Composite model-checking

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Composite model-checking: verification with type-specific symbolic representations

Full text

Pdf (400 KB)

Source

ACM Transactions on Software Engineering and Methodology (TOSEM) archive
Volume 9 , Issue 1 (January 2000) table of contents

Pages: 3 - 50

Year of Publication: 2000

ISSN:1049-331X

Authors

Tevfik Bultan	Univ. of California, Santa Barbara
Richard Gerber	Univ. of Maryland, College Park
Christopher League	Yale Univ.

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 10, Downloads (12 Months): 74, Citation Count: 8

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/332740.332746 What is a DOI?

ABSTRACT

There has been a surge of progress in automated verification methods based on state exploration. In areas like hardware design, these technologies are rapidly augmenting key phases of testing and validation. To date, one of the most successful of these methods has been symbolic model-checking, in which large finite-state machines are encoded into compact data structures such as Binary Decision Diagrams (BDDs), and are then checked for safety and liveness properties. However, these techniques have not realized the same success on software systems. One limitation is their inability to deal with infinite-state programs, even those with a single unbounded integer. A second problem is that of finding efficient representations for various variable types. We recently proposed a model-checker for integer-based systems that uses arithmetic constraints as the underlying state representation. While this approach easily verified some subtle, infinite-state concurrency problems, it proved inefficient in its treatment of boolean and (unordered) enumerated types—which are not efficiently representable using arithmetic constraints. In this article we present a new technique that combines the strengths of both BDD and arithmetic constraint representations. Our composite model merges multiple type-specific symbolic representations in a single model-checker. A system's transitions and fixpoint computations are encoded using both BDD (for boolean and enumerated types) and arithmetic constraints (for integers) representations, where the choice depends on the variable types. Our composite model-checking strategy can be extended to other symbolic representations provided that they support operations such as intersection, union, complement, equivalence checking, and relational image computation. We also present conservative approximation techniques for composite representations to address the undecidability of model-checking on infinite-state systems. We demonstrate the effectiveness of our approach by analyzing two example software specifications which include a mixture of booleans, integers, and enumerated types. One of them is a requirements specification for the control software of a nuclear reactor's cooling system, and the other one is a protocol specification.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	R. Alur , C. Courcoubetis , N. Halbwachs , T. A. Henzinger , P.-H. Ho , X. Nicollin , A. Olivero , J. Sifakis , S. Yovine, The algorithmic analysis of hybrid systems, Theoretical Computer Science, v.138 n.1, p.3-34, Feb. 6, 1995 [doi>10.1016/0304-3975(94)00202-T]
	2	Rajeev Alur , Costas Courcoubetis , Thomas A. Henzinger , Pei-Hsin Ho, Hybrid Automata: An Algorithmic Approach to the Specification and Verification of Hybrid Systems, Hybrid Systems, p.209-229, January 1993
	3	Rajeev Alur , Thomas A. Henzinger , Pei-Hsin Ho, Automatic Symbolic Verification of Embedded Systems, IEEE Transactions on Software Engineering, v.22 n.3, p.181-201, March 1996 [doi>10.1109/32.489079]
	4	Richard J. Anderson , Paul Beame , Steve Burns , William Chan , Francesmary Modugno , David Notkin , Jon D. Reese, Model checking large software specifications, Proceedings of the 4th ACM SIGSOFT symposium on Foundations of software engineering, p.156-166, October 16-18, 1996, San Francisco, California, United States
	5	André Arnold , John Plaice, Finite transition systems: semantics of communicating systems, Prentice Hall International (UK) Ltd., Hertfordshire, UK, 1994
	6	Joanne M. Atlee , Michael A. Buckley, A logic-model semantics for SCR software requirements, ACM SIGSOFT Software Engineering Notes, v.21 n.3, p.280-292, May 1996
	7	J. M. Atlee , J. Gannon, State-Based Model Checking of Event-Driven System Requirements, IEEE Transactions on Software Engineering, v.19 n.1, p.24-40, January 1993 [doi>10.1109/32.210305]
	8	David A. Basin , Nils Klarlund, Hardware Verification using Monadic Second-Order Logic, Proceedings of the 7th International Conference on Computer Aided Verification, p.31-41, July 03-05, 1995
	9	BHARADWAJ, R. AND HEITMEYER, C. 1997. Verifying SCR requirements specifications using state exploration. In Proceedings of the 1st ACM SIGPLAN Workshop on Automatic Analysis of Software (Jan.), ACM Press, New York, NY.
	10	Morten Biehl , Nils Klarlund , Theis Rauhe, Mona: Decidable Arithmetic in Practice, Proceedings of the 4th International Symposium on Formal Techniques in Real-Time and Fault-Tolerant Systems, p.459-462, September 09-13, 1996
