Skip to main content
SpringerLink
Log in

Pardinus: A Temporal Relational Model Finder

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

This article presents \(\mathsf {Pardinus}\), an extension of the popular \(\mathsf {Kodkod}\) relational model finder with linear temporal logic (including past operators), to simplify the analysis of dynamic systems. \(\mathsf {Pardinus}\) includes a SAT-based bounded-model checking engine and an SMV-based complete model checking engine, both allowing iteration through the different instances (or counter-examples) of a specification. It also supports a decomposed parallel analysis strategy that improves the efficiency of both analysis engines on commodity multi-core machines.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25
Fig. 26
Fig. 27

Similar content being viewed by others

Notes

  1. https://github.com/AlloyTools/org.alloytools.alloy/releases/tag/v6.0.0.

  2. In practice, \(\mathsf {Kodkod}\) and \(\mathsf {Pardinus}\) are Java libraries and problems are defined programatically.

  3. \(\mathsf {Kodkod}\) (and \(\mathsf {Pardinus}\)) also have some limited support for integers which we omit in this presentation.

  4. The section is not used as its restricted syntax makes it a complex target for generation from \(\mathsf {Pardinus}\).

  5. Remark that we use mathematical symbols rather than concrete SMV syntax for better readability. However, future (\({{\,\mathrm{{\mathsf {X}}}\,}}\), \({{\,\mathrm{{\mathsf {G}}}\,}}\), \({{\,\mathrm{{\mathsf {F}}}\,}}\), \(\mathbin {{\mathsf {U}}}\) and \(\mathbin {{\mathsf {R}}}\)) and past (\({{\,\mathrm{{\mathsf {Y}}}\,}}\), \({{\,\mathrm{{\mathsf {H}}}\,}}\), \({{\,\mathrm{{\mathsf {O}}}\,}}\), \(\mathbin {{\mathsf {S}}}\) and \(\mathbin {{\mathsf {T}}}\)) temporal operators follow the standard textual notation also used in \(\mathsf {SMV}\).

  6. For instance, \(\mathsf {Pardinus}\) also implements an operation to change a segment of a path, which is used by the \(\mathsf {Alloy~6}\) \(\mathsf {Analyzer}\) to change the initial state and for forking paths.

  7. Although omitted for simplicity, bounding expressions may also refer to concrete atoms as regular constant bounds. These are ignored during symmetry breaking.

  8. The complete results are available online at https://bit.ly/2YF6hWL, and scripts to reproduce the results available at the \(\mathsf {Pardinus}\) repository.

References

  1. Bagheri, H., Malek, S.: Titanium: efficient analysis of evolving Alloy specifications. In: SIGSOFT FSE, pp. 27–38. ACM (2016)

  2. Benedetti, M., Cimatti, A.: Bounded model checking for past LTL. In: TACAS, LNCS, vol. 2619, pp. 18–33. Springer (2003)

  3. Biere, A., Cimatti, A., Clarke, E.M., Zhu, Y.: Symbolic model checking without BDDs. In: TACAS, LNCS, vol. 1579, pp. 193–207. Springer (1999)

  4. Bozzano, M., Cavada, R., Cimatti, A., Dorigatti, M., Griggio, A., Mariotti, A., Micheli, A., Mover, S., Roveri, M., Tonetta, S.: nuXmv 2.0.0 User Manual. FBK (2019). https://es.fbk.eu/tools/nuxmv/downloads/nuxmv-user-manual.pdf

  5. Brunel, J., Chemouil, D., Cunha, A., Macedo, N.: The Electrum Analyzer: model checking relational first-order temporal specifications. In: ASE, pp. 884–887. ACM (2018)

  6. Brunel, J., Chemouil, D., Cunha, A., Macedo, N.: Simulation under arbitrary temporal logic constraints. In: F-IDE@FM, EPTCS, vol. 310, pp. 63–69 (2019)

  7. Castillos, K.C., Waeselynck, H., Wiels, V.: Show me new counterexamples: a path-based approach. In: ICST, pp. 1–10. IEEE (2015)

  8. Cavada, R., Cimatti, A., Dorigatti, M., Griggio, A., Mariotti, A., Micheli, A., Mover, S., Roveri, M., Tonetta, S.: The nuXmv symbolic model checker. In: CAV, LNCS, vol. 8559, pp. 334–342. Springer (2014)

  9. Cavada, R., Cimatti, A., Jochim, C.A., Keighren, G., Olivetti, E., Pistore, M., Roveri, M., Tchaltsev, A.: NuSMV 2.6 User Manual. FBK-IRST (2010). http://nusmv.fbk.eu/NuSMV/userman/v26/nusmv.pdf

  10. Chang, E., Roberts, R.: An improved algorithm for decentralized extrema-finding in circular configurations of processes. Commun. ACM 22(5), 281–283 (1979)

    Article  MATH  Google Scholar 

  11. Chang, F.S., Jackson, D.: Symbolic model checking of declarative relational models. In: ICSE, pp. 312–320. ACM (2006)

  12. Chechik, M., Gurfinkel, A.: A framework for counterexample generation and exploration. Int. J. Softw. Tools Technol. Transf. 9(5–6), 429–445 (2007)

