Results 1  10
of
58
Heuristics for Model Checking Java Programs
, 2002
"... Model checking of software programs has two goals: one is the veri cation of correct software. The other is the discovery of errors in faulty software. Some techniques for dealing with the most crucial problem in model checking, the state space explosion problem, concentrate on the rst of these go ..."
Abstract

Cited by 49 (7 self)
 Add to MetaCart
Model checking of software programs has two goals: one is the veri cation of correct software. The other is the discovery of errors in faulty software. Some techniques for dealing with the most crucial problem in model checking, the state space explosion problem, concentrate on the rst of these goals. In this paper we present an array of heuristic model checking techniques for combating the state space explosion when searching for errors. Previous work on this topic has mostly focused on propertyspeci c heuristics closely related to particular kinds of errors. We present structural heuristics that attempt to explore the structure (branching structure, thread interdependency structure, abstraction structure) of a program in a manner intended to expose errors eciently. Experimental results show the utility of this class of heuristics. In contrast to these very general heuristics, we also present very lightweight techniques for introducing programspeci c heuristic guidance. 1
Taming Numbers and Durations in the Model Checking Integrated Planning System
 Journal of Artificial Intelligence Research
, 2002
"... The Model Checking Integrated Planning System (MIPS) has shown distinguished performance in the second and third international planning competitions. With its objectoriented framework architecture MIPS clearly separates the portfolio of explicit and symbolic heuristic search exploration algorith ..."
Abstract

Cited by 43 (10 self)
 Add to MetaCart
The Model Checking Integrated Planning System (MIPS) has shown distinguished performance in the second and third international planning competitions. With its objectoriented framework architecture MIPS clearly separates the portfolio of explicit and symbolic heuristic search exploration algorithms from different online and offline computed estimates and from the grounded planning problem representation.
Heuristic Search
, 2011
"... Heuristic search is used to efficiently solve the singlenode shortest path problem in weighted graphs. In practice, however, one is not only interested in finding a short path, but an optimal path, according to a certain cost notion. We propose an algebraic formalism that captures many cost notions ..."
Abstract

Cited by 40 (22 self)
 Add to MetaCart
Heuristic search is used to efficiently solve the singlenode shortest path problem in weighted graphs. In practice, however, one is not only interested in finding a short path, but an optimal path, according to a certain cost notion. We propose an algebraic formalism that captures many cost notions, like typical Quality of Service attributes. We thus generalize A*, the popular heuristic search algorithm, for solving optimalpath problem. The paper provides an answer to a fundamental question for AI search, namely to which general notion of cost, heuristic search algorithms can be applied. We proof correctness of the algorithms and provide experimental results that validate the feasibility of the approach.
Directed model checking with distancepreserving abstractions
 In 13th International SPIN Workshop on Model Checking of Software (SPIN’2006
, 2006
"... Abstract. In directed model checking, the traversal of the state space is guided by an estimate of the distance from the current state to the nearest error state. This paper presents a distancepreserving abstraction for concurrent systems that allows one to compute an interesting estimate of the er ..."
Abstract

Cited by 28 (3 self)
 Add to MetaCart
Abstract. In directed model checking, the traversal of the state space is guided by an estimate of the distance from the current state to the nearest error state. This paper presents a distancepreserving abstraction for concurrent systems that allows one to compute an interesting estimate of the error distance without hitting the state explosion problem. Our experiments show a dramatic reduction both in the number of states explored by the model checker and in the total runtime. 1
A note on onthefly verification algorithms
 In Proc. of TACAS’05, LNCS
, 2005
"... Abstract. The automatatheoretic approach to verification of LTL relies on an algorithm for finding accepting cycles in the product of the system and a B"uchi automaton for the negation of the formula. Explicitstate model checkers typically construct the product space "on the fly " a ..."
Abstract