	11	Bernard Boigelot , Patrice Godefroid, Symbolic Verification of Communication Protocols with Infinite State Spaces Using QDDs (Extended Abstract), Proceedings of the 8th International Conference on Computer Aided Verification, p.1-12, August 03, 1996
	12	Bernard Boigelot , Patrice Godefroid , Bernard Willems , Pierre Wolper, The Power of QDDs (Extended Abstract), Proceedings of the 4th International Symposium on Static Analysis, p.172-186, September 08-10, 1997
	13	Julian Charles Bradfield, Verifying temporal properties of systems, Birkhauser Boston Inc., Cambridge, MA, 1991
	14	Randal E. Bryant, Graph-based algorithms for Boolean function manipulation, IEEE Transactions on Computers, v.35 n.8, p.677-691, Aug. 1986 [doi>10.1109/TC.1986.1676819]
	15	Randal E. Bryant , Yirng-An Chen, Verification of arithmetic circuits with binary moment diagrams, Proceedings of the 32nd ACM/IEEE conference on Design automation, p.535-541, June 12-16, 1995, San Francisco, California, United States [doi>10.1145/217474.217583]
	16	BULTAN, T. AND GERBER, R. 1998. Composite model checking with type specific symbolic encodings. Tech. Rep. CS-TR-3871. Department of Computer Science, University of Maryland, College Park, MD.
	17	Tevfik Bultan , Jeffrey Fischer , Richard Gerber, Compositional verification by model checking for counter-examples, ACM SIGSOFT Software Engineering Notes, v.21 n.3, p.224-238, May 1996
	18	Tevfik Bultan , Richard Gerber , Christopher League, Verifying systems with integer constraints and Boolean predicates: a composite approach, ACM SIGSOFT Software Engineering Notes, v.23 n.2, p.113-123, March 1998
	19	Tevfik Bultan , Richard Gerber , William Pugh, Symbolic Model Checking of Infinite State Systems Using Presburger Arithmetic, Proceedings of the 9th International Conference on Computer Aided Verification, p.400-411, June 22-25, 1997
	20	Tevfik Bultan , Richard Gerber , William Pugh, Model-checking concurrent systems with unbounded integer variables: symbolic representations, approximations, and experimental results, ACM Transactions on Programming Languages and Systems (TOPLAS), v.21 n.4, p.747-789, July 1999 [doi>10.1145/325478.325480]
	21	BURCH, J. R., CLARKE, E. M., AND LONG, D. E. 1991. Symbolic model checking with partitioned transition relations. In Proceedings of the 1991 University of California~Santa Cruz Conference on Advanced Research in VLSI (Edimburgh, Scotland), C. H. S quin, Ed. MIT Press, Cambridge, MA, 49-58.
	22	BURCH, J. R., CLARKE, E. M., LONG, D. E., MCMILLAN, K. L., AND DILL, D. L. 1994. Symbolic model checking for sequential circuit verification. IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst. 13, 4 (Apr.), 401-424.
	23	BURCH, J. R., CLARKE, E. M., MCMILLAN, K. L., DILL, D. L., AND HWANG, L.J. 1990. Symbolic model checking: 1020 states and beyond. In Proceedings of the 5th Annual IEEE Symposium on Logic in Computer Science (LICS '90, June), IEEE Press, Piscataway, NJ, 428-439.
	24	William Chan , Richard J. Anderson , Paul Beame , Steve Burns , Francesmary Modugno , David Notkin , Jon D. Reese, Model Checking Large Software Specifications, IEEE Transactions on Software Engineering, v.24 n.7, p.498-520, July 1998 [doi>10.1109/32.708566]
	25	William Chan , Richard Anderson , Paul Beame , David Notkin, Combining Constraint Solving and Symbolic Model Checking for a Class of a Systems with Non-linear Constraints, Proceedings of the 9th International Conference on Computer Aided Verification, p.316-327, June 22-25, 1997
	26	Edmund M. Clarke , Robert P. Kurshan, Computer-aided verification, IEEE Spectrum, v.33 n.6, p.61-67, June 1996 [doi>10.1109/6.499951]
	27	Edmund Clarke , Xudong Zhao, Word Level Symbolic Model Checking: A New Approach for Verifying Arithmetic Circuits, Carnegie Mellon University, Pittsburgh, PA, 1995
	28	E. M. Clarke , E. A. Emerson , A. P. Sistla, Automatic verification of finite-state concurrent systems using temporal logic specifications, ACM Transactions on Programming Languages and Systems (TOPLAS), v.8 n.2, p.244-263, April 1986 [doi>10.1145/5397.5399]
	29	Edmund Clarke , Masahiro Fujita , Xudong Zhao, Applications of Multi-Terminal Binary Decision Diagrams, Carnegie Mellon University, Pittsburgh, PA, 1995
	30	Edmund M. Clarke , Orna Grumberg , David E. Long, Model checking and abstraction, ACM Transactions on Programming Languages and Systems (TOPLAS), v.16 n.5, p.1512-1542, Sept. 1994 [doi>10.1145/186025.186051]
	31	Edmund Clarke , Orna Grumberg , Kenneth McMillan , Xudong Zhao, Efficient Generation of Counterexamples and Witnesses in Symbolic Model Checking, Carnegie Mellon University, Pittsburgh, PA, 1994
	32	E. Clarke , D. Long , K. McMillan, Compositional model checking, Proceedings of the Fourth Annual Symposium on Logic in computer science, p.353-362, June 1989, Pacific Grove, California, United States
	33	P.-J. Courtois , D. L. Parnas, Documentation for safety critical software, Proceedings of the 15th international conference on Software Engineering, p.315-323, May 17-21, 1993, Baltimore, Maryland, United States
	34	Patrick Cousot , Radhia Cousot, Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints, Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.238-252, January 17-19, 1977, Los Angeles, California [doi>10.1145/512950.512973]
