Results 1  10
of
25
The ABACUS System for BranchandCutandPrice Algorithms in Integer Programming and Combinatorial Optimization
, 1998
"... The development of new mathematical theory and its application in software systems for the solution of hard optimization problems have a long tradition in mathematical programming. In this tradition we implemented ABACUS, an objectoriented software framework for branchandcutandprice algorithms ..."
Abstract

Cited by 20 (0 self)
 Add to MetaCart
The development of new mathematical theory and its application in software systems for the solution of hard optimization problems have a long tradition in mathematical programming. In this tradition we implemented ABACUS, an objectoriented software framework for branchandcutandprice algorithms for the solution of mixed integer and combinatorial optimization problems. This paper discusses some difficulties in the implementation of branchandcutandprice algorithms for combinatorial optimization problems and shows how they are managed by ABACUS.
Attacking Symbolic State Explosion
"... We propose a new symbolic model checking algorithm for parameterized concurrent systems modeled as (Lossy) Petri Nets, and (Lossy) Vector Addition Systems, based on the following ingredients: a rich assertional language based on the graphbased symbolic representation of upwardclosed sets introduce ..."
Abstract

Cited by 16 (7 self)
 Add to MetaCart
We propose a new symbolic model checking algorithm for parameterized concurrent systems modeled as (Lossy) Petri Nets, and (Lossy) Vector Addition Systems, based on the following ingredients: a rich assertional language based on the graphbased symbolic representation of upwardclosed sets introduced in [DR00], the combination of the backward reachability algorithm of [ACJT96] lifted to the symbolic setting with a new heuristic rule based on structural properties of Petri Nets. We evaluate the method on several Petri Nets and parameterized systems taken from the literature [ABC95, EM00, Fin93, MC99], and we compare the results with other finite and infinitestate verification tools.
A Scalable Incomplete Test for the Boundedness of UML RT Models
 IN PROC. OF TACAS’04, VOLUME 2988 OF LNCS
, 2004
"... We describe a scalable incomplete boundedness test for the communication buffers in UML RT models. UML RT is a variant of the UML modeling language, tailored to describing asynchronous concurrent embedded systems. We reduce UML RT models to systems of communicating finite state machines (CFSMs) ..."
Abstract

Cited by 16 (5 self)
 Add to MetaCart
(Show Context)
We describe a scalable incomplete boundedness test for the communication buffers in UML RT models. UML RT is a variant of the UML modeling language, tailored to describing asynchronous concurrent embedded systems. We reduce UML RT models to systems of communicating finite state machines (CFSMs) . We propose a series of further abstractions that leaves us with a system of linear inequalities. Those represent the message sending and receiving effect that the control flow cycles of every process have on the overall message buffer. The test tries to establish the existence of a linear combination of the effect vectors so that at least one message can occur an unbounded number of times. We discuss the complexity of this test and present experimental results using the IBOC system that we are implementing. Scalability of the test is in part due to the fact that it is polynomial for the type of sparse control flow graphs that are derived from UML RT models. Also, the analysis is local, i.e., it avoids the combinatorial state space explosion due to concurrency of the models. We also present a method to derive upper bound estimates for the maximal occupancy of each individual message buffer. While we focus on the analysis of UML RT models, the analysis can directly be applied to any type of CFSM models.
Improving the precision of INCA by eliminating solutions with spurious cycles
 IEEE Transactions on Software Engineering
, 2002
"... The Inequality Necessary Condition Analyzer (INCA) is a finitestate verification tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property c ..."
Abstract

Cited by 12 (6 self)
 Add to MetaCart
(Show Context)
The Inequality Necessary Condition Analyzer (INCA) is a finitestate verification tool that has been able to check properties of some very large concurrent systems. INCA checks a property of a concurrent system by generating a system of inequalities that must have integer solutions if the property can be violated. There may, however, be integer solutions to the inequalities that do not correspond to an execution violating the property. INCA thus accepts the possibility of an inconclusive result in exchange for greater tractability. We describe here a method for eliminating one of the two main sources of these inconclusive results. Index Terms INCA, finitestate verification, cycles, integer programming
Efficient coverability analysis by proof minimization
 IN: CONCUR
"... We consider multithreaded programs with an unbounded number of threads executing a finitestate, nonrecursive procedure. Safety properties of such programs can be checked via reduction to the coverability problem for wellstructured transition systems (WSTS). In this paper, we present a novel, s ..."
Abstract

