[80] | 1 | We have conducted preliminary experiments to tests and compare the performance of our strategy with existing abstraction-refinement technique available in VIS. There several abstraction-refinement techniques implemented in VIS accessible via \emph{approximate\_model\_check}, \emph{iterative\_model\_check}, \emph{check\_invariant} and \emph{incremental\_ctl\_model\_check} commands. However, among the techniques available, \emph{incremental\_ctl\_model\_check} is the only abstraction-refinement technique that supports CTL formulas and fairness constraints which are necessary in our test platforms. It is an automatic abstraction refinement algorithm which generates an initial conservative abstraction principally by reducing the size of the latches by a constant factor. If the initial abstraction is not conclusive, a \emph{goal set} will then be computed in order to guide the refinement process \cite{PardoHachtel98incremCTLMC} \cite{PardoHachtel97autoAbsMC}. |
---|
[64] | 2 | |
---|
[80] | 3 | |
---|
[73] | 4 | We have executed and compared the execution time and the number of refinement iterations for two examples: VCI-PI platform consisting of Virtual Component Interface (VCI), a PI-Bus and VCI-PI protocol converter and a simplified version of a CAN bus platform consisting of 3 nodes on a CAN bus. Table \ref{StatsVCI_PI} and Table \ref{StatsCAN_Bus} give the size and the statistics concerning the VCI-PI platform and CAN bus platform respectively. All the values are obtained using the \emph{compute\_reach} command with option \emph{-v 1} in VIS except the number of BDD variables, computed using the \emph{print\_bdd\_stats} command. The experiments have been executed on a PC with an AMD Athlon dual-core processor 4450e and 1.8GB of RAM memory. |
---|
[66] | 5 | |
---|
[80] | 6 | |
---|
[71] | 7 | \begin{table*} [ht] |
---|
[80] | 8 | \hspace*{17mm} |
---|
| 9 | \begin{tabular}{clcccc} |
---|
[66] | 10 | |
---|
[71] | 11 | \toprule |
---|
[80] | 12 | \multicolumn{2}{c}{\textbf{VCI-PI}} & \emph{Number of} & \emph{BDD} & \emph{Number of } & \emph{Analysis}\\ |
---|
| 13 | \multicolumn{2}{c}{\textbf{Platform}} &\emph{BDD Variables} & \emph{Size} & \emph{Reachable States} & \emph{Time (s)} \\ |
---|
[71] | 14 | \midrule |
---|
| 15 | \midrule |
---|
[80] | 16 | & 1 Master-1 Slave & 308 & 33 442 & 3.64116e+06 & 41.49 \\ |
---|
| 17 | Concrete & 2 Masters-1 Slave & 453 & 140297 & 2.42518e+11 & 1922.75 \\ |
---|
| 18 | Model & 4 Masters-1 Slave & 737 & N/A & N/A & >3days \\ |
---|
| 19 | & 4 Masters-2 Slaves & 911 & N/A & N/A & >3days \\ |
---|
[71] | 20 | \midrule |
---|
| 21 | \midrule |
---|
[80] | 22 | Final & 1 Master-1 Slave & 197 & 76 & 5.03316e+07 & 0.01 \\ |
---|
| 23 | Abstract & 2 Masters-1 Slave & 301 & 99 & 4.12317e+11 & 0.02 \\ |
---|
| 24 | Model & 4 Masters-1 Slave & 501 & 147 & 3.45876e+18 & 0.03\\ |
---|
| 25 | for $\phi_1$ & 4 Masters-2 Slaves & 589 & 167 & 7.08355e+21 & 0.04 \\ |
---|
[71] | 26 | \midrule |
---|
[80] | 27 | Final & 1 Master-1 Slave & 194 & 50 & 2.62144e+07 & 0 \\ |
---|
| 28 | Abstract & 2 Masters-1 Slave & 298 & 73 & 2.14748e+11 & 0.01 \\ |
---|
| 29 | Model & 4 Masters-1 Slave & 498 & 121 & 1.80144e+18 & 0.02 \\ |
---|
| 30 | for $\phi_2$ & 4 Masters-2 Slaves & 586 & 141 & 3.68935e+21 & 0.02 \\ |
