On Accelerating SMT-based Bounded Model Checking of HSTM Designs

Hierarchical State Transition Matrix (HSTM) is a table-based modeling language for developing designs of software systems. We have proposed a Satisfiability Modulo Theory (SMT) based Bounded Model Checking (BMC) approach in [1] to provide formal verification supports for conducting rigorous and automatic analysis to improve reliability of HSTM designs. In this paper, we continue that work by developing and evaluating approaches to accelerating BMC of HSTM designs. The approaches center around an unrolled Bounded Reach ability Tree (BRT) of a HSTM design that is built with stateless explicit state exploration. Specifically, reach ability of invalid cells (representing undesired states) of a HSTM design, which occurs within the bound concerned, could be discovered during construction of the BRT, and furthermore, if no such occurrence, the constructed BRT could be utilized to rule out unnecessary subformulas of a BMC instance for verification of LTL properties. We have implemented these approaches in a tool called Garakabu2 with the state-of-the-art SMT solver CVC3 as its back-ended solver. Our preliminary experiments show that verification could be accelerated substantially.

[1]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[2]  Lucas C. Cordeiro,et al.  Verifying multi-threaded software using smt-based context-bounded model checking , 2011, 2011 33rd International Conference on Software Engineering (ICSE).

[3]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[4]  Chao Wang,et al.  Efficient state space exploration: Interleaving stateless and state-based model checking , 2010, 2010 IEEE/ACM International Conference on Computer-Aided Design (ICCAD).

[5]  Aarti Gupta,et al.  Tunneling and slicing: Towards scalable BMC , 2008, 2008 45th ACM/IEEE Design Automation Conference.

[6]  Jun Sun,et al.  PAT 3: An Extensible Architecture for Building Multi-domain Model Checkers , 2011, 2011 IEEE 22nd International Symposium on Software Reliability Engineering.

[7]  Nikolaj Bjørner,et al.  An SMT Approach to Bounded Reachability Analysis of Model Programs , 2008, FORTE.

[8]  Yang Liu,et al.  Model Checking Concurrent and Real-Time Systems: The PAT Approach , 2009 .

[9]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[10]  Akira Fukuda,et al.  Formal Verification of Software Designs in Hierarchical State Transition Matrix with SMT-based Bounded Model Checking , 2011, 2011 18th Asia-Pacific Software Engineering Conference.

[11]  Thomas W. Reps,et al.  Reducing Concurrent Analysis Under a Context Bound to Sequential Analysis , 2008, CAV.

[12]  Akira Fukuda,et al.  Formal semantics of extended hierarchical state transition matrix by CSP , 2012, ACM SIGSOFT Softw. Eng. Notes.

[13]  Armin Biere,et al.  Simple Bounded LTL Model Checking , 2004, FMCAD.

[14]  M.K. Ganai,et al.  Accelerating High-level Bounded Model Checking , 2006, 2006 IEEE/ACM International Conference on Computer Aided Design.