Garakabu2: An SMT-based Bounded Model Checker for HSTM Designs in ZIPC

Hierarchical State Transition Matrix (HSTM) is a table-based modeling language that has been broadly used for developing software designs of embedded systems. In this paper, we describe a model checker Garakabu2, which we have been implementing for verifying HSTM designs against LTL properties. The HSTM designs that Garakabu2 takes as input are those developed using an industrial-strength model-based development tool ZIPC. We focus on describing Garakabu2's verification techniques and performance as well as our effort to improve its practical usability for on-site software engineers. Some experience and lessons on developing industry-oriented model checkers are also reported.

[1]  Timo Latvala,et al.  Incremental and Complete Bounded Model Checking for Full PLTL , 2005, CAV.

[2]  Akira Fukuda,et al.  On Accelerating SMT-based Bounded Model Checking of HSTM Designs , 2012, 2012 19th Asia-Pacific Software Engineering Conference.

[3]  Jun Sun,et al.  Model Checking CSP Revisited: Introducing a Process Analysis Toolkit , 2008, ISoLA.

[4]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[5]  Ashish Tiwari,et al.  Sal 2 , 2004, CAV.

[6]  Akira Fukuda,et al.  A formal semantics of extended hierarchical state transition matrices using CSP# , 2013, Formal Aspects of Computing.

[7]  Jakob Rehof,et al.  Context-Bounded Model Checking of Concurrent Software , 2005, TACAS.

[8]  Robert P. Kurshan,et al.  Experimental Analysis of Different Techniques for Bounded Model Checking , 2003, TACAS.

[9]  Viktor Schuppan,et al.  Linear Encodings of Bounded LTL Model Checking , 2006, Log. Methods Comput. Sci..

[10]  Bruno Dutertre,et al.  Yices 2.2 , 2014, CAV.

[11]  Gerard J. Holzmann,et al.  Model checking with bounded context switching , 2010, Formal Aspects of Computing.

[12]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[13]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[14]  Bruno Dutertre,et al.  Timed Systems in SAL , 2004 .

[15]  Ahmed Bouajjani,et al.  Context-Bounded Analysis of Multithreaded Programs with Dynamic Linked Structures , 2007, CAV.

[16]  Jun Sun,et al.  PAT 3: An Extensible Architecture for Building Multi-domain Model Checkers , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[17]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[18]  George S. Avrunin,et al.  Property specification patterns for finite-state verification , 1998, FMSP '98.

[19]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[20]  Gerard J. Holzmann,et al.  Parallelizing the Spin Model Checker , 2012, SPIN.

[21]  Akira Fukuda,et al.  Harnessing SMT-Based Bounded Model Checking through Stateless Explicit-State Exploration , 2013, 2013 20th Asia-Pacific Software Engineering Conference (APSEC).

[22]  Akira Fukuda,et al.  Formal Verification of Software Designs in Hierarchical State Transition Matrix with SMT-based Bounded Model Checking , 2011, 2011 18th Asia-Pacific Software Engineering Conference.

[23]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[24]  L. D. Moura,et al.  The YICES SMT Solver , 2006 .

[25]  Akira Fukuda,et al.  Facilitating Multicore Bounded Model Checking with Stateless Explicit-State Exploration , 2015, Comput. J..

[26]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.