited by 49 (8 self)
 Add to MetaCart
In this paper, we present an approach for algorithmic verification of infinitestate systems with a parameterized tree topology. Our work is a generalization of regular model checking, where we extend the work done with strings toward trees. States are represented by trees over a finite alphabet, and transition relations by regular, structure preserving relations on trees. We use an automata theoretic method to compute the transitive closure of such a transition relation. Although the method is incomplete, we present sufficient conditions to ensure termination.
Extrapolating Tree Transformations
, 2002
"... We consider the framework of regular tree model checking where sets of configurations of a system are represented by regular tree languages and its dynamics is modeled by a term rewriting system (or a regular tree transducer). We focus on the computation of the reachability set R # (L) where R i ..."
Abstract

Cited by 32 (7 self)
 Add to MetaCart
We consider the framework of regular tree model checking where sets of configurations of a system are represented by regular tree languages and its dynamics is modeled by a term rewriting system (or a regular tree transducer). We focus on the computation of the reachability set R # (L) where R is a regular tree transducer and L is a regular tree language. The construction
Automated systematic testing of open distributed programs
 IN: FASE’06
, 2006
"... We present an algorithm for automatic testing of distributed programs, such as Unix processes with interprocess communication and Web services. Specifically, we assume that a program consists of a number of asynchronously executing concurrent processes or actors which may take data inputs and com ..."
Abstract

Cited by 31 (9 self)
 Add to MetaCart
(Show Context)
We present an algorithm for automatic testing of distributed programs, such as Unix processes with interprocess communication and Web services. Specifically, we assume that a program consists of a number of asynchronously executing concurrent processes or actors which may take data inputs and communicate using asynchronous messages. Because of the large numbers of possible data inputs as well as the asynchrony in the execution and communication, distributed programs exhibit very large numbers of potential behaviors. Our goal is two fold: to execute all reachable statements of a program, and to detect deadlock states. Specifically, our algorithm uses simultaneous concrete and symbolic execution, or concolic execution, to explore all distinct behaviors that may result from a program’s execution given different data inputs and schedules. The key idea is as follows. We use the symbolic execution to generate data inputs that may lead to alternate behaviors. At the same time, we use the concrete execution to determine, at runtime, the partial order of events in the program’s execution. This enables us to improve the efficiency of our algorithm by avoiding many tests which would result in equivalent behaviors. We describe our experience with dCUTE, a prototype tool that we have developed for distributed Java programs.
State Space Reduction using Partial Order Techniques
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
, 1998
"... With the advancement of computer technology, highly concurrent systems are being developed. The verification of such systems is a challenging task, as their state space grows exponentially with the number of processes. Partial order reduction is an effective technique to address this problem. It re ..."
Abstract

Cited by 30 (2 self)
 Add to MetaCart
With the advancement of computer technology, highly concurrent systems are being developed. The verification of such systems is a challenging task, as their state space grows exponentially with the number of processes. Partial order reduction is an effective technique to address this problem. It relies on the observation that the effect of executing transitions concurrently is often independent of their ordering. In this paper we present the basic principles behind partial order reduction and its implementation.
verification
"... This paper presents a procedure for the verification of multiprocess systems based on considering a series of underapproximated models. The procedure checks models with an increasing set of allowed interleavings of the given set of processes, starting from a single interleaving. The procedure relie ..."
Abstract

Cited by 22 (1 self)
 Add to MetaCart
(Show Context)
This paper presents a procedure for the verification of multiprocess systems based on considering a series of underapproximated models. The procedure checks models with an increasing set of allowed interleavings of the given set of processes, starting from a single interleaving. The procedure relies on SAT solvers ’ ability to produce proofs of unsatisfiability: from these proofs it derives information that guides the process of adding interleavings on the one hand, and determines termination on the other. The presented approach is integrated in a SATbased Bounded Model Checking (BMC) framework. Thus, a BMC formulation of a multiprocess system is introduced, which allows controlling which interleavings are considered. Preliminary experimental results demonstrate the practical impact of the presented method. Categories and Subject Descriptors
Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique
"... Abstract. We present a new technique called Monotonic Partial Order Reduction (MPOR) that effectively combines dynamic partial order reduction with symbolic state space exploration for model checking concurrent software. Our technique hinges on a new characterization of partial orders defined by com ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
(Show Context)
Abstract. We present a new technique called Monotonic Partial Order Reduction (MPOR) that effectively combines dynamic partial order reduction with symbolic state space exploration for model checking concurrent software. Our technique hinges on a new characterization of partial orders defined by computations of a concurrent program in terms of quasimonotonic sequences of threadids. This characterization, which is of independent interest, can be used both for explicit or symbolic model checking. For symbolic model checking, MPOR works by adding constraints to allow automatic pruning of redundant interleavings in a SAT/SMT solver based search by restricting the interleavings explored to the set of quasimonotonic sequences. Quasimonotonicity guarantees both soundness (all necessary interleavings are explored) and optimality (no redundant interleaving is explored) and is, to the best of our knowledge, the only known optimal symbolic POR technique. 1
Symbolic model checking for asynchronous boolean programs
 in SPIN
, 2005
"... Abstract. Software model checking problems generally contain two different types of nondeterminism: 1) nondeterministically chosen values; 2) the choice of interleaving among threads. Most modern software model checkers can handle only one source of nondeterminism efficiently, but not both. This ..."
Abstract

Cited by 21 (7 self)
 Add to MetaCart
(Show Context)
Abstract. Software model checking problems generally contain two different types of nondeterminism: 1) nondeterministically chosen values; 2) the choice of interleaving among threads. Most modern software model checkers can handle only one source of nondeterminism efficiently, but not both. This paper describes a SATbased model checker for asynchronous Boolean programs that handles both sources effectively. We address the first type of nondeterminism with a form of symbolic execution and fixpoint detection. We address the second source of nondeterminism using a symbolic and dynamic partialorder reduction, which is implemented inside the SATsolver’s casesplitting algorithm. The preliminary experimental results show that the new algorithm outperforms the existing software model checkers on large benchmarks. 1
Peephole Partial Order Reduction
"... Abstract. We present a symbolic dynamic partial order reduction (POR) method for model checking concurrent software. We introduce the notion of guarded independent transitions, i.e., transitions that can be considered as independent in certain (but not necessarily all) execution paths. These can be ..."
Abstract

Cited by 20 (7 self)
 Add to MetaCart
(Show Context)
Abstract. We present a symbolic dynamic partial order reduction (POR) method for model checking concurrent software. We introduce the notion of guarded independent transitions, i.e., transitions that can be considered as independent in certain (but not necessarily all) execution paths. These can be exploited by using a new peephole reduction method. A symbolic formulation of the proposed peephole reduction adds concise constraints to allow automatic pruning of redundant interleavings in an SMT/SAT solver based search. Our new method does not directly correspond to any explicitstate algorithm in the literature, e.g., those based on persistent sets. For two threads, our symbolic method guarantees the removal of all redundant interleavings (better than the smallest persistentset based methods). To our knowledge, this type of reduction has not been achieved by other symbolic methods. 1