Results 1  10
of
64
Model Checking for Programming Languages using VeriSoft
 IN PROCEEDINGS OF THE 24TH ACM SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 1997
"... Verification by statespace exploration, also often referred to as "model checking", is an effective method for analyzing the correctness of concurrent reactive systems (e.g., communication protocols). Unfortunately, existing modelchecking techniques are restricted to the verification of ..."
Abstract

Cited by 428 (13 self)
 Add to MetaCart
Verification by statespace exploration, also often referred to as "model checking", is an effective method for analyzing the correctness of concurrent reactive systems (e.g., communication protocols). Unfortunately, existing modelchecking techniques are restricted to the verification of properties of models, i.e., abstractions, of concurrent systems. In this paper, we discuss how model checking can be extended to deal directly with "actual" descriptions of concurrent systems, e.g., implementations of communication protocols written in programming languages such as C or C++. We then introduce a new search technique that is suitable for exploring the state spaces of such systems. This algorithm has been implemented in VeriSoft, a tool for systematically exploring the state spaces of systems composed of several concurrent processes executing arbitrary C code. As an example of application, we describe how VeriSoft successfully discovered an error in a 2500line C program controlling rob...
Combining Partial Order Reductions with Onthefly Modelchecking
, 1994
"... Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during i ..."
Abstract

Cited by 206 (14 self)
 Add to MetaCart
(Show Context)
Abstract Partial order modelchecking is an approach to reduce time and memory in modelchecking concurrent programs. Onthefly modelchecking is a technique to eliminate part of the search by intersecting an automaton representing the (negation of the) checked property with the state space during its generation. We prove conditions under which these two methods can be combined in order to gain reduction from both methods. An extension of the modelchecker SPIN, which implements this combination, is studied, showing substantial reduction over traditional search, not only in the number of reachable states, but directly in the amount of memory and time used. We also describe how to apply partialorder modelchecking under given fairness assumptions.
Evaluating Deadlock Detection Methods for Concurrent Software
 IEEE Transactions on Software Engineering
, 1996
"... Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessi ..."
Abstract

Cited by 130 (6 self)
 Add to MetaCart
(Show Context)
Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessing the practical value of a technique and for choosing the best method for a particular problem. In this paper, we carry out an evaluation of three techniques for combating the state explosion problem in deadlock detection: reachability search with a partial order state space reduction, symbolic model checking, and inequality necessary conditions. We justify the method used for the comparison, and carefully analyze several sources of potential bias. The results of our evaluation provide valuable data on the kinds of programs to which each technique might best be applied. Furthermore, we believe that the methodological issues we discuss are of general significance in comparison of analysis te...
A Partial Approach to Model Checking
 INFORMATION AND COMPUTATION
, 1994
"... This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, includin ..."
Abstract

Cited by 117 (4 self)
 Add to MetaCart
This paper presents a modelchecking method for lineartime temporal logic that can avoid most of the state explosion due to the modelling of concurrency by interleaving. The method relies on the concept of Mazurkiewicz's trace as a semantic basis and uses automatatheoretic techniques, including automata that operate on words of ordinality higher than \omega.
A Partial Order Approach to Branching Time Logic Model Checking
 Information and Computation
, 1994
"... Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implem ..."
Abstract

Cited by 61 (14 self)
 Add to MetaCart
(Show Context)
Partial order techniques enable reducing the size of the state graph used for model checking, thus alleviating the `state space explosion' problem. These reductions are based on selecting a subset of the enabled operations from each program state. So far, these methods have been studied, implemented and demonstrated for assertional languages that model the executions of a program as computation sequences, in particular the logic LTL (linear temporal logic). The present paper shows, for the first time, how this approach can be applied to languages that model the behavior of a program as a tree. We study here partial order reductions for branching temporal logics, e.g., the logics CTL and CTL (all logics with the nexttime operator removed) and process algebras such as CCS. Conditions on the subset of successors from each node to guarantee reduction that preserves CTL properties are given. Provided experimental results show that the reduction is substantial. 1 Introduction Partial ord...
A Constraint Oriented Proof Methodology Based on Modal Transition Systems
 In BRICS Notes
, 1995
"... In this paper, we present a constraintoriented statebased proof methodology for concurrent software systems which exploits compositionality and abstraction for the reduction of the verification problem under investigation. Formal basis for this methodology are Modal Transition Systems allowing loo ..."
Abstract

