Improved model checking of hierarchical systems

We present a unified game-based approach for branching-time model checking of hierarchical systems. Such systems are exponentially more succinct than standard state-transition graphs, as repeated sub-systems are described only once. Early work on model checking of hierarchical systems shows that one can do better than a naive algorithm that “flattens” the system and removes the hierarchy. Given a hierarchical system $\mathcal S$ and a branching-time specification ψ for it, we reduce the model-checking problem (does $\mathcal S$ satisfy ψ?) to the problem of solving a hierarchical game obtained by taking the product of $\mathcal S$ with an alternating tree automaton ${\mathcal A}_\psi$ for ψ. Our approach leads to clean, uniform, and improved model-checking algorithms for a variety of branching-time temporal logics. In particular, by improving the algorithm for solving hierarchical parity games, we are able to solve the model-checking problem for the μ-calculus in Pspace and time complexity that is only polynomial in the depth of the hierarchy. Our approach also leads to an abstraction-refinement paradigm for hierarchical systems. The abstraction maintains the hierarchy, and is obtained by merging both states and sub-systems into abstract states.

[1]  Igor Walukiewicz Model Checking CTL Properties of Pushdown Systems , 2000, FSTTCS.

[2]  Margherita Napoli,et al.  Verification of scope-dependent hierarchical state machines , 2008, Inf. Comput..

[3]  Pierre Wolper,et al.  An automata-theoretic approach to branching-time model checking , 2000, JACM.

[4]  Thomas Wilke,et al.  CTL+ is Exponentially more Succinct than CTL , 1999, FSTTCS.

[5]  Kim G. Larsen,et al.  A modal process logic , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[6]  Markus Lohrey,et al.  Fixpoint Logics on Hierarchical Structures , 2005, FSTTCS.

[7]  Doron Drusinsky,et al.  On the power of bounded concurrency I: finite automata , 1994, JACM.

[8]  Rance Cleaveland,et al.  A linear-time model-checking algorithm for the alternation-free modal mu-calculus , 1993, Formal Methods Syst. Des..

[9]  David E. Muller,et al.  Alternating Automata on Infinite Trees , 1987, Theor. Comput. Sci..

[10]  Laura Bozzelli,et al.  Complexity results on branching-time pushdown model checking , 2006, Theor. Comput. Sci..

[11]  Rajeev Alur,et al.  Model checking of hierarchical state machines , 1998, TOPL.

[12]  Amir Pnueli,et al.  Compositionality: The Significant Difference , 1999, Lecture Notes in Computer Science.

[13]  Swarat Chaudhuri,et al.  On-the-Fly Reachability and Cycle Detection for Recursive State Machines , 2005, TACAS.

[14]  David Harel,et al.  On the Complexity of Verifying Concurrent Transition Systems , 1997, Inf. Comput..

[15]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[16]  Radha Jagadeesan,et al.  Automatic Abstraction Using Generalized Model Checking , 2002, CAV.

[17]  Rajeev Alur,et al.  Analysis of recursive state machines , 2001, TOPL.

[18]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[19]  Orna Grumberg,et al.  A game-based framework for CTL counterexamples and 3-valued abstraction-refinement , 2007, TOCL.

[20]  E. Allen Emerson,et al.  Tree automata, mu-calculus and determinacy , 1991, [1991] Proceedings 32nd Annual Symposium of Foundations of Computer Science.

[21]  Peter Lammich,et al.  Tree Automata , 2009, Arch. Formal Proofs.

[22]  Thomas Wilke,et al.  Alternating tree automata, parity games, and modal {$\mu$}-calculus , 2001 .

[23]  Stephan Merz,et al.  Model Checking , 2000 .

[24]  Shaz Qadeer Taming Concurrency: A Program Verification Perspective , 2008, CONCUR.

[25]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[26]  Alexander Moshe Rabinovich,et al.  Complexity of Equivalence Problems for Concurrent Systems of Finite Agents , 1997, Inf. Comput..

[27]  Igor Walukiewicz,et al.  Pushdown Processes: Games and Model-Checking , 1996, Inf. Comput..

[28]  Radha Jagadeesan,et al.  Model checking partial state spaces with 3-valued temporal logics , 2001 .

[29]  David Janin,et al.  Automata for the mu-calculus and Related Results , 1995 .

[30]  Oliver Pretzel Finding Recursions for Multidimensional Arrays , 2002, Inf. Comput..

[31]  E. A Emerson,et al.  Model Checking Under Generalized Fairness Constraints , 1984 .

[32]  Laura Bozzelli Complexity results on branching-time pushdown model checking , 2007, Theor. Comput. Sci..

[33]  Orna Grumberg,et al.  When not losing is better than winning: Abstraction and refinement for the full mu-calculus , 2007, Inf. Comput..

[34]  E. Muller David,et al.  Alternating automata on infinite trees , 1987 .

[35]  Radha Jagadeesan,et al.  Modal Transition Systems: A Foundation for Three-Valued Program Analysis , 2001, ESOP.

[36]  Sampath Kannan,et al.  Communicating Hierarchical State Machines , 1999, ICALP.

[37]  GrumbergOrna,et al.  A game-based framework for CTL counterexamples and 3-valued abstraction-refinement , 2007 .

[38]  Swarat Chaudhuri,et al.  Languages of Nested Trees , 2006, CAV.

[39]  Margherita Napoli,et al.  Program Complexity in Hierarchical Module Checking , 2008, LPAR.

[40]  Rajeev Alur,et al.  Model checking of hierarchical state machines , 2001, SIGSOFT '98/FSE-6.