May/Must Abstraction-Based Software Model Checking for Sound Verification and Falsification

Three-valued models, in which properties of a system are either true, false or unknown, have recently been advocated as a better representation for reactive program abstractions generated by automatic techniques such as predicate abstraction. Indeed, for the same cost, model checking three-valued abstractions, also called may/must abstractions, can be used to both prove and disprove any temporal-logic property, whereas traditional conservative abstractions can only prove universal properties. Also, verification results can be more precise with generalized model checking, which checks whether there exists a concretization of an abstraction satisfying a temporal-logic formula. Generalized model checking generalizes both model checking (when the model is complete) and satisfiability (when everything in the model is unknown), probably the two most studied problems related to temporal logic and verification. This paper presents an introduction to the main ideas behind this framework, namely models for three-valued abstractions, completeness preorders to measure the level of completeness of such models, three-valued temporal logics and generalized model checking. It also discusses algorithms and complexity bounds for three-valued model checking and generalized model-checking for various temporal logics. Finally, it discusses applications to program verification via automatic abstraction.

[1]  Osamu Morikawa Some Modal Logics Based on a Three-Valued Logic , 1989, Notre Dame J. Formal Log..

[2]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[3]  Kedar S. Namjoshi Abstraction for Branching Time Properties , 2003, CAV.

[4]  Amir Pnueli,et al.  Verification by Augmented Finitary Abstraction , 2000, Inf. Comput..

[5]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[6]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[7]  Dennis Dams,et al.  Abstract interpretation and partition refinement for model checking , 1996 .

[8]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[9]  Radha Jagadeesan,et al.  Modal Transition Systems: A Foundation for Three-Valued Program Analysis , 2001, ESOP.

[10]  Sriram K. Rajamani,et al.  Compositional may-must program analysis: unleashing the power of alternation , 2010, POPL '10.

[11]  A. Pnueli,et al.  On the Synthesis of an Asynchronous Reactive Module , 1989, ICALP.

[12]  Michael Huth,et al.  Model checking vs. generalized model checking: semantic minimizations for temporal logics , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[13]  Radha Jagadeesan,et al.  Automatic Abstraction Using Generalized Model Checking , 2002, CAV.

[14]  Patrice Godefroid,et al.  Generalized Model Checking: Reasoning about Partial State Spaces , 2000, CONCUR.

[15]  Andreas Podelski,et al.  Termination proofs for systems code , 2006, PLDI '06.

[16]  Radha Jagadeesan,et al.  Model checking partial state spaces with 3-valued temporal logics , 2001 .

[17]  D. J. Walker,et al.  Bisimulation and Divergence , 1990, Inf. Comput..

[18]  Melvin Fitting,et al.  Many-valued modal logics II , 1992 .

[19]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[20]  Kim G. Larsen,et al.  Equation solving using modal transition systems , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[21]  David L. Dill,et al.  Successive approximation of abstract transition relations , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[22]  Radha Jagadeesan,et al.  On the Expressiveness of 3-Valued Models , 2002, VMCAI.

[23]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[24]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[25]  Patrice Godefroid,et al.  Model Checking Partial State Spaces with 3-Valued Temporal Logics , 1999, CAV.

[26]  Radha Jagadeesan,et al.  Three-valued abstractions of games: uncertainty, but with precision , 2004, LICS 2004.

[27]  Patrice Godefroid,et al.  Reasoning about Abstract Open Systems with Generalized Module Checking , 2003, EMSOFT.

[28]  Colin Stirling,et al.  Modal Logics for Communicating Systems , 1987, Theor. Comput. Sci..

[29]  Orna Grumberg,et al.  Monotonic Abstraction-Refinement for CTL , 2004, TACAS.

[30]  Natarajan Shankar,et al.  Abstract and Model Check While You Prove , 1999, CAV.

[31]  Radha Jagadeesan,et al.  Abstraction-Based Model Checking Using Modal Transition Systems , 2001, CONCUR.

[32]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[33]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[34]  Kedar S. Namjoshi,et al.  Syntactic Program Transformations for Automatic Abstraction , 2000, CAV.

[35]  Radha Jagadeesan,et al.  A domain equation for refinement of partial systems , 2004, Mathematical Structures in Computer Science.

[36]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[37]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[38]  Melvin Fitting,et al.  Many-valued modal logics , 1991, Fundam. Informaticae.

[39]  Kim G. Larsen,et al.  A modal process logic , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[40]  Marsha Chechik,et al.  Yasm: A Software Model-Checker for Verification and Refutation , 2006, CAV.

[41]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[42]  Gerard J. Holzmann,et al.  A practical method for verifying event-driven software , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[43]  Kedar S. Namjoshi,et al.  The existence of finite abstractions for branching time model checking , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[44]  K. Namjoshi,et al.  The existence of finite abstractions for branching time model checking , 2004, LICS 2004.

[45]  Sriram K. Rajamani,et al.  The SLAM Toolkit , 2001, CAV.

[46]  Radha Jagadeesan,et al.  Three-valued abstractions of games: uncertainty, but with precision , 2004, Proceedings of the 19th Annual IEEE Symposium on Logic in Computer Science, 2004..

[47]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[48]  John Penix,et al.  Using predicate abstraction to reduce object-oriented programs for model checking , 2000, FMSP '00.

[49]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[50]  N. H. Beebe on Software Tools for Technology Transfer ( STTT ) , 2005 .

[51]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[52]  Patrice Godefroid,et al.  LTL generalized model checking revisited , 2008, International Journal on Software Tools for Technology Transfer.

[53]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .