Ivaylo Dobrikov
Abstract
Abstract
Partial order reduction has been very successful at combatting the state explosion problem for lower-level formalisms, but has thus far made hardly any impact for model checking higher-level formalisms such as B, Z or TLA+. This paper attempts to remedy this issue in the context of Event-B, with its much more fine-grained events and thus increased potential for event-independence and partial order reduction. In this work, we provide a detailed description of a partial order reduction for explicit state model checking in ProB. The technique is evaluated on a variety of models. The implementation of the method is discussed, which is based on new constraint-based analyses. Further, we give a comprehensive description for elaborating the implementation into the LTL model checker of ProB for checking LTL−X formulae.
- A96 The B-book: assigning programs to meanings1996New YorkCambridge University Press10.1017/CBO97805116241620915.68015Google Scholar
Cross Ref
- A10 Modeling in Event-B: system and software engineering20101New YorkCambridge University Press10.1017/CBO97811391958811213.68214Google ScholarCross Ref
- AA09 Ait-Sadoune I, Ait-Ameur Y (2009) A proof based approach for modelling and verifying web services compositions. In: ICECCS ’09, Washington, DC, USA. IEEE Computer Society, pp 1–10Google Scholar
- ABHV06 Abrial J-R, Butler M, Hallertede S, Voisin L (2006) An open extensible tool environment for Event-B. In: ICFEM 2006. LNCS, vol 4260. Springer, pp 588–605Google Scholar
- BBČ+09 Bene N, Brim L, Černá I, Sochor J, Vařeková P, Zimmerova B (2009) Partial order reduction for state/event LTL. In: iFM 2009. LNCS, vol 5423. Springer, Berlin, pp 307–321Google Scholar
- BBH+13 Barnat J, Brim L, Havel V, Havlíček J, Kriho J, Lenčo M, Ročkai P, Štill V, Weiser J (2013) DiVinE 3.0—an explicit-state model checker for multithreaded C & C++ programs. In: CAV. LNCS, vol 8044. Springer, Berlin, pp 863–868Google Scholar
- BBR10 Barnat J, Brim L, Rockai P (2010) Parallel partial order reduction with topological sort proviso. In: SEFM. IEEE Computer Society, pp 222–231Google Scholar
- BDSW14 Derivation of concurrent programs by stepwise scheduling of Event-B modelsForm Asp Comput2014262281303317418710.1007/s00165-012-0260-5Google ScholarDigital Library
- BeL09 Bendisposto J, Leuschel M (2009) Proof assisted model checking for B. In: ICFEM. LNCS, vol 5885, pp 504–520, Springer, BerlinGoogle Scholar
- BeL11 Bendisposto J, Leuschel M (2011) Automatic flow analysis for Event-B. In: FASE. LNCS, vol 6603. Springer, Berlin, pp 50–64Google Scholar
- BK08 Principles of model checking2008BostonThe MIT Press1179.68076Google ScholarDigital Library
- BLL09 Partial-order reduction for general state exploring algorithmsSTTT2009111395110.1007/s10009-008-0093-y1178.68336Google ScholarCross Ref
- CCO+04 Chaki S, Clarke EM, Ouaknine J, Sharygina N, Sinha N (2004) State/event based software model checking. In: iFM. LNCS, vol 2999, pp 128–147Google Scholar
- CEGP99 Clarke Jr, Edmund M, Grumberg O, Peled DA (1999) Model checking. MIT Press, CambridgeGoogle Scholar
- CGMP99 State space reduction using partial order techniquesInt J STTT19992327928710.1007/s1000900500351065.68506Google ScholarCross Ref
- DL14 Dobrikov I, Leuschel M (2014) Optimising the ProB model checker for B using partial order reduction. In: SEFM LNCS, vol 8702, pp 220–234Google Scholar
- ELN+13 Esparza J, Lammich P, Neumann R, Nipkow T, Schimpf A, Smaus J-G (2013) A fully verified executable LTL model checker. In: CAV. LNCS, vol 8044. Springer, Berlin pp 463–478Google Scholar
- G96 Partial-order methods for the verification of concurrent systems—an approach to the state-explosion problem. LNCS, vol 10321996BerlinSpringer1293.68005Google Scholar
- GP93 Godefroid P, Pirottin D (993) Refining dependencies improves partial-order verification methods. In: CAV. LNCS, vol 697. Springer, BerlinGoogle Scholar
- GW91 Godefroid P, Wolper P (1991) Using partial orders for the efficient verification of deadlock freedom and safety properties. In: CAV. LNCS, vol 575, pp 332–342. Springer, BerlinGoogle Scholar
- H03 Spin model checker, the: primer and reference manual20031BostonAddison-Wesley ProfessionalGoogle Scholar
- HD94 Holzmann G, Peled D (1994) An improvement in formal verification. In: Proceedings FORTE, pp 197–211Google Scholar
- KLM+15 Kant G, Laarman A, Meijer J, van de Pol J, Blom S, van Dijk T (2015) LTSmin: high-performance language-independent model checking. In: TACAS. LNCS, vol 9035. Springer, Berlin, pp 692–707Google Scholar
- L08 Leuschel M (2008) The high road to formal validation: model checking high-level versus low-level specifications. In: ABZ. LNCS, vol 5238. Springer, Berlin, pp 4–23Google Scholar
- LBST07 Leuschel M, Butler M, Spermann C, Turner E (2007) Symmetry reduction for B by permutation flooding. In: Proceedings B’2007. LNCS, vol 4355. Springer, Berlin, pp 79–93Google Scholar
- LB08 ProB: an automated analysis toolset for the B methodSTTT200810218520310.1007/s10009-007-0063-9Google ScholarCross Ref
- LBe10 Leuschel M, Bendisposto J (2010) Directed model checking for B: an evaluation and new techniques. In: SBMF’ 2010. LNCS, vol 6527. Springer, Berlin, pp 1–16Google Scholar
- LM07 Leuschel M, Massart T (2007) Efficient approximative verification for B via symmetry markers. In: Proceedings international symmetry conference, pp 71–85, JanuaryGoogle Scholar
