Bounded model checking of infinite state systems

Bounded model checking (BMC) is an attractive alternative to symbolic model checking, since it often allows a more efficient verification. The idea of BMC is to reduce the model checking problem to a satisfiability problem of the underlying base logic, so that sophisticated decision procedures can be utilized to check the resulting formula. We present a new approach to BMC that extends current methods in three ways: First, instead of a reduction to propositional logic which restricts BMC to finite state systems, we focus on infinite state systems and therefore consider more powerful, yet decidable base logics. Second, instead of directly unwinding temporal logic formulas, we use special translations to ω-automata that take into account the temporal logic hierarchy and maintain safety and liveness properties. Third, we employ both global and local model checking procedures to take advantage of the different types of specifications that can be handled by these techniques. Based on three-valued logic, our bounded model checking procedures may either prove or disprove a specification, or they may explicitly state that no information has been obtained due to insufficient bounds.

[1]  Julian Bradfield Verifying Temporal Properties of Systems , 1992, Progress in Theoretical Computer Science.

[2]  Klaus Schneider,et al.  Proving the Equivalence of Microstep and Macrostep Semantics , 2002, TPHOLs.

[3]  Herbert B. Enderton,et al.  A mathematical introduction to logic , 1972 .

[4]  Wolfgang Thomas,et al.  A Short Introduction to Infinite Automata , 2001, Developments in Language Theory.

[5]  Pierre Wolper,et al.  Constructing Automata from Temporal Logic Formulas: A Tutorial , 2002, European Educational Forum: School on Formal Methods and Performance Analysis.

[6]  David L. Dill,et al.  Deciding Presburger Arithmetic by Model Checking and Comparisons with Other Methods , 2002, FMCAD.

[7]  Edmund M. Clarke,et al.  Formal Methods: State of the Art and Future Directions Working Group Members , 1996 .

[8]  J. P. Marques,et al.  GRASP : A Search Algorithm for Propositional Satisfiability , 1999 .

[9]  Adnan Aziz,et al.  Techniques for Implicit State Enumeration of EFSMs , 1998, FMCAD.

[10]  Robert P. Kurshan,et al.  Experimental Analysis of Different Techniques for Bounded Model Checking , 2003, TACAS.

[11]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[12]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[13]  A. Sangiovanni-Vincentelli,et al.  Formal analysis of synchronous circuits , 1996 .

[14]  Zohar Manna,et al.  The anchored version of the temporal framework , 1988, REX Workshop.

[15]  Joël Ouaknine,et al.  Completeness and Complexity of Bounded Model Checking , 2004, VMCAI.

[16]  Edmund M. Clarke,et al.  Symbolic model checking: 10/sup 20/ states and beyond , 1990, [1990] Proceedings. Fifth Annual IEEE Symposium on Logic in Computer Science.

[17]  Gianpiero Cabodi,et al.  Can BDDs compete with SAT solvers on bounded model checking? , 2002, DAC '02.

[18]  Armin Biere,et al.  Bounded model checking , 2003, Adv. Comput..

[19]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[20]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[21]  E. Allen Emerson,et al.  Model Checking and the Mu-calculus , 1996, Descriptive Complexity and Finite Models.

[22]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[23]  Klaus Schneider,et al.  Relationship between Alternating omega-Automata and Symbolically Represented Nondeterministic omega-Automata , 2005 .

[24]  Pierre Wolper,et al.  Representing Arithmetic Constraints with Finite Automata: An Overview , 2002, ICLP.

[25]  Nicolas Halbwachs,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2005, Lecture Notes in Computer Science.

[26]  Hubert Comon-Lundh,et al.  Diophantine Equations, Presburger Arithmetic and Finite Automata , 1996, CAAP.

[27]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[28]  M. Shams Asynchronous Circuits , 2005 .

[29]  David Walker,et al.  Local Model Checking in the Modal mu-Calculus , 1991, Theoretical Computer Science.

[30]  Thomas Kropf,et al.  Alternative Proof Procedures for Finite-State Machines in Higher-Order Logic , 1993, HUG.

[31]  Michael Mortimer,et al.  On languages with two variables , 1975, Math. Log. Q..

[32]  Pierre Wolper Temporal Logic Can Be More Expressive , 1983, Inf. Control..

[33]  James Bret Michael Book Review: Verifying Temporal Properties of Systems, by Julian Charles Bradfield: (Birkhäuser Boston, Cambridge, Massachusetts, 1992) , 1992, SIGP.

[34]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[35]  Gérard Berry,et al.  The constructive semantics of pure esterel , 1996 .

[36]  Richard Gerber,et al.  Symbolic Model Checking of Infinite State Systems Using Presburger Arithmetic , 1997, CAV.

[37]  Moshe Y. Vardi Nontraditional Applications of Automata Theory , 1994, TACS.

[38]  Derek C. Oppen,et al.  A 2^2^2^pn Upper Bound on the Complexity of Presburger Arithmetic , 1978, J. Comput. Syst. Sci..

[39]  Robert K. Brayton,et al.  Deterministic w Automata vis-a-vis Deterministic Buchi Automata , 1994, ISAAC.

[40]  S. C. Kleene,et al.  Introduction to Metamathematics , 1952 .

[41]  Grzegorz Rozenberg,et al.  Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency , 1988, Lecture Notes in Computer Science.

[42]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[43]  Erich Grädel,et al.  On Preservation Theorems for Two‐Variable Logic , 1999, Math. Log. Q..

[44]  Pierre Wolper,et al.  On the Construction of Automata from Linear Arithmetic Constraints , 2000, TACAS.

[45]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002 .

[46]  Reinhard Wilhelm,et al.  Cache Behavior Prediction by Abstract Interpretation , 1996, Sci. Comput. Program..