---|
[71] | 31 | \bottomrule |
---|
| 32 | \bottomrule |
---|
| 33 | \end{tabular} |
---|
| 34 | |
---|
| 35 | \caption{\label{StatsVCI_PI} Statistics on the VCI-PI platform} |
---|
| 36 | \end{table*} |
---|
| 37 | %\medskip |
---|
| 38 | |
---|
| 39 | |
---|
[80] | 40 | |
---|
[71] | 41 | \begin{table*} [ht] |
---|
[80] | 42 | \hspace*{15mm} |
---|
| 43 | \begin{tabular}{ccccc} |
---|
[71] | 44 | |
---|
| 45 | \toprule |
---|
[80] | 46 | \textbf{CAN Bus} & \emph{Number of} & \emph{BDD} & \emph{Number of } & \emph{Analysis}\\ |
---|
| 47 | \textbf{Platform} &\emph{BDD Variables} & \emph{Size} & \emph{Reachable States} & \emph{Time (s)} \\ |
---|
[71] | 48 | \midrule |
---|
| 49 | \midrule |
---|
[80] | 50 | Concrete Model & 822 & 140586 & 3.7354e+07 & 294.6 \\ |
---|
[71] | 51 | \midrule |
---|
| 52 | \midrule |
---|
[80] | 53 | Final Abstract Model for $\phi_1$ & 425 & 187 & 1.66005e+12 & 0.03 \\ |
---|
[71] | 54 | \midrule |
---|
[80] | 55 | Final Abstract Model for $\phi_2$ & 425 & 187 & 1.66005e+12 & 0.04 \\ |
---|
[71] | 56 | \bottomrule |
---|
| 57 | \bottomrule |
---|
| 58 | \end{tabular} |
---|
| 59 | |
---|
| 60 | \caption{\label{StatsCAN_Bus} Statistics on the CAN Bus platform} |
---|
| 61 | \end{table*} |
---|
| 62 | |
---|
| 63 | |
---|
[80] | 64 | |
---|
| 65 | |
---|
[66] | 66 | \begin{table} [h] |
---|
| 67 | %\hspace*{-8mm} |
---|
| 68 | \begin{tabular}{cccc} |
---|
| 69 | |
---|
| 70 | \toprule |
---|
[71] | 71 | \emph{Global} &\emph{Verification} & \emph{Refinement} & \emph{Verif.} \\ |
---|
| 72 | \emph{Property} & \emph{Technique} & \emph{Iteration} & \emph{Time (s)} \\ |
---|
[66] | 73 | \midrule |
---|
| 74 | \midrule |
---|
[71] | 75 | \multicolumn{4}{l}{\textbf{\underline{1 Master - 1 Slave :}}} \\ |
---|
| 76 | & Prop. Selection & 1 & 2.2 \\ |
---|
| 77 | $\phi_1$ & Incremental & 0 & 18.1 \\ |
---|
| 78 | & Standard MC & - & 14.9 \\ |
---|
[66] | 79 | \midrule |
---|
[71] | 80 | & Prop. Selection & 0 & 1.0 \\ |
---|
| 81 | $\phi_2$ & Incremental & 467 & 168.0 \\ |
---|
| 82 | & Standard MC & - & 14.9 \\ |
---|
| 83 | \midrule |
---|
| 84 | \midrule |
---|
| 85 | \multicolumn{4}{l}{\textbf{\underline{2 Masters - 1 Slave :}}} \\ |
---|
| 86 | & Prop. Selection & 1 & 2.0 \\ |
---|
[80] | 87 | $\phi_1$ & Incremental & 0 & 107.7 \\ |
---|
| 88 | & Standard MC & - & 1181.8 \\ |
---|
[71] | 89 | \midrule |
---|
| 90 | & Prop. Selection & 0 & 1.0 \\ |
---|
[80] | 91 | $\phi_2$ & Incremental & 0 & 108.5 \\ |
---|
| 92 | & Standard MC & - & 1103.3 \\ |
---|
[71] | 93 | \midrule |
---|
| 94 | \midrule |
---|
| 95 | \multicolumn{4}{l}{\textbf{\underline{4 Masters - 1 Slave :}}} \\ |
---|
| 96 | & Prop. Selection & 1 & 2.1 \\ |
---|
[80] | 97 | $\phi_1$ & Incremental & N/A & >3 days \\ |
---|
| 98 | & Standard MC & - & >3 days \\ |
---|
[71] | 99 | \midrule |
---|
| 100 | & Prop. Selection & 0 & 1.0 \\ |
---|
[80] | 101 | $\phi_2$ & Incremental & N/A & >3 days \\ |
---|
| 102 | & Standard MC & - & >3 days \\ |
---|
[71] | 103 | \midrule |
---|
| 104 | \midrule |
---|
| 105 | \multicolumn{4}{l}{\textbf{\underline{4 Masters - 2 Slaves :}}} \\ |
---|
[75] | 106 | & Prop. Selection & 1 & 2.2 \\ |
---|
[80] | 107 | $\phi_1$ & Incremental & N/A & >3 days \\ |
---|
