Linear Encodings of Bounded LTL Model Checking

We consider the problem of bounded model checking (BMC) for linear tempo- ral logic (LTL). We present several efficient encodings that have size linear in the bound. Furthermore, we show how the encodings can be extended to LTL with past operators (PLTL). The generalised encoding is still of linear size, but cannot detect minimal length counterexamples. By using the virtual unrolling technique minimal length counterexam- ples can be captured, however, the size of the encoding is quadratic in the specification. We also extend virtual unrolling to Buchi automata, enabling them to accept minimal length counterexamples. Our BMC encodings can be made incremental in order to benefit from incremental SAT technology. With fairly small modifications the incremental encoding can be further enhanced with a termination check, allowing us to prove properties with BMC. An analysis of the liveness-to-safety transformation reveals many similarities to the BMC encodings in this paper. We conduct experiments to determine the advantage of em- ploying dedicated BMC encodings for PLTL over combining more general but potentially less efficient approaches with BMC: the liveness-to-safety t with invariant checking and Buchi automata with fair cycle detection. Experiments clearly show that our new encodings improve performance of BMC con- siderably, particularly in the case of the incremental encoding, and that they are very competitive for finding bugs. Dedicated encodings seem to have an advantage over using more general methods with BMC. Using the liveness-to-safety translation with BDD-based invariant checking results in an efficient method to find shortest counterexamples that com- plements the BMC-based approach. For proving complex properties BDD-based methods still tend to perform better.

[1]  Ofer Strichman,et al.  Pruning Techniques for the SAT-Based Bounded Model Checking Problem , 2001, CHARME.

[2]  Harald Ruess,et al.  Lazy Theorem Proving for Bounded Model Checking over Infinite Domains , 2002, CADE.

[3]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, Formal Methods Syst. Des..

[4]  Ahmed Bouajjani,et al.  Abstract Regular Model Checking , 2004, CAV.

[5]  Tomi Janhunen,et al.  Representing Normal Programs with Clauses , 2004, ECAI.

[6]  Ofer Strichman,et al.  Accelerating Bounded Model Checking of Safety Properties , 2004, Formal Methods Syst. Des..

[7]  Armin Biere,et al.  A survey of recent advances in SAT-based formal verification , 2005, International Journal on Software Tools for Technology Transfer.

[8]  Ilkka Niemelä,et al.  Bounded LTL model checking with stable models , 2003, Theory Pract. Log. Program..

[9]  Chin-Laung Lei,et al.  Modalities for Model Checking: Branching Time Logic Strikes Back , 1987, Sci. Comput. Program..

[10]  Fabio Somenzi,et al.  Efficient Büchi Automata from LTL Formulae , 2000, CAV.

[11]  Keijo Heljanko,et al.  Testing LTL formula translation into Büchi automata , 2002, International Journal on Software Tools for Technology Transfer.

[12]  Timo Latvala,et al.  Automata-theoretic and bounded model checking for linear temporal logic , 2005 .

[13]  Viktor Schuppan,et al.  Verifying the IEEE 1394 FireWire Tree Identify Protocol with SMV , 2003, Formal Aspects of Computing.

[14]  Tiziano Villa,et al.  VIS: A System for Verification and Synthesis , 1996, CAV.

[15]  Fausto Giunchiglia,et al.  Improved Automata Generation for Linear Temporal Logic , 1999, CAV.

[16]  Timo Latvala,et al.  Efficient Model Checking of Safety Properties , 2003, SPIN.

[17]  Fabio Somenzi,et al.  Termination Criteria for Bounded Model Checking: Extensions and Comparison , 2005, BMC@CAV.

[18]  Marco Pistore,et al.  Improving the Encoding of LTL Model Checking into SAT , 2002, VMCAI.

[19]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[20]  Niklas Sörensson,et al.  Temporal induction by incremental SAT solving , 2003, BMC@CAV.

[21]  Chin-Laung Lei,et al.  Efficient Model Checking in Fragments of the Propositional Mu-Calculus (Extended Abstract) , 1986, LICS.

[22]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[23]  Armin Biere,et al.  Simple Is Better: Efficient Bounded Model Checking for Past LTL , 2005, VMCAI.

[24]  Marco Roveri,et al.  Symbolic Implementation of Alternating Automata , 2006, CIAA.

[25]  Ilkka Niemelä,et al.  BMC via on-the-fly determinization , 2003, Electron. Notes Theor. Comput. Sci..

[26]  Stefan Edelkamp,et al.  Large-Scale Directed Model Checking LTL , 2006, SPIN.

[27]  Marco Roveri,et al.  From PSL to NBA: a Modular Symbolic Encoding , 2006, 2006 Formal Methods in Computer Aided Design.

[28]  Moshe Y. Vardi,et al.  SAT-based Induction for Temporal Safety Properties , 2005, BMC@CAV.

[29]  Keijo Heljanko,et al.  Bounded Reachability Checking with Process Semantics , 2001, CONCUR.

[30]  Kenneth L. McMillan,et al.  The SMV System , 1993 .

[31]  Viktor Schuppan,et al.  Efficient reduction of finite state model checking to reachability analysis , 2004, International Journal on Software Tools for Technology Transfer.

[32]  Kousha Etessami,et al.  Optimizing Büchi Automata , 2000, CONCUR.

[33]  Fabio Somenzi,et al.  Proving More Properties with Bounded Model Checking , 2004, CAV.

[34]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[35]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[36]  Viktor Schuppan,et al.  Liveness checking as safety checking to find shortest counterexamples to linear time properties , 2006 .

[37]  Paul Gastin,et al.  LTL with Past and Two-Way Very-Weak Alternating Automata , 2003, MFCS.

[38]  Martin Lange,et al.  Bounded Model Checking for Weak Alternating Büchi Automata , 2006, CAV.

[39]  Sharad Malik,et al.  Efficient conflict driven learning in a Boolean satisfiability solver , 2001, IEEE/ACM International Conference on Computer Aided Design. ICCAD 2001. IEEE/ACM Digest of Technical Papers (Cat. No.01CH37281).

[40]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[41]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[42]  Philippe Schnoebelen,et al.  Temporal logic with forgettable past , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[43]  Tracy Larrabee,et al.  Explorations of sequential ATPG using Boolean satisfiability , 1993, Digest of Papers Eleventh Annual 1993 IEEE VLSI Test Symposium.

[44]  Bart Selman,et al.  Planning as Satisfiability , 1992, ECAI.

[45]  Laurent Simon,et al.  Fifty-Five Solvers in Vancouver: The SAT 2004 Competition , 2004, SAT (Selected Papers.

[46]  Armin Biere,et al.  Effective Preprocessing in SAT Through Variable and Clause Elimination , 2005, SAT.

[47]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[48]  Ofer Strichman,et al.  Bounded model checking , 2003, Adv. Comput..

[49]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[50]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[51]  Toni Jussila,et al.  On bounded model checking of asynchronous systems , 2005 .

[52]  Orna Kupferman,et al.  Model Checking of Safety Properties , 1999, Formal Methods Syst. Des..

[53]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[54]  Joël Ouaknine,et al.  Computational challenges in bounded model checking , 2005, International Journal on Software Tools for Technology Transfer.

[55]  Roberto Sebastiani,et al.  "More Deterministic" vs. "Smaller" Büchi Automata for Efficient LTL Model Checking , 2003, CHARME.

[56]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[57]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[58]  Frank S. de Boer,et al.  Modeling and Verification of Reactive Systems using Rebeca , 2004, Fundam. Informaticae.

[59]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[60]  Marco Benedetti,et al.  Incremental Compilation-to-SAT Procedures , 2004, SAT.

[61]  Klaus Schneider,et al.  Improving Automata Generation for Linear Temporal Logic by Considering the Automaton Hierarchy , 2001, LPAR.

[62]  Marco Roveri,et al.  Bounded Verification of Past LTL , 2004, FMCAD.

[63]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[64]  Timo Latvala,et al.  Incremental and Complete Bounded Model Checking for Full PLTL , 2005, CAV.

[65]  Viktor Schuppan,et al.  Shortest Counterexamples for Symbolic Model Checking of LTL with Past , 2005, TACAS.

[66]  Amir Pnueli,et al.  The Glory of the Past , 1985, Logic of Programs.

[67]  Viktor Schuppan,et al.  Liveness Checking as Safety Checking , 2002, FMICS.

[68]  Pierre Wolper,et al.  Reasoning about infinite computation paths , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[69]  Fabio Somenzi,et al.  An Incremental Algorithm to Check Satisfiability for Bounded Model Checking , 2005, Electron. Notes Theor. Comput. Sci..

[70]  Joël Ouaknine,et al.  Completeness and Complexity of Bounded Model Checking , 2004, VMCAI.

[71]  Viktor Schuppan,et al.  Liveness Checking as Safety Checking for Infinite State Spaces , 2006, INFINITY.

[72]  Moshe Y. Vardi,et al.  Efficient LTL compilation for SAT-based model checking , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[73]  SAT 2004 - The Seventh International Conference on Theory and Applications of Satisfiability Testing, 10-13 May 2004, Vancouver, BC, Canada, Online Proceedings , 2004, SAT.

[74]  M ClarkeEdmund,et al.  Another Look at LTL Model Checking , 1997 .

[75]  Ofer Shtrichman Pruning Techniques for the SAT-Based Bounded Model Checking Problem , 2001 .

[76]  Marco Benedetti,et al.  Bounded Model Checking for Past LTL , 2003, TACAS.

[77]  Edmund M. Clarke,et al.  Efficient generation of counterexamples and witnesses in symbolic model checking , 1995, DAC '95.

[78]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[79]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[80]  Armin Biere,et al.  Verifiying Safety Properties of a Power PC Microprocessor Using Symbolic Model Checking without BDDs , 1999, CAV.

[81]  Jean-Michel Couvreur,et al.  On-the-Fly Verification of Linear Temporal Logic , 1999, World Congress on Formal Methods.

[82]  Daniel Sheridan,et al.  The Optimality of a Fast CNF Conversion and its Use with SAT , 2004, SAT.

[83]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[84]  Daniel Kroening,et al.  Efficient Computation of Recurrence Diameters , 2003, VMCAI.

[85]  Bart Selman,et al.  Pushing the Envelope: Planning, Propositional Logic and Stochastic Search , 1996, AAAI/IAAI, Vol. 2.

[86]  Joonyoung Kim,et al.  SATIRE: A new incremental satisfiability engine , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[87]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[88]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[89]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[90]  Armin Biere,et al.  Simple Bounded LTL Model Checking , 2004, FMCAD.

[91]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[92]  Marco Roveri,et al.  Symbolic Implementation of Alternating Automata , 2006, CIAA.