	35	Patrick Cousot , Nicolas Halbwachs, Automatic discovery of linear restraints among variables of a program, Proceedings of the 5th ACM SIGACT-SIGPLAN symposium on Principles of programming languages, p.84-96, January 23-25, 1978, Tucson, Arizona [doi>10.1145/512760.512770]
	36	CRIDLIG, R. 1996. Semantic analsis of concurrent ML by abstract model-checking. In Proceedings of the INFINITY International Workshop on Infinite State Systems, 71-86. Tech. Rep. MIP-9614.
	37	Dennis Dams , Rob Gerth , Orna Grumberg, Abstract interpretation of reactive systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.19 n.2, p.253-291, March 1997 [doi>10.1145/244795.244800]
	38	ESPARZA, g. 1997. Decidability of model checking for infinite-state concurrent systems. Acta Inf. 34, 2, 85-107.
	39	FISCHER, M. J. AND RABIN, M. O. 1974. Super-exponential complexity of Presburger arithmetic. SIAM-AMS Proc. 7, 27-41.
	40	Patrice Godefroid , David E. Long, Symbolic Protocol Verification with Queue BDDs, Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science, p.198, July 27-30, 1996
	41	Nicolas Halbwachs, Delay Analysis in Synchronous Programs, Proceedings of the 5th International Conference on Computer Aided Verification, p.333-346, June 28-July 01, 1993
	42	HALBWACHS, N., RAYMOND, P., AND PROY, Y. 1994. Verification of linear hybrid systems by means of convex approximations. In Proceedings of the International Symposium on Static Analysis (Sept.), B. LeCharlier, Ed. Springer Lecture Notes in Computer Science, vol. 864. Springer-Verlag, Vienna, Austria.
	43	Constance L. Heitmeyer , Ralph D. Jeffords , Bruce G. Labaw, Automated consistency checking of requirements specifications, ACM Transactions on Software Engineering and Methodology (TOSEM), v.5 n.3, p.231-261, July 1996 [doi>10.1145/234426.234431]
	44	Jesper G. Henriksen , Jakob L. Jensen , Michael E. Jørgensen , Nils Klarlund , Robert Paige , Theis Rauhe , Anders Sandholm, Mona: Monadic Second-Order Logic in Practice, Proceedings of the First International Workshop on Tools and Algorithms for Construction and Analysis of Systems, p.89-110, May 19-20, 1995
	45	Thomas A. Henzinger , Vlad Rusu, Reachability Verification for Hybrid Automata, Proceedings of the First International Workshop on Hybrid Systems: Computation and Control, p.190-204, April 13-15, 1998
	46	JACKSON, D. 1996. Nitpick: A checkable specification language. In Proceedings of the Workshop on Formal Methods in Software Practice,
	47	Daniel Jackson , Craig A. Damon, Elements of style: analyzing a software design feature with a counterexample detector, ACM SIGSOFT Software Engineering Notes, v.21 n.3, p.239-249, May 1996
	48	JACKSON, D., NG, Y., AND WING, J. 1998. A Nitpick analysis of mobile IPv6. Tech. Rep. CMU-CS-98-113. School of Computer Science, Carnegie Mellon University, Pittsburgh, PA.
	49	Roope Kaivola, Using Compositional Preorders in the Verification of Sliding Window Protocal, Proceedings of the 9th International Conference on Computer Aided Verification, p.48-59, June 22-25, 1997
	50	KELB, P., DAMS, D., AND GERTH, R. 1995. Practical symbolic model checking of the full tL-calculus using compositional abstractions. Tech. Rep. 95-31. Department of Mathematics and Computing Science, Eindhoven University of Technology, Eindhoven, Netherlands.
	51	Wayne Kelly , Vadim Maslov , William Pugh , Evan Rosser , Tatiana Shpeisman , David Wonnacott, The Omega Library interface guide, University of Maryland at College Park, College Park, MD, 1995
	52	Yonit Kesten , Oded Maler , M. Marcus , Amir Pnueli , Elad Shahar, Symbolic Model Checking with Rich ssertional Languages, Proceedings of the 9th International Conference on Computer Aided Verification, p.424-435, June 22-25, 1997
	53	Nils Klarlund, Mona & Fido: The Logic-Automaton Connection in Practice, Selected Papers from the11th International Workshop on Computer Science Logic, p.311-326, August 23-29, 1997
	54	Kenneth L. McMillan, Symbolic Model Checking, Kluwer Academic Publishers, Norwell, MA, 1993
	55	OPPEN, D. C. 1978. A 222" upper bound on the complexity of Presburger arithmetic. J. Comput. Syst. Sci. 16, 3, 323-332.
	56	Abelardo Pardo , Gary D. Hachtel, Automatic Abstraction Techniques for Propositional µ-calculus Model Checking, Proceedings of the 9th International Conference on Computer Aided Verification, p.12-23, June 22-25, 1997
	57	William Pugh, A practical algorithm for exact array dependence analysis, Communications of the ACM, v.35 n.8, p.102-114, Aug. 1992 [doi>10.1145/135226.135233]
	58	SREEMANI, T. AND ATLEE, J. M. 1996. Feasibility of model checking software requirements. In Proceedings of the 11th Annual Conference on Computer Assurance on Proceedings of the 11th Annual Conference on Computer Assurance (COMPASS '96, Gaithersburg, MD, June), IEEE Computer Society, Washington, DC, 77-88.
	59	STENNING, N.V. 1976. A data transfer protocol. Comput. Netw. J. 1, 99-110.
	60	TARSKI, A. 1955. A lattice-theoretical fixpoint theorem and its applications. Pacific J. Math. 5, 285-309.
	61	Jeannette M. Wing , Mandana Vaziri-Farahani, Model checking software systems: a case study, ACM SIGSOFT Software Engineering Notes, v.20 n.4, p.128-139, Oct. 1995