Cited by 51 (8 self)
 Add to MetaCart
In this paper, we present a constraintoriented statebased proof methodology for concurrent software systems which exploits compositionality and abstraction for the reduction of the verification problem under investigation. Formal basis for this methodology are Modal Transition Systems allowing loose statebased specifications, which can be refined by successively adding constraints. Key concepts of our method are projective views, separation of proof obligations, Skolemization and abstraction. The method is even applicable to real time systems. 1 Introduction The use of formal methods and in particular formal verification of concurrent systems, interactive or fully automatic, is still limited to very specific problem classes. For statebased methods this is mainly due to the state explosion problem: the state graph of a concurrent systems grows exponentially with the number of its parallel components, leading to an unmanageable size for most practically relevant systems. Consequentl...
Bicategories of Processes
 JOURNAL OF PURE AND APPLIED ALGEBRA
, 1997
"... The suspensionloop construction is used to define a process in a symmetric monoidal category. The algebra of such processes is that of symmetric monoidal bicategories. Processes in categories with products and in categories with sums are studied in detail, and in both cases the resulting bicate ..."
Abstract

Cited by 43 (14 self)
 Add to MetaCart
The suspensionloop construction is used to define a process in a symmetric monoidal category. The algebra of such processes is that of symmetric monoidal bicategories. Processes in categories with products and in categories with sums are studied in detail, and in both cases the resulting bicategories of processes are equipped with operations called feedback. Appropriate versions of traced monoidal properties are verified for feedback, and a normal form theorem for expressions of processes is proved. Connections with existing theories of circuit design and computation are established via structure preserving homomorphisms.
H.: Static partial order reduction
 In: TACAS ’98: Proceedings of the 4th International Conference on Tools and Algorithms for Construction and Analysis of Systems
, 1998
"... Abstract. The state space explosion problem is central to automatic verification algorithms. One of the successful techniques to abate this problem is called 'partial order reduction'. It is based on the observation that in many cases the specification of concurrent programs does not depen ..."
Abstract

Cited by 43 (8 self)
 Add to MetaCart
(Show Context)
Abstract. The state space explosion problem is central to automatic verification algorithms. One of the successful techniques to abate this problem is called 'partial order reduction'. It is based on the observation that in many cases the specification of concurrent programs does not depend on the order in which concurrently executed events are interleaved. In this paper we present a new version of partial order reduction that allows all of the reduction to be set up at the time of compiling the system description. Normally, partial order reduction requires developing specialized verification algorithms, which in the course of a state space search, select a subset of the possible transitions from each reached global state. In our approach, the set of atomic transitions obtained from the system description after our special compilation, already generates a smaller number of choices from each state. Thus, rather than conducting a modified search of the state space generated by the original state transition relation, our approach involves an ordinary search of the reachable state space generated by a modified state transition relation. Among the advantages of this technique over other versions of the reduction is that it can be directly implemented using existing verification tools, as it requires no change of the verification engine: the entire reduction mechanism is set up at compile time. One major application is the use of this reduction technique together with symbolic model checking and localization reduction, obtaining a combined reduction. We discuss an implementation and experimental results for SDL programs translated into COSPAN notation by applying our reduction techniques. This is part of a hardwaresoftware coverification project. 1
Compositional Minimisation of Finite State Systems Using Interface Specifications
, 1996
"... We present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps that exploit g ..."
Abstract

Cited by 34 (7 self)
 Add to MetaCart
We present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps that exploit global communication constraints given in terms of interface specifications. The effect of the method, which is developed for bisimulation semantics here, depends on the structure of the distributed system under consideration, and the accuracy of the interface specifications. However, its correctness is independent of the correctness of the interface specifications provided by the program designer.
StateSpace Caching Revisited
, 1992
"... Statespace caching is a verification technique for finitestate concurrent systems. It performs an exhaustive exploration of the statespace of the system being checked while storing only all states of just one execution sequence plus as many other previously visited states as available memory a ..."
Abstract

Cited by 27 (1 self)
 Add to MetaCart
(Show Context)
Statespace caching is a verification technique for finitestate concurrent systems. It performs an exhaustive exploration of the statespace of the system being checked while storing only all states of just one execution sequence plus as many other previously visited states as available memory allows. So far, this technique has been of little practical significance: it allows one to reduce memory usage by only two to three times, before an unacceptable blowup of the runtime overhead sets in. The explosion of the runtime requirements is due to redundant multiple explorations of unstored parts of the statespace. Indeed, almost all states in the statespace of concurrent systems are typically reached several times during the search. In this paper, we present a method to tackle the main cause of this prohibitive state matching: the exploration of all possible interleavings of concurrent executions of the system, which all lead to the same state. Then, we show that, in many ...