Cited by 9 (3 self)
 Add to MetaCart
(Show Context)
We consider multithreaded programs with an unbounded number of threads executing a finitestate, nonrecursive procedure. Safety properties of such programs can be checked via reduction to the coverability problem for wellstructured transition systems (WSTS). In this paper, we present a novel, sound and complete yet empirically much improved solution to this problem. The key idea to achieve a compact search structure is to track uncoverability only for minimal uncoverable elements, even if these elements are not part of the original coverability query. To this end, our algorithm examines elements in the downward closure of elements backwardreachable from the initial queries. A downside is that the algorithm may unnecessarily explore elements that turn out coverable and thus fail to contribute to the proof minimization. We counter this effect using a forward search engine that simultaneously generates (a subset of all) coverable elements, e.g. a generalized KarpMiller procedure. We demonstrate in extensive experiments on C programs that our approach targeting minimal uncoverability proofs outperforms existing techniques by orders of magnitude.
A Scalable Incomplete Test for Message Buffer Overflow in Promela Models
 IN PROC.OFSPIN’04, VOLUME 2989 OF LNCS
, 2004
"... In Promela, communication buffers are defined with a fixed length, and buffer overflows can be handled in two different ways: block the send statement or lose the message. Both solutions change the semantics of the system, compared to one with unbounded channels. The question arises, if such buff ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
In Promela, communication buffers are defined with a fixed length, and buffer overflows can be handled in two different ways: block the send statement or lose the message. Both solutions change the semantics of the system, compared to one with unbounded channels. The question arises, if such buffer overflows can ever occur in a given system and what buffer lengths are sufficient to avoid them. We describe a scalable incomplete boundedness test for the communication buffers in Promela models, which is based on overapproximation and static analysis. We first reduce Promela models to systems of communicating finite state machines (CFSMs) and then apply further abstractions that leave us with a system of linear inequalities. Those represent the message sending and receiving effect that the control flow cycles of every process have on any message buffer. The test tries to establish the existence of a linear combination of the effect vectors so that at least one message can occur an unbounded number of times. If no such linear combination exists then the system is bounded. We discuss the complexity of this test and present experimental results using our implementation in the IBOC system. Scalability of the test is in part due to the fact that it is polynomial for the type of sparse control flow graphs derived from Promela models. Also, the analysis is local, i.e., it avoids the combinatorial state space explosion due to concurrency of the models. We also present a method to derive upper bound estimates for the maximal occupancy of each individual message buffer. Previously, we have applied this approach to UML RT models, while in this paper we focus on the additional problems specific to Promela code: determining the potential message types of any chan...
Report on the model checking contest at Petri Nets 2011
 LNCS ToPNoC
"... Abstract. This article presents the results of the Model Checking Contest held within the SUMo 2011 workshop, a satellite event of Petri Nets 2011. This contest aimed at a fair and experimental evaluation of the performances of model checking techniques applied to Petri nets. The participating tools ..."
Abstract

Cited by 7 (4 self)
 Add to MetaCart
(Show Context)
Abstract. This article presents the results of the Model Checking Contest held within the SUMo 2011 workshop, a satellite event of Petri Nets 2011. This contest aimed at a fair and experimental evaluation of the performances of model checking techniques applied to Petri nets. The participating tools were compared on several examinations (state space generation, deadlock detection and evaluation of reachability formulæ) run on a set of common models (Place/Transition and Symmetric Petri nets). The collected data gave some hints about the way techniques can scale up depending on both examinations and the characteristics of the models. This paper also presents the lessons learned from the organizer’s point of view. It discusses the enhancements required for future editions of the Model Checking Contest event at the Petri Nets conference.
Winner Determination for Mixed Multiunit Combinatorial Auctions via Petri Nets ABSTRACT
"... agents to bid for bundles of goods to buy, goods to sell, and transformations of goods. In particular, MMUCAs offer a high potential to be employed for the automated assembly of supply chains of agents offering goods and services, and in general MMUCAs extend and generalise several types of combinat ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
agents to bid for bundles of goods to buy, goods to sell, and transformations of goods. In particular, MMUCAs offer a high potential to be employed for the automated assembly of supply chains of agents offering goods and services, and in general MMUCAs extend and generalise several types of combinatorial auctions. Here we provide a formalism, based on an extension of Petri Nets, with which MMUCAs, and therefore all auction types subsumed by MMUCAs —and in particular combinatorial auctions for supply chain formation (SCF)–, can be formally analysed. As a second direct benefit, consequence of the provided mapping to Petri Nets, we manage to dramatically reduce the number of decision variables involved in the optimisation problem posed by MMUCAs from quadratic to linear for a wide class of MMUCA Winner Determination Problems (WDPs). Hence, we also make headway in the practical application of MMUCAs, and in particular to SCF.
SemiDecisions in the Validation of Dependable Systems
, 2001
"... Introduction The growing complexity of information systems necessitates a complete automation in proving the conformance to the functional and dependability related requirements. Traditional quality assurance methods are unable to provide a thoroughgoing check any more. This way, the fulfillment of ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
Introduction The growing complexity of information systems necessitates a complete automation in proving the conformance to the functional and dependability related requirements. Traditional quality assurance methods are unable to provide a thoroughgoing check any more. This way, the fulfillment of the specification has to be proved by mathematical modeling based evaluation. However, even advanced analysis methods are unable currently to cope with faithful models, due to the computational complexity of verification problems. In largescale models the size of the manageable state spaces confines to the order of magnitude of 10 120 . Moreover, dependability analysis frequently leads to the necessity of exploring the entire state space, for instance, to prove that the system will never reach an unsafe state. An alternate solution is to examine the violation of the objective requirements in a larger, but easier to generate state space embedding the state space o
Model Checking Linear Logic Specifications
, 2003
"... The overall goal of this paper is to investigate the theoretical foundations of algorithmic verification techniques for first order linear logic specifications. The fragment of linear logic we consider in this paper is based on the linear logic programming language called LO (Andreoli and Pareschi 1 ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
The overall goal of this paper is to investigate the theoretical foundations of algorithmic verification techniques for first order linear logic specifications. The fragment of linear logic we consider in this paper is based on the linear logic programming language called LO (Andreoli and Pareschi 1990) enriched with universally quantified goal formulas. Although LO was originally introduced as a theoretical foundation for extensions of logic programming languages, it can also be viewed as a very general language to specify a wide range of infinitestate concurrent systems (Andreoli 1992; Cervesato 1995). Our approach is based on the relation between backward reachability and provability highlighted in our previous work on propositional LO programs (Bozzano et al. 2002). Following this line of research, we define here a general framework for the bottomup evaluation of first order linear logic specifications. The evaluation procedure is based on an effective fixpoint operator working on a symbolic representation of infinite collections of first order linear logic formulas. The theory of well quasiorderings (Abdulla et al. 1996; Finkel and Schnoebelen 2001) can be used to provide sufficient conditions for the termination of the evaluation of non trivial fragments of first order linear logic.