Integer Linear Programming-Based Property Checking for Asynchronous Reactive Systems

Asynchronous reactive systems form the basis of a wide range of software systems, for instance in the telecommunications domain. It is highly desirable to rigorously show that these systems are correctly designed. However, traditional formal approaches to the verification of these systems are often difficult because asynchronous reactive systems usually possess extremely large or even infinite state spaces. We propose an integer linear program (ILP) solving-based property checking framework that concentrates on the local analysis of the cyclic behavior of each individual component of a system. We apply our framework to the checking of the buffer boundedness and livelock freedom properties, both of which are undecidable for asynchronous reactive systems with an infinite state space. We illustrate the application of the proposed checking methods to Promela, the input language of the SPIN model checker. While the precision of our framework remains an issue, we propose a counterexample guided abstraction refinement procedure based on the discovery of dependences among control flow cycles. We have implemented prototype tools with which we obtained promising experimental results on real-life system models.

[1]  Thierry Jéron,et al.  Testing for Unboundedness of FIFO Channels , 1993, Theor. Comput. Sci..

[2]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[3]  Thomas Martyn Parks,et al.  Bounded scheduling of process networks , 1996 .

[4]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[5]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[6]  Mohamed G. Gouda,et al.  On deadlock detection in systems of communicating finite state machines , 1987 .

[7]  Bran Selic,et al.  Using UML for Modeling Complex Real-Time Systems , 1998, LCTES.

[8]  L. G. H. Cijan A polynomial algorithm in linear programming , 1979 .

[9]  Wei Wei,et al.  Counterexample-Based Refinement for a Boundedness Test for CFSM Languages , 2005, SPIN.

[10]  George S. Avrunin,et al.  Improving the Precision of INCA by Eliminating Solutions with Spurious Cycles , 2002, IEEE Trans. Software Eng..

[11]  Bran Selic,et al.  Real-time object-oriented modeling , 1994, Wiley professional computing.

[12]  Diego Latella,et al.  Model Checking Groupware Protocols , 2004, COOP.

[13]  George S. Avrunin,et al.  Using integer programming to verify general safety and liveness properties , 1995, Formal Methods Syst. Des..

[14]  Tadao Murata,et al.  Petri nets: Properties, analysis and applications , 1989, Proc. IEEE.

[15]  Gérard Roucairol,et al.  Linear Algebra in Net Theory , 1979, Advanced Course: Net Theory and Applications.

[16]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[17]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[18]  Twan Basten,et al.  Requirements on the Execution of Kahn Process Networks , 2003, ESOP.

[19]  Alain Finkel,et al.  A Survey on the Decidability Questions for Classes of FIFO Nets , 1988, European Workshop on Applications and Theory of Petri Nets.

[20]  Bruno Ciciani,et al.  Validiation of the Sessionless Mode of the HTTPR Protocol , 2003, FORTE.

[21]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[22]  Jean-Claude Royer,et al.  Checking Asynchronously Communicating Components Using Symbolic Transition Systems , 2004, CoopIS/DOA/ODBASE.

[23]  Wil M. P. van der Aalst,et al.  Applications and Theory of Petri Nets , 1983, Informatik-Fachberichte.

[24]  Mogens Nielsen,et al.  Decidability Issues for Petri Nets - a survey , 1994, Bull. EATCS.

[25]  Wei Wei,et al.  A Scalable Incomplete Test for the Boundedness of UML RT Models , 2004, TACAS.

[26]  Dieter Hogrefe,et al.  SDL : formal object-oriented language for communicating systems , 1997 .

[27]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[28]  Stephen A. Cook,et al.  The complexity of theorem-proving procedures , 1971, STOC.

[29]  Stefan Leue,et al.  Formalization and validation of the General Inter-ORB Protocol (GIOP) using PROMELA and SPIN , 2000, International Journal on Software Tools for Technology Transfer.

[30]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[31]  E. Pimentel,et al.  A generalized semantics of PROMELA for abstract model checking , 2004, Formal Aspects of Computing.

[32]  Wei Wei,et al.  A Livelock Freedom Analysis for Infinite State Asynchronous Reactive Systems , 2006, CONCUR.

[33]  Hsu-Chun Yen,et al.  Boundedness, Empty Channel Detection, and Synchronization for Communicating Finite Automata , 1986, Theor. Comput. Sci..

