Introduction to Model Checking

Model checking is a computer-assisted method for the analysis of dynamical systems that can be modeled by state-transition systems. Drawing from research traditions in mathematical logic, programming languages, hardware design, and theoretical computer science, model checking is now widely used for the verification of hardware and software in industry. This chapter is an introduction and short survey of model checking. The chapter aims to motivate and link the individual chapters of the handbook, and to provide context for readers who are not familiar with model checking.

[1]  Philippe Schnoebelen,et al.  Systems and Software Verification , 2001, Springer Berlin Heidelberg.

[2]  Paul Gastin,et al.  Fast LTL to Büchi Automata Translation , 2001, CAV.

[3]  Javier Esparza,et al.  Model Checking Using Net Unfoldings , 1993, Sci. Comput. Program..

[4]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[5]  H. Rice Classes of recursively enumerable sets and their decision problems , 1953 .

[6]  Jonathan Jacky,et al.  Model-Based Software Testing and Analysis with C# , 2007 .

[7]  David E. Muller,et al.  Weak alternating automata give a simple explanation of why most temporal and dynamic logics are decidable in exponential time , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[8]  Damien Zufferey,et al.  P: safe asynchronous event-driven programming , 2013, PLDI.

[9]  M. F.,et al.  Bibliography , 1985, Experimental Gerontology.

[10]  David Harel,et al.  Come, let's play - scenario-based programming using LSCs and the play-engine , 2003 .

[11]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[12]  Thomas A. Henzinger,et al.  From Model Checking to Model Measuring , 2013, CONCUR.

[13]  A. Prasad Sistla,et al.  Automatic verification of finite state concurrent system using temporal logic specifications: a practical approach , 1983, POPL '83.

[14]  Flemming Nielson,et al.  Principles of Program Analysis , 1999, Springer Berlin Heidelberg.

[15]  Valentin Goranko,et al.  Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[16]  Wolfgang Thomas,et al.  Languages, Automata, and Logic , 1997, Handbook of Formal Languages.

[17]  Philippe Schnoebelen,et al.  Temporal logic with forgettable past , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[18]  Robert E. Tarjan,et al.  Depth-First Search and Linear Graph Algorithms , 1972, SIAM J. Comput..

[19]  Pierre Wolper Temporal Logic Can Be More Expressive , 1983, Inf. Control..

[20]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[21]  Danny Dolev,et al.  Theory of Computing and Systems , 1992, Lecture Notes in Computer Science.

[22]  Pierre Wolper,et al.  A Partial Approach to Model Checking , 1994, Inf. Comput..

[23]  Rajeev Alur,et al.  Principles of Cyber-Physical Systems , 2015 .

[24]  Carlos Delgado Kloos,et al.  Hardware Description Languages and their Applications , 1997, IFIP — The International Federation for Information Processing.

[25]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..

[26]  Gerard J. Holzmann,et al.  An improvement in formal verification , 1994, FORTE.

[27]  Amir Pnueli,et al.  Verification by Augmented Finitary Abstraction , 2000, Inf. Comput..

[28]  Corrado Priami,et al.  Analysis of Biological Systems , 2015 .

[29]  Luciano Baresi,et al.  Test and Analysis of Web Services , 2007, Test and Analysis of Web Services.

[30]  Pierre Wolper,et al.  Reasoning about infinite computation paths , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[31]  John McCarthy,et al.  A BASIS FOR A MATHEMATICAL THEORY OF COMPUTATION 1) , 2018 .

[32]  Dominique Cansell,et al.  Diagram Refinements for the Design of Reactive Systems , 2001, J. Univers. Comput. Sci..

[33]  Gerard J. Holzmann,et al.  An Analysis of Bitstate Hashing , 1995, Formal Methods Syst. Des..

[34]  Sofiène Tahar,et al.  Verifying a Synthesized Implementation of IEEE-754 Floating-Point Exponential Function using HOL , 2010, Comput. J..

[35]  Axel Legay,et al.  Statistical Model Checking: An Overview , 2010, RV.

[36]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[37]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[38]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[39]  Thomas Filkorn,et al.  Generating BDDs for symbolic model checking in CCS , 2005, Distributed Computing.

[40]  Joseph Sifakis,et al.  Model checking , 1996, Handbook of Automated Reasoning.

[41]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[42]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[43]  Stephan Merz,et al.  Truly On-The-Fly LTL Model Checking , 2005, TACAS.

[44]  Andreas Krause,et al.  Learning programs from noisy data , 2016, POPL.

[45]  Guido Sanguinetti,et al.  Machine Learning Methods in Statistical Model Checking and System Design - Tutorial , 2015, RV.

[46]  Thomas Kropf,et al.  Introduction to Formal Hardware Verification , 1999, Springer Berlin Heidelberg.

[47]  Krishnendu Chatterjee,et al.  Temporal Specifications with Accumulative Values , 2011, 2011 IEEE 26th Annual Symposium on Logic in Computer Science.

