Distributed Maximality based CTL Model Checking

Similar documents
Model checking, verification of CTL. One must verify or expel... doubts, and convert them into the certainty of YES [Thomas Carlyle]

Finite-State Verification or Model Checking. Finite State Verification (FSV) or Model Checking

DRAFT - do not circulate

Principles. Model (System Requirements) Answer: Model Checker. Specification (System Property) Yes, if the model satisfies the specification

MODELING THE RELIABILITY OF C4ISR SYSTEMS HARDWARE/SOFTWARE COMPONENTS USING AN IMPROVED MARKOV MODEL

Topic 7: Using identity types

CTL, the branching-time temporal logic

p,egp AFp EFp ... p,agp

Computation Tree Logic

Using BDDs to Decide CTL

Finite State Model Checking

Convex Optimization methods for Computing Channel Capacity

Matching Partition a Linked List and Its Optimization

Approximating min-max k-clustering

ABSTRACT MODEL REPAIR

Game Specification in the Trias Politica

Shadow Computing: An Energy-Aware Fault Tolerant Computing Model

Linear diophantine equations for discrete tomography

Elementary Analysis in Q p

The Graph Accessibility Problem and the Universality of the Collision CRCW Conflict Resolution Rule

A Reduction Theorem for the Verification of Round-Based Distributed Algorithms

Radial Basis Function Networks: Algorithms

ABSTRACT MODEL REPAIR

John Weatherwax. Analysis of Parallel Depth First Search Algorithms

Lilian Markenzon 1, Nair Maria Maia de Abreu 2* and Luciana Lee 3

MATH 2710: NOTES FOR ANALYSIS

Estimation of the large covariance matrix with two-step monotone missing data

A Parallel Algorithm for Minimization of Finite Automata

For q 0; 1; : : : ; `? 1, we have m 0; 1; : : : ; q? 1. The set fh j(x) : j 0; 1; ; : : : ; `? 1g forms a basis for the tness functions dened on the i

Various Proofs for the Decrease Monotonicity of the Schatten s Power Norm, Various Families of R n Norms and Some Open Problems

Applicable Analysis and Discrete Mathematics available online at HENSEL CODES OF SQUARE ROOTS OF P-ADIC NUMBERS

Combinatorics of topmost discs of multi-peg Tower of Hanoi problem

1-way quantum finite automata: strengths, weaknesses and generalizations

Multiplicative group law on the folium of Descartes

A Qualitative Event-based Approach to Multiple Fault Diagnosis in Continuous Systems using Structural Model Decomposition

GIVEN an input sequence x 0,..., x n 1 and the

Memoryfull Branching-Time Logic

Distributed Rule-Based Inference in the Presence of Redundant Information

GOOD MODELS FOR CUBIC SURFACES. 1. Introduction

Statics and dynamics: some elementary concepts

SAT based Abstraction-Refinement using ILP and Machine Learning Techniques

Combining Logistic Regression with Kriging for Mapping the Risk of Occurrence of Unexploded Ordnance (UXO)

Feedback-error control

On the Toppling of a Sand Pile

Analysis of some entrance probabilities for killed birth-death processes

RANDOM WALKS AND PERCOLATION: AN ANALYSIS OF CURRENT RESEARCH ON MODELING NATURAL PROCESSES

CSE 599d - Quantum Computing When Quantum Computers Fall Apart

New Schedulability Test Conditions for Non-preemptive Scheduling on Multiprocessor Platforms

Optimal Design of Truss Structures Using a Neutrosophic Number Optimization Model under an Indeterminate Environment

On the capacity of the general trapdoor channel with feedback

Dialectical Theory for Multi-Agent Assumption-based Planning

A generalization of Amdahl's law and relative conditions of parallelism

Sums of independent random variables

A MIXED CONTROL CHART ADAPTED TO THE TRUNCATED LIFE TEST BASED ON THE WEIBULL DISTRIBUTION

Research Article An iterative Algorithm for Hemicontractive Mappings in Banach Spaces

