Watchdog Transformations for Property-Oriented Model-Checking

We discuss how to transform a CSP refinement, \(S \sqsubseteq I\), to enable all its events to be hidden; this is useful because many of the state space compression functions provided by the model-checker FDR are effective only when events are hidden [1]. In an earlier paper [2] we described a suitable transformation for the case where the refinement is in the traces semantics of CSP. This paper extends the approach to the more difficult case of the stable-failures semantics. In both cases, a watchdog transformation is applied to the specification S, resulting in a watchdog processWDS, which is then composed in parallel with I, or with I in a simple context. The watchdog process monitors I and somehow indicates whether it can behave in a way that is incompatible with refinement of S. All events of the original assertion can be hidden in the transformed assertion. We also discuss the design of compression strategies that try to hide as many events as possible in the component processes of I and WDS, and compress the composition as it is being built up. We describe our implementation of the watchdog transformations and some simple compression strategies.

[1]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[2]  Somesh Jha,et al.  Exploiting Symmetry In Temporal Logic Model Checking , 1993, CAV.

[3]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[4]  Antti Valmari,et al.  Alphabet-Based Synchronisation is Exponentially Cheaper , 2002, CONCUR.

[5]  Michael Goldsmith,et al.  Hierarchical Compression for Model-Checking CSP or How to Check 1020 Dining Philosophers for Deadlock , 1995, TACAS.

[6]  Patrice Godefroid,et al.  On the costs and benefits of using partial-order methods for the verification of concurrent systems , 1996, Partial Order Methods in Verification.

[7]  Antti Valmari A stubborn attack on state explosion , 1992, Formal Methods Syst. Des..

[8]  A. Prasad Sistla,et al.  Symmetry and model checking , 1996, Formal Methods Syst. Des..

[9]  W.M. vanCleemput,et al.  Computer hardware description languages and their applications , 1979, 16th Design Automation Conference.

[10]  Amir Pnueli,et al.  Proving Partial Order Properties , 1994, Theor. Comput. Sci..

[11]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[12]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[13]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[14]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[15]  Michael Goldsmith Property−based compression strategies , 2002 .

[16]  Kousha Etessami,et al.  A Hierarchy of Polynomial-Time Computable Simulations for Automata , 2002, CONCUR.