| 108 | & Standard MC & - & >3 days \\ |
---|
[71] | 109 | \midrule |
---|
[75] | 110 | & Prop. Selection & 0 & 1.1\\ |
---|
[80] | 111 | $\phi_2$ & Incremental & N/A & >3 days \\ |
---|
| 112 | & Standard MC & - & >3 days\\ |
---|
[71] | 113 | \bottomrule |
---|
[66] | 114 | \bottomrule |
---|
| 115 | |
---|
| 116 | \end{tabular} |
---|
| 117 | |
---|
[71] | 118 | \caption{\label{TabVCI_PI} Results on the VCI-PI platform } |
---|
[66] | 119 | \end{table} |
---|
| 120 | |
---|
| 121 | %\medskip |
---|
| 122 | |
---|
[72] | 123 | |
---|
[66] | 124 | \begin{table} [h] |
---|
| 125 | %\hspace*{-8mm} |
---|
[71] | 126 | \begin{tabular}{lcccc} |
---|
[66] | 127 | |
---|
| 128 | \toprule |
---|
[71] | 129 | \emph{Global} & \emph{Verification} & \emph{Refinement} & \emph{Verif.} \\ |
---|
| 130 | \emph{Property} & \emph{Technique} & \emph{Iteration} & \emph{Time (s)} \\ |
---|
[66] | 131 | \midrule |
---|
| 132 | \midrule |
---|
[80] | 133 | & Prop. Selection & 0 & 1.02 \\ |
---|
| 134 | $\phi_3$ & Incremental & N/A & N/A \\ |
---|
| 135 | & Standard MC & - & N/A \\ |
---|
[66] | 136 | \midrule |
---|
[80] | 137 | & Prop. Selection & 0 & 1.01\\ |
---|
| 138 | $\phi_4$ & Incremental & N/A & N/A \\ |
---|
| 139 | & Standard MC & - & N/A \\ |
---|
[66] | 140 | \bottomrule |
---|
| 141 | |
---|
| 142 | \end{tabular} |
---|
| 143 | |
---|
[71] | 144 | \caption{\label{TabCANBus} Results on the CAN Bus platform } |
---|
[66] | 145 | \end{table} |
---|
| 146 | |
---|
| 147 | |
---|
| 148 | |
---|
[80] | 149 | In the following tables: Table \ref{TabVCI_PI} and Table \ref{TabCANBus}, we compare the execution time between our technique (Prop. Selection), incremental\_ctl\_verification (Incremental) and the standard model checking (Standard MC) computed using the \emph{model\_check} command in VIS (Note: Dynamic variable ordering has been enabled with sift method). For the VCI-PI platform, the global property $\phi_1$ is the type $AF((p=1)*AF(q=1))$ and $\phi_2$ is actually a stronger version of the same formula with $AG(AF((p=1)*AF(q=1)))$. We have a total of 42 verifed components properties to be selected in VCI-PI plateform and for the verification of $\phi_1$ we have restrained the selectable properties only to those without AG prefix. In comparison to $\phi_2$, we can see that, a better set of properties available will result in a better abstraction and less refinement iterations. |
---|
[75] | 150 | |
---|
| 151 | |
---|
[80] | 152 | In the case of the CAN bus platform, the global property $\phi_3$ is the type $AG(((p'=1)*(q'=1)*AF(r_1=1)) -> AF((s_1=1)*AF(t_1=1)))$ and $\phi_4 = AG(((p'=1)*(q'=1)*AG(r_2=0)) -> AG((s_2=0)*(t_2=0)))$. We have at our disposal 103 verified component properties and after the selection process, 3 selected component properties were sufficient to verify both global properties. |
---|
[75] | 153 | |
---|
[80] | 154 | Globally, we can see that our technique systematically computes faster than the other two methods and interestingly in the case where the size of the platform increases by adding the more connected components, in contrary to the other two methods, our computation time remains stable. |
---|
| 155 | |
---|
| 156 | |
---|
| 157 | |
---|
[75] | 158 | %\medskip |
---|
| 159 | |
---|
| 160 | |
---|