On Wald-Type Optimal Stopping for Brownian Motion

Improved Capacity Bounds for the Binary Energy Harvesting Channel

#A37 INTEGERS 15 (2015) NOTE ON A RESULT OF CHUNG ON WEIL TYPE SUMS

A NOTE ON K-STATE SELF-STABILIZATION IN A RING WITH K= N

End-to-End Delay Minimization in Thermally Constrained Distributed Systems

Applications to stochastic PDE

Topic: Lower Bounds on Randomized Algorithms Date: September 22, 2004 Scribe: Srinath Sridhar

Uniformly best wavenumber approximations by spatial central difference operators: An initial investigation

A Distributed Algorithm for MLTS Generation with Aggregation of Transitions

#A64 INTEGERS 18 (2018) APPLYING MODULAR ARITHMETIC TO DIOPHANTINE EQUATIONS

CMSC 425: Lecture 4 Geometry and Geometric Programming

An Ant Colony Optimization Approach to the Probabilistic Traveling Salesman Problem

Machine Learning: Homework 4

Calculation of MTTF values with Markov Models for Safety Instrumented Systems

Symmetry Reduction in Infinite Games with Finite Branching

1 Gambler s Ruin Problem

An Analysis of Reliable Classifiers through ROC Isometrics

Uncorrelated Multilinear Principal Component Analysis for Unsupervised Multilinear Subspace Learning

GRACEFUL NUMBERS. KIRAN R. BHUTANI and ALEXANDER B. LEVIN. Received 14 May 2001

An Introduction To Range Searching

Pollock s undercutting defeat

+++ Modeling of Structural-dynamic Systems by UML Statecharts in AnyLogic +++ Modeling of Structural-dynamic Systems by UML Statecharts in AnyLogic

A Note on Guaranteed Sparse Recovery via l 1 -Minimization

SIMULATION OF DIFFUSION PROCESSES IN LABYRINTHIC DOMAINS BY USING CELLULAR AUTOMATA

Evaluating Circuit Reliability Under Probabilistic Gate-Level Fault Models

Blame, coercion, and threesomes: Together again for the first time

Composition of Transformations: A Framework for Systems with Dynamic Topology

2-D Analysis for Iterative Learning Controller for Discrete-Time Systems With Variable Initial Conditions Yong FANG 1, and Tommy W. S.

ON THE LEAST SIGNIFICANT p ADIC DIGITS OF CERTAIN LUCAS NUMBERS

Elliptic Curves Spring 2015 Problem Set #1 Due: 02/13/2015

Cryptanalysis of Pseudorandom Generators

HENSEL S LEMMA KEITH CONRAD

8 STOCHASTIC PROCESSES

Round-off Errors and Computer Arithmetic - (1.2)

The Value of Even Distribution for Temporal Resource Partitions

Outline. Markov Chains and Markov Models. Outline. Markov Chains. Markov Chains Definitions Huizhen Yu

The inverse Goldbach problem

Applying the Mu-Calculus in Planning and Reasoning about Action

On the Rank of the Elliptic Curve y 2 = x(x p)(x 2)

Elliptic Curves and Cryptography

Brownian Motion and Random Prime Factorization

CHAPTER-II Control Charts for Fraction Nonconforming using m-of-m Runs Rules

Preconditioning techniques for Newton s method for the incompressible Navier Stokes equations

Rough Sets in Approximate Spatial Reasoning

On Line Parameter Estimation of Electric Systems using the Bacterial Foraging Algorithm

Transcription:

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay ISSN Onlin: 694-784 ISSN Print: 694-84 Distributed aximality based CTL odel Checking Djamel Eddine Saidouni ine EL Abidine Bouneb Deartment of Comuter Science University entouri Constantine 5 Algeria Deartment of Comuter Science University El Arbi Ben ehidi Oum El Bouaghi 4 Algeria Abstract In this aer we investigate an aroach to erform a distributed CTL odel checker algorithm on a network of workstations using Kleen three value logic the state saces is artitioned among the network nodes We reresent the incomlete state saces as a aximality labeled Transition System LTS which are able to exress true concurrency we execute in arallel the same algorithm in each node for a certain roerty f on an incomlete LTS this last comute the set of states which satisfy f or which if they fail f are assigned the value The third value mean unknown whether true or false because the artial state sace lacks sufficient information needed for a recise answer concerning the comlete state sace To solve this roblem each node exchange the information needed to conclude the result about the comlete state sace The exerimental version of the algorithm is currently being imlemented using the functional rogramming language Erlang Keywords: Author Guide Article True concurrency semantics; State sace exlosion roblem; Distributed model checking; three value logic Introduction odel checking is owerful technique for verifying reactive systems able to find subtle errors in real commercial designs it is gaining wide industrial accetance Comared to other formal verification eg theorem roving odel checking is largely automatic[][]in our aroach the alication to be verified is firstly secified by means of the formal descrition technique LOTOS[][4] This secification is translated using the maximality based oerational semantics to a grah called aximality-based Labeled Transition System LTS[5] This grah is used for the roerties verification The main limiting factor of odel checking technique is the so called exlosion roblem where translation from the secification of the alication to a state transition grah usually involves an exonential blow-u State sace does not fit into memory or state sace fits in memory but is too large for being exlored entirely eg access to hash table becomes slower as the number of states grows Three aroaches has been roosed in the literature for tackling this roblem the first one uses some equivalence relation to reduce the number of states and transitions in the model bisimulation relations alha reduction relation artial order based relations [6][7][8] The second aroach consists of coding the model in an efficient reresentation like binary decision diagram BDD [9][][] To overcome hardware limitations a third aroach is deely investigated currently This aroach consists of using a cluster or a network of workstations This last technique has showed its efficiency since it can reserve the result of the first and second aroach with increasing erformance[][] [4] In this aer we continue our work for the arallelization of the model checking based on the maximality semantics the first ste for the arallelization of the construction of the state sace which is modeled as aximality Labeled Transition System has achieved with success for more information we refer the reader to [4] in this aer we resent the second ste which is the arallelization of the odel checking verification algorithm discussed in [] First the state grah is artitioned among the network nodes ie each network node owns a subset of the state sace Each node executes an instance of the arallel generation algorithm which comutes artial LTS[4] Secondly we execute in arallel the same CTL odel checker algorithm in each node on these incomlete structure this last use three value logic of Kleen [5][6] and return only when the artial state sace lacks information needed for a defined answer about the comlete state sace The algorithm exchange information about Border States which is not resent in

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay the node to conclude the result about the comlete state sace; if an arbitrary node has new information he need to make a re-comutationto the best of our knowledge our Algorithm of verification is the first fix oint algorithm of model checker which can be executed in arallel on aximality Labeled Transition System aximality Semantics We assume that the reader is familiar with behavioural art of LOTOS and its interleaving semantics of actions Being given that several actions have the same name can be executed in arallel auto concurrency we associate to distinguish the executions of each action an identifier to every beginning of the execution of that action In a state an event is said maximal if it corresonds to the beginning of the execution of an action that can be ossibly always executing in this state In order to illustrate this semantics let us consider the following examle : F = a; b ; sto [] b; a ;sto E = a ; sto b ; sto aximality based Labeled Transition System being a countable set of events names a maximality-based labeled transition system of suort is a quintulet A with : = S T is a transition system such that : S : the countable set of states in which the system can be T : the countable set of transitions indicating the change of system states and are two functions from T to S such that : for any transition t T ; t denotes the origin of the transition and t its goal A is a transition system labeled by an alhabet A m : S : is a function which associates to every state a finite set of maximal event names resent at this state m : T :is a function which associates to every transition a finite set of event names corresonding to actions that have start their execution such that their terminations allow the start of this transition :T : is a function which associates to its transition an event name identifying its occurrence Such that for any transition t T t t t t t and t = t t { t} The intuition behind the aximality semantics The semantics of a concurrent system can be characterized by the set of states of the system and transitions by which the system asses a state to another In the aroach based on the maximality transitions are events that only reresent the beginning of the execution of actions Consequently the concurrent execution of several actions becomes ossible; hence we can distinguish sequential executions and arallel executions Fig F = a; b ; sto [] b; a ;sto Fig E = a ; sto b ; sto Fig reresents the LTS of the LOTOS behavioral exression F and Fig reresents the LTS of the LOTOS behavioral exression E It is clear that in states and 4 of Fig actions a and b are currently executed in arallel this fact is reresented by the resence of the two event names x and y in each states However in states and 4 of Fig only one action may be in execution this fact is catured by the resence of one event name in each state A detailed resentation of the maximality semantics can be found in The maximality based oerational semantics of LOTOS is defined on configurations associated to behavior exressions For illustration let us reconsider the

