Assumption-based distribution of CTL model checking
Karen Yorav2004, International Journal on Software Tools for Technology Transfer
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
In this paper we discuss the problem of performing distributed CTL model checking by splitting the given state space into several "partial state spaces." The partial state space is modelled as a Kripke structure with border states. Each computer involved in the distributed computation owns a partial state space and performs a model-checking algorithm on this incomplete structure. To be able to proceed, the border states are augmented by assumptions about truth values of formulas and the computers exchange assumptions about relevant states to compute more precise information.
Related papers
Using Assumptions to Distribute CTL Model Checking
Electronic Notes in Theoretical Computer Science, 2002
In this work we discuss the problem of performing distributed CTL model checking by splitting the given state space into several "partial state spaces". The partial state space is modelled as a Kripke structure with border states. Each computer involved in the distributed computation owns a partial state space and performs a model checking algorithm on this incomplete structure. To be able to proceed, the border states are augmented by assumptions about the truth of formulas and the computers exchange assumptions about relevant states as they compute more precise information. In the paper we give the basic definitions and present the distributed algorithm.
Distributed CTL Model-Checking and counterexample search
In this paper, we propose a distributed algorithm for CTL model-checking and a counterexample search whenever the CTL formula is not satisfied. The distributed approach is used in order to cope with the state space explosion problem. A cluster of workstations performs collaborative verification over a partitioned state space. Thus, every process involved in the distributed verification executes a labelling procedure on its own partial state space, and uses the parse tree of the CTL formula to evaluate sub-formulas and delay the synchronisations so as to minimise idle time. A counterexample search consists in a distributed construction of the tree-like corresponding to the failure executions. Some experiments have been carried out to evaluate the efficiency of this approach. 3rd International Workshop on Verification and Evaluation of Computer and Communication Systems Distributed CTL Model-Checking and counterexample search
A Distributed CTL Model Checker
Laura Florentina Stoica, Florian Mircea Boian, Florin Stoica, A Distributed CTL Model Checker, Proceeding of 10th International Conference on e-Business, ICE-B 2013, Reykjavik Iceland, paper 33, 29-31 July, pp. 379-386, ISBN: 978-989-8565-72-3, 2013
Distributed CTL Model Checking in the Cloud
2013
The recent extensive availability of "big data" platforms calls for a more widespread adoption by the formal verification community. In fact, formal verification requires high performance data processing software for extracting knowledge from the unprecedented amount of data which come from analyzed systems. Since cloud based computing resources have became easily accessible, there is an opportunity for verification techniques and tools to undergo a deep technological transition to exploit the new available architectures. This has created an increasing interest in parallelizing and distributing verification techniques. In this paper we introduce a distributed approach which exploits techniques typically used by the "big data" community to enable verification of Computation Tree Logic (CTL) formulas on very large state spaces using distributed systems and cloud computing facilities. The outcome of several tests performed on benchmark specifications are presented, thus showing the convenience of the proposed approach.
Local Distributed Model Checking of Reg CTL
Electronic Notes in Theoretical Computer Science, 2002
The paper is devoted to the problem of extending the temporal logic CTL so that it is more expressive and complicated properties can be expressed more succinctly. The specification language RegCTL , an extension of CTL, is proposed. In RegCTL every CTL temporal operator is augmented with a regular expression restricting thus moments when the validity is required. The resulting logic is more expressive than previous extensions of CTL with regular expressions. RegCTL can be modelchecked on-the-fly and the model checking algorithm is well distributable.
Distributed bounded model checking
Formal Methods in System Design, 2022
Program verification is a resource-hungry task. This paper looks at the problem of parallelizing SMT-based automated program verification, specifically bounded model-checking, so that it can be distributed and executed on a cluster of machines. We present an algorithm that dynamically unfolds the call graph of the program and frequently splits it to create sub-tasks that can be solved in parallel. The algorithm is adaptive, controlling the splitting rate according to available resources, and also leverages information from the SMT solver to split where most complexity lies in the search. We implemented our algorithm by modifying CORRAL, the verifier used by Microsoft's Static Driver Verifier (SDV), and evaluate it on a series of hard SDV benchmarks.
