Explicit state space verification

Verification is the task of determining whether a (model of a) system holds a given behavioral property. State space verification comprises a class of computer aided verification techniques where the property is verified through exhaustive exploration of the reachable states of the system. Brute force implementations of state space verification are intractable, due to the well known state explosion problem. Explicit state space verification techniques explore the state space one state at a time, and rely usually on data structures where the size of the data structure increases monotonously with an increasing number of explored states. They alleviate state explosion by constructing a reduced state space that, by a mathematically founded construction, behaves like the original system with respect to the specified properties. Thereby, decrease of the number of states in the reduced system is the core issue of a reduction technique thus reducing the amount of memory required. An explicit state space verification technique comprises of • a theory that establishes whether, and how, certain properties can be preserved through a construction of a reduced state space; • a set of procedures to execute the actual construction efficiently. In this thesis, we contribute to several existing explicit state space verification techniques in either of these two respects. We extend the class of stubborn set methods (an instance of partial order reduction) by constructions that preserve previously unsupported classes of properties. Many existing constructions rely on the existence of ”invisible” actions, i.e. actions whose effect does not immediately influence the verified property. We propose efficient constructions that can be applied without having such invisible actions, and prove that they preserve reachability properties as well as certain classes of more complex behavioral system properties. This way, so called ”global” properties can now be approached with better stubborn set methods. We pick up a graph automorphism based approach to symmetry reduction and propose a set of construction algorithms that make this approach feasible. In difference to established symmetry techniques that rely on special ”symmetry creating” data types, a broader range of symmetries can be handled with our approach thus obtaining smaller reduced state spaces. Coverability graph construction leads to a finite representation of an infinite state space of a Petri net by condensing diverging sequences of states to their limit. We prove rules to determine temporal logic properties of the original system from its coverability graph, far beyond the few properties known to be preserved so far. We employ the Petri net concept of linear algebraic invariants for compressing states as well as for leaving states out of explicit storage. Compression uses place invariants for replacing states by smaller fingerprints that still uniquely identify a state (unlike many hash compression techniques). For reducing the number of explicitly stored states, we rely on the capability of Petri net transition invariants to characterize cycles in the state space. For termination of an exhaustive exploration of a finite state space, it is sufficient to cover all cycles with explicitly stored states. Both techniques are easy consequences of well known facts about invariants. As a novel contribution, we observe that both techniques can be applied without computing an explicit representation of (a generating set for) the respective invariants. This speeds up the constructions considerably and saves a significant amount of memory. For all presented techniques, we illustrate their capabilities to reduce the complexity of state space reduction using a few academic benchmark examples. We address compatibility issues, i.e. the possibility to apply techniques in combination, or in connection with different strategies for exploring the re-

[1]  Kurt Lautenbach,et al.  Use of Petri Nets for Proving Correctness of Concurrent Process Systems , 1974, IFIP Congress.

[2]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[3]  Giovanni Chiola Manual and Automatic Exploitation of Symmetries in SPN Models , 1998, ICATPN.

[4]  Karsten Wolf How to calculate symmetries of Petri nets , 2000, Acta Informatica.

[5]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[6]  Giovanni Chiola,et al.  On Well-Formed Coloured Nets and Their Symbolic Reachability Graph , 1991 .

[7]  Alain Finkel,et al.  The Minimal Coverability Graph for Petri Nets , 1991, Applications and Theory of Petri Nets.

[8]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[9]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[10]  Kurt Jensen Coloured Petri Nets , 1992, EATCS Monographs in Theoretical Computer Science.

[11]  Egon Börger,et al.  Formal methods for industrial applications : specifying and programming the steam boiler control , 1996 .

[12]  Antti Valmari,et al.  The State Explosion Problem , 1996, Petri Nets.

[13]  Lars Michael Kristensen,et al.  Question-guided stubborn set methods for state properties , 2000, Formal Methods Syst. Des..

[14]  Wolfgang Reisig,et al.  Lectures on Petri Nets I: Basic Models , 1996, Lecture Notes in Computer Science.

[15]  Pierre Wolper,et al.  Reliable Hashing without Collosion Detection , 1993, CAV.

[16]  Edmund M. Clarke,et al.  Partial order reduction for verification of timed systems , 1999 .