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay behavioral exressions E and F In the initial state no action has been executed again therefore the sets of maximal event names associated to the initial states are emty hence the initial configurations associated to the behavior exressions E and F are [E] and [F] So a configuration reresents a state When alying the maximality base oerational semantics the following derivations are ossible : a x m b y x m [ E ] [ sto] [ b; sto] [ sto] [ sto] x y x resectively y being the name of the event identifying the beginning of the action " a " resectively " b " Note that nothing can be concluded on the termination of the two actions a and b in the configuration : x [ sto] y [ sto] x and y are said maximal in this configuration Lets note that x is also maximal in the intermediate state reresented by the configuration: [ sto] [ b; sto] x For the imlementation we can imlement events as integer Definition A Krike structure is a tule S L R where S is a finite set of states L : S AP { true false} is an interretation that associates a truth value in { true false} with each atomic roosition P AP the set of all atomic roosition for each state in S R S S is a transition relation on S and I S is a set of initial states aximality Labeled Transition System as Krike Structure A let = be an LTS such that = S T and let K= S L R be a krike structure it is clear to see that if we take from the maximal events as atomic roosition we can consider as a krike structure defined by : S T I Examle : we take the examle of the LTS in Fig this LTS can be seen as krike structure like this : Fig The LTS of E = a ; sto b ; sto as Krike structure The atomic roositions are based on the content of states since we can define each state as a function: This function answer the question: "is the arbitrary action "a" currently executed in the state i?" to make an idea let consider the LTS of Fig : Whereas: state a = True; state b = True state a = True; state b = False for examle if "a" = A-InCriticalSection and "b" = B- InCriticalSection we can see that the state violate the rincile of mutual exclusion safety roerty : some thing bad never haen We make the remark that the model of LTS is very rich of information and also can be used for the scheduling in multirocessor latform since it reresent also the deendence between action The main advantage is that this grah can be generated automatically by a comiler Our use of LTS here as logical odel for verification is very simle than scheduling since we dont need all the information contained in it Definition Let = S L R a Krike structure the set of border states in is [9] border = { s S s s s R} Definition Let = S L R be a Krike structure T S We define the artial kirke structure T = S L R I as follows: T T T T ST = { s s Tors T : s s R} RT = { s s R s T s ST } IT = { s ST s I} L : S P { false true} T T

