Alastair F. Donaldson

Symmetry in temporal logic model checking

Temporal logic model checking involves checking the state-space of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the state-space. The use of symmetry reduction to increase the efficiency of model checking has inspired a wealth of activity in the area of model checking research. We provide a survey of the associated literature.

Automatic symmetry detection for model checking using computational group theory

We present an automatic technique for the detection of structural symmetry in a model directly from its Promela specification. Our approach involves finding the static channel diagram of the model, a graphical representation of channel-based system communication; computing the group of symmetries of this diagram; and computing the largest possible subgroup of these symmetries which induce automorphisms of the underlying model. We describe a tool, SymmExtractor, which, for a given model and LTL property, uses our approach to find a group of symmetries of the model which preserve the property. This group can then be used for symmetry reduction during model checking using existing quotient-based methods. Unlike previous approaches, our method can detect arbitrary structural symmetries arising from the communication structure of the model.

Symmetry reduction for probabilistic model checking using generic representatives

Generic representatives have been proposed for the effective combination of symmetry reduction and symbolic representation with BDDs in non-probabilistic model checking. This approach involves the translation of a symmetric source program into a reduced program, in which counters are used to generically represent states of the original model. Symmetric properties of the original program can also be translated, and checked directly over the reduced program. We extend this approach to apply to probabilistic systems with Markov decision process or discrete time Markov chain semantics, represented as MTBDDs. We have implemented a prototype tool, GRIP, which converts a symmetric PRISM program and PCTL property into reduced form. Model checking results for the original program can then be inferred by applying PRISM, unchanged, to the smaller model underlying the reduced program. We present encouraging experimental results for two case studies.

Exact and approximate strategies for symmetry reduction in model checking

Symmetry reduction techniques can help to combat the state space explosion problem for model checking, but are restricted by the hard problem of determining equivalence of states during search. Consequently, existing symmetry reduction packages can only exploit full symmetry between system components, as checking the equivalence of states is straightforward in this special case. We present a framework for symmetry reduction with an arbitrary group of structural symmetries. By generalising existing techniques for efficiently exploiting symmetry, and introducing an approximate strategy for use with groups for which fast, exact strategies are not available, our approach allows for significant state-space reduction with minimal time overhead. We show how computational group theoretic techniques can be used to analyse the structure of a symmetry group so that an appropriate symmetry reduction strategy can be chosen, and we describe a symmetry reduction package for the SPIN model checker which interfaces with the computational algebra system GAP. Experimental results on a variety of Promela models illustrate the effectiveness of our methods.

Extending Symmetry Reduction Techniques to a Realistic Model of Computation

Much of the literature on symmetry reductions for model checking assumes a simple model of computation where the local state of each component in a concurrent system can be represented by an integer, and where components do not hold references to one another. Symmetry reduction techniques for model checking usually require a solution to the NP-hard Constructive Orbit Problem (COP)-computing the minimum element in the equivalence class of a given state under a symmetry group. Polynomial time strategies to solve instances of the COP under the simple model of computation are known for a large class of symmetry groups. We show that these strategies are not directly applicable when the model of computation is extended to allow components to hold references to one another, and present an approach to their extension, resulting in tractable, memory optimal symmetry reduction techniques for a realistic model of computation. Experimental results using the TopSpin symmetry reduction package for the Spin model checker illustrate the effectiveness of our techniques.

A computational group theoretic symmetry reduction package for the SPIN model checker

Symmetry reduced model checking is hindered by two problems: how to identify state space symmetry when systems are not fully symmetric, and how to determine equivalence of states during search. We present TopSPIN, a fully automatic symmetry reduction package for the SPIN model checker. TopSPIN uses the GAP computational algebra system to effectively detect state space symmetry from the associated Promela specification, and to choose an efficient symmetry reduction strategy by classifying automorphism groups as a disjoint/wreath product of subgroups. We present encouraging experimental results for a variety of Promela examples.

ETCH: an enhanced type checking tool for promela

We present Etch, an enhanced type checking tool for the Promela language. This tool uses standard type checking in conjunction with constraint-based type inference to detect type errors in Promela models which cannot currently be detected by Spin before verification or simulation. Etch allows for more rapid development of Promela code, and increased confidence in verification models used with Spin. Since the utility of model checking depends heavily on the correctness of the model being verified, our tool is a significant contribution.