    Article  MATH  Google Scholar 

  13. Claessen, K., Sörensson, N.: New techniques that improve MACE-style finite model finding. In: CADE-19 Workshop on Model Computation (2003)

  14. Clarisó, R., Cabot, J.: Diverse scenario exploration in model finders using graph kernels and clustering. In: ABZ, LNCS, vol. 12071. Springer (2020)

  15. Crawford, J.M., Ginsberg, M.L., Luks, E.M., Roy, A.: Symmetry-breaking predicates for search problems. In: KR, pp. 148–159. Morgan Kaufmann (1996)

  16. Cunha, A.: Bounded model checking of temporal formulas with Alloy. In: ABZ, LNCS, vol. 8477, pp. 303–308. Springer (2014)

  17. Cunha, A., Macedo, N., Guimarães, T.: Target oriented relational model finding. In: FASE, LNCS, vol. 8411, pp. 17–31. Springer (2014)

  18. Demri, S., Goranko, V., Lange, M.: Temporal Logics in Computer Science: Finite-State Systems. Cambridge Tracts in Theoretical Computer Science, Cambridge University Press, Cambridge (2016). https://doi.org/10.1017/CBO9781139236119

    Book  MATH  Google Scholar 

  19. Dominguez, A.L.J., Day, N.A.: Generating Multiple Diverse Counterexamples for an EFSM. Technical Report. CS-2013-06. University of Waterloo (2013)

  20. Eisner, C., Fisman, D., Havlicek, J., Lustig, Y., McIsaac, A., Campenhout, D.V.: Reasoning with temporal logic on truncated paths. In: CAV, LNCS, vol. 2725, pp. 27–39. Springer (2003)

  21. Frias, M.F., Galeotti, J.P., Pombo, C.L., Aguirre, N.: DynAlloy: upgrading Alloy with actions. In: ICSE, pp. 442–451. ACM (2005)

  22. Ganov, S.R., Khurshid, S., Perry, D.E.: Annotations for Alloy: automated incremental analysis using domain specific solvers. In: ICFEM, LNCS, vol. 7635, pp. 414–429. Springer (2012)

  23. Hölldobler, S., Manthey, N., Nguyen, V.H., Stecklina, J., Steinke, P.: A short overview on modern parallel SAT-solvers. In: ICACSIS, pp. 201–206. IEEE (2011)

  24. Holzmann, G.J.: The model checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)

    Article  Google Scholar 

  25. Jackson, D.: Software Abstractions: Logic, Language, and Analysis, 2nd edn. MIT Press, Cambridge (2016)

    Google Scholar 

  26. Kromodimoeljo, S.: Controlling the generation of multiple counterexamples in LTL model checking. PhD Thesis, The University of Queensland (2014)

  27. Lamport, L.: The temporal logic of actions. ACM Trans. Program. Lang. Syst. 16(3), 872–923 (1994)

    Article  Google Scholar 

  28. Lamport, L.: Specifying Systems: The \(\rm TLA^+\) Language and Tools for Hardware and Software Engineers. Addison-Wesley, Boston (2002)

    Google Scholar 

  29. Leuschel, M., Butler, M.J.: ProB: a model checker for B. In: FME, LNCS, vol. 2805, pp. 855–874. Springer (2003)

  30. Macedo, N., Brunel, J., Chemouil, D., Cunha, A., Kuperberg, D.: Lightweight specification and analysis of dynamic systems with rich configurations. In: SIGSOFT FSE, pp. 373–383. ACM (2016)

  31. Macedo, N., Cunha, A.: Alloy meets \({{\rm TLA}}^{+}\): an exploratory study. CoRR (2016).abs/1603.03599

  32. Macedo, N., Cunha, A., Guimarães, T.: Exploring scenario exploration. In: FASE, LNCS, vol. 9033, pp. 301–315. Springer (2015)

  33. Macedo, N., Cunha, A., Pessoa, E.: Exploiting partial knowledge for efficient model analysis. In: ATVA, LNCS, vol. 10482, pp. 344–362. Springer (2017)

  34. McCune, W.: Prover9 and Mace4 (2005–2010). http://www.cs.unm.edu/~mccune/prover9/

  35. Meng, B., Reynolds, A., Tinelli, C., Barrett, C.W.: Relational constraint solving in SMT. In: CADE, LNCS, vol. 10395, pp. 148–165. Springer (2017)

  36. Montaghami, V., Rayside, D.: Extending Alloy with partial instances. In: ABZ, LNCS, vol. 7316, pp. 122–135. Springer (2012)

  37. Near, J.P., Jackson, D.: An imperative extension to Alloy. In: ASM, LNCS, vol. 5977, pp. 118–131. Springer (2010)

  38. Nelson, T., Saghafi, S., Dougherty, D.J., Fisler, K., Krishnamurthi, S.: Aluminum: principled scenario exploration through minimality. In: ICSE, pp. 232–241. IEEE (2013)