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay 4 We call the artial Krike structure T a fragment of the states in the set T are all resent in the Node and S T T is the set of border states of T ie border T From the definition of R we can see that the fragment T T know all the immediate successors of the states resent in the node ie in T [9] The truth function L T for the fragment of and a CTL formula is a total function L T : S { True False} L T s = True iff s and L T s = False iff s we use L T s = if we dont know the truth value at certain stage of comutation of the truth function for examle in the start of comutation of the truth on border states The truth function on the comlete Krike structure is a total function L : S { True False} since all the information for the comutation needed are available we dont need the third value unknown reresented by Definitions 4 Let = S L R be a Krike structureand a fragment of we define : T = { s S L s = true} U = { s S L s = } F = { s S L s = false} for s T int s = s for s U inu s = s for = T U F s F inf s o s = { int s s T } = { inu s s U } = { inf s s F } S = T U F e S e iff snd e = snd e we have e e We Interret the logical oerators and on artial krike structure using Kleenes three value logic An accurate and comatible interretation of Kleenes connectives was given by Korner [5]Korner defined the notion of an inexact class of a given non-emty domain A generated by a artial definition DP of a roerty P of elements of A as a three-valued ``characteristic function X : A { } X a = whenpa according todp is false; whenpa isdp undecidabl e; whenpa according todp istrue Any family of inexact classes of a given domain A is a de organ lattice the algebraic oerations and : X Y a = max{ X a Y a} X Y a = min{ X a Y a} X a = X a being counterarts of the Kleene connectives[5] We now consider our theory based on the theory mentioned above : Let = { false true} Let < be a total order such that : false < < true e e S in the case when e e we have : e e = min fst e fst e snd e e e = max fst e fst snd e Let S S and G S we define : SG = { e e e S e G such that ee } S G = { e e S and e G such that ee } { e e G and e S such that ee } e e e S e G such that e } { e Let succ be a function defined as follow : succ : S S succ = { e snd snd e R} 4 CTL model checking on fragments Theorem Given = S L R a fragment of Krike structure and a CTL formula the following recursive algorithm comute the set of states H f S which satisfy f or it may satisfy f and exclude all states which not satisfy f

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay 5 H = T U such that is an atomic roosition H f={ ints s Smasnd H f} U f H f g = H f H g H f g = H f H g H AXf = { InT snd e S f succ T f H f } { inu snd e S f succ T f U f and e succ such that e f } { inu s s border } H EXf = { InT snd e S f e succ and e f } { inu snd e S f succ U f H f } { inu s s border } H AGf = H f AX H AFf = H f AX H A fug = H g H f AX After the alication of the above recursive algorithm we have s H f L s f = false The other oerators like EG can be all deduced from the oerators cited above for examle H EGf = H AFf for more information we refer the reader to [] roof For the atomic roosition we can see that H is the set of states where the formula hold or where the formula may hold ie where we are not sure that the formula is false For the case of H AXf : The set { InT snd e S f succ T f H f } reresent the set of states where all of there successors are states where the formula f holds and the set { inu snde e S f succe T f U f ande succ such that e f } reresent the set of states where there successors may satisfy f hence this set is the set of states where H AXf may be satisfied Furthermore because we dont know the successors of the border states we add this sates to the result of comutation { inu s s border } because this states may satisfy the formula H AXf We will rove the fix oint characterization of the oerators AGf the fix oint characterization for the remaining CTL oerators can be established in similar manner The set S of all subset of S form a lattice under the set inclusion ordering Each element s of the lattice can also be thought of as a redicate on S where the redicate is viewed as being true or may be true for exactly the states in s The least element in the lattice is the emty set which we also refer to as False and the greatest element in the lattice is the whole set S which S we sometimes write as True A function that mas to S will be called a redicate transformer We follow the same manner as in [] first we can see that = H f AX is monotonic and -continuous by the theorem of Tarski and Knaster we can conclude that AGf is the great fix oint of = H f AX roosition :The redicate transformer = H f AX is monotonic roof let P P To show that P P consider s P an arbitrary sate Then s satisfy f or it may satisfy f i e L s f = true or L s f = and for all states s such that s s R and s P Because P P s P as well thus s P roosition :The redicate transformer = H f AX is -continuous roof We want to roof that ipi = i Pi first we can see that P P P because is monotonic we have P P P the same for P P P which mean that P P P P more generale we have ipi i Pi Furthermore we have for an arbitrary state s P P Pn this mean that : and s P s P n this mean s that: s P s f and may s such that

