2.1 Related work
Smart methods have been recently employed for model checking. A* and Iterative Deepening A*(IDA*) algorithms are used in [6] to check the safety property in the system. In the present research, the Hemming distance between the current state and the goal state is regarded as the heuristic function and then implemented in HAF-APAIN tool to assess. The results indicate that this method is capable of checking the safety property by exploring fewer scenarios than SPAIN. The BDDA* approach given in [7] combines the breadth-first search algorithms with A* algorithm to avoid the exploration of unnecessary states. The results show a higher efficiency of this method in comparison with the breadth-first and depth-first search algorithms. In [8], the authors introduced the DFHS approach for checking the safety property of the system by adding a round back option to the breadth-first search algorithm. This approach is implemented and assessed in the checker of JPF model. The functionality of this method is proved to be much better than that of the breadth-first and depth-first search methods. A heuristics is applied in A* as well as the depth-first search methods by the authors of [9, 10] for checking reachability in the systems modeled by graph transformation. The heuristic function is designed on the basis of the structural similarity between the graph corresponding to the actual state and the ultimate state graph. This shows more enhanced outcomes relative to the depth-first and breadth-first search approaches. In [11, 12], a heuristic function is attained by the authors aimed at reducing the size of state space which can by applied in A* search, the depth-first search, and hill climbing to check the reachability property. The obtained results of this implementation tell of better efficiency compared to the previous techniques cited in [9, 10]. An approach to discover the deadlock error in the reaction systems is presented in [13] where, by the help of genetic algorithm, the search is directed towards the error states rather than the full state space. This is implemented and tested in VERISOFT- a search tool for the state space of the system and proved to be able to discover the error states in a shorter time in comparison with the random methods. A genetic-based way of discovering the dead end error is given in [14] founded on the graph transformation system in which each chromosome has a path of definite length in the state space. Applying mutation and crossover operators in the production of next-generation chromosomes, it aims to discover a path corresponding to the dead end state. Such a path, if any, would be reported as a counterexample. This attempt is guaranteed by the test results as to be successful in certain large models. In some huge and complex models, however, it comes to naught. In the reference [15], a technique was proposed to determine the dead end error in the systems described in terms of graph transformation. The approach is utilized to avoid getting caught in the local optimum trap through a combination of the bird and gravitational algorithms in the direction of the state space search. The estimation results in the GROOVE tool show that the above-mentioned technique is faster and more accurate than the depth-first and breadth-first search as well as the genetic-based algorithms. Another so-called BAPSO way to recognize the dead end state in the software systems is the proposed in [16] which uses bat and bird algorithms. The assessment of this method in GROOVE proves that it has a more proper efficiency than each of the bat and bird algorithms though having been failed in complex systems. The references [17, 18, and 19] ant-colony based methods are designed towards discovering the error state in the model checking process. Since the ant algorithm is set up on the ant's quest for food in the shortest way, generation of short-length discovering paths may be conducive to less storage space for the states. Overall, these approaches could have found the optimum or near-to- optimum responses. By using the bonus-based reinforcement learning, a new approach was proffered in [20] which has been applied in checking of the liveness property of the on-the-fly model. The checking of the on-the-fly model, unlike the ordinary one, is carried out simultaneously with the state space traversal. The results are indicative of insufficient accuracy and the low speed of this method compared to the meta-heuristic ones. In [21], the authors give a heuristic based on data mining to engage in checking safety, liveness, and reachability properties in the complex software systems. By discovering repetitive patterns of a small model of the problem, they could achieve the counterexample negating the above-mentioned properties in the large model. Enjoying though more speed and accuracy relative to the heuristic approaches, it hinges upon the small model of the problem and requires setting the initial parameters in the discovering function of repetitive patterns. By dint of the machine learning technique, the authors of [22] initiated a method for refutation of safety, liveness and verify of the reachability property. Thereupon, alongside the state space traversal, the interdependencies between the rules governing the state space are extracted by the Bayesian network to the purpose of the network enhancement. Then, the discovered knowledge arisen from the Bayesian network is applied to the traversal of the rest of the state space. The GROOVE results represent a good efficiency of this method compared with the evolutionary and meta-heuristic ones. This manner depends on the selection of the part of the state space used in learning the dependencies by the help of Bayesian network. Using the machine learning technique and discovering promise paths in the small model and traversal the paths in the large model thereafter, the authors of [23] have overcome the problem of state space explosion. In comparison with the evolutionary and heuristic methods, this scheme could generate the witness with a shorter length. In [24], while managing the state space in large and complex systems, the researchers achieved a higher accuracy in discovering dead end error via the n-gram technique. Requiring a relatively outsized space to store the n-gram table, this method is not so optimal as regards memory consumption.
Though the above-cited techniques have been able to fairly manage the issue of the state space explosion, the accuracy and speed of the convergence of the proposed methods are yet low especially in large and complex systems. Also, most approaches have only recognized the dead end while more complicated features such as reachability and liveness are still remained to be discussed. By smartening the model checking technique via the supervised machine learning algorithm, it is tried in this paper to achieve a higher efficiency than the previous methods as well as to make it possible to check the reachability property. In our suggested method, first the necessary knowledge is acquired about the operations changing the state of the system using the machine learning algorithm. Then, by the knowledge gained, the state space of the model is explored smartly.
2.2 Graph Transformation System
While model checking, it is necessary that the concerned system be described through a formal and intelligible modeling language. Among others, the graph transformation system comprises a triple GTS (TG, HG, R). Here, TG stands for type graph which shows all the elements in the software system, the labels of each element, and the relationship between the elements. HG designates the host graph representing the initial configuration of the system. The third component R signifies the set of transition rules. (When a rule is applied on one state of the system, the latter is transited from that state to another.)
The GROOVE tool has the capability of automatic checking through generating the state space of the problem. This tool is open source and features could be added to it. This is used here in modeling and analysis of software systems described by the official language of graph transformation.
As an example of a system modelled via GROOVE, one can mention the Dining Philosophers problem with 2 philosophers (see Fig. 1).
Part a represents the type graph TG. In this problem, there are two elements: philosopher and fork. The philosopher has the states (labels) of thinking, to be hungry, grabbing the left fork, grabbing the right fork, and eating. Part b is the host graph showing the configuration of dining two philosophers with two forks. The philosophers are flanked by forks set for common use. In the initial configuration, the position of the elements relative to each other is shown without any rules applied on the problem. In Part c, the rule get-left is applied. Thereupon, the edge labeled 'think' (the blue dotted edge) is removed and the edge with the label 'get-right' (the green edge) is created.
2.3 Model Checking
In model checking, first all the likely cases of the model are explored and then the correctness or incorrectness of the properties is ensured. In case the checking is done well (the state space explosion does not occur), a counterexample/witness is developed.
The counterexamples/witnesses report certain optimal /adverse behaviors of the system and could be used by the experts in fixing design flaws. Among others, safety and reachability property are important features of the software systems checked by this technique. The safety feature indicates that a good/bad item in an assumed system is absolutely true/false. Since the confirmation of this feature entails considering all the system's cases, it is tried that this property is refuted in the sense that an error is emerged in the state space. If so, the path from the beginning stage of the state space towards an error is called a counterexample. Reachability claims that there is a case in the state space in which the supposed property holds (goal state). In this case, the path from the beginning situation of the state space and ending this condition is referred to as a witness.