Directed explicit-state model checking in the validation of communication protocols

Edelkamp, Stefan; Leue, Stefan; Lafuente, Alberto Lluch

doi:10.1007/s10009-002-0104-3

Cited by 140 publications

(159 citation statements)

References 35 publications

Supporting

Mentioning

158

Contrasting

Order By: Relevance

“…This is done using fixed points on symbolic set of states, and amounts to performing a BFS-based emptiness check. Whether based on nested DFS or SCC, explicit or symbolic, these emptinesscheck procedures can be simplified according to the strength of the automaton representing the property to check [2,13,6,23,1].…”

Section: Büchi Automata and Their Strengthsmentioning

confidence: 99%

“…In most of the approaches suggested so far the improvements have only concerned (inherently) weak or terminal automata: if an automaton contains at least one strong SCC, a general emptiness check is required, even if it also contains SCCs of inferior strengths. However Edelkamp et al [13] have suggested to consider the strengths of the SCCs to limit the scope of the nested DFS to the strong SCCs.…”

Section: Definitionmentioning

confidence: 99%

“…They also make it easier to apply other reduction such as partial order reductions [18], and they tend to produce smaller counterexamples [13].…”

Section: Decomposing the Property Automaton According To Its Sccs Strmentioning

confidence: 99%

See 2 more Smart Citations

Strength-Based Decomposition of the Property Büchi Automaton for Faster Model Checking

Renault

Duret-Lutz

Kordon

et al. 2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

Abstract. The automata-theoretic approach for model checking of lineartime temporal properties involves the emptiness check of a large Büchi automaton. Specialized emptiness-check algorithms have been proposed for the cases where the property is represented by a weak or terminal automaton. When the property automaton does not fall into these categories, a general emptiness check is required. This paper focuses on this class of properties. We refine previous approaches by classifying strongly-connected components rather than automata, and suggest a decomposition of the property automaton into three smaller automata capturing the terminal, weak, and the remaining strong behaviors of the property. The three corresponding emptiness checks can be performed independently, using the most appropriate algorithm. Such a decomposition approach can be used with any automata-based model checker. We illustrate the interest of this new approach using explicit and symbolic LTL model checkers.

show abstract

Section: Büchi Automata and Their Strengthsmentioning

confidence: 99%

Section: Definitionmentioning

confidence: 99%

See 1 more Smart Citation

Strength-Based Decomposition of the Property Büchi Automaton for Faster Model Checking

Renault

Duret-Lutz

Kordon

et al. 2013

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

show abstract

“…Directed model checking techniques [10,11] try to direct the state space search to avoid the potential blowup faced by uninformed model checking techniques. Various heuristic strategies [9,13,15] have been proposed for searching the state space efficiently.…”

Section: Introductionmentioning

confidence: 99%

Subsumer-First: Steering Symbolic Reachability Analysis

Rybalchenko

Singh

2009

Model Checking Software

View full text Add to dashboard Cite

Abstract. Symbolic reachability analysis provides a basis for the verification of software systems by offering algorithmic support for the exploration of the program state space when searching for proofs or counterexamples. The choice of exploration strategy employed by the analysis has direct impact on its success, whereas the ability to find short counterexamples quickly and-as a complementary task-to efficiently perform the exhaustive state space traversal are of utmost importance for the majority of verification efforts. Existing exploration strategies can optimize only one of these objectives which leads to a sub-optimal reachability analysis, e.g., breadth-first search may sacrifice the exploration efficiency and chaotic iteration can miss minimal counterexamples. In this paper we present subsumer-first, a new approach for steering symbolic reachability analysis that targets both minimal counterexample discovery and efficiency of exhaustive exploration. Our approach leverages the result of fixpoint checks performed during symbolic reachability analysis to bias the exploration strategy towards its objectives, and does not require any additional computation. We demonstrate how the subsumer-first approach can be applied to improve efficiency of software verification tools based on predicate abstraction. Our experimental evaluation indicates the practical usefulness of the approach: we observe significant efficiency improvements (median value 40%) on difficult verification benchmarks from the transportation domain.

show abstract

“…Directed explicit-state model checking [13] enhances the error-reporting capabilities of model checkers. The application of guided search for checking liveness properties is restricted to the reduction of trails [14].…”

Section: Introductionmentioning

confidence: 99%

Large-Scale Directed Model Checking LTL

Edelkamp

Jabbar

2006

Model Checking Software

Self Cite

View full text Add to dashboard Cite

Abstract. To analyze larger models for explicit-state model checking, directed model checking applies error-guided search, external model checking uses secondary storage media, and distributed model checking exploits parallel exploration on multiple processors. In this paper we propose an external, distributed and directed on-the-fly model checking algorithm to check general LTL properties in the model checker SPIN. Previous attempts restricted to checking safety properties. The worst-case I/O complexity is bounded by O(sort(|F||R|)/p + l · scan(|F ||S|)), where S and R are the sets of visited states and transitions in the synchronized product of the Büchi automata for the model and the property specification, F is the number of accepting states, l is the length of the shortest counterexample, and p is the number of processors. The algorithm we propose returns minimal lasso-shaped counterexamples and includes refinements for property-driven exploration.

show abstract

Directed explicit-state model checking in the validation of communication protocols

Cited by 140 publications

References 35 publications

Strength-Based Decomposition of the Property Büchi Automaton for Faster Model Checking

Strength-Based Decomposition of the Property Büchi Automaton for Faster Model Checking

Subsumer-First: Steering Symbolic Reachability Analysis

Large-Scale Directed Model Checking LTL

Contact Info

Product

Resources

About