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay 6 s s R imlies that s P and s Pn s may f and s such that s s R imlies that s Pn Hence s P s P imlies s may f and n s P P P n which mean that s i Pi ie P P i i i i With an informal way we can see that at the first iteration we have all the state which satisfy f or it may satisfy f lets said that this set is at the second iteration we comute the set of states which is in and there successor satisfied f or it may satisfied f ie there successor is in we forward the comutation on the successors until we reach a fix oint Hence we understand that we have giving to the oerators AGf the semantics that we look for the states s which has the roerty that all the states of the aths stemming from s satisfy f or it may satisfy f Examle lets take the fragment of the Krike Structure shown on Figure 8 in node and the roerty to be checked on this fragment is AG a c : H a = T a U a U a = { 4} T a = {} H a = { 4} H c = { 4} H a c = H a H c H ac ={} { 4 4} H a c = { 4} H AG a c = { 4} AX = {4} AX AX = {4} { 4} = {4} = { 4} AX = { 4} AX AX = { } { 4} = { 4} = { 4} AX ={ = { 4} 4} = Fix oint reached the algorithm sto the comutation from the recedent theorem we conclude that L AG a c = false so the final result of comutation on the fragment in node is : { 4} 5 Distributed CTL odel checking The main idea of the distributed verification algorithm is that if we want to check some formula in some state s see figure 4 it is clear that the truth of formula deend on the truth of this formula in s which is in node II Hence we start the comutation in node I with L s = ie we consider that the formula may hold in s when the node II finish the comutation if the formula hold in s the node number I make a recomutation and found that the formula hold in s for examle in the case of { EGf AGf AFf EFf A fug E fug} and the result of the first comutation in node I is If the formula dont hold in s and the result of the first comutation in node I is this mean that the formula dont hold in s The main difference between the reasoning algorithm on fragments and the distributed Algorithm is that in the case of { EGf AGf AFf EFf A fug E fug} we consider in the fragments algorithm that f may hold in border states but in the distributed version we consider the whole formula not only f may hold in border states and the truth on border states is arameter assed to the redicate transformer as follow : AF = Y Y AX EF = Y Y EX AG = Y Y AX EG = Y Y EX

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay 7 A q = Y q Y AX E q = Y q Y EX where Y = { sborder L s = True or L s = } and is an arbitrary formula reresented by one of the six oerator described above resectively here Y reresent the missing art of information in border sates if some one give us the set of border sates where the formula to be verified is valid we can conclude the truth of the formula on the whole Krike structure this fact can be reresented as the alication of model checking function to the given information H AXf = Y{ InT snd e S { inu snd e S and e succ such f succ T that e f } { inu s s border } H EXf = Y{ InT snd e S f e succ and e { inu snd e S { inu s s border } f succ T f U f } f succ U f f H f } H AGf = Y H f Y AX H AFf = Y H f Y AX H A fug= Y H g Y H f AX Note : f = H f Y where H f is the set of state s border which satisfy f or it may satisfy f Lemma The result of the above recursive algorithm can be influenced only by the truth value of formula to be verified on border states thus we need a recomutation only when the truth value on border states change H f H f } roof The roof is easy we can see that the model checking algorithm is a function deend only on Y the truth value of the formula to be checked on border states Fig 4 Theorem Given = S L R a fragment of Krike structure a CTL formula f and Y = Hb f the set s border which satisfy f or it may satisfy f the following recursive algorithm comute the set of states H f S which satisfy f or it may satisfy f and exclude all states which not satisfy f such that is an H = Y T U atomic roosition H f = Y{ int s s Smasnd H f } U f H f g = Y H f H g H f g = Y H f H g Lemma The distributed termination is reached when no change of the information on all border states roof using lemma we can see that if there is no change in all border states each instance of the distributed algorithm dont need to make a new comutation a hence the distributed algorithm reach a fix oint and terminate Lemma When the termination is detected and still some value has undefined truth on some sates s ie L s f = examle in the case of cycle this imlies that : f = AG L s f = true In the case of In the case of f = AF L s f = false

