PLTL-partitioned model checking for reactive systems under fairness assumptions

We are interested in verifying dynamic properties of finite state reactive systems under fairness assumptions by model checking. The systems we want to verify are specified through a top-down refinement process.In order to deal with the state explosion problem, we have proposed in previous works to partition the reachability graph and to perform the verification on each part separately. Moreover, we have defined a class, called B<inf><i>mod</i></inf>, of dynamic properties that are <i>verifiable by parts</i>, whatever the partition. We decide if a property <i>P</i> belongs to B<inf><i>mod</i></inf> by looking at the form of the Büchi automaton that accepts ¬<i>P</i>. However, when a property <i>P</i> belongs to B<inf><i>mod</i></inf>, the property <i>f</i> ⇒ <i>P</i>, where <i>f</i> is a fairness assumption, does not necessarily belong to B<inf><i>mod</i></inf>.In this paper, we propose to use the refinement process in order to build the parts on which the verification has to be performed. We then show that with such a partition, if a property <i>P</i> is verifiable by parts and if <i>f</i> is the expression of the fairness assumptions on a system, then the property <i>f</i> ⇒ <i>P</i> is still verifiable by parts.This approach is illustrated by its application to the chip card protocol T = 1 using the <i>B</i> engineering design language.

[1]  Doron A. Peled,et al.  An efficient verification method for parallel and distributed programs , 1988, REX Workshop.

[2]  Thomas A. Henzinger,et al.  Fair Simulation , 1997, Inf. Comput..

[3]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[4]  Stephan Merz,et al.  Model Checking , 2000 .

[5]  Leslie Lamport,et al.  Verification of a Multiplier: 64 Bits and Beyond , 1993, CAV.

[6]  Amir Pnueli,et al.  Model Checking with Strong Fairness , 2006, Formal Methods Syst. Des..

[7]  Shing-Chi Cheung,et al.  Verification of liveness properties using compositional reachability analysis , 1997, ESEC '97/FSE-5.

[8]  Orna Kupferman,et al.  Modular Model Checking , 1997, COMPOS.

[9]  Amir Pnueli,et al.  A Perfect Verification: Combining Model Checking with Deductive Analysis to Verify Real-Life Software , 1999, World Congress on Formal Methods.

[10]  Françoise Bellegarde,et al.  Synchronized Parallel Composition of Event Systems in B , 2002, ZB.

[11]  Doron A. Peled,et al.  Combining Software and Hardware Verification Techniques , 2002, Formal Methods Syst. Des..

[12]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[13]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[14]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[15]  Alan J. Hu,et al.  Checking for Language Inclusion Using Simulation Preorders , 1991, CAV.

[16]  Samir Chouali Contribution du raffinement à la vérification de systèmes sous hypothèses d'équité , 2003 .

[17]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[18]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[19]  Jean-Raymond Abrial,et al.  Introducing Dynamic Constraints in B , 1998, B.

[20]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[21]  Sivan Toledo,et al.  A survey of out-of-core algorithms in numerical linear algebra , 1999, External Memory Algorithms.

[22]  Thomas A. Henzinger,et al.  Automating Modular Verification , 1999, CONCUR.

[23]  Françoise Bellegarde,et al.  Ready-Simulation Is Not Ready to Express a Modular Refinement Relation , 2000, FASE.

[24]  Amir Pnueli,et al.  Algorithmic Verification of Linear Temporal Logic Specifications , 1998, ICALP.

[25]  Jacques Julliand,et al.  Refinement Preserves PLTL Properties , 2003, ZB.

[26]  Jürgen Dingel,et al.  Model Checking for Infinite State Systems Using Data Abstraction, Assumption-Commitment Style reasoning and Theorem Proving , 1995, CAV.

[27]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[28]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[29]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[30]  Orna Kupferman,et al.  Verification of Fair Transition Systems , 1998, Chic. J. Theor. Comput. Sci..

[31]  Pierre-Alain Masson Vérification par Model-Checking Modulaire de Propriétés Dynamiques PLTL exprimées dans le cadre de Spécifications B événementielles. (Verification by Modular Model-Checking of PLTL Dynamic Properties Expressed in the Context of B Event Systems) , 2001 .

[32]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[33]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[34]  Jacques Julliand,et al.  Modular Verification for a Class of PLTL Properties , 2000, IFM.

[35]  Pierre Wolper,et al.  Partial-Order Methods for Temporal Verification , 1993, CONCUR.

[36]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[37]  Orna Kupferman,et al.  Verification of Fair Transisiton Systems , 1996, CAV.