Bounded Model Checking for Region Automata

For successful software verification, model checkers must be capable of handling a large number of program variables. Traditional, BDD-based model checking is deficient in this regard, but bounded model checking (BMC) shows some promise. However, unlike traditional model checking, for which time systems have been thoroughly researched, BMC is less capable of modeling timing behavior – an essential task for verifying many types of software. Here we describe a new bounded model checker we have named xBMC, which we believe solves the reachability problem of dense-time systems. In xBMC, regions and transition relations are represented as Boolean formulae using discrete interpretations. In an experiment using well- developed model checkers to verify Fischer’s protocol, xBMC outperformed both traditional (Kronos [8], Uppaal [16], and Red [26]) and bounded (SAL [21]) model checkers by being able to verify up to 22 processes, followed by Red with 15 processes. Therefore, although xBMC is less efficient in guaranteeing system correctness, it provides an effective and practical method for timing behavior verification of large systems.

[1]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[2]  Oded Maler,et al.  Hybrid and Real-Time Systems , 1997 .

[3]  Wojciech Penczek,et al.  Towards Bounded Model Checking for the Universal Fragment of TCTL , 2002, FTRTFT.

[4]  Kim Guldstrand Larsen,et al.  From Timed Automata to Logic - and Back , 1995 .

[5]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[6]  Andrei Voronkov,et al.  Automated Deduction—CADE-18 , 2002, Lecture Notes in Computer Science.

[7]  Harald Ruess,et al.  Predicate Abstraction for Dense Real-Time Systems , 2001 .

[8]  Joost-Pieter Katoen,et al.  A probabilistic extension of UML statecharts: Specification and Verification. , 2002 .

[9]  Daniel Kroening,et al.  Behavioral consistency of C and Verilog programs using bounded model checking , 2003, Proceedings 2003. Design Automation Conference (IEEE Cat. No.03CH37451).

[10]  Gilles Audemard,et al.  Bounded Model Checking for Timed Systems , 2002, FORTE.

[11]  Ashish Tiwari,et al.  Sal 2 , 2004, CAV.

[12]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[13]  Frits W. Vaandrager,et al.  Lectures on Embedded Systems , 1996, Lecture Notes in Computer Science.

[14]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[15]  P. Varaiya,et al.  Discretization of timed automata , 1994, Proceedings of 1994 33rd IEEE Conference on Decision and Control.

[16]  Petr Hájek,et al.  Mathematical Foundations of Computer Science 1995 , 1995, Lecture Notes in Computer Science.

[17]  Kwang-Ting Cheng,et al.  A circuit SAT solver with signal correlation guided learning , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[18]  Wang Yi,et al.  Compositional and Symbolic Model-Checking of Real-Time Systems , 1996 .

[19]  D. T. Lee,et al.  Verifying Web applications using bounded model checking , 2004, International Conference on Dependable Systems and Networks, 2004.

[20]  Harald Ruess,et al.  Lazy Theorem Proving for Bounded Model Checking over Infinite Domains , 2002, CADE.

[21]  Thomas A. Henzinger,et al.  Symbolic Model Checking for Real-Time Systems , 1994, Inf. Comput..

[22]  Robert P. Kurshan,et al.  Experimental Analysis of Different Techniques for Bounded Model Checking , 2003, TACAS.

[23]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[24]  Rajeev Alur,et al.  Model-checking for real-time systems , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[25]  Wojciech Penczek,et al.  Checking Reachability Properties for Timed Automata via SAT , 2002, Fundam. Informaticae.

[26]  Maria Sorea Bounded Model Checking for Timed Automata , 2002, Electron. Notes Theor. Comput. Sci..

[27]  Navendu Jain,et al.  Verification of Timed Automata via Satisfiability Checking , 2002, FTRTFT.

[28]  Masahiro Fujita,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, DAC '99.

[29]  Sergio Yovine,et al.  Model Checking Timed Automata , 1996, European Educational Forum: School on Embedded Systems.

[30]  Amir Pnueli,et al.  Data-Structures for the Verification of Timed Automata , 1997, HART.

[31]  Ilan Beer,et al.  On-the-Fly Model Checking of RCTL Formulas , 1998, CAV.

[32]  Sanjit A. Seshia,et al.  Unbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods , 2003, CAV.

[33]  Stavros Tripakis,et al.  Kronos: A Model-Checking Tool for Real-Time Systems , 1998, CAV.

[34]  Farn Wang Efficient Verification of Timed Automata with BDD-Like Data-Structures , 2003, VMCAI.

[35]  Fang Yu,et al.  Toward Unbounded Model Checking for Region Automata , 2004, ATVA.

[36]  Rajeev Alur,et al.  A Theory of Timed Automata , 1994, Theor. Comput. Sci..