Abstract
When verifying the validity of a formula in a system model by a model checker, a common feature is the generation of a linear witness or counterexample, which is a computation path usually showing a single reason why the formula is valid or, respectively, not. For systems represented with Labeled Transition Systems (LTS) and a subset of ACTLW (Action-based Computation Tree Logic with Unless operator) formulae, a procedure exists for the generation of witness automata, which contain all the interesting finite linear witnesses, thus revealing all the reasons of the validity of a formula. Although this procedure uses a symbolic representation of LTSs, transitions of a given LTS are traversed one by one. In this paper, we propose a procedure which exploits the symbolic representation efficiently to traverse several transitions at once. We evaluate the procedure on models of a communication protocol from industry and a biological system. The results show it to be at least several times faster than the former one. Witness automata were first introduced to allow for compositional generation of test sequences. We propose two more possible uses. One is for the detection of multiple errors in a model by exploring the witness automaton for a formula, instead of only one, which is usually the case with a single witness. The other one is for the detection of previously unknown system properties. As witness automata can be rather large, we show how some existing tools could help in examining them through visualization and simulation.
Highlights
Model checking is an automated technique for verifying whether the behavior of a finite-state system model has a specified property or not [1]
The main contribution of this paper is the generation of witness automata for Action-based Computation Tree Logic with Unless operator (ACTLW) formulae by using symbolic methods based on Binary Decision Diagrams (BDD) which avoids the enumerative traversal
We have found that some tools from the mCRL2 toolset [40], [41], which were originally meant for Labeled Transition System (LTS), could be employed for this purpose, provided the internal representation of witness automata is converted to the ALDEBARAN format [42]
Summary
Model checking is an automated technique for verifying whether the behavior of a finite-state system model has a specified property or not [1]. The main motivation for the present paper was the fact that, the implementation of this algorithm uses symbolic representation for LTSs in the form of BDDs and BDD-based functions for navigating the LTS after the symbolic model checking, it cannot take advantage of the symbolic representation to traverse several transitions at once, because the depth-first search is inherently enumerative. The main contribution of this paper is the generation of witness automata for ACTLW formulae by using symbolic methods based on BDDs which avoids the enumerative traversal.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