[47]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[48]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[49]  Fabio Somenzi,et al.  Efficient manipulation of decision diagrams , 2001, International Journal on Software Tools for Technology Transfer.

[50]  Michael J. C. Gordon,et al.  Higher Order Logic Theorem Proving and Its Applications , 1994, Lecture Notes in Computer Science.

[51]  Harald Ruess,et al.  Lazy Theorem Proving for Bounded Model Checking over Infinite Domains , 2002, CADE.

[52]  Faron Moller,et al.  Verification on Infinite Structures , 2001, Handbook of Process Algebra.

[53]  Tobias Schüle,et al.  Maximal causality analysis , 2005, Fifth International Conference on Application of Concurrency to System Design (ACSD'05).

[54]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[55]  Olivier Coudert,et al.  New ideas on symbolic manipulations of finite state machines , 1990, Proceedings., 1990 IEEE International Conference on Computer Design: VLSI in Computers and Processors.

[56]  Klaus W. Wagner,et al.  On omega-Regular Sets , 1979, Inf. Control..

[57]  Zohar Manna,et al.  A hierarchy of temporal properties (invited paper, 1989) , 1990, PODC '90.

[58]  G. Cabodi,et al.  Can BDDs compete with SAT solvers on Bounded Model Checking? , 2002, Proceedings 2002 Design Automation Conference (IEEE Cat. No.02CH37324).

[59]  Moshe Y. Vardi Why is Modal Logic So Robustly Decidable? , 1996, Descriptive Complexity and Finite Models.

[60]  Klaus Schneider,et al.  Improving Automata Generation for Linear Temporal Logic by Considering the Automaton Hierarchy , 2001, LPAR.

[61]  Thomas R. Shiple,et al.  A Comparison of Presburger Engines for EFSM Reachability , 1998, CAV.

[62]  David E. Muller,et al.  Weak alternating automata give a simple explanation of why most temporal and dynamic logics are decidable in exponential time , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[63]  Klaus Schneider,et al.  Embedding imperative synchronous languages in interactive theorem provers , 2001, Proceedings Second International Conference on Application of Concurrency to System Design.

[64]  Gregory R. Andrews,et al.  Concurrent programming - principles and practice , 1991 .

[65]  J. R. Büchi On a Decision Method in Restricted Second Order Arithmetic , 1990 .

[66]  Christoph Meinel,et al.  Algorithms and Data Structures in VLSI Design: OBDD - Foundations and Applications , 2012 .

[67]  Edmund M. Clarke,et al.  Another Look at LTL Model Checking , 1994, CAV.

[68]  Klaus Schneider,et al.  Verification of Reactive Systems: Formal Methods and Algorithms , 2003 .

[69]  Prof. Dr. Christoph Meinel,et al.  Algorithms and Data Structures in VLSI Design , 1998, Springer Berlin Heidelberg.

[70]  Wolfgang Thomas,et al.  Automata on Infinite Objects , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[71]  Klaus Schneider A Verified Hardware Synthesis of Esterel Programs , 2000, DIPES.

[72]  Masahiro Fujita,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, DAC '99.

[73]  Rance Cleaveland,et al.  Tableau-based model checking in the propositional mu-calculus , 1990, Acta Informatica.

[74]  Lawrence H. Landweber,et al.  Decision problems forω-automata , 1969, Mathematical systems theory.

[75]  Sharad Malik Analysis of cyclic combinational circuits , 1994, IEEE Trans. Comput. Aided Des. Integr. Circuits Syst..

[76]  Armin Biere,et al.  Bounded Model Checking Using Satisfiability Solving , 2001, Formal Methods Syst. Des..

[77]  Javier Esparza,et al.  An Automata-Theoretic Approach to Software Verification , 2003, Developments in Language Theory.

[78]  S. Sieber On a decision method in restricted second-order arithmetic , 1960 .

[79]  Randal E. Bryant,et al.  On the Complexity of VLSI Implementations and Graph Representations of Boolean Functions with Application to Integer Multiplication , 1991, IEEE Trans. Computers.

[80]  Phokion G. Kolaitis,et al.  On the Decision Problem for Two-Variable First-Order Logic , 1997, Bulletin of Symbolic Logic.

[81]  Colin Stirling,et al.  Local Model Checking for Infinite State Spaces , 1992, Theor. Comput. Sci..

[82]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[83]  Amir Pnueli,et al.  Algorithmic Verification of Linear Temporal Logic Specifications , 1998, ICALP.

[84]  Tobias Schüle,et al.  Bounded model checking of infinite state systems: exploiting the automata hierarchy , 2004, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04..

[85]  R. McNaughton,et al.  Counter-Free Automata , 1971 .

[86]  Susan Owicki,et al.  An axiomatic proof technique for parallel programs I , 1976, Acta Informatica.

[87]  Tobias Schüle,et al.  Global vs. local model checking: a comparison of verification techniques for infinite state systems , 2004, Proceedings of the Second International Conference on Software Engineering and Formal Methods, 2004. SEFM 2004..

[88]  Pierre Wolper,et al.  Simple on-the-fly automatic verification of linear temporal logic , 1995, PSTV.

[89]  Clifford Stein,et al.  Introduction to Algorithms, 2nd edition. , 2001 .

[90]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[91]  Eugene Goldberg,et al.  BerkMin: A Fast and Robust Sat-Solver , 2002, Discret. Appl. Math..

[92]  Richard Gerber,et al.  Model-checking concurrent systems with unbounded integer variables: symbolic representations, approximations, and experimental results , 1999, TOPL.

[93]  Sharad Malik,et al.  Analysis of cyclic combinational circuits , 1993, ICCAD '93.