[48]  George J. Pappas,et al.  Discrete abstractions of hybrid systems , 2000, Proceedings of the IEEE.

[49]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[50]  Orna Kupferman,et al.  Complementation Constructions for Nondeterministic Automata on Infinite Words , 2005, TACAS.

[51]  Fausto Giunchiglia,et al.  Improved Automata Generation for Linear Temporal Logic , 1999, CAV.

[52]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[53]  Doron A. Peled,et al.  Software Reliability Methods , 2001, Texts in Computer Science.

[54]  Lawrence Charles Paulson,et al.  Isabelle/HOL: A Proof Assistant for Higher-Order Logic , 2002 .

[55]  Colin Stirling,et al.  Modal and Temporal Properties of Processes , 2001, Texts in Computer Science.

[56]  David Harel,et al.  LSCs: Breathing Life into Message Sequence Charts , 1999, Formal Methods Syst. Des..

[57]  Pierre Wolper,et al.  Using partial orders for the efficient verification of deadlock freedom and safety properties , 1991, Formal Methods Syst. Des..

[58]  Sumit Gulwani,et al.  Inductive programming meets the real world , 2015, Commun. ACM.

[59]  Kousha Etessami,et al.  First-Order Logic with Two Variables and Unary Temporal Logic , 2002, Inf. Comput..

[60]  Helmut Veith,et al.  25 Years of Model Checking - History, Achievements, Perspectives , 2008, 25 Years of Model Checking.

[61]  Pierre Wolper,et al.  An automata-theoretic approach to branching-time model checking , 2000, JACM.

[62]  Pavol Cerný,et al.  Quantitative abstraction refinement , 2013, POPL.

[63]  Frank S. de Boer,et al.  Verification of Sequential and Concurrent Programs , 1997, Texts and Monographs in Computer Science.

[64]  Orna Grumberg,et al.  Abstract interpretation of reactive systems : abstractions preserving .. , 1994 .

[65]  Leslie Lamport,et al.  Sometime' is Sometimes 'Not Never' , 2016 .

[66]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[67]  W. M. Wonham,et al.  The control of discrete event systems , 1989 .

[68]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[69]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[70]  Jochen Bern,et al.  Global rebuilding of OBDDs Avoiding Memory Requirement Maxima , 1995, CAV.

[71]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[72]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[73]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[74]  Mordechai Ben-Ari,et al.  Principles of the spin model checker , 2008 .

[75]  Alan J. Hu,et al.  Protocol verification as a hardware design aid , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[76]  Antti Valmari,et al.  A stubborn attack on state explosion , 1990, Formal Methods Syst. Des..

[77]  Nancy G. Leveson,et al.  Safeware: System Safety and Computers , 1995 .

[78]  Thomas A. Henzinger,et al.  Biology as reactivity , 2011, Commun. ACM.

[79]  Thomas Wilke,et al.  Classifying Discrete Temporal Properties , 1999, STACS.

[80]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[81]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[82]  A. Prasad Sistla,et al.  On Model-Checking for Fragments of µ-Calculus , 1993, CAV.

[83]  P. H. Starke,et al.  Reachability analysis of Petri nets using symmetries , 1991 .

[84]  A. Turing On Computable Numbers, with an Application to the Entscheidungsproblem. , 1937 .

[85]  Helmut Veith,et al.  Tree-like counterexamples in model checking , 2002, Proceedings 17th Annual IEEE Symposium on Logic in Computer Science.

[86]  A. Prasad Sistla,et al.  The complexity of propositional linear temporal logics , 1982, STOC '82.

[87]  M. Rabin Decidability of second-order theories and automata on infinite trees , 1968 .

[88]  Marco Canini,et al.  A NICE Way to Test OpenFlow Applications , 2012, NSDI.

[89]  Javier Esparza,et al.  A Note on On-the-Fly Verification Algorithms , 2005, TACAS.

[90]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[91]  Pierre Wolper,et al.  Synthesis of Communicating Processes from Temporal Logic Specifications , 1981, Logic of Programs.

[92]  David G. Mitchell,et al.  A SAT Solver Primer , 2005, Bull. EATCS.

[93]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[94]  Jean-Michel Couvreur,et al.  On-the-Fly Verification of Linear Temporal Logic , 1999, World Congress on Formal Methods.

[95]  Katerina J. Argyraki,et al.  New Directions for Network Verification , 2015, SNAPL.

[96]  Tobias Nipkow,et al.  A FORMAL PROOF OF THE KEPLER CONJECTURE , 2015, Forum of Mathematics, Pi.

[97]  Javier Esparza Verification of Systems with an Infinite State Space , 2000, MOVEP.

[98]  D. Gabbay,et al.  Temporal Logic Mathematical Foundations and Computational Aspects , 1994 .

[99]  Christos G. Cassandras,et al.  Introduction to Discrete Event Systems , 1999, The Kluwer International Series on Discrete Event Dynamic Systems.

[100]  Kenneth L. McMillan,et al.  A Compositional Rule for Hardware Design Refinement , 1997, CAV.

