LTL Model Checking for Recursive Programs

We propose a complete algorithm to model check LTL (Linear Temporal Logic) formulas with recursive programs. Our program models are control flow graphs extended with procedure calls. The LTL formulas may then be used to specify constraints on the global variables and the local variables in the current scope. Our algorithm is based on semi-symbolic simulation of control-flow graphs to search for counter-examples. We apply post-dominance relation to reduce the number of the exploration traces. The existence of counter-examples is reduced to Boolean satisfiability while the termination of the exploration is reduced to Boolean unsatisfiability. We report our implementation and experiment.

[1]  Hardi Hungar,et al.  Local Model-Checking for Context-Free Processes , 1993, Nord. J. Comput..

[2]  Daniel Kroening,et al.  A Complete Bounded Model Checking Algorithm for Pushdown Systems , 2007, Haifa Verification Conference.

[3]  Javier Esparza,et al.  A BDD-Based Model Checker for Recursive Programs , 2001, CAV.

[4]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[5]  Moshe Y. Vardi Automata-Theoretic Model Checking Revisited , 2007, VMCAI.

[6]  Farn Wang Formal Techniques for Networked and Distributed Systems - FORTE 2005, 25th IFIP WG 6.1 International Conference, Taipei, Taiwan, October 2-5, 2005, Proceedings , 2005, FORTE.

[7]  Klaus Havelund,et al.  SPIN Model Checking and Software Verification , 2000, Lecture Notes in Computer Science.

[8]  Bow-Yaw Wang,et al.  Proving forall-µ-Calculus Properties with SAT-Based Model Checking , 2005, FORTE.

[9]  Bow-Yaw Wang,et al.  Complete SAT-Based Model Checking for Context-Free Processes , 2007, ATVA.

[10]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[11]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[12]  Zijiang Yang,et al.  F-Soft: Software Verification Platform , 2005, CAV.

[13]  Thomas W. Reps,et al.  Precise interprocedural dataflow analysis via graph reachability , 1995, POPL '95.

[14]  Rajiv Gupta Generalized dominators and post-dominators , 1992, POPL '92.

[15]  Daniel Kroening,et al.  SAT-Based Summarization for Boolean Programs , 2007, SPIN.

[16]  Masahiro Fujita,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, DAC '99.

[17]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[18]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[19]  K. Rustan M. Leino,et al.  A SAT Characterization of Boolean-Program Correctness , 2003, SPIN.

[20]  Sriram K. Rajamani,et al.  Bebop: A Symbolic Model Checker for Boolean Programs , 2000, SPIN.