Results 1  10
of
78
Heuristics for Model Checking Java Programs
, 2002
"... Model checking of software programs has two goals: one is the veri cation of correct software. The other is the discovery of errors in faulty software. Some techniques for dealing with the most crucial problem in model checking, the state space explosion problem, concentrate on the rst of these go ..."
Abstract

Cited by 55 (8 self)
 Add to MetaCart
Model checking of software programs has two goals: one is the veri cation of correct software. The other is the discovery of errors in faulty software. Some techniques for dealing with the most crucial problem in model checking, the state space explosion problem, concentrate on the rst of these goals. In this paper we present an array of heuristic model checking techniques for combating the state space explosion when searching for errors. Previous work on this topic has mostly focused on propertyspeci c heuristics closely related to particular kinds of errors. We present structural heuristics that attempt to explore the structure (branching structure, thread interdependency structure, abstraction structure) of a program in a manner intended to expose errors eciently. Experimental results show the utility of this class of heuristics. In contrast to these very general heuristics, we also present very lightweight techniques for introducing programspeci c heuristic guidance. 1
Taming Numbers and Durations in the Model Checking Integrated Planning System
 Journal of Artificial Intelligence Research
, 2002
"... The Model Checking Integrated Planning System (MIPS) has shown distinguished performance in the second and third international planning competitions. With its objectoriented framework architecture MIPS clearly separates the portfolio of explicit and symbolic heuristic search exploration algorith ..."
Abstract

Cited by 46 (12 self)
 Add to MetaCart
(Show Context)
The Model Checking Integrated Planning System (MIPS) has shown distinguished performance in the second and third international planning competitions. With its objectoriented framework architecture MIPS clearly separates the portfolio of explicit and symbolic heuristic search exploration algorithms from different online and offline computed estimates and from the grounded planning problem representation.
Heuristic Search
, 2011
"... Heuristic search is used to efficiently solve the singlenode shortest path problem in weighted graphs. In practice, however, one is not only interested in finding a short path, but an optimal path, according to a certain cost notion. We propose an algebraic formalism that captures many cost notions ..."
Abstract

Cited by 44 (22 self)
 Add to MetaCart
Heuristic search is used to efficiently solve the singlenode shortest path problem in weighted graphs. In practice, however, one is not only interested in finding a short path, but an optimal path, according to a certain cost notion. We propose an algebraic formalism that captures many cost notions, like typical Quality of Service attributes. We thus generalize A*, the popular heuristic search algorithm, for solving optimalpath problem. The paper provides an answer to a fundamental question for AI search, namely to which general notion of cost, heuristic search algorithms can be applied. We proof correctness of the algorithms and provide experimental results that validate the feasibility of the approach.
Directed model checking with distancepreserving abstractions
 In 13th International SPIN Workshop on Model Checking of Software (SPIN’2006
, 2006
"... Abstract. In directed model checking, the traversal of the state space is guided by an estimate of the distance from the current state to the nearest error state. This paper presents a distancepreserving abstraction for concurrent systems that allows one to compute an interesting estimate of the er ..."
Abstract

Cited by 30 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In directed model checking, the traversal of the state space is guided by an estimate of the distance from the current state to the nearest error state. This paper presents a distancepreserving abstraction for concurrent systems that allows one to compute an interesting estimate of the error distance without hitting the state explosion problem. Our experiments show a dramatic reduction both in the number of states explored by the model checker and in the total runtime. 1
A note on onthefly verification algorithms
 In Proc. of TACAS’05, LNCS
, 2005
"... Abstract. The automatatheoretic approach to verification of LTL relies on an algorithm for finding accepting cycles in the product of the system and a B"uchi automaton for the negation of the formula. Explicitstate model checkers typically construct the product space "on the fly ..."
Abstract

Cited by 25 (2 self)
 Add to MetaCart
(Show Context)
Abstract. The automatatheoretic approach to verification of LTL relies on an algorithm for finding accepting cycles in the product of the system and a B&quot;uchi automaton for the negation of the formula. Explicitstate model checkers typically construct the product space &quot;on the fly &quot; and explore the states using depthfirst search. We survey algorithms proposed for this purpose and propose two improved algorithms, one based on nested DFS, the other on strongly connected components. We compare these algorithms both theoretically and experimentally and determine cases where both algorithms can be useful. 1 Introduction The modelchecking problem for finitestate systems and lineartime temporal logic (LTL) is usually reduced to checking the emptiness of a B&quot;uchi automaton, i.e. the product of the system and an automaton for the negated formula [23]. Various strategies exist for reducing the size of the automaton. For instance, symbolic model checking employs data structures to compactly represent large sets of states. This strategy combines well with breadthfirst search, leading to solutions whose worstcase time is essentially O(n2) or O(n log n), if n is the size of the product. A survey of symbolic emptiness algorithms can be found in [8]. Explicitstate model checkers, on the other hand, construct the product automaton `on the fly', i.e. while searching the automaton. Thus, the model checker may be able to find a counterexample without ever constructing the complete state space. Onthefly verification can be combined with partial order methods [18, 15] to reduce the effect of state explosion.
Largescale directed model checking LTL
 In Model Checking Software (SPIN
, 2006
"... Abstract. To analyze larger models for explicitstate model checking, directed model checking applies errorguided search, external model checking uses secondary storage media, and distributed model checking exploits parallel exploration on multiple processors. In this paper we propose an external, ..."
Abstract

