Results 1  10
of
18
Saturation: an efficient iteration strategy for symbolic state space generation
 PROC. TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS), LNCS 2031
, 2001
"... We present a novel algorithm for generating state spaces of asynchronous systems using Multi–valued Decision Diagrams. In contrast to related work, we encode the next–state function of a system not as a single Boolean function, but as cross–products of integer functions. This permits the applicati ..."
Abstract

Cited by 56 (30 self)
 Add to MetaCart
We present a novel algorithm for generating state spaces of asynchronous systems using Multi–valued Decision Diagrams. In contrast to related work, we encode the next–state function of a system not as a single Boolean function, but as cross–products of integer functions. This permits the application of various iteration strategies to build a system’s state space. In particular, we introduce a new elegant strategy, called saturation, and implement it in the tool SMART. On top of usually performing several orders of magnitude faster than existing BDD–based state–space generators, our algorithm’s required peak memory is often close to the final memory needed for storing the overall state space.
Efficient symbolic statespace construction for asynchronous systems
 Application and Theory of Petri Nets 2000 (Proc. 21th Int. Conf. on Applications and Theory of Petri Nets, Aarhus, Denmark), Lecture Notes in Computer Science 1825
, 2000
"... ..."
IF: An Intermediate Representation for SDL and its Applications
, 1999
"... this paper we present work of a project for the improvement of a specification and validation toolbox interconnecting Objectgeode[1] and different validation tools such as ..."
Abstract

Cited by 15 (4 self)
 Add to MetaCart
this paper we present work of a project for the improvement of a specification and validation toolbox interconnecting Objectgeode[1] and different validation tools such as
Saturationbased symbolic reachability analysis using conjunctive and disjunctive partitioning
 Proc. CHARME, LNCS 3725
, 2005
"... Abstract. We propose a new saturationbased symbolic statespace generation algorithm for finite discretestate systems. Based on the structure of the highlevel model specification, we first disjunctively partition the transition relation of the system, then conjunctively partition each disjunct. O ..."
Abstract

Cited by 14 (12 self)
 Add to MetaCart
Abstract. We propose a new saturationbased symbolic statespace generation algorithm for finite discretestate systems. Based on the structure of the highlevel model specification, we first disjunctively partition the transition relation of the system, then conjunctively partition each disjunct. Our new encoding recognizes identity transformations of state variables and exploits event locality, enabling us to apply a recursive fixedpoint image computation strategy completely different from the standard breadthfirst approach employing a global fixpoint image computation. Compared to breadthfirst symbolic methods, saturation has already been empirically shown to be several orders more efficient in terms of runtime and peak memory requirements for asynchronous concurrent systems. With the new partitioning, the saturation algorithm can now be applied to completely general asynchronous systems, while requiring similar or better runtimes and peak memory than previous saturation algorithms. 1
Exp.Open 2.0: A Flexible Tool Integrating Partial Order, Compositional, and Onthefly Verification Methods
, 2005
"... It is desirable to integrate formal verification techniques applicable to different languages. We present Exp.Open 2.0, a new tool of the Cadp verification toolbox which combines several features. First, Exp.Open 2.0 allows to describe concurrent systems as a composition of finite state machines, ..."
Abstract

Cited by 12 (5 self)
 Add to MetaCart
It is desirable to integrate formal verification techniques applicable to different languages. We present Exp.Open 2.0, a new tool of the Cadp verification toolbox which combines several features. First, Exp.Open 2.0 allows to describe concurrent systems as a composition of finite state machines, using either synchronization vectors, or parallel composition, hiding, renaming, and cut operators from several process algebras (Ccs, Csp, Lotos, ELotos, µCrl). Second, together with other tools of Cadp, Exp.Open 2.0 allows state space generation and onthefly exploration. Third, Exp.Open 2.0 implements onthefly partial order reductions to avoid the generation of irrelevant interleavings of independent transitions. Fourth, Exp.Open 2.0 allows to export models towards other tools using interchange formats such as automata networks and Petri nets. Finally, we show some practical applications and measure the efficiency of Exp.Open 2.0 on several benchmarks.
IF: An Intermediate Representation and Validation Environment for Timed Asynchronous Systems
, 1999
"... . Formal Description Techniques (fdt), such as lotos or sdl are at the base of a technology for the specification and the validation of telecommunication systems. Due to the availability of commercial tools, these formalisms are now being widely used in the industrial community. Alternatively, a ..."
Abstract