- LP85 Lichtenstein O, Pnueli A (1985) Checking that finite state concurrent programs satisfy their linear specifications. In: POPL’85, New York, NY, USA, ACM, pp 97–107Google Scholar
- LW11 Laarman A, Wijs A (2014) Partial-order reduction for multi-core LTL model checking. In: HVC 2014. LNCS, vol 8855. Springer, Berlin, pp 267–283Google Scholar
- NWP02 Isabelle/HOL-A proof assistant for Higher-Order Logic2002BerlinSpringer0994.68131Google ScholarCross Ref
- P77 Pnueli A (1977) The temporal logic of programs. In: Proceedings of 18th IEEE symposium on foundations of computer science (SFCS ’77). IEEE Computer Society Press, pp 46–57Google Scholar
- P94 Peled D (1994) Combining partial order reduction with on-the-fly model-checking. In: Proceedings of the sixth workshop on CAV. LNCS, vol 818. Springer, Berlin, pp 377–390Google Scholar
- PL10 Seven at one stroke: LTL model checking for high-level specifications in B, Z, CSP, and moreSTTT201012192110.1007/s10009-009-0132-3Google ScholarCross Ref
- PW97 Stutter-invariant temporal properties are expressible without the next-time operatorInf Process Lett.1997635243246147533610.1016/S0020-0190(97)00133-61337.68170Google ScholarDigital Library
- RMQ10 Rosa CD, Merz S, Quinson M (2010) A simple model of communication APIs—application to dynamic partial-order reduction. ECEASST 35Google Scholar
- SLD08 Sun J, Liu Y, Dong JS (2008) Model checking CSP revisited: introducing a process analysis toolkit. In: Proceedings of ISoLA. Springer, Berlin, pp 307–322Google Scholar
- T72 Depth first search and linear graph algorithmsSIAM J Comput19721214616030417810.1137/02010100251.05107Google ScholarDigital Library
- TLSB07 Turner E, Leuschel M, Spermann C, Butler M (2007) Symmetry reduced model checking for B. In: TASE. IEEE, pp 25–34Google Scholar
- V89a Valmari A (1989) Stubborn sets for reduced state space generation. In: Applications and theory of petri nets, pp 491–515Google Scholar
- V89b Valmari A (1989) Eliminating redundant interleavings during concurrent program verification. In: PARLE. LNCS, vol 366, Springer, Berlin, pp 89–103Google Scholar
- V90 Valmari A (1990) A stubborn attack on state explosion. In: CAV, pp 156–165Google Scholar
- V96 Valmari A (1996) Stubborn set methods for process algebras. In: DIMACS, vol 29, pp 213–231Google Scholar
- W99 Wehrheim H (1999) Partial order reductions for failures refinement. In: Proceedings of the 6th international workshop on expressiveness in concurrency, Electronic notes in theoretical computer science, vol 27, pp 71–84Google Scholar
- ZSS+14 Zheng M, Sanán D, Sun J, Liu Y, Dong JS, Gu Y (2013) State space reduction for sensor networks using two-level partial order reduction. In: VMCAI, pp 515–535Google Scholar
Index Terms
- Optimising the ProB model checker for B using partial order reduction
Recommendations
Formal Verification of an Executable LTL Model Checker with Partial Order Reduction
We present a formally verified and executable on-the-fly LTL model checker that uses ample set partial order reduction. The verification is done using the proof assistant Isabelle/HOL and covers everything from the abstract correctness proof down to the ...
Relaxed Visibility Enhances Partial Order Reduction
State-space explosion is a central problem in the automatic verification (model-checking) of concurrent systems. Partial order reduction is a method that was developed to try to cope with the state-space explosion. Based on the observation that the ...
Model Checking LTL Formulae in RAISE with FDR
IFM '09: Proceedings of the 7th International Conference on Integrated Formal MethodsThe Raise Specification Language (RSL) is a modeling language which supports various specification styles. To apply model checking to RSL concurrent descriptions, we translate RSL specifications into the input language CSPM of FDR. FDR is the model ...
Reviews
Richard John Botting
Model checking is a way to see if a design meets requirements. It starts with a model that abstracts how events affect a system. Then, the designers formulate a required behavior, for example, that something will never happen. The checker then searches for sequences of events that do not meet the requirement. There are half-a-dozen alternate ways of doing this, and each has its own set of tools. All are based on formal logic and mathematics. One problem is that the number of sequences grows very quickly, so each toolset has ways of reducing it. This paper gives a detailed description of how a known state-space reduction technique has been applied in the ProB toolset [1] for checking Event-B models. Event-B uses the notations from the B method to describe events. Each has an enabling condition and an action. The paper shows how to compute if two events are dependent or independent. Then, it shows how to calculate what are called "ample" sets of enabled events that can happen first without loss of generality. The paper gives an explanation that is sufficient for people who are familiar with ample sets. The original publication [2] provides a detailed exposition. This paper's main contribution is to use the toolset's existing constraint solver to discover dependencies. The paper presents algorithms and results of timing tests. I found these disappointing because most of the test cases don't have many independent events. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments