Results 1  10
of
33
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2407 (62 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Better Verification Through Symmetry
, 1996
"... A fundamental difficulty in automatic formal verification of finitestate systems is the state explosion problem  even relatively simple systems can produce very large state spaces, causing great difficulties for methods that rely on explicit state enumeration. We address the problem by exploiting ..."
Abstract

Cited by 185 (8 self)
 Add to MetaCart
A fundamental difficulty in automatic formal verification of finitestate systems is the state explosion problem  even relatively simple systems can produce very large state spaces, causing great difficulties for methods that rely on explicit state enumeration. We address the problem by exploiting structural symmetries in the description of the system to be verified. We make symmetries easy to detect by introducing a new data type scalarset, a finite and unordered set, to our description language. The operations on scalarsets are restricted so that states are guaranteed to have the same future behaviors, up to permutation of the elements of the scalarsets. Using the symmetries implied by scalarsets, a verifier can automatically generate a reduced state space, on the fly. We provide a proof of the soundness of the new symmetrybased verification algorithm based on a definition of the formal semantics of a simple description language with scalarsets. The algorithm has been implemented ...
Symmetry and Model Checking
, 1994
"... We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model ch ..."
Abstract

Cited by 166 (15 self)
 Add to MetaCart
We show how to exploit symmetry in model checking for concurrent systems containing many identical or isomorphic components. We focus in particular on those composed of many isomorphic processes. In many cases we are able to obtain significant, even exponential, savings in the complexity of model checking. 1 Introduction In this paper, we show how to exploit symmetry in model checking. We focus on systems composed of many identical (isomorphic) processes. The global state transition graph M of such a system exhibits a great deal of symmetry, characterized by the group of graph automorphisms of M. The basic idea underlying our method is to reduce model checking over the original structure M, to model checking over a smaller quotient structure M, where symmetric states are identified. In the following paragraphs, we give a more detailed but still informal account of a "grouptheoretic" approach to exploiting symmetry. More precisely, the symmetry of M is reflected in the group, Aut M...
Prod Reference Manual
 HELSINKI UNIVERSITY OF TECHNOLOGY, DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING, DIGITAL SYSTEMS LABORATORY
, 1995
"... PROD is a Pr/Tnet reachability analysis tool that supports onthefly verification of linear time temporal properties with the aid of the stubborn set method. Branching time temporal properties can be verified, too. ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
PROD is a Pr/Tnet reachability analysis tool that supports onthefly verification of linear time temporal properties with the aid of the stubborn set method. Branching time temporal properties can be verified, too.
Exploiting Symmetry When Verifying TransistorLevel Circuits by Symbolic Trajectory Evaluation
, 1997
"... In this paper we describe the use of symmetry for verification of transistorlevel circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as struct ..."
Abstract

Cited by 23 (5 self)
 Add to MetaCart
In this paper we describe the use of symmetry for verification of transistorlevel circuits by symbolic trajectory evaluation. We show that exploiting symmetry can allow one to verify systems several orders of magnitude larger than otherwise possible. We classify symmetries in circuits as structural symmetries, arising from similarities in circuit structure, data symmetries, arising from similarities in the handling of data values, and mixed structuraldata symmetries. We use graph isomorphism testing and symbolic simulation to verify the symmetries in the original circuit. Using conservative approximations, we partition a circuit to expose the symmetries in its components, and construct reduced system models which can be verified efficiently. We have verified Static Random Access Memory circuits with up to 1.5 Million transistors.
An Application Of Petri Net Reduction For Ada Tasking Deadlock Analysis
, 1996
"... As part of our continuing research on using Petri nets to support automated analysis of Ada tasking behavior, we have investigated the application of Petri net reduction for deadlock analysis. Although reachability analysis is an important method to detect deadlocks, it is in general inefficient or ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
As part of our continuing research on using Petri nets to support automated analysis of Ada tasking behavior, we have investigated the application of Petri net reduction for deadlock analysis. Although reachability analysis is an important method to detect deadlocks, it is in general inefficient or even intractable. Net reduction can aid the analysis by reducing the size of the net while preserving relevant properties. We introduce a number of reduction rules and show how they can be applied to Ada nets, which are automatically generated Petri net models of Ada tasking. We define a reduction process and a method by which a useful description of a detected deadlock state can be obtained from the reduced net's information. A reduction tool and experimental results from applying the reduction process are discussed.
A Symbolic Reachability Graph for Coloured Petri Nets
, 1997
"... Coloured Petri nets are well suited to the modelling of symmetric systems. Model symmetries can be usefully exploited for the sake of analysis efficiency as well as for modelling convenience. ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
Coloured Petri nets are well suited to the modelling of symmetric systems. Model symmetries can be usefully exploited for the sake of analysis efficiency as well as for modelling convenience.
Efficient Verification of Symmetric Concurrent Systems
, 1993
"... Previously, we proposed a reduction technique [ID93] based on symmetries to alleviate the state explosion problem in automatic verification of concurrent systems. This paper describes the results of testing the technique on a wide range of algorithms and protocols, including realistic multiprocessor ..."
Abstract

Cited by 21 (6 self)
 Add to MetaCart
Previously, we proposed a reduction technique [ID93] based on symmetries to alleviate the state explosion problem in automatic verification of concurrent systems. This paper describes the results of testing the technique on a wide range of algorithms and protocols, including realistic multiprocessor synchronization algorithms and cache coherence protocols. Memory requirements were reduced by amounts ranging from 83% to over 99%, and time requirements were often reduced as well. We also consider the effectiveness of the technique on different types of symmetries, such as symmetries in identical system components and symmetries in data values.
Adding Symmetry Reduction to UPPAAL
, 2004
"... We describe a prototype extension of the Uppaal realtime model checking tool with symmetry reduction. The symmetric data type scalarset, which is also used in the Mur' model checker, was added to Uppaal's system description language to support the easy static detection of symmetries. Our prototy ..."
Abstract

Cited by 19 (4 self)
 Add to MetaCart
We describe a prototype extension of the Uppaal realtime model checking tool with symmetry reduction. The symmetric data type scalarset, which is also used in the Mur' model checker, was added to Uppaal's system description language to support the easy static detection of symmetries. Our prototype tool uses state swaps, described and proven sound earlier by Hendriks, to reduce the space and memory consumption of Uppaal. Moreover, under certain assumptions the reduction strategy is canonical, which means that the symmetries are optimally used. For all examples that we experimented with (both academic toy examples and industrial cases), we obtained a drastic reduction of both computation time and memory usage, exponential in the size of the scalar sets used.
IsomorphFree Model Enumeration: A New Method for Checking Relational Specifications
 ACM TRANSACTIONS ON PROGRAMMING LANGUAGES AND SYSTEMS
, 1998
"... This article describes a technique for analyzing relational specifications. The underlying idea is very simple. Both simulation and checking amount to finding models of a relational formula, i.e., assignments for which the formula is true. For simulation the formula is the description of the operati ..."
Abstract

Cited by 18 (10 self)
 Add to MetaCart
This article describes a technique for analyzing relational specifications. The underlying idea is very simple. Both simulation and checking amount to finding models of a relational formula, i.e., assignments for which the formula is true. For simulation the formula is the description of the operation; for checking, the formula is the negation of an assertion about an operation. Models are found by a generateandtest strategy: the formula is repeatedly evaluated for a series of assignments until one is found for which the formula is true