Tac Tim Willemse

Model-checking processes with data

We propose a procedure for automatically verifying properties (expressed in an extension of the modal µ-calculus) over processes with data, specified in µCRL. We first briefly review existing work, such as the theory of µCRL and we discuss the logic, called first order modal µ-calculus in more detail. Then, we introduce the formalism of first order boolean equation systems and focus on several lemmata that are at the basis of the soundness of our decision procedure. We discuss our findings on three non-trivial applications for a prototype implementation of this procedure. The results show that our prototype can deal with quite complex and interesting properties and systems, showing the efficacy of the approach.

Parameterised boolean equation systems

Boolean equation system are a useful tool for verifying formulas from modal μ-calculus on transition systems (see [Mader, Lecture Notes in Computer Science, Vol. 1019, 1995, pp. 72-88] for an excellent treatment). We are interested in an extension of boolean equation systems with data. This allows to formulate and prove a substantially wider range of properties on much larger and even infinite state systems. In previous works [Groote and Mateescu, Lecture Notes in Computer Science, Vol. 1548, 1999, pp. 74-90; Groote and Willemse, Sci. Comput. Program., 2005] it has been outlined how to transform a modal formula and a process, both containing data, to a so-called parameterised boolean equation system, or equation system for short. In this article we focus on techniques to solve such equation systems. We introduce a new equivalence between equation systems, because existing equivalences are not compositional. We present techniques similar to GauB elimination as outlined in [Mader, Lecture Notes in Computer Science, Vol. 1019, 1995, pp. 72-88] that allow to solve each equation system provided a single equation can be solved. We give several techniques for solving single equations, such as approximation (known), patterns (new) and invariants (new). Finally, we provide several small but illustrative examples of verifications of modal μ-calculus formulas on concrete processes to show the use of the techniques.

Branching bisimulation for probabilistic systems: characteristics and decidability

We address the concept of abstraction in the setting of probabilistic reactive systems, and study its formal underpinnings for the strictly alternating model of Hansson. In particular, we define the notion of branching bisimilarity and study its properties by studying two other equivalence relations, viz. coloured trace equivalence and branching bisimilarity using maximal probabilities. We show that both alternatives coincide with branching bisimilarity. The alternative characterisations have their own merits and focus on different aspects of branching bisimilarity. Coloured trace equivalence can be understood without knowledge of probability theory and is independent of the notion of a scheduler. Branching bisimilarity, rephrased in terms of maximal probabilities gives rise to an algorithm of polynomial complexity for deciding the equivalence. Together they give a better understanding of branching bisimilarity. Furthermore, we show that the notions of branching bisimilarity in the alternating model of Hansson and in the nonalternating model of Segala differ: branching bisimilarity in the latter setting turns out to discriminate between systems that are intuitively branching bisimilar.

Static Analysis Techniques for Parameterised Boolean Equation Systems

Parameterised Boolean Equation Systems (PBESs) can be used to encode and solve various types of model checking and equivalence checking problems. PBESs are typically solved by symbolic approximation or by instantiation to Boolean Equation Systems (BESs). The latter technique suffers from something similar to the state space explosion problem and we propose to tackle it by static analysis techniques, which we tailor for PBESs. We introduce a method to eliminate redundant parameters and a method to detect constant parameters. Both lead to a better performance of the instantiation and they can sometimes even reduce problems that are intractable due to the infinity of the underlying BES to tractable ones.

A Checker for Modal Formulae for Processes with Data

We present a new technique for the automatic verification of first order modal μ-calculus formulae on infinite state, data-dependent processes. The use of boolean equation systems for solving the model-checking problem in the finite case is well-studied. We extend this technique to infinite state and data-dependent processes. We describe a transformation of the model checking problem to the problem of solving equation systems, and present a semi-decision procedure to solve these equation systems and discuss the capabilities of a prototype implementing our procedure. This prototype has been successfully applied to many systems. We report on its functioning for the Bakery Protocol.

Stuttering mostly speeds up solving parity games

We study the process theoretic notion of stuttering equivalence in the setting of parity games. We demonstrate that stuttering equivalent vertices have the same winner in the parity game. This means that solving a parity game can be accelerated by minimising the game graph with respect to stuttering equivalence. While, at the outset, it might not be clear that this strategy should pay off, our experiments using typical verification problems illustrate that stuttering equivalence speeds up solving parity games in many cases.

Invariants for Parameterised Boolean Equation Systems

The concept of invariance for Parameterised Boolean Equation Systems (PBESs) is studied in greater detail. We identify an issue with the associated theory and fix this problem by proposing a stronger notion of invariance called global invariance. A precise correspondence is proven between the solution of a PBES and the solution of its invariant-strengthened version; this enables one to exploit global invariants when solving PBESs. Furthermore, we show that global invariants are robust w.r.t. all common PBES transformations and that the existing encodings of verification problems into PBESs preserve the invariants of the processes involved. These traits provide additional support for our notion of global invariants, and, moreover, provide an easy manner for transferring (e.g. automatically discovered) process invariants to PBESs. We provide several examples that illustrate the use of global invariants for a variety of verification problems.

Folk theorems on the correspondence between state-based and event-based systems

Kripke Structures and Labelled Transition Systems are the two most prominent semantic models used in concurrency theory. Both models are commonly believed to be equi-expressive. One can find many ad-hoc embeddings of one of these models into the other. We build upon the seminal work of De Nicola and Vaandrager that firmly established the correspondence between stuttering equivalence in Kripke Structures and divergence-sensitive branching bisimulation in Labelled Transition Systems. We show that their embeddings can also be used for a range of other equivalences of interest, such as strong bisimilarity, simulation equivalence, and trace equivalence. Furthermore, we extend the results by De Nicola and Vaandrager by showing that there are additional translations that allow one to use minimisation techniques in one semantic domain to obtain minimal representatives in the other semantic domain for these equivalences.

Search algorithms for automated validation

A novel search technique called highway search is introduced. The search technique relies on a highway simulation which takes several homogeneous walks through a (possibly infinite) state space. Furthermore, we provide a memory-efficient algorithm that approximates a highway search and we prove that, under particular conditions, they coincide. The effectiveness of highway search is compared to two mainstream search techniques, viz. random search and randomised depth-first search. Our results demonstrate that randomised depth-first search explores the least amount of states in the effort of finding states of interest, whereas a highways search yields the shortest witnessing traces to such states.

Language-driven system design

Studies have shown significant benefits of the use of domain-specific languages. However, designing a DSL still seems to be an art, rather than a craft, following a clear methodology. In this paper we discuss a first step towards a methodology for designing such languages. The presented approach, which is referred to as the language-driven approach, is rooted informal techniques and independent of accepted software engineering process models. We illustrate the approach with a small and instructive case study.