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay 8 f L s f = false In the case of = A U roof The roof is easy we can see that the transition relation is a artial order in the examle of figure 5 we have ie that the truth of the formula in state deend on the truth of the formula in sate and so on since we know the truth of the immediate comonent of our formula in the examle is just atomic roosition P in the state resent in the node which must be true for arriving to this situation we conclude the result about the whole Krike Fig 8 The Fragments of distributed over Nodes Fig 5 The Fragments of distributed over Nodes Fig 6 The Krike structure with cycle Examle Structure shown in Figure 7 roerty to be checked on is AG a c : Fig 7The Krike structure S ={45} AP={ a b c} R ={ 55554444} L ={ b} L={ a} L={ a b c} L4={ b c} L5={ c} The artitioning of the system on three network nodes using the following artition function h is shown in figure 8 : h :{ s s s s4 s5} { node node node} h = h = h4 = h = h5 = The alication of the Algorithm on the comlete give the same result as in [] H AG a c = {4} since all the information needed for the comutation is available We make the remark that in the case of the alication of the algorithm in the comlete Krike our Algorithm can be simlified to the Algorithm in [] because Y = {} and the oerations will be resectively iteration : Node I : H a = {} H c = {} H a c = {} Y = H B AG a c = { 4} H a c = Y H a c = { 4} H AG a c = { 4} AX = {4} AX AX = {4} { 4} = {4} = { 4} AX = { 4} AX = { } { 4} AX = { 4} = { 4} AX = { = { 4} 4}

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay 9 = Fix oint reached the algorithm sto the comutation and wait new information if ossible about his border states from the theorem we conclude that L AG a c = false so the final result of comutation on the iteration in node is : { 4} Node II : H a c Y B = {4} = H AG a c = { } H a c = Y H a c = { 4} H AG a c = { 4} AX = {4} AX = { 4} = { 4} AX = { 4} = { 4} = Node III : H a c = {5} Y = H B AG a c = { 4} H a c = Y H a c = {5 4} H AG a c = {5 4} AX = {45} AX = {45} = { 4 5} AX = { 5} { 4} AX = { 4 5} = { 4 5} = { 4 5} = Fix oint reached iteration : Node III : we can make recomuting only in node III since from Lemma only in node we have a change in the truth of border states because the truth value in sate is changed: H a c = {5 4} = {45} AX = {45} = { 45} AX = { 4 } = { 4} = { 4} = from theorem we conclude that L 5 AG a c = false so the final result is in node III :{ 4 5} using Lemma because no change will haen in border states the comutation terminate and the distributed algorithm halt in the iteration number using Lemma we conclude that : L AG a c = true L AG a c = true L 4 AG a c = true The final result of the whole comutation on the three node is : {4} 6 Conclusions and related work We have develoing a theory of reasoning on fragments of LTS using a three value logic as a base for a arallel model checker and resenting a natural aroach for distributed model checking on LTS to the best of our knowledge our algorithm is the first algorithm that use fix oint model checking with three value logic on maximality labeled transition system Closest to our work is the work of [9]In fact the main roblem of the distributed verification discussed here has been treated in their work using the notion of Assumtion which is not a natural and easy aroach for treating the roblem since they resent there idea using an imerative aradigm which make the roof difficult Furthermore they don t show how to get fragments of the system to be verified for that reason I think it is not easy to aly their result directly to the industry Our aroach has several advantages First we have showing how to get the fragments from a standard language and with a semantic model which allow the design of systems by action refinement second we have making a little change to the aroach of verification all this make our idea easy to aly it for industry Another work similar to our work in the rincile of using three value logic of Kleen on artial Krike structure was introduced by [6] but our algorithm is different from their Algorithm since they use a two ass the first one is otimistic which consider the as true the second essimistic which consider the as false hence the result of the Algorithm have four results false fals <true fals < false tru < true tru for that reason we think that our aroach is the best since it is easy to adat it for distributed odel checking another