[101]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[102]  Joseph Y. Halpern,et al.  “Sometimes” and “not never” revisited: on branching versus linear time temporal logic , 1986, JACM.

[103]  Moshe Y. Vardi Alternating Automata and Program Verification , 1995, Computer Science Today.

[104]  J. R. Büchi On a Decision Method in Restricted Second Order Arithmetic , 1990 .

[105]  Stephan Merz,et al.  Model Checking , 2000 .

[106]  Javier Esparza,et al.  jMoped: A Java Bytecode Checker Based on Moped , 2005, TACAS.

[107]  Pierre Wolper,et al.  An Automata-Theoretic Approach to Automatic Program Verification (Preliminary Report) , 1986, LICS.

[108]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, Formal Methods Syst. Des..

[109]  Orna Kupferman,et al.  Module Checking Revisited , 1997, CAV.

[110]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[111]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[112]  C. Eisner,et al.  Efficient Detection of Vacuity in ACTL Formulaas , 1997, CAV.

[113]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[114]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[115]  Pierre Wolper,et al.  The Complementation Problem for Büchi Automata with Appplications to Temporal Logic , 1987, Theor. Comput. Sci..

[116]  C. Rattray,et al.  Specification and Verification of Concurrent Systems , 1990, Workshops in Computing.

[117]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, POPL.

[118]  Somesh Jha,et al.  Exploiting symmetry in temporal logic model checking , 1993, Formal Methods Syst. Des..

[119]  P. S. Thiagarajan,et al.  Open Systems in Reactive Environments: Control and Synthesis , 2000, CONCUR.

[120]  Gerard J. Holzmann,et al.  Design and validation of computer protocols , 1991 .

[121]  Edsger W. Dijkstra,et al.  The humble programmer , 1972, CACM.

[122]  Rance Cleaveland,et al.  A linear-time model-checking algorithm for the alternation-free modal mu-calculus , 1993, Formal Methods Syst. Des..

[123]  Gernot Heiser,et al.  Comprehensive formal verification of an OS microkernel , 2014, TOCS.

[124]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[125]  R. BurchJ.,et al.  Symbolic model checking , 1992 .

[126]  Amir Pnueli,et al.  On the synthesis of a reactive module , 1989, POPL '89.

[127]  Zohar Manna,et al.  Introduction to mathematical theory of computation , 1972 .

[128]  Paulo Tabuada,et al.  Verification and Control of Hybrid Systems , 2009 .

[129]  Sérgio Vale Aguiar Campos,et al.  Symbolic Model Checking , 1993, CAV.

[130]  Andrew W. Appel,et al.  Modern Compiler Implementation in ML , 1997 .

[131]  Dov M. Gabbay,et al.  The Declarative Past and Imperative Future: Executable Temporal Logic for Interactive Systems , 1987, Temporal Logic in Specification.

[132]  Chris Hawblitzel,et al.  Safe to the last instruction: automated verification of a type-safe operating system , 2011, CACM.

[133]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[134]  Bernd Finkbeiner,et al.  Verifying Temporal Properties of Reactive Systems: A STeP Tutorial , 2000, Formal Methods Syst. Des..

[135]  Leonid Ryzhyk,et al.  From Non-preemptive to Preemptive Scheduling Using Synchronization Synthesis , 2015, CAV.

[136]  D. Harel Recurring dominoes: making the highly undecidable highly understandable , 1985 .

[137]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[138]  Johan Anthory Willem Kamp,et al.  Tense logic and the theory of linear order , 1968 .

[139]  Amir Pnueli,et al.  Compositionality: The Significant Difference , 1999, Lecture Notes in Computer Science.

[140]  Saharon Shelah,et al.  On the temporal analysis of fairness , 1980, POPL '80.

[141]  Thomas A. Henzinger,et al.  Quantitative reactive modeling and verification , 2013, Computer Science - Research and Development.

[142]  Klaus Schneider Yet another Look at the LTL Model Checking , 1999, CHARME.

[143]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[144]  Philippe Schnoebelen,et al.  Systems and Software Verification, Model-Checking Techniques and Tools , 2001 .

[145]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[146]  Somesh Jha,et al.  Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[147]  Helmut Veith,et al.  Temporal Logic Model Checking , 2005, Handbook of Networked and Embedded Control Systems.

[148]  Xavier Leroy,et al.  Formal verification of a realistic compiler , 2009, CACM.

[149]  Yuri Gurevich,et al.  Logic in Computer Science , 1993, Current Trends in Theoretical Computer Science.

[150]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[151]  Saul Kripke,et al.  A completeness theorem in modal logic , 1959, Journal of Symbolic Logic.

[152]  Robert K. Brayton,et al.  Dynamic variable reordering for BDD minimization , 1993, Proceedings of EURO-DAC 93 and EURO-VHDL 93- European Design Automation Conference.

[153]  Chao Wang,et al.  Shield Synthesis: Runtime Enforcement for Reactive Systems , 2015, TACAS.