Uniform Monte-Carlo Model Checking

Grosu and Smolka have proposed a randomised Monte-Carlo algorithm for LTL model-checking. Their method is based on random exploration of the intersection of the model and of the Buchi automaton that represents the property to be checked. The targets of this exploration are so-called lassos, i.e. elementary paths followed by elementary circuits. During this exploration outgoing transitions are chosen uniformly at random. Grosu and Smolka note that, depending on the topology, the uniform choice of outgoing transitions may lead to very low probabilities of some lassos. In such cases, very big numbers of random walks are required to reach an acceptable coverage of lassos, and thus a good probability either of satisfaction of the property or of discovery of a counter-example. In this paper, we propose an alternative sampling strategy for lassos in the line of the uniform exploration of models presented in some previous work. The problem of finding all elementary cycles in a directed graph is known to be difficult: there is no hope for a polynomial time algorithm. Therefore, we consider a well-known sub-class of directed graphs, namely the reducible flow graphs, which correspond to well-structured programs and most control-command systems. We propose an efficient algorithm for counting and generating uniformly lassos in reducible flowgraphs. This algorithm has been implemented and experimented on a pathological example. We compare the lasso coverages obtained with our new uniform method and with uniform choice among the outgoing transitions.

[1]  Alain Denise,et al.  Uniform random sampling of traces in very large models , 2006, RT '06.

[2]  Ann Jennalie Cook Robert Endre Tarjan , 1981 .

[3]  Donald B. Johnson,et al.  Finding All the Elementary Circuits of a Directed Graph , 1975, SIAM J. Comput..

[4]  Jacques Cohen,et al.  Uniform Random Generation of Strings in a Context-Free Language , 1983, SIAM J. Comput..

[5]  James C. Tiernan,et al.  An efficient search algorithm to find the elementary circuits of a graph , 1970, CACM.

[6]  Robert E. Tarjan,et al.  Enumeration of the Elementary Circuits of a Directed Graph , 1972, SIAM J. Comput..

[7]  Alan Bundy,et al.  Constructing Induction Rules for Deductive Synthesis Proofs , 2006, CLASE.

[8]  D. Aldous Threshold limits for cover times , 1991 .

[9]  Herbert Weinblatt,et al.  A New Search Algorithm for Finding the Simple Cycles of a Finite Directed Graph , 1972, JACM.

[10]  Jean-Pierre Gallois,et al.  Slicing communicating automata specifications: polynomial algorithms for model reduction , 2008, Formal Aspects of Computing.

[11]  Luc Devroye,et al.  Non-Uniform Random Variate Generation , 1986 .

[12]  Jean-Marc Vincent,et al.  Resource-Aware Verification Using Randomized Exploration of Large State Spaces , 2008, SPIN.

[13]  Egon Börger,et al.  Formal methods for industrial applications : specifying and programming the steam boiler control , 1996 .

[14]  Alain Denise,et al.  A new dichotomic algorithm for the uniform random generation of words in regular languages , 2013, Theor. Comput. Sci..

[15]  Alain Denise,et al.  Coverage-biased random exploration of large models and application to testing , 2011, International Journal on Software Tools for Technology Transfer.

[16]  Jeffrey D. Ullman,et al.  Characterizations of Reducible Flow Graphs , 1974, JACM.

[17]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[18]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[19]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[20]  C. H. West,et al.  Protocol Validation in Complex Systems , 1989, SIGCOMM.

[21]  Philippe Schnoebelen,et al.  Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[22]  Philippe Schnoebelen,et al.  Systems and Software Verification , 2001, Springer Berlin Heidelberg.

[23]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[24]  Johan Oudinet Uniform random walks in very large models , 2007, RT '07.

[25]  Ivana Černá,et al.  Enhancing random walk state space exploration , 2005, FMICS '05.

[26]  Faron Moller,et al.  Logics for Concurrency , 1996, Lecture Notes in Computer Science.

[27]  Eric Mercer,et al.  Generating Counter-Examples Through Randomized Guided Search , 2007, SPIN.

[28]  Radu Grosu,et al.  Monte Carlo Model Checking , 2005, TACAS.

[29]  D. Aldous An introduction to covering problems for random walks on graphs , 1989 .

[30]  Matthew B. Dwyer,et al.  Parallel Randomized State-Space Search , 2007, 29th International Conference on Software Engineering (ICSE'07).

[31]  Alain Denise,et al.  A generic method for statistical testing , 2004, 15th International Symposium on Software Reliability Engineering.

[32]  Ganesh Gopalakrishnan,et al.  Random Walk Based Heuristic Algorithms for Distributed Memory Model Checking , 2003, PDMC@CAV.

[33]  Alain Denise,et al.  Coverage-biased Random Exploration of Models , 2008, Electron. Notes Theor. Comput. Sci..

[34]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.