  39. Plagge, D., Leuschel, M.: Seven at one stroke: LTL model checking for high-level specifications in B, Z, CSP, and more. Int. J. Softw. Tools Technol. Transf. 12(1), 9–21 (2010)

    Article  Google Scholar 

  40. Ponzio, P., Aguirre, N., Frias, M.F., Visser, W.: Field-exhaustive testing. In: SIGSOFT FSE, pp. 908–919. ACM (2016)

  41. Porncharoenwase, S., Nelson, T., Krishnamurthi, S.: CompoSAT: specification-guided coverage for model finding. In: FM, LNCS, vol. 10951, pp. 568–587. Springer (2018)

  42. Reynolds, A., Tinelli, C., Goel, A., Krstic, S.: Finite model finding in SMT. In: CAV, LNCS, vol. 8044, pp. 640–655. Springer (2013)

  43. Rosner, N., Pombo, C.G.L., Aguirre, N., Jaoua, A., Mili, A., Frias, M.F.: Parallel bounded verification of Alloy models by TranScoping. In: VSTTE, LNCS, vol. 8164, pp. 88–107. Springer (2013)

  44. Rosner, N., Siddiqui, J.H., Aguirre, N., Khurshid, S., Frias, M.F.: Ranger: parallel analysis of Alloy models by range partitioning. In: ASE, pp. 147–157. IEEE (2013)

  45. Rozier, K.Y., Vardi, M.Y.: LTL satisfiability checking. STTT 12(2), 123–137 (2010)

    Article  Google Scholar 

  46. Saeki, T., Ishikawa, F., Honiden, S.: Automatic generation of potentially pathological instances for validating Alloy models. In: ICFEM, LNCS, vol. 10009, pp. 41–56 (2016)

  47. Saghafi, S., Danas, R., Dougherty, D.J.: Exploring theories with a model-finding assistant. In: CADE, LNCS, vol. 9195, pp. 434–449. Springer (2015)

  48. Serna, J., Day, N.A., Farheen, S.: DASH: a new language for declarative behavioural requirements with control state hierarchy. In: RE Workshops, pp. 64–68. IEEE Computer Society (2017)

  49. Shlyakhter, I.: Generating effective symmetry-breaking predicates for search problems. Electron. Notes Discrete Math. 9, 19–35 (2001)

    Article  MATH  Google Scholar 

  50. Siegel, A., Santomauro, M., Dyer, T., Nelson, T., Krishnamurthi, S.: Prototyping formal methods tools: a protocol analysis case study. In: Protocols, Logic, and Strands: Essays Dedicated to Joshua Guttman on the Occasion of his 66.66th Birthday, LNCS. Springer (2021).

  51. Sullivan, A., Marinov, D., Khurshid, S.: Solution enumeration abstraction: a modeling idiom to enhance a lightweight formal method. In: ICFEM, LNCS, vol. 11852, pp. 336–352. Springer (2019)

  52. Sullivan, A., Wang, K., Zaeem, R.N., Khurshid, S.: Automated test generation and mutation testing for Alloy. In: ICST, pp. 264–275. IEEE (2017)

  53. Torlak, E., Jackson, D.: Kodkod: a relational model finder. In: TACAS, LNCS, vol. 4424, pp. 632–647. Springer (2007)

  54. Uzuncaova, E., Khurshid, S.: Constraint prioritization for efficient analysis of declarative models. In: FM, LNCS, vol. 5014, pp. 310–325. Springer (2008)

  55. Vakili, A., Day, N.A.: Temporal logic model checking in Alloy. In: ABZ, LNCS, vol. 7316, pp. 150–163. Springer (2012)

  56. Zhang, J., Zhang, H.: SEM: a system for enumerating models. In: IJCAI, pp. 298–303. Morgan Kaufmann (1995)

  57. Zheng, G., Bagheri, H., Rothermel, G., Wang, J.: Platinum: reusing constraint solutions in bounded analysis of relational logic. In: FASE, LNCS, vol. 12076, pp. 29–52. Springer (2020)

Download references

Acknowledgements

Work financed by the European Regional Development Fund (ERDF) through the Operational Programme for Competitiveness and Internationalisation (COMPETE2020) and by National Funds through the Portuguese funding agency, Fundação para a Ciência e a Tecnologia (FCT) within Project POCI-01-0145-FEDER-016826, and the French Research Agency Project FORMEDICIS ANR-16-CE25-0007.

Author information

Authors and Affiliations

  1. INESC TEC and Faculdade de Engenharia da Universidade do Porto, Porto, Portugal

    Nuno Macedo

  2. ONERA DTIS and Université fédérale de Toulouse, Toulouse, France

    Julien Brunel & David Chemouil

  3. INESC TEC and Universidade do Minho, Braga, Portugal

    Alcino Cunha

Authors
  1. Nuno Macedo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Julien Brunel
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. David Chemouil
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Alcino Cunha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nuno Macedo.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Macedo, N., Brunel, J., Chemouil, D. et al. Pardinus: A Temporal Relational Model Finder. J Autom Reasoning 66, 861–904 (2022). https://doi.org/10.1007/s10817-022-09642-2

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-022-09642-2

Keywords

Search

Navigation