CITED BY 8

	Marsha Chechik , Wei Ding, Lightweight reasoning about program correctness, Proceedings of the 2001 conference of the Centre for Advanced Studies on Collaborative research, p.1, November 05-07, 2001, Toronto, Ontario, Canada
	Robby , Matthew B. Dwyer , John Hatcliff, Bogor: an extensible and highly-modular software model checking framework, ACM SIGSOFT Software Engineering Notes, v.28 n.5, September 2003
	Tuba Yavuz-Kahveci , Tevfik Bultan, Specification, verification, and synthesis of concurrency control components, ACM SIGSOFT Software Engineering Notes, v.27 n.4, July 2002
	Marsha Chechik , Arie Gurfinkel , Benet Devereux , Albert Lai , Steve Easterbrook, Data structures for symbolic multi-valued model-checking, Formal Methods in System Design, v.29 n.3, p.295-344, November 2006
	Marsha Chechik , Wei Ding, Lightweight Reasoning about Program Correctness, Information Systems Frontiers, v.4 n.4, p.363-377, December 2002
	Fang Yu , Chao Wang , Aarti Gupta , Tevfik Bultan, Modular verification of web services using efficient symbolic encoding and summarization, Proceedings of the 16th ACM SIGSOFT International Symposium on Foundations of software engineering, November 09-14, 2008, Atlanta, Georgia
	Zijiang Yang , Chao Wang , Aarti Gupta , Franjo Ivanvčić, Model checking sequential software programs via mixed symbolic analysis, ACM Transactions on Design Automation of Electronic Systems (TODAES), v.14 n.1, p.1-26, January 2009
	Arie Gurfinkel , Sagar Chaki, Combining predicate and numeric abstraction for software model checking, Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design, p.1-9, November 17-20, 2008, Portland, Oregon