Cited by 24 (8 self)
 Add to MetaCart
(Show Context)
Abstract. To analyze larger models for explicitstate model checking, directed model checking applies errorguided search, external model checking uses secondary storage media, and distributed model checking exploits parallel exploration on multiple processors. In this paper we propose an external, distributed and directed onthefly model checking algorithm to check general LTL properties in the model checker SPIN. Previous attempts restricted to checking safety properties. The worstcase I/O complexity is bounded by O(sort(FR)/p + l · scan(FS)), where S and R are the sets of visited states and transitions in the synchronized product of the Büchi automata for the model and the property specification, F is the number of accepting states, l is the length of the shortest counterexample, and p is the number of processors. The algorithm we propose returns minimal lassoshaped counterexamples and includes refinements for propertydriven exploration. 1
Promela Planning
 In Proceedings of SPIN03
, 2003
"... In this paper a compiler from a restricted subset of SPIN's input language Promela into an action planning description language is presented. It exploits the representation of protocols as communicating finite state machines. The work targets the transfer between the state space... ..."
Abstract

Cited by 24 (10 self)
 Add to MetaCart
(Show Context)
In this paper a compiler from a restricted subset of SPIN's input language Promela into an action planning description language is presented. It exploits the representation of protocols as communicating finite state machines. The work targets the transfer between the state space...
Quantitative Verification: Models, Techniques and Tools
, 2007
"... Automated verification is a technique for establishing if certain properties, usually expressed in temporal logic, hold for a system model. The model can be defined using a highlevel formalism or extracted directly from software using methods such as abstract interpretation. The verification procee ..."
Abstract

Cited by 24 (13 self)
 Add to MetaCart
(Show Context)
Automated verification is a technique for establishing if certain properties, usually expressed in temporal logic, hold for a system model. The model can be defined using a highlevel formalism or extracted directly from software using methods such as abstract interpretation. The verification proceeds through exhaustive exploration of the statetransition graph of the model and is therefore more powerful than testing. Quantitative verification is an analogous technique for establishing quantitative properties of a system model, such as the probability of battery power dropping below minimum, the expected time for message delivery and the expected number of messages lost before protocol termination. Models analysed through this method are typically variants of Markov chains, annotated with costs and rewards that describe resources and their usage during execution. Properties are expressed in temporal logic extended with probabilistic and reward operators. Quantitative verification involves a combination of a traversal of the statetransition graph of the model and numerical computation. This paper gives a brief overview of current research in quantitative verification, concentrating on the potential of the method and outlining future challenges. The modelling approach is described and the usefulness of the methodology illustrated with an example of a realworld protocol standard – Bluetooth device discovery – that has been analysed using the PRISM model checker (www.prismmodelchecker.org).
Software Model Checking
"... Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis o ..."
Abstract

Cited by 23 (0 self)
 Add to MetaCart
Software model checking is the algorithmic analysis of programs to prove properties of their executions. It traces its roots to logic and theorem proving, both to provide the conceptual framework in which to formalize the fundamental questions and to provide algorithmic procedures for the analysis of logical questions. The undecidability theorem [Turing 1936] ruled out the possibility of a sound and complete algorithmic solution for any sufficiently powerful programming model, and even under restrictions (such as finite state spaces), the correctness problem remained computationally intractable. However, just because a problem is hard does not mean it never appears in practice. Also, just because the general problem is undecidable does not imply that specific instances of the problem will also be hard. As the complexity of software systems grew, so did the need for some reasoning mechanism about correct behavior. (While we focus here on analyzing the behavior of a program relative to given correctness specifications, the development of specification mechanisms happened in parallel, and merits a different survey.) Initially, the focus of program verification research was on manual reasoning, and
Parallel External Directed Model Checking with Linear I/O
 In VMCAI
, 2006
"... In this paper we present Parallel External A*, a parallel variant of external memory directed model checking. As a model scales up, its successors generation becomes complex and, in turn, starts to impact the running time of the model checker. Probings of our external memory model checker IOHSF ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
(Show Context)
In this paper we present Parallel External A*, a parallel variant of external memory directed model checking. As a model scales up, its successors generation becomes complex and, in turn, starts to impact the running time of the model checker. Probings of our external memory model checker IOHSFSPIN revealed that in some of the cases about 70% of the whole running time was consumed in the internal processing.