Sebastian Kupferschmid

Adapting an AI planning heuristic for directed model checking

There is a growing body of work on directed model checking, which improves the falsification of safety properties by providing heuristic functions that can guide the search quickly towards short error paths. Techniques of this kind have also been made very successful in the area of AI Planning. Our main technical contribution is the adaptation of the most successful heuristic function from AI Planning to the model checking context, yielding a new heuristic for directed model checking. The heuristic is based on solving an abstracted problem in every search state. We adapt the abstraction and its solution to networks of communicating automata annotated with (constraints and effects on) integer variables. Since our ultimate goal in this research is to also take into account clock variables, as used in timed automata, our techniques are implemented inside UPPAAL. We run experiments in some toy benchmarks for timed automata, and in two timed automata case studies originating from an industrial project. Compared to both blind search and some previously proposed heuristic functions, we consistently obtain significant, sometimes dramatic, search space reductions, resulting in likewise strong reductions of runtime and memory requirements.

Automatic abstraction refinement for timed automata

We present a fully automatic approach for counterexample guided abstraction refinement of real-time systems modelled in a subset of timed automata. Our approach is implemented in the MOBY/RT tool environment, which is a CASE tool for embedded system specifications. Verification in MOBY/RT is done by constructing abstractions of the semantics in terms of timed automata which are fed into the model checker UPPAAL. Since the abstractions are over-approximations, absence of abstract counter examples implies a valid result for the full model. Our new approach deals with the situation in which an abstract counter example is found by UPPAAL. The generated abstract counter example is used to construct either a concrete counter example for the full model or to identify a slightly refined abstraction in which the found spurious counter example cannot occur anymore. Hence, the approach allows for a fully automatic abstraction refinement loop starting from the coarsest abstraction towards an abstraction for which a valid verification result is found. Nontrivial case studies demonstrate that this approach computes small abstractions fast without any user interaction.

UPPAAL/DMC: abstraction-based heuristics for directed model checking

UPPAAL/DMC is an extension of UPPAAL which provides generic heuristics for directed model checking. In this approach, the traversal of the state space is guided by a heuristic function which estimates the distance of a search state to the nearest error state. Our tool combines two recent approaches to design such estimation functions. Both are based on computing an abstraction of the system and using the error distance in this abstraction as the heuristic value. The abstractions, and thus the heuristic functions, are generated fully automatically and do not need any additional user input. UPPAAL/DMC needs less time and memory to find shorter error paths than UPPAALs standard search methods.

Effects of substance P and its antagonist L-733060 on long term potentiation in guinea pig hippocampal slices

The neuropeptide substance P (SP) has been suggested to be involved in several physiological and pathological conditions including learning and memory and the processing of pain. This study investigated for the first time acute effects of SP and the neurokinin-1 (NK-1) receptor antagonist L-733060 on long term potentiation (LTP) in the hippocampus. Electrically evoked fEPSP was tested under the influence of SP in the CA1 region of the guinea pig hippocampus. Concentrations of 1 and 10 microM SP increased fEPSP slopes to 114.3+/-4.5% and 115.8+/-2.7%, respectively. A threshold concentration was found at 0.1 microM SP. The SP-specific NK-1 receptor antagonist L-733060 did not influence fEPSP in a concentration of 1 microM. In experiments with LTP, a significant increase of potentiations after 60 min was seen with 1 microM SP. Even if the initial baseline increase due to SP (1 microM) was subtracted, potentiations were bigger compared to controls. L-733060 (1 microM) suppressed the excitatory effects of 1 microM SP nearly complete and subsequent induced LTP was not increased. In conclusion, SP has excitatory effects in the hippocampus and is able to facilitate LTP via activation of the NK-1 receptor.

Faster Than Uppaal

It is probably very hard to develop a new model checker that is faster than Uppaal for verifying (correct)timed automata. In fact, our tool Mcta does not even try to compete with Uppaal in this (i.e., Uppaal s) arena. Instead, Mcta is geared towards analyzing incorrectspecifications of timed automata. It returns (shorter) error traces faster.