Distributed Symbolic Model Checking for μ-Calculus
Formal Methods in System Design, 2005
In this paper we propose a distributed symbolic algorithm for model checking of propositional-calculus formulas.-calculus is a powerful formalism and many problems like (fair) CTL and LTL model checking can be solved using the-calculus model checking. Previous works on distributed symbolic model checking were restricted to reachability analysis and safety properties. This work thus significantly extends the scope of properties that can be verified for very large designs. The algorithm is based on distributed evaluation of subformulas. It results in sets of states which are evenly distributed among the processes. We show that this algorithm is scalable, and thus can be implemented on huge distributed clusters of computing nodes. In this way, the memory modules of the computing nodes collaborate to create a very large store, thus enabling checking of much larger designs. We formally prove the correctness of the parallel algorithm. We complement the distribution of the state sets by showing how to distribute the transition relation. Several further ingredients (such as the parallelization of the slicing procedure), are omitted for lack of space.
IibDMC: a Library to Operate Efficient Distributed Model Checking
2007 IEEE International Parallel and Distributed Processing Symposium, 2007
Model checking is a formal verification technique that allows to automatically prove that a system's behavior is correct. However it is often prohibitively expensive in time and memory complexity, due to the so-called state space explosion problem. We present a generic multithreaded and distributed infrastructure library designed to allow distribution of the model checking procedure over a cluster of machines. This library is generic, and is designed to allow encapsulation of any model checker in order to make it distributed. Performance evaluations are reported and clearly show the advantages of multi-threading to occupy processors while waiting for the network, with linear speedup over the number of processors.
The complexity of model checking concurrent programs against CTLK specifications
2006
This paper presents complexity results for model checking formulae of CTLK (a logic to reason about time and knowledge in multi-agent systems) in concurrent programs. We apply these results to evaluate the complexity of verifying programs of two model checkers for multi-agent systems: mcmas and Verics.
Model checking CTL is almost always inherently sequential
2009
The model checking problem for CTL is known to be P-complete (Clarke, Emerson, and Sistla (1986), see Schnoebelen (2002)). We consider fragments of CTL obtained by restricting the use of temporal modalities or the use of negations-restrictions already studied for LTL by Sistla and Clarke (1985) and Markey (2004). For all these fragments, except for the trivial case without any temporal operator, we systematically prove model checking to be either inherently sequential (P-complete) or very efficiently parallelizable (LOGCFL-complete). For most fragments, however, model checking for CTL is already P-complete. Hence our results indicate that in most applications, approaching CTL model checking by parallelism will not result in the desired speed up. We also completely determine the complexity of the model checking problem for all fragments of the extensions ECTL, CTL + , and ECTL + .
Related papers
Parallel and Distributed Methods in Verification
Journal of Logic and Computation, 2011
Over the last three decades, we have observed increasing dependency on computer and communication systems-and their hardware and software-in all aspects of daily life. As an example, we mention the use of online banking services, the use of computer-controlled car safety systems and the use of fully software-supported high-definition television sets. All these types of systems are characterized by their complexity as regards their hardware and-first and foremosttheir software. If these systems do not behave as expected (or as specified), the effect is that they become less easy to use-to say the least. However, more often than not such situations lead to monetary losses or they endanger lives.
Bounded saturation-based CTL model checking
2013
Formal verification is becoming a fundamental step of safety-critical and model-based software development. As part of the verification process, model checking is one of the current advanced techniques to analyse the behaviour of a system. Symbolic model checking is an efficient approach to handling even complex models with huge state spaces. Saturation is a symbolic algorithm with a special iteration strategy, which is efficient for asynchronous models. Recent advances have resulted in many new kinds of saturation-based algorithms for state space generation and bounded state space generation and also for structural model checking. In this paper, we examine how the combination of two advanced model checking algorithms-bounded saturation and saturationbased structural model checking-can be used to verify systems. Our work is the first attempt to combine these approaches, and this way we are able to handle and examine complex or even infinite state systems. Our measurements show that we can exploit the efficiency of saturation in bounded model checking.