Cited by 11 (4 self)
 Add to MetaCart
. Formal Description Techniques (fdt), such as lotos or sdl are at the base of a technology for the specification and the validation of telecommunication systems. Due to the availability of commercial tools, these formalisms are now being widely used in the industrial community. Alternatively, a number of quite efficient verification tools have been developed by the research community. But, most of these tools are based on simple adhoc formalisms and the gap between them and real fdt restricts their use at industrial scale. This context motivated the development of an intermediate representation called if which is presented in the paper. if has a simple syntactic structure, but allows to express in a convenient way most useful concepts needed for the specification of timed asynchronous systems. The benefits of using if are multiples. First, it is general enough to handle significant subsets of most fdt, and in particular a translation from sdl to if is already implemented. ...
Using Compositional Preorders in the Verification of Sliding Window Protocol
 In Computer Aided Verification
"... The main obstacle to automatic verification of temporal logic properties of finitestate systems is the state explosion problem. One way to alleviate this is to replace components of a system with smaller ones and verify the required properties from the smaller system. This approach leads to notions ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
The main obstacle to automatic verification of temporal logic properties of finitestate systems is the state explosion problem. One way to alleviate this is to replace components of a system with smaller ones and verify the required properties from the smaller system. This approach leads to notions of compositional propertypreserving equivalences and preorders. Previously we have shown that the NDFD preorder is the weakest preorder which is compositional w.r.t. standard operators and preserves nexttimeless linear temporal logic properties. In this paper we describe a case study where NDFD preorder was used to verify semiautomatically both safety and liveness properties of the Sliding Window protocol for arbitrary channel lengths and realistic parameter values. In this process we located a previously undiscovered fault leading to lack of liveness in a version of the protocol. 1 Introduction A promising approach to verification of finitestate concurrent systems is the use of proposi...
Exploiting interleaving semantics in symbolic statespace generation
 Formal Methods in System Design
"... Abstract. Symbolic techniques based on Binary Decision Diagrams (BDDs) are widely employed for reasoning about temporal properties of hardware circuits and synchronous controllers. However, they often perform poorly when dealing with the huge state spaces underlying systems based on interleaving sem ..."
Abstract

Cited by 8 (3 self)
 Add to MetaCart
Abstract. Symbolic techniques based on Binary Decision Diagrams (BDDs) are widely employed for reasoning about temporal properties of hardware circuits and synchronous controllers. However, they often perform poorly when dealing with the huge state spaces underlying systems based on interleaving semantics, such as communications protocols and distributed software, which are composed of independently acting subsystems that communicate via shared events. This article shows that the efficiency of state–space exploration techniques using decision diagrams can be drastically improved by exploiting the interleaving semantics underlying many event–based and component–based system models. A new algorithm for symbolically generating state spaces is presented that (i) encodes a model’s state vectors with Multi–valued Decision Diagrams (MDDs) rather than flattening them into BDDs and (ii) partitions the model’s Kronecker–consistent next–state function by event and subsystem, thus enabling multiple lightweight next–state transformations rather than a single heavyweight one. Together, this paves the way for a novel iteration order, called saturation, which replaces the breadth–first search order of traditional algorithms. The resulting saturation algorithm is implemented in the tool SMART, and experimental studies show that it is often several orders of magnitude better in terms of time efficiency, final memory consumption, and peak memory consumption than existing symbolic algorithms.
A pattern recognition approach for speculative firing prediction in distributed saturation statespace generation
 Proc. PDMC, pp.65– 79
, 2005
"... The saturation strategy for symbolic statespace generation is particularly effective for globallyasynchronous locallysynchronous systems. A distributed version of saturation, SaturationNOW, uses the overall memory available on a network of workstations to effectively spread the memory load, but i ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
The saturation strategy for symbolic statespace generation is particularly effective for globallyasynchronous locallysynchronous systems. A distributed version of saturation, SaturationNOW, uses the overall memory available on a network of workstations to effectively spread the memory load, but its execution is essentially sequential. To achieve true parallelism, we explore a speculative firing prediction, where idle workstations work on predicted future event firing requests. A naïve approach where all possible firings may be explored a priori, given enough idle time, can result in excessive memory requirements. Thus, we introduce a historybased approach for firing prediction that recognizes firing patterns and explores only firings conforming to these patterns. Experiments show that our heuristic improves the runtime and has a small memory overhead.
Uniformity by construction in the analysis of nondeterministic stochastic systems
 In Proc. of Dependable Systems and Networks conference, UK
, 2007
"... Continuoustime Markov decision processes (CTMDPs) are behavioral models with continuoustime, nondeterminism and memoryless stochastics. Recently, an efficient timed reachability algorithm for CTMDPs has been presented [2], allowing one to quantify, e. g., the worstcase probability to hit an unsaf ..."
Abstract

Cited by 5 (2 self)
 Add to MetaCart
Continuoustime Markov decision processes (CTMDPs) are behavioral models with continuoustime, nondeterminism and memoryless stochastics. Recently, an efficient timed reachability algorithm for CTMDPs has been presented [2], allowing one to quantify, e. g., the worstcase probability to hit an unsafe system state within a safety critical mission time. This algorithm works only for uniform CTMDPs – CTMDPs in which the sojourn time distribution is unique across all states. In this paper we develop a compositional theory for generating CTMDPs which are uniform by construction. To analyze the scalability of the method, this theory is applied to the construction of a faulttolerant workstation cluster example, and experimentally evaluated using an innovative implementation of the timed reachability algorithm. All previous attempts to modelcheck this seemingly wellstudied example needed to ignore the presence of nondeterminism, because of lacking support for modelling and analysis. 1