St John’s wort (Hypericum perforatum) modulates evoked potentials in guinea pig hippocampal slices via AMPA and GABA receptors

The effects of an ethanolic extract of the plant Hypericum perforatum L. (St Johns wort) (HYP) and its hydrosoluble fraction (HYPWS) on electrically evoked population spikes and fEPSP were investigated in this study. Concentration dependent (10(-6) to 10(-4) g/l) excitatory effects were found. Above concentrations of 10(-3) g/l, HYP reduced the evoked responses, whereas HYPWS further increased them. Paired pulse facilitation was unaffected with HYPWS (10(-4) to 10(-2) g/l). The excitatory effects of HYPWS were amplified by the GABA(A) and GABA(B) receptor antagonists bicuculline and phaclofen, respectively. These excitations were antagonised by the AMPA receptor antagonist CNQX. Excitations caused by hypericum were not antagonised by the NMDA receptor antagonists D-APV and MK801, the metabotropic glutamate receptor (type I and II) antagonist MCPG, or the L-type calcium channel blocker verapamil. Hypericin and hyperforin, two components of H. perforatum, were found not to be responsible for the excitatory effects of the extract.

Using Predicate Abstraction to Generate Heuristic Functions in UPPAAL

We focus on checking safety properties in networks of extended timed automata, with the well-known UPPAAL system. We show how to use predicate abstraction, in the sense used in model checking, to generate search guidance, in the sense used in Artificial Intelligence (AI). This contributes another family of heuristic functions to the growing body of work on directed model checking. The overall methodology follows the pattern databaseapproach from AI: the abstract state space is exhaustively built in a pre-process, and used as a lookup table during search. While typically pattern databases use rather primitive abstractions ignoring some of the relevant symbols, we use predicate abstraction, dividing the state space into equivalence classes with respect to a list of logical expressions (predicates). We empirically explore the behavior of the resulting family of heuristics, in a meaningful set of benchmarks. In particular, while several challenges remain open, we show that one can easily obtain heuristic functions that are competitive with the state-of-the-art in directed model checking.

Fast directed model checking via Russian Doll abstraction

Combining model checking and deduction for I/O- automata.- A constraint oriented proof methodology based on modal transition systems.- A user guide to HyTech.- Modal ?-calculus, model checking and Gauss elimination.- Mona: Monadic second-order logic in practice.- Efficient simplification of bisimulation formulas.- Hierarchical compression for model-checking CSP or how to check 1020 dining philosophers for deadlock.- A front-end generator for verification tools.- Analytic and locally approximate solutions to properties of probabilistic processes.- Model checking of non-finite state processes by finite approximations.- On automatic and interactive design of communicating systems.- Layers as knowledge transitions in the design of distributed systems.- Parallelism for free: Bitvector analyses ? no state explosion!.Directed model checking aims at speeding up the search for bugs in a system through the use of heuristic functions. Such a function maps states to integers, estimating the states distance to the nearest error state. The search gives a preference to states with lower estimates. The key issue is how to generate good heuristic functions, i. e., functions that guide the search quickly to an error state. An arsenal of heuristic functions has been developed in recent years. Significant progress was made, but many problems still prove to be notoriously hard. In particular, a body of work describes heuristic functions for model checking timed automata in UPPAAL, and tested them on a certain set of benchmarks. Into this arsenal we add another heuristic function. With previous heuristics, for the largest of the benchmarks it was only just possible to find some (unnecessarily long) error path. With the new heuristic, we can find provably shortest error paths for these benchmarks in a matter of seconds. The heuristic function is based on a kind of Russian Doll principle, where the heuristic for a given problem arises through using UPPAAL itself for the complete exploration of a simplified instance of the same problem. The simplification consists in removing those parts from the problem that are distant from the error property. As our empirical results confirm, this simplification often preserves the characteristic structure leading to the error.

Context-enhanced directed model checking

Directed model checking is a well-established technique to efficiently tackle the state explosion problem when the aim is to find error states in concurrent systems. Although directed model checking has proved to be very successful in the past, additional search techniques provide much potential to efficiently handle larger and larger systems. In this work, we propose a novel technique for traversing the state space based on interference contexts. The basic idea is to preferably explore transitions that interfere with previously applied transitions, whereas other transitions are deferred accordingly. Our approach is orthogonal to the model checking process and can be applied to a wide range of search methods. We have implemented our method and empirically evaluated its potential on a range of non-trivial case studies. Compared to standard model checking techniques, we are able to detect subtle bugs with shorter error traces, consuming less memory and time.

Transition-Based Directed Model Checking

Directed model checking is a well-established technique that is tailored to fast detection of system states that violate a given safety property. This is achieved by influencing the order in which states are explored during the state space traversal. The order is typically determined by an abstract distance function that estimates a states distance to a nearest error state. In this paper, we propose a general enhancement to directed model checking based on the evaluation of state transitions . We present a schema, parametrized by an abstract distance function, to evaluate transitions and propose a new method for the state space traversal. Our framework can be applied automatically to a wide range of abstract distance functions. The empirical evaluation impressively shows its practical potential. Apparently, the new method identifies a sweet spot in the trade-off between scalability (memory consumption) and short error traces.