Deriving Unbounded Proof of Linear Hybrid Automata from Bounded Verification

2014 IEEE Real-Time Systems Symposium Pub Date : 2014-12-01 DOI:10.1109/RTSS.2014.22

Dingbao Xie, Lei Bu, Xuandong Li

{"title":"Deriving Unbounded Proof of Linear Hybrid Automata from Bounded Verification","authors":"Dingbao Xie, Lei Bu, Xuandong Li","doi":"10.1109/RTSS.2014.22","DOIUrl":null,"url":null,"abstract":"The behavior space of real time hybrid systems is very complex and hence expensive to conduct the classical full state space model checking. Compared to the classical model checking, bounded model checking (BMC) is much cheaper to conduct and has better scalability. This work presents a technique that can derive, in some cases, a proof of unbounded reach ability argument of Linear Hybrid Automata (LHA) from a BMC procedure. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, a.k.a. UC or IIS, in the constraint set according to the bounded continuous state space of LHA. Currently, such unsatisfiable constraints are only fed back to the constraint set to accelerate the BMC solving. In this paper, we propose that such unsatisfiable constraint core can be exploited to give general unbounded verification result of the system model. As each constraint can be mapped back to certain semantical elements of the system model, the unsatisfiable constraint cores can be mapped back into path segments, which are not feasible, in the graph structure of the LHA model. Clearly, if all the potential paths to reach the target location in the graph structure have to go through such infeasible path segments, the target location is not reachable in general, not only in the given bound. Based on this observation, we propose to encode the infeasible path segments as linear temporal logic (LTL) formulas, and present the graph structure, the discrete part, of the LHA model as a transition system. Then, we can take advantage of the mature off-the-shelf LTL model checking techniques to verify whether there exists a path to reach the target location without touching any detected IIS path segment in the graph structure of the LHA model. We implement this technique into a bounded LHA checker BACH. The experiments show that most of the benchmarks can be verified by the enhanced BACH with a clearly better performance and scalability.","PeriodicalId":353167,"journal":{"name":"2014 IEEE Real-Time Systems Symposium","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"6","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 IEEE Real-Time Systems Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RTSS.2014.22","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 6

Abstract

The behavior space of real time hybrid systems is very complex and hence expensive to conduct the classical full state space model checking. Compared to the classical model checking, bounded model checking (BMC) is much cheaper to conduct and has better scalability. This work presents a technique that can derive, in some cases, a proof of unbounded reach ability argument of Linear Hybrid Automata (LHA) from a BMC procedure. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, a.k.a. UC or IIS, in the constraint set according to the bounded continuous state space of LHA. Currently, such unsatisfiable constraints are only fed back to the constraint set to accelerate the BMC solving. In this paper, we propose that such unsatisfiable constraint core can be exploited to give general unbounded verification result of the system model. As each constraint can be mapped back to certain semantical elements of the system model, the unsatisfiable constraint cores can be mapped back into path segments, which are not feasible, in the graph structure of the LHA model. Clearly, if all the potential paths to reach the target location in the graph structure have to go through such infeasible path segments, the target location is not reachable in general, not only in the given bound. Based on this observation, we propose to encode the infeasible path segments as linear temporal logic (LTL) formulas, and present the graph structure, the discrete part, of the LHA model as a transition system. Then, we can take advantage of the mature off-the-shelf LTL model checking techniques to verify whether there exists a path to reach the target location without touching any detected IIS path segment in the graph structure of the LHA model. We implement this technique into a bounded LHA checker BACH. The experiments show that most of the benchmarks can be verified by the enhanced BACH with a clearly better performance and scalability.

查看原文本刊更多论文

由有界验证导出线性混合自动机的无界证明

实时混合系统的行为空间非常复杂，进行经典的全状态空间模型检验的成本很高。与传统的模型检查相比，有界模型检查(BMC)的成本更低，并且具有更好的可扩展性。本文提出了一种技术，可以在某些情况下，从BMC过程中推导出线性混合自动机(LHA)无界到达能力参数的证明。在LHA的BMC过程中，典型的程序可以根据LHA的有界连续状态空间，在约束集中发现不满足的约束核集，即UC或IIS。目前，这些不满足的约束只被反馈到约束集中，以加速BMC的求解。本文提出利用这种不可满足约束核给出系统模型的一般无界验证结果。由于每个约束都可以映射回系统模型的某些语义元素，因此可以将不满足的约束核心映射回LHA模型图结构中不可行的路径段。显然，如果到达图结构中目标位置的所有可能路径都必须经过这样的不可行的路径段，则目标位置通常是不可达的，而不仅仅是在给定的范围内。在此基础上，我们提出将不可行的路径段编码为线性时间逻辑(LTL)公式，并将LHA模型的离散部分图结构表示为过渡系统。然后，我们可以利用成熟的现成的LTL模型检查技术来验证是否存在到达目标位置的路径，而无需触及LHA模型的图结构中任何检测到的IIS路径段。我们将此技术实现到有界LHA检查器BACH中。实验结果表明，改进后的BACH可以验证大多数基准测试，具有明显更好的性能和可扩展性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2014 IEEE Real-Time Systems Symposium

自引率

0.00%

发文量