[34]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[35]  J. M. Troya,et al.  Modelling and Verification of the ITU-T Multipoint Communication Service with SPIN , 1996 .

[36]  Ahmed Bouajjani,et al.  Model Checking Lossy Vector Addition Systems , 1999, STACS.

[37]  Doron A. Peled,et al.  Ten Years of Partial Order Reduction , 1998, CAV.

[38]  L. Khachiyan Polynomial algorithms in linear programming , 1980 .

[39]  Wei Wei,et al.  A Scalable Incomplete Test for Message Buffer Overflow in Promela Models , 2004, SPIN.

[40]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[41]  James Curtis Corbett Automated formal analysis methods for concurrent and real-time software , 1992 .

[42]  Mark N. Wegman,et al.  Constant propagation with conditional branches , 1985, POPL.

[43]  Gerard J. Holzmann,et al.  Process Sleep and Wakeup on a Shared-memory Multiprocessor , 1991 .

[44]  Oscar H. Ibarra,et al.  Counter Machines and Verification Problems , 2002, Theor. Comput. Sci..

[45]  Javier Esparza,et al.  Verification of Safety Properties Using Integer Programming: Beyond the State Equation , 2000, Formal Methods Syst. Des..

[46]  Alain Finkel,et al.  Structuration des systèmes de transitions-applications au contrôle du parallélisme par Files Fifo , 1986 .

[47]  Gerard J. Holzmann,et al.  Software Tools for Technology Transfer Manuscript No. Fighting Livelock in the Gnu I-protocol: a Case Study in Explicit-state Model Checking , 2022 .

[48]  Bengt Jonsson,et al.  Eliminating Queues from RT UML Model Representations , 2002, FTRTFT.

[49]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[50]  Wojciech Penczek,et al.  Stuttering-Insensitive Automata for On-the-fly Detection of Livelock Properties , 2002, Electron. Notes Theor. Comput. Sci..

[51]  Mordechai Ben-Ari,et al.  Principles of concurrent and distributed programming , 2005, PHI Series in computer science.

[52]  Alexander Schrijver,et al.  Theory of linear and integer programming , 1986, Wiley-Interscience series in discrete mathematics and optimization.

[53]  Mohamed G. Gouda,et al.  On Deciding Progress for a Class of Communication Protocols , 1983 .

[54]  Wei Wei,et al.  Incomplete property checking for asynchronous reactive systems , 2008 .

[55]  Daniel Brand,et al.  On Communicating Finite-State Machines , 1983, JACM.

[56]  Alberto L. Sangiovanni-Vincentelli,et al.  Schedulability Analysis of Petri Nets Based on Structural Properties , 2006, Sixth International Conference on Application of Concurrency to System Design (ACSD'06).

[57]  James C. Corbett,et al.  Evaluating Deadlock Detection Methods for Concurrent Software , 1996, IEEE Trans. Software Eng..

[58]  Michel Diaz Proceedings of the IFIP WG6.1 Fifth International Conference on Protocol Specification, Testing and Verification V , 1985 .

[59]  Richard M. Karp,et al.  Parallel Program Schemata , 1969, J. Comput. Syst. Sci..

[60]  Andreas Podelski,et al.  Boolean and Cartesian Abstraction for Model Checking C Programs , 2001, TACAS.

[61]  Hsu-Chun Yen,et al.  A Unified Approach for Deciding the Existence of Certain Petri Net Paths , 1992, Inf. Comput..

[62]  Robert S. Boyer,et al.  Program Verification , 1985, J. Autom. Reason..

[63]  Jean-Claude Royer,et al.  Bounded Analysis and Decomposition for Behavioural Descriptions of Components , 2006, FMOODS.

[64]  A classical mind: essays in honour of C. A. R. Hoare , 1994 .

[65]  Wei Wei,et al.  Dependency Analysis for Control Flow Cycles in Reactive Communicating Processes , 2008, SPIN.

[66]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[67]  Tadashi Nakatani,et al.  Verification of Group Address Registration Protocol using PROMELA and SPIN , 1997 .

[68]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[69]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[70]  Radek Pelánek,et al.  BEEM: Benchmarks for Explicit Model Checkers , 2007, SPIN.