Structural Symbolic CTL Model Checking of Asynchronous Systems
Lecture Notes in Computer Science, 2003
In previous work, we showed how structural information can be used to efficiently generate the state-space of asynchronous systems. Here, we apply these ideas to symbolic CTL model checking. Thanks to a Kronecker encoding of the transition relation, we detect and exploit event locality and apply better fixed-point iteration strategies, resulting in orders-of-magnitude reductions for both execution times and memory consumption in comparison to well-established tools such as NuSMV.
A partial approach to model checking
1991
Abstract A model-checking method for linear-time temporal logic that avoids the state explosion due to the modeling of concurrency by interleaving is presented. The method relies on the concept of the Mazurkiewicz trace as a semantic basis and uses automata-theoretic techniques, including automata that operate on words of ordinality higher than ω. In particular, automata operating on words of length ω× n, n∈ ω are defined.
Formula-dependent equivalence for compositional CTL model checking
1994
We present a state equivalence that is defined with respect to a given CTL formula. Since it does not attempt to preserve all CTL formulas, like bisimulation does, we can expect to compute coarser equivalences. We use this equivalence to manage the size of the transition relations encountered when model checking a system of interacting FSMs. Specifically, the equivalence is used to reduce the size of each component FSM, so that their product will be smaller.
CTL model checking based on forward state traversal
Proceedings of International Conference on Computer Aided Design
We present a CTL model checking algorithm based mainly on forward state traversal, which can check many realistic CTL properties without doing backward state traversal. This algorithm is effective in many situations where backward state traversal is more expensive than forward state traversal. We combine it with BDD-based state traversal techniques using partitioned transition relations. Experimental results show that our method can verify actual CTL properties of large industrial models which cannot be handled by conventional model checkers.
Handling Inconsistencies in CTL Model-Checking using Belief Revision
Given a formal description of a system, there are computational tools that verify the validity of some properties in the system. These tools usually only tell the user whether the property holds or not, without giving any hint as to how the system could be adapted in order for the desired property to hold. In this paper, we present a formal approach for handling inconsistencies in CTL (computation tree logic) model-checking using belief revision. Given a CTL formula inconsistent with a model of the system described in SMV, we revise this model in such a way that the formula becomes true. This revision forces changes in the SMV description of the system. Our implementation enriches the NuSMV model checker with three types of change: addition of lines, elimination of lines and change in the initial state, where the first two cause modifications in the transitions between the states of the model.
Scalable distributed on-the-fly symbolic model checking
International Journal on Software Tools for Technology Transfer (STTT), 2003
This paper presents a scalable method for parallel symbolic on-the-fly model checking in a distributed memory environment. Our method combines a scheme for on-thefly model checking for safety properties with a scheme for scalable reachability analysis. We suggest an efficient, BDDbased algorithm for a distributed construction of a counterexample. The extra memory requirement for counterexample generation is evenly distributed among the processes by a memory balancing procedure. At no point during computation does the memory of a single process contain all the data. This enhances scalability. Collaboration between the parallel processes during counterexample generation reduces memory utilization for the backward step.
Automatic compositional minimization in CTL model checking
1992
Abstract We describe a method for reducing the complexity of CTL model checking on a system of interacting finite state machines. The method consists essentially of reducing each component machine with respect to the property we want to verify, and then verifying the property on the composition of the reduced components. The procedure is fully automatic and produces an exact result. We assess the potential of our approach on real-world examples, and demonstrate the method on a circuit.
Simplified Distributed LTL Model Checking by Localizing Cycles
Report00176, Institut für Informatik, Universität …, 2002
Distributed Model Checking avoids the state explosion problem by using the computational resources of parallel environments LTL model checking mainly entails detecting accepting cycles in a state transition graph. The nested depth-rst search algorithm used for this purpose is di cult to parallelize since it is based on the depth-rst search traversal order which is inherently sequential. Proposed solutions make use of data structures and synchronization mechanisms in order to preserve the depth-rst order. We propose a simple distributed algorithm that assumes cycles to be localized by the partition function. Cycles can then be checked without requiring particular synchronization mechanisms. Methods for constructing such kind of partition functions are also proposed. The algorithm has a limited application since it highly depends on the monotonic behavior of the model to be checked.
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.