Depth Bounded Explicit-State Model Checking

We present algorithms to efficiently bound the depth of the state spaces explored by explicit-state model checkers. Given a parameter k, our algorithms guarantee finding any violation of an invariant that is witnessed using a counterexample of length k or less from the initial state. Though depth bounding is natural with breadth-first search, explicit-state model checkers are unable to use breadth first search due to prohibitive space requirements, and use depth-first search to explore large state spaces. Thus, we explore efficient ways to perform depth bounding with depth-first search. We prove our algorithms sound (in the sense that they explore exactly all the states reachable within a depth bound), and show their effectiveness on large real-life models from Microsoft's product groups.

[1]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[2]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[3]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[4]  George J. Milne,et al.  Correct Hardware Design and Verification Methods , 2003, Lecture Notes in Computer Science.

[5]  Gerard J. Holzmann An analysis of bitstate hashing , 1995 .

[6]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[7]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[8]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[9]  Dinghao Wu,et al.  KISS: keep it simple and sequential , 2004, PLDI '04.

[10]  Daniel Jackson,et al.  Software Abstractions - Logic, Language, and Analysis , 2006 .

[11]  A. Prasad Sistla,et al.  Symmetry and Reduced Symmetry in Model Checking , 2001, CAV.

[12]  Yichen Xie,et al.  Zing: Exploiting Program Structure for Model Checking Concurrent Software , 2004, CONCUR.

[13]  Thomas W. Reps,et al.  Reducing concurrent analysis under a context bound to sequential analysis , 2009, Formal Methods Syst. Des..

[14]  Somesh Jha,et al.  Verification of the Futurebus+ cache coherence protocol , 1993, Formal Methods Syst. Des..

[15]  Doron A. Peled,et al.  Verification of distributed programs using representative interleaving sequences , 1992, Distributed Computing.

[16]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[17]  Vincent Danos,et al.  Reversible Communicating Systems , 2004, CONCUR.

[18]  Dawson R. Engler,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Cmc: a Pragmatic Approach to Model Checking Real Code , 2022 .

[19]  David L. Dill,et al.  Improved probabilistic verification by hash compaction , 1995, CHARME.

[20]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[21]  Patrice Godefroid,et al.  Software Model Checking: The VeriSoft Approach , 2005, Formal Methods Syst. Des..

[22]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[23]  Madan Musuvathi,et al.  Iterative context bounding for systematic testing of multithreaded programs , 2007, PLDI '07.

[24]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[25]  Moshe Y. Vardi,et al.  Memory-Ecient Algorithms for the Verication of Temporal Properties , 1992 .

[26]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[27]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[28]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[29]  Richard E. Korf,et al.  Depth-First Iterative-Deepening: An Optimal Admissible Tree Search , 1985, Artif. Intell..