Program Model Checking via Action Planning

In this paper we present steps towards a prototype implementation of a C++ software model checker based on AI planning technology. It parses source code annotated with assertions and translates it into the planning domain description language to invoke recent planners. Lifted back to the source code level, computed plans then serve as counterexamples. As the approach can participate from efficient planner in-built search heuristics, the verification procedure is directed. For the translation process, different aspects like parsing, generation of a dependency graph, slicing, property conversion, and data abstraction are described. The program model checker has been embedded as a plugin in the Eclipse software development environment, resulting in an interactive debugging aid. First empirical findings compare the approach with an existing directed program model checker parses the same input and executes object code.

[1]  Marco Pistore,et al.  Weak, strong, and strong cyclic planning via symbolic model checking , 2003, Artif. Intell..

[2]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[3]  Tilman Mehler,et al.  Challenges and Applications of Assembly-Level Software Model Checking , 2006, Künstliche Intell..

[4]  Piergiorgio Bertoli,et al.  Conformant planning via symbolic model checking and heuristic search , 2004, Artif. Intell..

[5]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[6]  Carmel Domshlak,et al.  Landmarks, Critical Paths and Abstractions: What's the Difference Anyway? , 2009, ICAPS.

[7]  Daniel S. Weld Recent Advances in AI Planning , 1999, AI Mag..

[8]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[9]  Larry S. Davis,et al.  Pattern Databases , 1979, Data Base Design Techniques II.

[10]  Ernesto Pimentel,et al.  alpha SPIN: Extending SPIN with Abstraction , 2002, SPIN.

[11]  Paul Pettersson,et al.  Tools and Algorithms for the Construction and Analysis of Systems: 28th International Conference, TACAS 2022, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2022, Munich, Germany, April 2–7, 2022, Proceedings, Part II , 1998, TACAS.

[12]  Malte Helmert,et al.  Decidability and Undecidability Results for Planning with Numerical State Variables , 2002, PuK.

[13]  Kedar S. Namjoshi,et al.  Orion: High-Precision Methods for Static Error Analysis of C and C++ Programs , 2005, FMCO.

[14]  Jörg Hoffmann,et al.  The Metric-FF Planning System: Translating ''Ignoring Delete Lists'' to Numeric State Variables , 2003, J. Artif. Intell. Res..

[15]  Patrik Haslum,et al.  Directed Unfolding of Petri Nets , 2008, Trans. Petri Nets Other Model. Concurr..

[16]  Bjarne Stroustrup,et al.  The C++ programming language (2nd ed.) , 1991 .

[17]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[18]  Lucas C. Cordeiro,et al.  Bounded Model Checking of Multi-threaded Software using SMT solvers , 2010, ArXiv.

[19]  Stefan Edelkamp,et al.  Model Checking and Artificial Intelligence, 4th Workshop, MoChArt IV, Riva del Garda, Italy, August 29, 2006, Revised Selected and Invited Papers , 2007, MoChArt.

[20]  Stefan Edelkamp,et al.  External Memory Search for Verification of Multi-threaded C++ Programs , 2008, Künstliche Intell..

[21]  Stefan Edelkamp,et al.  Directed explicit-state model checking in the validation of communication protocols , 2004, International Journal on Software Tools for Technology Transfer.

[22]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[23]  Arend Rensink,et al.  Graph Transformation and AI Planning , 2007 .

[24]  Malte Helmert,et al.  A Planning Heuristic Based on Causal Graph Analysis , 2004, ICAPS.

[25]  Patrik Haslum,et al.  Flexible Abstraction Heuristics for Optimal Sequential Planning , 2007, ICAPS.

[26]  Willem Visser,et al.  Model Checking Programs with Java PathFinder , 2005, SPIN.

[27]  Yichen Xie,et al.  Zing: Exploiting Program Structure for Model Checking Concurrent Software , 2004, CONCUR.

[28]  Patrik Haslum,et al.  New Admissible Heuristics for Domain-Independent Planning , 2005, AAAI.

[29]  Stefan Edelkamp,et al.  Action Planning for Graph Transition Systems , 2005 .

[30]  Bjarne Stroustrup,et al.  C++ Programming Language , 1986, IEEE Softw..

[31]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[32]  Orna Grumberg,et al.  Bounded Model Checking of Concurrent Programs , 2005, CAV.

[33]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[34]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[35]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[36]  Stefan Edelkamp,et al.  Directed Error Detection in C++ with the Assembly-Level Model Checker StEAM , 2004, SPIN.

[37]  Fausto Giunchiglia,et al.  Planning via Model Checking: A Decision Procedure for AR , 1997, ECP.

[38]  Kim G. Larsen,et al.  Fast Directed Model Checking Via Russian Doll Abstraction , 2008, TACAS.

[39]  Frank D. Valencia,et al.  Formal Methods for Components and Objects , 2002, Lecture Notes in Computer Science.

[40]  Tom Bylander,et al.  The Computational Complexity of Propositional STRIPS Planning , 1994, Artif. Intell..

[41]  Barbara König,et al.  Augur - A Tool for the Analysis of Graph Transformation Systems , 2005, Bull. EATCS.

[42]  S. Edelkamp,et al.  The Deterministic Part of IPC-4: An Overview , 2005, J. Artif. Intell. Res..

[43]  Stefan Edelkamp,et al.  Solving µ-Calculus Parity Games by Symbolic Planning , 2009, MoChArt.

[44]  Theo C. Ruys,et al.  MoonWalker: Verification of .NET Programs , 2009, TACAS.

[45]  Bart Selman,et al.  Pushing the Envelope: Planning, Propositional Logic and Stochastic Search , 1996, AAAI/IAAI, Vol. 2.

[46]  Maria Fox,et al.  PDDL2.1: An Extension to PDDL for Expressing Temporal Planning Domains , 2003, J. Artif. Intell. Res..

[47]  Lucas C. Cordeiro,et al.  SMT-based bounded model checking for multi-threaded software in embedded systems , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[48]  S. Edelkamp,et al.  Engineering Benchmarks for Planning: the Domains Used in the Deterministic Part of IPC-4 , 2006, J. Artif. Intell. Res..

[49]  Klaus Havelund,et al.  Program model checking as a new trend , 2002, International Journal on Software Tools for Technology Transfer.

[50]  Stefan Edelkamp,et al.  Action Planning for Directed Model Checking of Petri Nets , 2006, MoChArt@CONCUR/SPIN.

[51]  Dragan Bosnacki,et al.  Survey on Directed Model Checking , 2009, MoChArt.

[52]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[53]  Patrik Haslum,et al.  Deterministic planning in the fifth international planning competition: PDDL3 and experimental evaluation of the planners , 2009, Artif. Intell..

[54]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[55]  D. Galloway Should surgeons still sit an exit examination , 2005 .

[56]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[57]  Malte Helmert,et al.  The Causal Graph Revisited for Directed Model Checking , 2009, SAS.

[58]  Stefan Edelkamp,et al.  Distributed Verification of Multi-threaded C++ Programs , 2008, Electron. Notes Theor. Comput. Sci..

[59]  Stefan Edelkamp,et al.  Promela Planning , 2003, SPIN.

[60]  Alex Groce,et al.  Heuristics for model checking Java programs , 2004, International Journal on Software Tools for Technology Transfer.