Bonsai: Cutting Models Down to Size

In model checking, abstractions can cause spurious results, which need to be verified in the concrete system to gain conclusive results. Verification based on multi-valued model checking can distinguish conclusive and inconclusive results, while increasing precision over traditional two-valued over- and under-abstractions. This paper describes the theory and implementation of multi-valued model checking for Promela specifications. We believe our tool Bonsai is the first four-valued model checker capable of multi-valued verification of parallel models, i.e. consisting of multiple concurrent processes. A novel aspect is the ability to only partially abstract a model, keeping parts of it concrete.

[1]  J. M. Dunn,et al.  Modern Uses of Multiple-Valued Logic , 1977 .

[2]  Marsha Chechik,et al.  Multi-Valued Model Checking via Classical Model Checking , 2003, CONCUR.

[3]  E BryantRandal,et al.  Formal verification by symbolic evaluation of partially-ordered trajectories , 1995 .

[4]  Orna Grumberg,et al.  2-Valued and 3-Valued Abstraction-Refinement in Model Checking , 2010, Logics and Languages for Reliability and Security.

[5]  Marsha Chechik,et al.  Why Waste a Perfectly Good Abstraction? , 2006, TACAS.

[6]  Radha Jagadeesan,et al.  Modal Transition Systems: A Foundation for Three-Valued Program Analysis , 2001, ESOP.

[7]  Marsha Chechik,et al.  Multi-valued symbolic model-checking , 2003, TSEM.

[8]  Radha Jagadeesan,et al.  Model checking partial state spaces with 3-valued temporal logics , 2001 .

[9]  Randal E. Bryant,et al.  Formal verification by symbolic evaluation of partially-ordered trajectories , 1995, Formal Methods Syst. Des..

[10]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[11]  Jochen Hoenicke,et al.  SMTInterpol: An Interpolating SMT Solver , 2012, SPIN.

[12]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[13]  Wojciech Penczek,et al.  Reducing Model Checking from Multi-valued {\rm CTL}^{\ast} to {\rm CTL}^{\ast} , 2002, CONCUR.

[14]  Wojciech Penczek,et al.  Reducing model checking from multi-valued CTL* to CTL , 2002 .

[15]  Melvin Fitting,et al.  Bilattices and the theory of truth , 1989, J. Philos. Log..

[16]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[17]  Marc de Jonge,et al.  The SpinJa Model Checker , 2010, SPIN.

[18]  Marsha Chechik,et al.  Yasm: A Software Model-Checker for Verification and Refutation , 2006, CAV.

[19]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[20]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .