2,270 research outputs found
A Dual-Engine for Early Analysis of Critical Systems
This paper presents a framework for modeling, simulating, and checking
properties of critical systems based on the Alloy language -- a declarative,
first-order, relational logic with a built-in transitive closure operator. The
paper introduces a new dual-analysis engine that is capable of providing both
counterexamples and proofs. Counterexamples are found fully automatically using
an SMT solver, which provides a better support for numerical expressions than
the existing Alloy Analyzer. Proofs, however, cannot always be found
automatically since the Alloy language is undecidable. Our engine offers an
economical approach by first trying to prove properties using a
fully-automatic, SMT-based analysis, and switches to an interactive theorem
prover only if the first attempt fails. This paper also reports on applying our
framework to Microsoft's COM standard and the mark-and-sweep garbage collection
algorithm.Comment: Workshop on Dependable Software for Critical Infrastructures (DSCI),
Berlin 201
Linear Encodings of Bounded LTL Model Checking
We consider the problem of bounded model checking (BMC) for linear temporal
logic (LTL). We present several efficient encodings that have size linear in
the bound. Furthermore, we show how the encodings can be extended to LTL with
past operators (PLTL). The generalised encoding is still of linear size, but
cannot detect minimal length counterexamples. By using the virtual unrolling
technique minimal length counterexamples can be captured, however, the size of
the encoding is quadratic in the specification. We also extend virtual
unrolling to Buchi automata, enabling them to accept minimal length
counterexamples.
Our BMC encodings can be made incremental in order to benefit from
incremental SAT technology. With fairly small modifications the incremental
encoding can be further enhanced with a termination check, allowing us to prove
properties with BMC. Experiments clearly show that our new encodings improve
performance of BMC considerably, particularly in the case of the incremental
encoding, and that they are very competitive for finding bugs. An analysis of
the liveness-to-safety transformation reveals many similarities to the BMC
encodings in this paper. Using the liveness-to-safety translation with
BDD-based invariant checking results in an efficient method to find shortest
counterexamples that complements the BMC-based approach.Comment: Final version for Logical Methods in Computer Science CAV 2005
special issu
Automatic Abstraction in SMT-Based Unbounded Software Model Checking
Software model checkers based on under-approximations and SMT solvers are
very successful at verifying safety (i.e. reachability) properties. They
combine two key ideas -- (a) "concreteness": a counterexample in an
under-approximation is a counterexample in the original program as well, and
(b) "generalization": a proof of safety of an under-approximation, produced by
an SMT solver, are generalizable to proofs of safety of the original program.
In this paper, we present a combination of "automatic abstraction" with the
under-approximation-driven framework. We explore two iterative approaches for
obtaining and refining abstractions -- "proof based" and "counterexample based"
-- and show how they can be combined into a unified algorithm. To the best of
our knowledge, this is the first application of Proof-Based Abstraction,
primarily used to verify hardware, to Software Verification. We have
implemented a prototype of the framework using Z3, and evaluate it on many
benchmarks from the Software Verification Competition. We show experimentally
that our combination is quite effective on hard instances.Comment: Extended version of a paper in the proceedings of CAV 201
A Framework to Synergize Partial Order Reduction with State Interpolation
We address the problem of reasoning about interleavings in safety
verification of concurrent programs. In the literature, there are two prominent
techniques for pruning the search space. First, there are well-investigated
trace-based methods, collectively known as "Partial Order Reduction (POR)",
which operate by weakening the concept of a trace by abstracting the total
order of its transitions into a partial order. Second, there is state-based
interpolation where a collection of formulas can be generalized by taking into
account the property to be verified. Our main contribution is a framework that
synergistically combines POR with state interpolation so that the sum is more
than its parts
Automata-theoretic and bounded model checking for linear temporal logic
In this work we study methods for model checking the temporal logic LTL. The focus is on the automata-theoretic approach to model checking and bounded model checking.
We begin by examining automata-theoretic methods to model check LTL safety properties. The model checking problem can be reduced to checking whether the language of a finite state automaton on finite words is empty. We describe an efficient algorithm for generating small finite state automata for so called non-pathological safety properties. The presented implementation is the first tool able to decide whether a formula is non-pathological. The experimental results show that treating safety properties can benefit model checking at very little cost. In addition, we find supporting evidence for the view that minimising the automaton representing the property does not always lead to a small product state space. A deterministic property automaton can result in a smaller product state space even though it might have a larger number states.
Next we investigate modular analysis. Modular analysis is a state space reduction method for modular Petri nets. The method can be used to construct a reduced state space called the synchronisation graph. We devise an on-the-fly automata-theoretic method for model checking the behaviour of a modular Petri net from the synchronisation graph. The solution is based on reducing the model checking problem to an instance of verification with testers. We analyse the tester verification problem and present an efficient on-the-fly algorithm, the first complete solution to tester verification problem, based on generalised nested depth-first search.
We have also studied propositional encodings for bounded model checking LTL. A new simple linear sized encoding is developed and experimentally evaluated. The implementation in the NuSMV2 model checker is competitive with previously presented encodings. We show how to generalise the LTL encoding to a more succint logic: LTL with past operators. The generalised encoding compares favourably with previous encodings for LTL with past operators. Links between bounded model checking and the automata-theoretic approach are also explored.reviewe
A Novel SAT-Based Approach to the Task Graph Cost-Optimal Scheduling Problem
The Task Graph Cost-Optimal Scheduling Problem consists in scheduling a certain number of interdependent tasks onto a set of heterogeneous processors (characterized by idle and running rates per time unit), minimizing the cost of the entire process. This paper provides a novel formulation for this scheduling puzzle, in which an optimal solution is computed through a sequence of Binate Covering Problems, hinged within a Bounded Model Checking paradigm. In this approach, each covering instance, providing a min-cost trace for a given schedule depth, can be solved with several strategies, resorting to Minimum-Cost Satisfiability solvers or Pseudo-Boolean Optimization tools. Unfortunately, all direct resolution methods show very low efficiency and scalability. As a consequence, we introduce a specialized method to solve the same sequence of problems, based on a traditional all-solution SAT solver. This approach follows the "circuit cofactoring" strategy, as it exploits a powerful technique to capture a large set of solutions for any new SAT counter-example. The overall method is completed with a branch-and-bound heuristic which evaluates lower and upper bounds of the schedule length, to reduce the state space that has to be visited. Our results show that the proposed strategy significantly improves the blind binate covering schema, and it outperforms general purpose state-of-the-art tool
Evaluating Model Testing and Model Checking for Finding Requirements Violations in Simulink Models
Matlab/Simulink is a development and simulation language that is widely used
by the Cyber-Physical System (CPS) industry to model dynamical systems. There
are two mainstream approaches to verify CPS Simulink models: model testing that
attempts to identify failures in models by executing them for a number of
sampled test inputs, and model checking that attempts to exhaustively check the
correctness of models against some given formal properties. In this paper, we
present an industrial Simulink model benchmark, provide a categorization of
different model types in the benchmark, describe the recurring logical patterns
in the model requirements, and discuss the results of applying model checking
and model testing approaches to identify requirements violations in the
benchmarked models. Based on the results, we discuss the strengths and
weaknesses of model testing and model checking. Our results further suggest
that model checking and model testing are complementary and by combining them,
we can significantly enhance the capabilities of each of these approaches
individually. We conclude by providing guidelines as to how the two approaches
can be best applied together.Comment: 10 pages + 2 page reference
- …