Cited by 24 (2 self)
 Add to MetaCart
Abstract. The automatatheoretic approach to verification of LTL relies on an algorithm for finding accepting cycles in the product of the system and a B"uchi automaton for the negation of the formula. Explicitstate model checkers typically construct the product space "on the fly " and explore the states using depthfirst search. We survey algorithms proposed for this purpose and propose two improved algorithms, one based on nested DFS, the other on strongly connected components. We compare these algorithms both theoretically and experimentally and determine cases where both algorithms can be useful. 1 Introduction The modelchecking problem for finitestate systems and lineartime temporal logic (LTL) is usually reduced to checking the emptiness of a B"uchi automaton, i.e. the product of the system and an automaton for the negated formula [23]. Various strategies exist for reducing the size of the automaton. For instance, symbolic model checking employs data structures to compactly represent large sets of states. This strategy combines well with breadthfirst search, leading to solutions whose worstcase time is essentially O(n2) or O(n log n), if n is the size of the product. A survey of symbolic emptiness algorithms can be found in [8]. Explicitstate model checkers, on the other hand, construct the product automaton `on the fly', i.e. while searching the automaton. Thus, the model checker may be able to find a counterexample without ever constructing the complete state space. Onthefly verification can be combined with partial order methods [18, 15] to reduce the effect of state explosion.
Promela Planning
 In Proceedings of SPIN03
, 2003
"... In this paper a compiler from a restricted subset of SPIN's input language Promela into an action planning description language is presented. It exploits the representation of protocols as communicating finite state machines. The work targets the transfer between the state space... ..."
Abstract

Cited by 23 (9 self)
 Add to MetaCart
In this paper a compiler from a restricted subset of SPIN's input language Promela into an action planning description language is presented. It exploits the representation of protocols as communicating finite state machines. The work targets the transfer between the state space...
Largescale directed model checking LTL
 In Model Checking Software (SPIN
, 2006
"... Abstract. To analyze larger models for explicitstate model checking, directed model checking applies errorguided search, external model checking uses secondary storage media, and distributed model checking exploits parallel exploration on multiple processors. In this paper we propose an external, ..."
Abstract

Cited by 22 (8 self)
 Add to MetaCart
Abstract. To analyze larger models for explicitstate model checking, directed model checking applies errorguided search, external model checking uses secondary storage media, and distributed model checking exploits parallel exploration on multiple processors. In this paper we propose an external, distributed and directed onthefly model checking algorithm to check general LTL properties in the model checker SPIN. Previous attempts restricted to checking safety properties. The worstcase I/O complexity is bounded by O(sort(FR)/p + l · scan(FS)), where S and R are the sets of visited states and transitions in the synchronized product of the Büchi automata for the model and the property specification, F is the number of accepting states, l is the length of the shortest counterexample, and p is the number of processors. The algorithm we propose returns minimal lassoshaped counterexamples and includes refinements for propertydriven exploration. 1
Parallel External Directed Model Checking with Linear I/O
 In VMCAI
, 2006
"... In this paper we present Parallel External A*, a parallel variant of external memory directed model checking. As a model scales up, its successors generation becomes complex and, in turn, starts to impact the running time of the model checker. Probings of our external memory model checker IOHSF ..."
Abstract

Cited by 20 (5 self)
 Add to MetaCart
In this paper we present Parallel External A*, a parallel variant of external memory directed model checking. As a model scales up, its successors generation becomes complex and, in turn, starts to impact the running time of the model checker. Probings of our external memory model checker IOHSFSPIN revealed that in some of the cases about 70% of the whole running time was consumed in the internal processing.
S.: Counterexamples for timed probabilistic reachability
 FORMATS. Volume 3829 of Lecture Notes in Computer Science
, 2005
"... Abstract. The inability to provide counterexamples for the violation of timed probabilistic reachability properties constrains the practical use of CSL model checking for continuous time Markov chains (CTMCs). Counterexamples are essential tools in determining the causes of property violations and a ..."
Abstract

Cited by 14 (9 self)
 Add to MetaCart
Abstract. The inability to provide counterexamples for the violation of timed probabilistic reachability properties constrains the practical use of CSL model checking for continuous time Markov chains (CTMCs). Counterexamples are essential tools in determining the causes of property violations and are required during debugging. We propose the use of explicit state model checking to determine runs leading into property offending states. Since we are interested in finding paths that carry large amounts of probability mass we employ directed explicit state model checking technology to find such runs using a variety of heuristics guided search algorithms, such as Best First search and Z*. The estimates used in computing the heuristics rely on a uniformisation of the CTMC. We apply our approach to a probabilistic model of the SCSI2 protocol. 1