Seven at one stroke: LTL model checking for high-level specifications in B, Z, CSP, and more

The size of formal models is steadily increasing and there is a demand from industrial users to be able to use expressive temporal query languages for validating and exploring high-level formal specifications. We present an extension of LTL, which is well adapted for validating B, Z and CSP specifications. We present a generic, flexible LTL model checker, implemented inside the PROB tool, that can be applied to a multitude of formalisms such as B, Z, CSP, B||CSP, as well as Object Petri nets, compensating CSP, and dSL. Our algorithm can deal with deadlock states, partially explored state spaces, past operators, and can be combined with existing symmetry reduction techniques of PROB. We establish correctness of our algorithm in general, as well as combined with symmetry reduction. Finally, we present various applications and empirical results of our tool, showing that it can be applied successfully in practice.

[1]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[2]  Joël Ouaknine,et al.  Concurrent software verification with states, events, and deadlocks , 2005, Formal Aspects of Computing.

[3]  C. R. Ramakrishnan,et al.  Efficient Model Checking Using Tabled Resolution , 1997, CAV.

[4]  Michael J. Butler,et al.  Symmetry Reduced Model Checking for B , 2007, First Joint IEEE/IFIP Symposium on Theoretical Aspects of Software Engineering (TASE '07).

[5]  Julien Groslambert Verification of LTL on B Event Systems , 2007, B.

[6]  Thai Son Hoang,et al.  Qualitative Probabilistic Modelling in Event-B , 2007, IFM.

[7]  Ulf Nilsson,et al.  Constraint Logic Programming for Local and Symbolic Model-Checking , 2000, Computational Logic.

[8]  Stephan Merz,et al.  Model Checking , 2000 .

[9]  Samir Chouali,et al.  Verification of Dynamic Constraints for B Event Systems under Fairness Assumptions , 2002, ZB.

[10]  Michael Leuschel,et al.  Efficient Approximate Verification of B via Symmetry Markers , 2007 .

[11]  Daniel Dollé,et al.  B dans le tranport ferroviaire. L'expérience de Siemens Transportation Systems , 2003, Tech. Sci. Informatiques.

[12]  Thierry Massart,et al.  Infinite State Model Checking by Abstract Interpretation and Program Specialisation , 1999, LOPSTR.

[13]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[14]  Julien Groslambert A JAG extension for verifying LTL properties on B event systems , 2007 .

[15]  Marie-Laure Potet,et al.  GeneSyst: A Tool to Reason About Behavioral Aspects of B Event Specifications. Application to Security Properties , 2005, ZB.

[16]  C. R. Ramakrishnan,et al.  Logic Programming and Model Checking , 1998, PLILP/ALP.

[17]  Françoise Bellegarde,et al.  Reformulation: A Way to Combine Dynamic Properties and B Refinement , 2001, FME.

[18]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[19]  Konstantinos Sagonas,et al.  XSB as an efficient deductive database engine , 1994, SIGMOD '94.

[20]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[21]  David L. Dill,et al.  Better Verification Through Symmetry11This research was supported by the “Multi-Module Systems” thrust of the Stanford Center for Integrated Systems. Sun Microsystems provided the computers. , 1993 .

[22]  Thierry Massart,et al.  How to Make FDR Spin LTL Model Checking of CSP by Refinement , 2001, FME.

[23]  Steve A. Schneider,et al.  Augmenting B with Control Annotations , 2007, B.

[24]  Michael Leuschel,et al.  Validating Z Specifications Using the ProBAnimator and Model Checker , 2007, IFM.

[25]  Matthew B. Dwyer,et al.  Using the Bandera Tool Set to Model-Check Properties of Concurrent Java Software , 2001, CONCUR.

[26]  C. R. Ramakrishnan,et al.  Model Checking Linear Temporal Logic Using Tabled Logic Programming , 2000 .

[27]  Benoît Parreaux,et al.  Vérification de systèmes d'événements B par model-checking PLTL : contribution à la réduction de l'explosion combinatoire en utilisant de la résolution de contraintes ensemblistes , 2000 .

[28]  Michael J. Butler,et al.  A Process Compensation Language , 2000, IFM.

[29]  HallAnthony Using Formal Methods to Develop an ATC Information System , 1996 .

[30]  Steve A. Schneider,et al.  Concurrent and Real-time Systems: The CSP Approach , 1999 .

[31]  Samir Chouali,et al.  PLTL-partitioned model checking for reactive systems under fairness assumptions , 2005, TECS.

[32]  Michael Leuschel,et al.  The High Road to Formal Validation: , 2008, ABZ.

[33]  Giorgio Delzanno,et al.  Constraint-based deductive model checking , 2001, International Journal on Software Tools for Technology Transfer.

[34]  Guilhem Pouzancre How to Diagnose a Modern Car with a Formal B Model? , 2003, ZB.

[35]  Moshe Y. Vardi Branching vs. Linear Time: Final Showdown , 2001, TACAS.

[36]  A. W. Roscoe On the expressive power of CSP refinement , 2005, Formal Aspects of Computing.

[37]  Didier Bert,et al.  Specification and Proof of Liveness Properties under Fairness Assumptions in B Event Systems , 2002, IFM.

[38]  Michael Leuschel,et al.  Model checking object petri nets in prolog , 2004, PPDP '04.

[39]  Daniel Dollé,et al.  B in Large-Scale Projects: The Canarsie Line CBTC Experience , 2007, B.

[40]  Tiziana Margaria,et al.  Tools and algorithms for the construction and analysis of systems: a special issue for TACAS 2017 , 2001, International Journal on Software Tools for Technology Transfer.

[41]  Frank Waters,et al.  The B Book , 1971 .

[42]  John Derrick,et al.  Issues in Implementing a Model Checker for Z , 2006, ICFEM.

[43]  Philippe Schnoebelen,et al.  A Hierarchy of Temporal Logics with Past , 1995, Theor. Comput. Sci..

[44]  A. Prasad Sistla,et al.  SMC: a symmetry-based model checker for verification of safety and liveness properties , 2000, TSEM.

[45]  Michael J. Butler,et al.  Symmetry Reduction for B by Permutation Flooding , 2007, B.

[46]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[47]  John Derrick,et al.  Linear Temporal Logic and Z Refinement , 2004, AMAST.

[48]  Michael J. Butler,et al.  ProB: A Model Checker for B , 2003, FME.

[49]  Cédric Meuter,et al.  The formal design of distributed controllers with dSL and Spin , 2005, Formal Aspects of Computing.

[50]  Fabrice Bouquet,et al.  CLPS-B - A Constraint Solver for B , 2002, TACAS.

[51]  Michael J. Butler,et al.  Combining CSP and B for Specification and Property Verification , 2005, FM.

[52]  Steve A. Schneider,et al.  How to Drive a B Machine , 2000, ZB.