[17]  Somesh Jha,et al.  Exploiting symmetry in temporal logic model checking , 1993, Formal Methods Syst. Des..

[18]  Mikko Tiusanen,et al.  Symbolic, Symmetry, and Stubborn Set Searches , 1994, Application and Theory of Petri Nets.

[19]  Belhassen Zouari,et al.  Symbolic Reachability Graph and Partial Symmetries , 1995, Application and Theory of Petri Nets.

[20]  Leslie Lamport,et al.  The temporal logic of actions , 1994, TOPL.

[21]  Tommi A. Junttila Computational Complexity of the Place/Transition-Net Symmetry Reduction Method , 2001, J. Univers. Comput. Sci..

[22]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[23]  Keshab K. Parhi,et al.  Proceedings - IEEE International Conference on Computer Design: VLSI in Computers and Processors , 1999 .

[24]  Wang Yi,et al.  Efficient verification of real-time systems: compact data structure and state-space reduction , 1997, Proceedings Real-Time Systems Symposium.

[25]  Antti Valmari,et al.  On-the-Fly Verification with Stubborn Sets , 1993, CAV.

[26]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[27]  Marko Mäkelä,et al.  Optimising Enabling Tests and Unfoldings of Algebraic System Nets , 2001, ICATPN.

[28]  Alan J. Hu,et al.  Protocol verification as a hardware design aid , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[29]  David L. Dill,et al.  A New Scheme for Memory-Efficient Probabilistic Verification , 1996, FORTE.

[30]  Gerard J. Holzmann,et al.  An improved protocol reachability analysis technique , 1988, Softw. Pract. Exp..

[31]  P. H. Starke,et al.  Reachability analysis of Petri nets using symmetries , 1991 .

[32]  Professor Dr. Wolfgang Reisig Elements of Distributed Algorithms , 1998, Springer Berlin Heidelberg.

[33]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[34]  Pierre Wolper,et al.  A Partial Approach to Model Checking , 1994, Inf. Comput..

[35]  Johan Lewi,et al.  A Linear Local Model Checking Algorithm for CTL , 1993, CONCUR.

[36]  Karsten Wolf,et al.  Stubborn Sets for Model Checking the EF/AG Fragment of CTL , 2000, Fundam. Informaticae.

[37]  Kurt Jensen,et al.  Coloured Petri Nets and the Invariant-Method , 1981, Theor. Comput. Sci..

[38]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[39]  C. A. Petri Concepts of Net Theory , 1973, MFCS.

[40]  Karsten Wolf,et al.  Integrating Low Level Symmetries into Reachability Analysis , 2000, TACAS.

[41]  Doron A. Peled,et al.  Relaxed Visibility Enhances Partial Order Reduction , 2001, Formal Methods Syst. Des..

[42]  Peter Huber,et al.  Towards reachability trees for high-level Petri nets , 1985, European Workshop on Applications and Theory in Petri Nets.

[43]  Karsten Wolf Narrowing Petri Net State Spaces Using the State Equation , 2001, Fundam. Informaticae.

[44]  Antti Valmari,et al.  A stubborn attack on state explosion , 1990, Formal Methods Syst. Des..

[45]  Bernd Grahlmann,et al.  The PEP Tool , 1997, CAV.

[46]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[47]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[48]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[49]  Edmund M. Clarke,et al.  Using Branching Time Temporal Logic to Synthesize Synchronization Skeletons , 1982, Sci. Comput. Program..

[50]  Karsten Wolf,et al.  LoLA: A Low Level Analyser , 2000, ICATPN.

[51]  Wojciech Penczek,et al.  A partial order approach to branching time logic model checking , 1995, Proceedings Third Israel Symposium on the Theory of Computing and Systems.

[52]  K. Varpaaniemi,et al.  On the Stubborn Set Method in Reduced State Space Generation , 1998 .

[53]  David L. Dill,et al.  Parallelizing the Murphi Verifier , 1997, CAV.

[54]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[55]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[56]  Karsten Wolf Symbolische Analysemethoden für algebraische Petrinetze , 1996, Edition Versal.

[57]  Antti Valmari,et al.  Stubborn set methods for process algebras , 1997, Partial Order Methods in Verification.

[58]  Antti Valmari,et al.  Stubborn sets for reduced state space generation , 1991, Applications and Theory of Petri Nets.