Model Checking of Safety Properties

Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region. Proof rules for the verification of safety properties have been developed in the proof-based approach to verification, making verification of safety properties simpler than verification of general properties. In this paper we consider model checking of safety properties. A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixed-point expression over the system's state space, and is often infeasible. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for finite bad prefixes. Such a search can be performed using a simple forward or backward symbolic reachability check. A naive methodology that is based on such a search involves a construction of an automaton (or a tableau) that is doubly exponential in the property. We present an analysis of safety properties that enables us to prevent the doubly-exponential blow up and to use the same automaton used for model checking of general properties, replacing the search for bad cycles by a search for bad prefixes.

[1]  Journal of the Association for Computing Machinery , 1961, Nature.

[2]  A. R. Meyer,et al.  Economy of Description by Automata, Grammars, and Formal Systems , 1971, SWAT.

[3]  Albert R. Meyer,et al.  The Equivalence Problem for Regular Expressions with Squaring Requires Exponential Space , 1972, SWAT.

[4]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[5]  Leslie Lamport,et al.  Proving Liveness Properties of Concurrent Programs , 1982, TOPL.

[6]  J. S. Moore,et al.  Proof-Checking, Theorem Proving, and Program Verification. , 1983 .

[7]  E. Allen Emerson,et al.  Alternative Semantics for Temporal Logics , 1981, Theor. Comput. Sci..

[8]  Pierre Wolper,et al.  Synthesis of Communicating Processes from Temporal Logic Specifications , 1981, TOPL.

[9]  Satoru Miyano,et al.  Alternating Finite Automata on omega-Words , 1984, CAAP.

[10]  A. P. Sistla,et al.  The complexity of propositional linear temporal logics , 1985, JACM.

[11]  Bowen Alpern,et al.  Defining Liveness , 1984, Inf. Process. Lett..

[12]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[13]  A. P. Sistla,et al.  Automatic verification of finite-state concurrent systems using temporal logic specifications , 1986, TOPL.

[14]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[15]  Pierre Wolper,et al.  Automata theoretic techniques for modal logics of programs: (Extended abstract) , 1984, STOC '84.

[16]  S. Safra,et al.  On the complexity of omega -automata , 1988, [Proceedings 1988] 29th Annual Symposium on Foundations of Computer Science.

[17]  C. Rattray,et al.  Specification and Verification of Concurrent Systems , 1990, Workshops in Computing.

[18]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[19]  Joseph Sifakis,et al.  Safety for Branching Time Semantics , 1991, ICALP.

[20]  Pierre Wolper,et al.  Using partial orders for the efficient verification of deadlock freedom and safety properties , 1991, Formal Methods Syst. Des..

[21]  Nissim Francez,et al.  Program verification , 1992, International computer science series.

[22]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[23]  Kenneth L. McMillan,et al.  Using Unfoldings to Avoid the State Explosion Problem in the Verification of Asynchronous Circuits , 1992, CAV.

[24]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[25]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[26]  Pierre Wolper,et al.  Using partial orders for the efficient verification of deadlock freedom and safety properties , 1991, Formal Methods Syst. Des..

[27]  E. Clarke,et al.  Automatic Veriication of Nite-state Concurrent Systems Using Temporal-logic Speciications. Acm , 1993 .

[28]  Antti Valmari,et al.  On-the-Fly Verification with Stubborn Sets , 1993, CAV.

[29]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[30]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[31]  Edward Y. Chang,et al.  STeP: The Stanford Temporal Prover , 1995, TAPSOFT.

[32]  Moshe Y. Vardi An Automata-Theoretic Approach to Linear Temporal Logic , 1996, Banff Higher Order Workshop.

[33]  Robert K. Brayton,et al.  Testing Language Containment for omega-Automata Using BDD's , 1995, Inf. Comput..

[34]  Kavita Ravi,et al.  High-density reachability analysis , 1995, ICCAD.

[35]  Avijit Saha,et al.  Checking formal specifications under simulation , 1997, Proceedings International Conference on Computer Design VLSI in Computers and Processors.

[36]  H. Iwashita,et al.  Forward model checking techniques oriented to buggy designs , 1997, 1997 Proceedings of IEEE International Conference on Computer Aided Design (ICCAD).

[37]  Nils Klarlund,et al.  Mona & Fido: The Logic-Automaton Connection in Practice , 1997, CSL.

[38]  Stephan Melzer,et al.  Deadlock Checking Using Net Unfoldings , 1997, CAV.

[39]  Jian Shen,et al.  On Combining Formal and Informal Verification , 1997, CAV.

[40]  Adnan Aziz,et al.  Hybrid techniques for fast functional simulation , 1998, DAC.

[41]  Orna Kupferman,et al.  Freedom, weakness, and determinism: from linear-time to branching-time , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[42]  Masahiro Fujita,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, DAC '99.

[43]  Pierre Wolper,et al.  An automata-theoretic approach to branching-time model checking , 2000, JACM.

[44]  Ilan Beer,et al.  FoCs: Automatic Generation of Simulation Checkers from Formal Specifications , 2000, CAV.

[45]  Orna Kupferman,et al.  Weak alternating automata are not that weak , 2001, TOCL.

[46]  Sandeep K. Shukla,et al.  A New Heuristic for Bad Cycle Detection Using BDDs , 1997, Formal Methods Syst. Des..