Temporal Logic Model Checking

ion reduces the state space by removing irrelevant features of a Kripke structure. Given a Kripke structure K, an abstraction is a Kripke structure K̂ such that K̂ is significantly smaller than K, and K̂ preserves a useful class of specifications for K. Consequently, the expensive task of model checking K can be reduced to the more feasible task of model checking K̂. We know from above that in order to preserve all CTL specifications, K and K̂ must be bisimilar. But bisimilarity, by its very definition, expresses that K and K̂ are behaviorally equivalent. Consequently, K̂ still models a lot of irrelevant behavior and will therefore be quite large in general. Temporal Logic Model Checking 551 A more practical approach is to employ the fact explained in Section 2 that simulation preserves ACTL! formulas, i.e., A * B and B |= φ imply A |= φ. Consequently, for an abstract system K̂ where K * K̂ holds, a successful run of the model checker over K̂ implies correctness over the original Kripke structure K, without model checking K. The converse implication, however, will not hold in general: an ACTL! property which is false in K̂ may still be true in K. In this case, the abstract counterexample obtained over K̂ cannot be reconstructed for the concrete Kripke structure K, and is called a spurious counterexample [10], or a false negative. An important instance of simulation-based abstraction is existential abstraction [11, 14] where the abstract states are essentially equivalence classes of concrete states; a transition between two abstract states holds if there was a transition between any two concrete member states in the corresponding equivalence classes. Formally, an abstraction function h is a surjection h : S → Ŝ where Ŝ is the set of abstract states. The surjection h induces an equivalence relation ≡ on the state space S where d ≡ e iff h(d) = h(e). The abstract Kripke structure K̂ = (Ŝ, Ŝ0, R̂, L̂,AP) derived from h is defined as follows:Kripke structure K̂ = (Ŝ, Ŝ0, R̂, L̂,AP) derived from h is defined as follows: Ŝ0 = {d̂ | ∃d ∈ S0 . h(d) = d̂} R̂ = {(d̂1, d̂2) | ∃d1, d2 ∈ S . h(d1) = d̂1 ∧ h(d2) = d̂2 ∧ R(d1, d2)}

[1]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[2]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[3]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[4]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[5]  Pierre Wolper,et al.  Reasoning About Infinite Computations , 1994, Inf. Comput..

[6]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[7]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[8]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[9]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[10]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[11]  Stephan Merz,et al.  Model Checking , 2000 .

[12]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[13]  Shin Nakajima,et al.  The SPIN Model Checker : Primer and Reference Manual , 2004 .

[14]  Somesh Jha,et al.  Exploiting Symmetry In Temporal Logic Model Checking , 1993, CAV.

[15]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[16]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[17]  Valentin Goranko,et al.  Logic in Computer Science: Modelling and Reasoning About Systems , 2007, J. Log. Lang. Inf..

[18]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 1999, POPL '99.

[19]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[20]  Patrice Godefroid Using Partial Orders to Improve Automatic Verification Methods , 1990, CAV.

[21]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[22]  Reinhard Wilhelm,et al.  Parametric shape analysis via 3-valued logic , 2002, TOPL.

[23]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[24]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[25]  Colin Stirling,et al.  Bisimulation, Modal Logic and Model Checking Games , 1999, Logic Journal of the IGPL.

[26]  Ashish Tiwari,et al.  Series of Abstractions for Hybrid Automata , 2002, HSCC.

[27]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[28]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[29]  Marcus Nilsson,et al.  Regular Model Checking , 2000, CAV.