On bounded model checking of asynchronous systems

This dissertation studies the verification of reachability properties of concurrent systems where the components of the system are Labeled Transition Systems (LTSs) using a symbolic model checking technique called Bounded Model Checking (BMC). BMC is a technique that seeks to answer the question whether among the system’s executions shorter than some given number of steps there is one (or more) violating a given property. Answering this question is reduced to propositional satisfiability, i.e., to a propositional formula that is satisfiable iff there is such a violating execution. The translation from a system to a formula is polynomial in the size of the system but the running time of the propositional solver can be exponential in the number of atomic propositions in the formula. This number, on the other hand, correlates directly with the number of execution steps that the formula models. Traditionally, LTSs are model checked by composing the components into a synchronized product and then applying a model checking algorithm on this product. The executions of the synchronized product are called interleaving executions. The research hypothesis of this work is that by using other composition operators than the one yielding the synchronized product, more efficient BMC algorithms can be obtained. The added efficiency comes from the fact that with these operators, propositional formulas with fewer atomic propositions are obtained. The reduction in the number of atomic propositions follows from the fact that fewer execution steps are needed to cover the same state space than when the synchronized product is used. Three techniques to create composition operators are presented, namely (i) partial-order semantics, (ii) on-the-fly determinization, and (iii) local transition merging. These techniques can be combined in many ways. The dissertation demonstrates that given a system of LTSs and a bound, a BMC formula modeling the executions of the products applying partial-order semantics and on-the-fly determinization can be created efficiently. That means that the translation effort is polynomial and the size of the resulting formula is linear in the size of the system and the bound. The third of the applied techniques, local transition merging, provides potentially dramatic reductions to the bound needed to detect a violation of a reachability property. The size of the BMC formula modeling this execution model is no more linear, though, since a complicated constraint is needed. The dissertation concludes with some experimental results comparing the products against each other and two state-of-the-art model checking tools.

[1]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[2]  Per Bjesse,et al.  Finding Bugs in an Alpha Microprocessor Using Satisfiability Solvers , 2001, CAV.

[3]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[4]  Bart Selman,et al.  Planning as Satisfiability , 1992, ECAI.

[5]  Maciej Koutny,et al.  Branching Processes of High-Level Petri Nets , 2003, TACAS.

[6]  Ilkka Niemelä,et al.  Planning as satisfiability: parallel plans and algorithms for plan search , 2006, Artif. Intell..

[7]  Shmuel Katz,et al.  Saving Space by Fully Exploiting Invisible Transitions , 1996, Formal Methods Syst. Des..

[8]  Karen Yorav,et al.  Exploiting syntactic structure for automatic verification , 2000 .

[9]  Matti Järvisalo,et al.  PROOF COMPLEXITY OF CUT – BASED TABLEAUX FOR BOOLEAN CIRCUIT SATISFIABILITY CHECKING , 2004 .

[10]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[11]  Masahiro Fujita,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, DAC '99.

[12]  Wolfgang Reisig,et al.  Lectures on Petri Nets I: Basic Models , 1996, Lecture Notes in Computer Science.

[13]  Philippe Schnoebelen,et al.  Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[14]  Doron A. Peled,et al.  An efficient verification method for parallel and distributed programs , 1988, REX Workshop.

[15]  Emilia Oikarinen TESTING THE EQUIVALENCE OF DISJUNCTIVE LOGIC PROGRAMS , 2003 .

[16]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[17]  André Arnold,et al.  Finite transition systems , 1994 .

[18]  Kenneth L. McMillan,et al.  Automatic Abstraction without Counterexamples , 2003, TACAS.

[19]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[20]  Kenneth L. McMillan,et al.  Using Unfoldings to Avoid the State Explosion Problem in the Verification of Asynchronous Circuits , 1992, CAV.

[21]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[22]  Lawrence Ryan Efficient algorithms for clause-learning SAT solvers , 2004 .

[23]  Harri Haanp,et al.  Sets In Abelian Groups With Distinct Sums Of Pairs , 2007 .

[24]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[25]  Antti Valmari,et al.  The State Explosion Problem , 1996, Petri Nets.

[26]  Hüsnü Yenigün,et al.  Compressing Transitions for Model Checking , 2002, CAV.

[27]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[28]  William Craig,et al.  Linear reasoning. A new form of the Herbrand-Gentzen theorem , 1957, Journal of Symbolic Logic.

[29]  Kenneth L. McMillan,et al.  Applications of Craig Interpolants in Model Checking , 2005, TACAS.

[30]  Ofer Strichman,et al.  Accelerating Bounded Model Checking of Safety Properties , 2004, Formal Methods Syst. Des..

[31]  Stephan Merz,et al.  Model Checking , 2000 .

[32]  Glynn Winskel,et al.  Petri Nets, Event Structures and Domains , 1979, Semantics of Concurrent Computation.

[33]  Toni Jussila BMC via dynamic atomicity analysis , 2004, Proceedings. Fourth International Conference on Application of Concurrency to System Design, 2004. ACSD 2004..

[34]  Fabio Somenzi,et al.  CirCUs: A Satisfiability Solver Geared towards Bounded Model Checking , 2004, CAV.

[35]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[36]  Parosh Aziz Abdulla,et al.  Symbolic Reachability Analysis Based on SAT-Solvers , 2000, TACAS.

[37]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[38]  Ilkka Niemelä,et al.  Bounded LTL model checking with stable models , 2001, Theory and Practice of Logic Programming.

[39]  Armando Tacchella,et al.  Benefits of Bounded Model Checking at an Industrial Setting , 2001, CAV.

[40]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[41]  Harri Haanpää,et al.  Constructing certain combinatorial structures by computational methods , 2004 .

[42]  Armin Biere,et al.  Combining Decision Diagrams and SAT Procedures for Efficient Symbolic Model Checking , 2000, CAV.

[43]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002, Discret. Appl. Math..

[44]  Javier Esparza,et al.  An Unfolding Algorithm for Synchronous Products of Transition Systems , 1999, CONCUR.

[45]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[46]  Armin Biere,et al.  Simple Bounded LTL Model Checking , 2004, FMCAD.

[47]  Koen Claessen,et al.  SAT-Based Verification without State Space Traversal , 2000, FMCAD.

[48]  Wolfgang Reisig,et al.  Place or Transition Petri Nets , 1996, Petri Nets.

[49]  Ilkka Niemelä,et al.  Towards an Efficient Tableau Method for Boolean Circuit Satisfiability Checking , 2000, Computational Logic.

[50]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[51]  Ofer Shtrichman Pruning Techniques for the SAT-Based Bounded Model Checking Problem , 2001 .

[52]  Chao Wang,et al.  Refining the SAT decision ordering for bounded model checking , 2004, Proceedings. 41st Design Automation Conference, 2004..

[53]  Hilary Putnam,et al.  A Computing Procedure for Quantification Theory , 1960, JACM.

[54]  Marco Pistore,et al.  Improving the Encoding of LTL Model Checking into SAT , 2002, VMCAI.

[55]  Niklas Sörensson,et al.  Temporal induction by incremental SAT solving , 2003, BMC@CAV.

[56]  Tatsuhiro Tsuchiya,et al.  SAT-Based Verification of Safe Petri Nets , 2004, ATVA.

[57]  Ilkka Niemelä,et al.  BMC via on-the-fly determinization , 2003, Electron. Notes Theor. Comput. Sci..

[58]  Randal E. Bryant,et al.  Symbolic Boolean manipulation with ordered binary-decision diagrams , 1992, CSUR.

[59]  Ilkka Niemelä,et al.  Parallel Encodings of Classical Planning as Satisfiability , 2004, JELIA.

[60]  K. Varpaaniemi,et al.  On the Stubborn Set Method in Reduced State Space Generation , 1998 .

[61]  Daniel Kroening,et al.  Efficient Computation of Recurrence Diameters , 2002, VMCAI.

[62]  Petteri Kaski,et al.  Algorithms for classification of combinatorial objects , 2005 .

[63]  Ofer Strichman,et al.  Pruning Techniques for the SAT-Based Bounded Model Checking Problem , 2001, CHARME.

[64]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[65]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[66]  Tommi A. Junttila,et al.  On the symmetry reduction method for Petri nets and similar formalisms , 2003 .

[67]  Harald Ruess,et al.  Lazy Theorem Proving for Bounded Model Checking over Infinite Domains , 2002, CADE.

[68]  Tuomo Pyhälä,et al.  SPECIFICATION-BASED TEST SELECTION IN FORMAL CONFORMANCE TESTING , 2004 .

[69]  Ofer Strichman,et al.  Tuning SAT Checkers for Bounded Model Checking , 2000, CAV.

[70]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[71]  Keijo Heljanko,et al.  Combining symbolic and partial order methods for model checking 1-safe Petri nets , 2002 .

[72]  Emmanuel Zarpas Simple Yet Efficient Improvements of SAT Based Bounded Model Checking , 2004, FMCAD.

[73]  Robin Milner,et al.  A Calculus of Communicating Systems , 1980, Lecture Notes in Computer Science.

[74]  Armin Biere,et al.  Verifiying Safety Properties of a Power PC Microprocessor Using Symbolic Model Checking without BDDs , 1999, CAV.

[75]  李幼升,et al.  Ph , 1989 .

[76]  Ken Arnold,et al.  The Java Programming Language , 1996 .

[77]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[78]  Ofer Shtrichman Tuning SAT Checkers for Bounded Model Checking , 2000, CAV 2000.

[79]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[80]  Christos H. Papadimitriou,et al.  Elements of the Theory of Computation , 1997, SIGA.

[81]  Walter Vogler,et al.  An Improvement of McMillan's Unfolding Algorithm , 2002, Formal Methods Syst. Des..

[82]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[83]  Fabio Somenzi,et al.  An Incremental Algorithm to Check Satisfiability for Bounded Model Checking , 2005, Electron. Notes Theor. Comput. Sci..

[84]  Robert P. Kurshan,et al.  Experimental Analysis of Different Techniques for Bounded Model Checking , 2003, TACAS.

[85]  Joël Ouaknine,et al.  Completeness and Complexity of Bounded Model Checking , 2004, VMCAI.

[86]  James L. Peterson,et al.  Petri Nets , 1977, CSUR.

[87]  Marco Bozzano,et al.  An Incremental and Layered Procedure for the Satisfiability of Linear Arithmetic Logic , 2005, TACAS.

[88]  Raymond R. Devillers,et al.  Sequential and Concurrent Behaviour in Petri Net Theory , 1987, Theor. Comput. Sci..

[89]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[90]  Fabio Somenzi,et al.  Increasing the Robustness of Bounded Model Checking by Computing Lower Bounds on the Reachable States , 2004, FMCAD.

[91]  George S. Avrunin,et al.  Using integer programming to verify general safety and liveness properties , 1995, Formal Methods Syst. Des..

[92]  Keijo Heljanko,et al.  Bounded Reachability Checking with Process Semantics , 2001, CONCUR.

[93]  Helmut Veith,et al.  Automated Abstraction Refinement for Model Checking Large State Spaces Using SAT Based Conflict Analysis , 2002, FMCAD.

[94]  Randal E. Bryant,et al.  On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication , 1991, IEEE Trans. Computers.

[95]  Wojciech Penczek,et al.  Bounded Model Checking for the Universal Fragment of CTL , 2002, Fundam. Informaticae.

[96]  James C. Corbett,et al.  Evaluating Deadlock Detection Methods for Concurrent Software , 1996, IEEE Trans. Software Eng..