IJCSI International Journal of Comuter Science Issues Vol 7 Issue No ay interesting work is the work of [] which define a multi valued model checking which is more general than our work this work miss an alication our work can be considered as an alication with secial case using three value logic Acknowledgments I would like to thank all the fellows and staff at the International institute for software technology for their indirect contributions and encouragements during the realization of this work A secial thanks to Dr Jeff W Sanders for his collaboration with Dr Djamel Eddine Saidouni and acceting me as fellow under his suervision in the UNU/IIST and training me on research I deely thank Dr Jeff W Sanders whose hel advice and suervision was invaluable I can said without his hel this work can not be achieved References [] E Clarke E A Emerson and AP Sistla Automatic Verification of finite state concurrent systems using temoral logic Secifications AC transactions on Programming Languages And Systems 8:44-6 Aril986 [] Edmund ClarkeOrna Grumberg and al : odel check-ing IT ress [] T Bolognesi and E Brinksma Introduction to the ISO Secification Language LOTOS volume 4 Comuter Networks and ISDN Systems 987 [4] ISO887 LOTOS a formal descrition technique based on the ordering of observation behaviour ISO November 988 [5] J P Courtiat and D E Saidouni Relating maximality-based semantics to action refinement in rocess algebras In D Hogrefe and S Leue Editors IFIP TC/WG6 7th Int Cof of Formal Descrition TechniquesFORTE 94 ages 9-8 Chaman Hall 995 [6] ilner Communication and Concurrency Prentice Hall 989 [7] D E Saidouni and ABenamira Considiration of the cov-ering stes in The aximality-based labled transitions systems in Proceedings of acit 6 [8] P GodeFroid Using Partial Orders to Imrove Auto-matic Verification ethods in Proceedings of CAV 9 volume ages-4 AC DIACS 99 [9] RE Bryant Grah-based algorithme for boolean func-tion aniulation IEEE Transactions on Comuter Science 7: 77-986 [] D-ESaidouniO Labbani aximality-based symbolic model checking in ACS/IEEE International Conference July []A Layeb - DE Saidouni Quantum Differential Evolu-tion Algorithm for Variable Ordering Problem of Binary Decision Diagram in th International CSI Comuter Conference 8 []F Lerda and R Sisto Distributed-emory odel Check-ing with SPIN in Proceedings of the 5th and 6th Inter-national SPIN Workshos on Theoretical and Practical Asects of SPIN odel Checking999 [] H Garavel R ateescu and I Smarandache Parallel state sace Construction for model-checking In Proc 8th Inter SPIN Worksho volume LNCS 57 ages 7-4 Sringer Revised version available as INRIA Research Reort RR-44 Dec [4] El Abidine Bouneb D E Saidouni : Parallel state sace construction for a model checking based on max-imality semantics - CISA 9 [5] The Handbook of the History of Logic volume 8 : The any valued and nonmonotonic turn in Logic ISBN: 978--444-56-7 7 [6] GBruns and PGodefroid odel Checking Partial State Saces with -valued Temoral logics in CAV Interna-tional Conference 999 [7] L Lamort What good is temoral logic? Information rocessing 8:657-668 98 [8] ft://ftrfc-editororg/in-notes/rfctxt [9] Lubos Brim Karen Yorav Jitka idkova : Assumtion-based distribution of CTL model checking Sringer-Verlag 4 [] arsha Chechik Steve Easterbrook Benet Devereux: odel Checking with ulti-valued Temoral Logics ine El Abidine Bouneb born in Algeria in 976 He obtained his master degree from Constantine university Algeria in December on the field of comutation and information ine El Abidine Bouneb is interested to the following toics : maximality semantics formal methods tye theory state exlosion roblem game theory models for concurrency functional rogramming r Bouneb A currently is a lecturer at the university of Oum El Bouaghi and a PhD student in the university of Constantine under the suervision of Dr Saidouni Djamel Eddine working on symbolic verification Djamel Eddine Saidouni was born in Algeria in 968 He obtained his PhD degree from Paul Sabatier university France in 996 Djamel Eddine is interested to the following toics : maximality semantics formal methods real time system state exlosion roblem models for concurrency refinement Dr Djamel Eddine is currently member of the RT-LOTOS roject and the author of the true concurrency model for rocess algebra called aximality Labeled Transition system Dr Djamel Eddine has many ublications in theoretical comuter science and formal methods Dr Djamel Eddine is currently an assistant rofessor in the deartment of comuter science at the University of Constantine He is also the head of the research grou on formal methods

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback