基於自動機的模型檢查的深度優先搜尋演算法比較研究

Jo-Chuan Chou; 周若涓

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/84450

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	蔡益坤(Yih-Kuen Tsay)
dc.contributor.author	Jo-Chuan Chou	en
dc.contributor.author	周若涓	zh_TW
dc.date.accessioned	2023-03-19T22:12:00Z	-
dc.date.copyright	2022-09-30
dc.date.issued	2022
dc.date.submitted	2022-09-25
dc.identifier.citation	References [1] M. Benedetti and A. Cimatti. Bounded model checking for past LTL. Tools and Algorithms for the Construction and Analysis of Systems, pages 18–33. Springer Berlin Heidelberg, 2003. [2] A. Biere, A. Cimatti, E. Clarke, and Y. Zhu. Symbolic model checking without BDDs. Tools and Algorithms for the Construction and Analysis of Systems, pages 193–207. Springer Berlin Heidelberg, 1999. [3] J. R. Büchi. On a decision method in restricted second order arithmetic, pages 425–435. Springer, 1990. [4] R. Cavada, A. Cimatti, C. A. Jochim, G. Keighren, E. Olivetti, M. Pistore, M. Roveri, and A. Tchaltsev. Nusmv 2.5 user manual. http://nusmv.fbk.eu/, 2010. [5] E. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. Tools and Algorithms for the Construction and Analysis of Systems, pages 168–176. Springer Berlin Heidelberg, 2004. [6] E. M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. Logics of Programs, pages 52–71. Springer Berlin Heidelberg, 1982. [7] L. Cordeiro, B. Fischer, and J. Marques-Silva. SMT-based bounded model checking for embedded ANSI-C software. IEEE Transactions on Software Engineering, 38(4):957–974, July 2012. [8] C. Courcoubetis, M. Vardi, P. Wolper, and M. Yannakakis. Memory-eﬀicient algorithms for the verification of temporal properties. Formal Methods in System Design, 1(2):275–288, 1992. [9] J. Couvreur. On-the-fly verification of linear temporal logic. In International Symposium on Formal Methods, pages 253–271. Springer, 1999. [10] J. Couvreur, A. Duret-Lutz, and D. Poitrenaud. On-the-fly emptiness checks for generalized Büchi automata. Model Checking Software, pages 169–184. Springer Berlin Heidelberg, 2005. [11] Marco Daniele, Fausto Giunchiglia, and M. Y. Vardi. Improved automata generation for linear temporal logic. In Computer Aided Verification. Springer Berlin Heidelberg, 1999. [12] Daniel Dietsch. Automated Verification of System Requirements and Software Specifications. PhD thesis, University of Freiburg, 2016. [13] A. Duret-Lutz, A. Lewkowicz, A. Fauchille, T. Michaud, É. Renault, and L. Xu. Spot 2.0 —a framework for LTL and ω-automata manipulation. Automated Technology for Verification and Analysis, pages 122–129. Springer International Publishing, 2016. [14] N. Eén and N. Sörensson. An extensible SAT-solver. Theory and Applications of Satisfiability Testing, pages 502–518. Springer Berlin Heidelberg, 2004. [15] S. Falke, F. Merz, and C. Sinz. The bounded model checker LLBMC. In 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 706–709, 2013. [16] V. Ganesh and D. L. Dill. A decision procedure for bit-vectors and arrays. Computer Aided Verification, pages 519–531. Springer Berlin Heidelberg, 2007. [17] P. Gastin, P. Moro, and M. Zeitoun. Minimization of counterexamples in SPIN. In International SPIN Workshop on Model Checking of Software, pages 92–108. Springer, 2004. [18] J. Geldenhuys and A. Valmari. Tarjan’s algorithm makes on-the-fly LTL verification more eﬀicient. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 205–219. Springer, 2004. [19] R. Gerth, D. Peled, M. Y. Vardi, and P. Wolper. Simple On-the-fly Automatic Verification of Linear Temporal Logic, pages 3–18. Springer US, Boston, MA, 1996. [20] Matthias Heizmann, Jürgen Christ, Daniel Dietsch, Evren Ermis, Jochen Hoenicke, Markus Lindenmann, Alexander Nutz, Christian Schilling, and Andreas Podelski. Ultimate automizer with smtinterpol. In Tools and Algorithms for the Construction and Analysis of Systems. Springer Berlin Heidelberg, 2013. [21] Matthias Heizmann, Jochen Hoenicke, and Andreas Podelski. Software model checking for people who love automata. In Computer Aided Verification. Springer Berlin Heidelberg, 2013. [22] G. J. Holzmann. The Spin Model Checker: Primer and Reference Manual. Addison- Wesley, Boston, 2003. [23] G. J. Holzmann, D. A. Peled, and M. Yannakakis. On nested depth first search. The Spin Verification System, 32:81–89, 1996. [24] G. J. Holzmann and Doron Peled. An Improvement in Formal Verification. Springer US, 1995. [25] S. Kripke. Semantical considerations of the modal logic. Studia Philosophica, 1, 2007. [26] K. L. McMillan. The SMV System, pages 61–85. Springer US, Boston, MA, 1993. [27] M.W. Moskewicz, C. F. Madigan, Y. Zhao, L. Zhang, and S. Malik. Chaff: Engineering an eﬀicient SAT solver. In Proceedings of the 38th Annual Design Automation Conference, DAC ’01, page 530–535, New York, NY, USA, 2001. Association for Computing Machinery. [28] D. E. Muller. Infinite sequences and finite machines. In Proceedings of the Fourth Annual Symposium on Switching Circuit Theory and Logical Design (swct 1963), pages 3–16. IEEE, 1963. [29] K. Y. Rozier and M. Y. Vardi. LTL satisfiability checking. In Model Checking Software, pages 149–167, Berlin, Heidelberg, 2007. Springer Berlin Heidelberg. [30] S. Schwoon and J. Esparza. A note on on-the-fly verification algorithms. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems, pages 174–190. Springer, 2005. [31] D. Tabakov and M. Y. Vardi. Model checking Büchi specifications. In LATA, pages 565–576, 2007. [32] R. Tarjan. Depth-first search and linear graph algorithms. SIAM journal on computing, 1(2):146–160, 1972. [33] M. Y. Vardi and P. Wolper. An automata-theoretic approach to automatic program verification. In Proceedings of the First Symposium on Logic in Computer Science, pages 322–331. IEEE Computer Society, 1986.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/84450	-
dc.description.abstract	外顯式狀態模型檢查器以即時方式構建自動機以表示程式與否定屬性的同步乘積，並使用深度優先搜尋探索自動機狀態。如果一個系統不滿足某個性質，那麼自動機中有一條套索形狀的路徑，對應於系統的錯誤軌跡。這種套索由一個句柄組成，該句柄顯示系統最初是如何演變的，然後是一個循環，該循環表示系統可能無限期地遵循的重複行為。錯誤軌跡的深度優先搜尋可以通過兩種不同的方式進行:巢狀深度優先搜尋和基於強連通單元的搜尋。在一個巢狀深度優先搜尋中，第一個深度優先搜尋找到可達的接受狀態，第二個深度優先搜尋從一個接受狀態進行搜尋，看該狀態是否從自身可達，形成一個接受循環。另一方面，基於強連通單元的搜尋包括找到可到達的強連通單元並檢查其中一個單元中是否存在接受狀態，肯定的回答表明存在錯誤軌跡。為了比較巢狀深度優先搜尋和基於強連通單元的演算法，我們將它們實作為 Ultimate 程式分析框架的插件。該實作將動態模型檢查與偏序縮減相結合，從而消除了驗證所檢查屬性所不需要的狀態。感謝 Ultimate 的支持，我們能夠將 C 語言中的多執行緒程式作為輸入，使這項工作變得實用。該實作能夠重現存在於原始程式語句中的反例與相應的屬性狀態配對，這有助於排除錯誤。我們使用選擇的基準案例來比較演算法的性能，並在不同的場景下測試程式，例如不同的線性時間方程式、不同語句中的錯誤以及執行緒的重複次數。除了提供對兩種深度優先搜索的見解外，這項工作還可以構成模型檢查器的基礎，其中可以選擇不同的驗證方法以適應不同的驗證任務。	zh_TW
dc.description.abstract	Explicit-state model checkers build, in an on-the-fly fashion, an automaton representing the synchronous product of the program and the negated property and explore the automaton states using depth-first search. If a system does not satisfy a property, then there is a lasso-shaped path in the automaton that corresponds to an error trace of the system. Such lassos consist of a handle that shows how the system initially evolves, followed by a cycle that presents a repetitive behavior the system may follow indefinitely. The depth-first search of an error trace may be carried out in two different ways: nested depth-first search (NDFS) and strongly connected component (SCC)-based search. In an NDFS, the first DFS finds the accepting states that are reachable and the second DFS explores from an accepting state to see whether the state is reachable from itself to form an accepting cycle. On the other hand, an SCC-based search consists of finding the reachable SCCs and checking whether an accepting state exists in one of these components, an aﬀirmative answer to which indicates the existence of an error trace. To compare NDFS and SCC-based algorithms, we implement them as plugins of the Ultimate program analysis framework. The implementation combines on-the-fly model checking with partial order reduction which eliminates the states that are not necessary for the verification of the checked property. Thanks to the support of Ultimate, we are able to take multithreaded programs in C as input, making this work practically useful. The implementation is capable of reproducing a counter-example that exists in the original program statements paired with the corresponding property states, which is helpful for debugging. We compare the performances of the algorithms using a selection of benchmark cases and testing the programs under different scenarios, such as different linear temporal formulae, errors in different statements, and repeating times of the threads. Besides providing insights into the two types of depth-first search, this work may also form the basis of a model checker where different verification methods may be selected to suit different verification tasks.	en
dc.description.provenance	Made available in DSpace on 2023-03-19T22:12:00Z (GMT). No. of bitstreams: 1 U0001-2009202214122400.pdf: 2302963 bytes, checksum: e96091f7058e1d974d0fa90221d6aa17 (MD5) Previous issue date: 2022	en
dc.description.tableofcontents	摘要 i THESIS ABSTRACT ii 1 Introduction 1 1.1 Background ........1 1.2 Motivation and Objectives.......................... 2 1.3 ThesisOutline .......................... 3 2 Related Works 4 2.1 Symbolic Model Checking.......................... 4 2.2 Bounded Model Checking.......................... 4 2.3 Nested Depth-first Search.......................... 5 2.4 SCC-based Algorithms .......................... 6 2.5 Existing Studies of Model Checking..................... 6 3 Preliminaries 8 3.1 Model Checking................................ 8 3.2 Nested DFS Algorithms ........................... 9 3.2.1 The Courcoubetis-Vardi-Wolper-Yannakakis Algorithm . . . . . . 9 3.2.2 The Holzmann-Peled-Yannakakis Algorithm . . . . . . . . . . . . 10 3.2.3 The Gastin-Moro-Zeitoun Algorithm ................ 11 3.2.4 The Schwoon-Esparza Algorithm .................. 13 3.3 SCC-based Algorithms............................ 15 3.3.1 Tarjan’s Algorithm.......................... 15 3.3.2 The Geldenhuys-Valmari Algorithm................. 17 3.3.3 The Couvreur’s Algorithm..................... 18 4 Implementation 20 4.1 Introduction to ULTIMATE......................... 20 4.1.1 The ULTIMATE framework..................... 20 4.1.2 ULTIMATE’s Approach to LTL Software Model Checking . . . 22 4.1.3 Example................................ 24 4.2 Implementation on ULTIMATE....................... 27 4.2.1 Verifiers for Multi-threaded Programs . . . . . . . . . . . . 27 4.2.2 Improvement with Partial Order Reduction . . . . . . . . . . 29 4.2.3 Nested DFS Algorithm for Model Checking . . . . . . . . . . . 33 4.2.4 SCC-based Algorithm for Model Checking . . . . . . . . . . . . 38 5 Experiment Results 42 5.1 Settings of the Experiments.......................... 42 5.2 The Example of Peterson’s Solution..................... 43 5.3 The Result .................................. 51 6 Conclusion 66 6.1 Contributions . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 6.2 Future Work ................................. 67 References 70 List of Figures 3.1 Example of Large Tree with no Accepting State . . . . . . . . . . . . . . 13 4.1 The Recursive Control Flow Graph of Example Code . . . . . . . . . . . 25 4.2 The Büchi Automaton of the LTL Property ¬φ, and φ is [ ](AP(x == 0) ==> <>AP(y==0)).......................... 26 4.3 The Büchi Program Product Constructed from the Program (Figure 4.1) and the Büchi Automaton Representing ¬φ (Figure 4.2) . . . . . . . . . 26 4.4 The Report for the Example Code with the Specification of //@ ltl invariant positive: [](AP(x == 0) ==> <>AP(y == 10)) . . . . . . 27 5.1 The Result of modelcheckerdoubledfsplugin. . . . . . . . . . . . . . . 52 5.2 The Result of modelcheckersccplugin................... 53 5.3 The Result of modelcheckerdoubledfsplugin. . . . . . . . . . . . . . . 54 5.4 The Result of modelcheckersccplugin................... 55 5.5 The Result of modelcheckerdoubledfsplugin. . . . . . . . . . . . . . . 56 5.6 The Result of modelcheckersccplugin................... 57 5.7 The Result of modelcheckerdoubledfsplugin. . . . . . . . . . . . . . . 58 5.8 The Result of modelcheckersccplugin................... 59 5.9 The Result of modelcheckerdoubledfsplugin. . . . . . . . . . . . . . . 60 5.10 The Result of modelcheckersccplugin................... 61 5.11 The Result of modelcheckerdoubledfsplugin. . . . . . . . . . . . . . . 62 5.12 The Result of modelcheckersccplugin................... 63 5.13 The Result of modelcheckerdoubledfsplugin. . . . . . . . . . . . . . . 64 5.14 The Result of modelcheckersccplugin................... 65 List of Tables 3.1 The Four Situations Never Happen ..................... 13 3.2 The Four Cases are Encoded with Two Bits ................ 14 5.1 The Result of Running Time . . . . . . . . . . . . . . . . . . . . . . . 51 List of Algorithms 1 The Basic Nested-DFS Algorithm from [8]. . . . . . . . . . . . . . . . . . 10 2 The Optimized Nested-DFS Algorithm from [23] . . . . . . . . . . . . . . 11 3 The Color-DFS from [17] ........................... 12 4 The Four States DFS from [30]........................ 15 5 An Automata-theoretic Verification Algorithm based on Tarjan’s Algorithm from [32] .................................... 16 6 The New Algorithm for Detecting Accepting Cycles from [18] . . . . . . . 17 7 The Translation of Couvreur’s Algorithm from [9]. . . . . . . . . . . . . 19 8 The XML File of ULTIMATE LTLAutomizer Toolchain . . . . . . . . . . 23 9 An Example Code Written in ANSI C .................... 25 10 Initialization .................................. 30 11 Depth First Search for the Büchi Automaton . . . . . . . . . . . . . . . . 31 12 Expansion Step for the Sequential Processes with Reduced Expansion Technique ...................................... 32 13 Initialization of Double Depth First Search . . . . . . . . . . . . 33 14 Double Depth First Search for the System Automaton . . . . . . . . . . . 35 15 Double Depth First Search for the Büchi Automaton . . . . . . . . . . . . 37 16 Initialization of SCC-based Algorithm .................... 38 17 SCC-based Algorithm for the System Automaton . . . . . . . . . . . . . . 39 18 SCC-based Algorithm for the Büchi Automaton. . . . . . . . . . . . . . . 41 19 The XML File of ModelCheckerDoubleDFS Toolchain . . . . . . . . . . . 42 20 The XML File of ModelCheckerSCC Toolchain . . . . . . . . . . . . . . . 43
dc.language.iso	en
dc.title	基於自動機的模型檢查的深度優先搜尋演算法比較研究	zh_TW
dc.title	A Comparative Study of Depth-First Search Algorithms for Automata-Based Model Checking	en
dc.type	Thesis
dc.date.schoolyear	110-2
dc.description.degree	碩士
dc.contributor.oralexamcommittee	陳郁方(Yu-Fang Chen),郁方(Fang Yu)
dc.subject.keyword	Büchi 自動機,模型驗證,巢狀深度優先搜尋演算法,基於強連通單元搜尋演算法,軟體驗證,	zh_TW
dc.subject.keyword	Büchi Automata,Model Checking,Nested Depth-First Search Algorithm,SCC-Based Search Algorithm,Software Verification,	en
dc.relation.page	70
dc.identifier.doi	10.6342/NTU202203642
dc.rights.note	同意授權(限校園內公開)
dc.date.accepted	2022-09-26
dc.contributor.author-college	管理學院	zh_TW
dc.contributor.author-dept	資訊管理學研究所	zh_TW
dc.date.embargo-lift	2022-09-30	-
顯示於系所單位：	資訊管理學系

文件中的檔案：

檔案	大小	格式
U0001-2009202214122400.pdf 授權僅限NTU校內IP使用（校園外請利用VPN校外連線服務）	2.25 MB	Adobe PDF	檢視/開啟

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。