A Livelock Freedom Analysis for Infinite State Asynchronous Reactive Systems

We describe an incomplete but sound and efficient livelock freedom test for infinite state asynchronous reactive systems. The method abstracts a system into a set of simple control flow cycles labeled with their message passing effects. From these cycles, it constructs a homogeneous integer programming problem (IP) encoding a necessary condition for the existence of livelock runs. Livelock freedom is assured by the infeasibility of the generated homogeneous IP, which can be checked in polynomial time. In the case that livelock freedom cannot be proved, the method proposes a counterexample given as a set of cycles. We apply an automated cycle dependency analysis to counterexamples to check their spuriousness and to refine the abstraction. We illustrate the application of the method to Promela models using our prototype implementation named aLive.

[1]  Wojciech Penczek,et al.  Stuttering-Insensitive Automata for On-the-fly Detection of Livelock Properties , 2002, Electron. Notes Theor. Comput. Sci..

[2]  Daniel Brand,et al.  On Communicating Finite-State Machines , 1983, JACM.

[3]  Tadashi Nakatani,et al.  Verification of Group Address Registration Protocol using PROMELA and SPIN , 1997 .

[4]  Wei Wei,et al.  A Scalable Incomplete Test for the Boundedness of UML RT Models , 2004, TACAS.

[5]  Gregor von Bochmann,et al.  Finite State Description of Communication Protocols , 1978, Comput. Networks.

[6]  Wei Wei,et al.  A Scalable Incomplete Test for Message Buffer Overflow in Promela Models , 2004, SPIN.

[7]  Javier Esparza,et al.  Verification of Safety Properties Using Integer Programming: Beyond the State Equation , 2000, Formal Methods Syst. Des..

[8]  Jean-Luc Lambert,et al.  Software Verification Based on Linear Programming , 1999, World Congress on Formal Methods.

[9]  Kenneth Steiglitz,et al.  Combinatorial Optimization: Algorithms and Complexity , 1981 .

[10]  George S. Avrunin,et al.  Using integer programming to verify general safety and liveness properties , 1995, Formal Methods Syst. Des..

[11]  Wei Wei,et al.  Counterexample-Based Refinement for a Boundedness Test for CFSM Languages , 2005, SPIN.

[12]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[13]  Wei Wei,et al.  A Region Graph Based Approach to Termination Proofs , 2006, TACAS.

[14]  George S. Avrunin,et al.  Improving the Precision of INCA by Eliminating Solutions with Spurious Cycles , 2002, IEEE Trans. Software Eng..

[15]  Steven Hand,et al.  On deadlock, livelock, and forward progress , 2005 .

[16]  Gerard J. Holzmann,et al.  Software Tools for Technology Transfer Manuscript No. Fighting Livelock in the Gnu I-protocol: a Case Study in Explicit-state Model Checking , 2022 .

[17]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .

[18]  Stefan Leue,et al.  Formalization and validation of the General Inter-ORB Protocol (GIOP) using PROMELA and SPIN , 2000, International Journal on Software Tools for Technology Transfer.

[19]  Javier Esparza,et al.  Model Checking LTL Using Constraint Programming , 1997, ICATPN.

[20]  Patrice Godefroid,et al.  Software Model Checking: The VeriSoft Approach , 2005, Formal Methods Syst. Des..