屈婉霞,李暾,郭阳,杨晓东

DOI: https://doi.org/10.3969/j.issn.1001-2486.2008.04.011

2008-01-01

Abstract:With the growing increase in software/hardware system scale and function,the further development and application of model checking has been greatly limited by state space explosion,which has been the bottleneck of verifying large industrial designs.Based on the Murphi,an explicit state model checking tool,the problem of organization of reachable state space of model checking was studied,and a novel organization method of reachable state space based on integer pointer and Fibonacci hash was presented.In the approach,an efficient model checking system was suggested.The new approach can effectively shorten verification cycle,and give counter example when the system specification is unsatisfiable.All this greatly helped rapid error location.The analysis and experiment results prove the effectiveness of our method.

Ji Wang,Xiaodong Yi,Xuejun Yang

DOI: https://doi.org/10.1109/ISoLA.2006.69

2006-01-01

Abstract:The paper presents a novel framework for scalable model checking of concurrent C programs. With the idea of verification reuse, it shows an integrated approach to efficient reduction of state space by abstraction, symbolic representation and dynamic partial-order reduction (DPOR) techniques. The framework is founded on an over-approximated model of the concurrent program by variable abstraction, and combines DPOR with lightweight symbolic execution to generate the symbolic conditions for all locations, called -conditions, which are intended for verification reuse. The -conditions of a location are weak approximation of the conditions that must be satisfied at that location so as to guarantee the temporal safety properties to be verified. These conditions will be checked for reusing the previous exploration in verification, and will be iteratively refined under the guidance of spurious counterexamples. The presented framework is demonstrated by several experiments including a concurrent software system whose server and client processes are derived from openssl-0.9.6c C source codes implementing the SSL protocol.

Junyan Qian,Baowen Xu

2006-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:Model checking has been interest in applying model checking to software. However, the major problem of software model checking is the state space explosion problem. For model checking software, abstraction is a key issue. We present a methodology for automatically constructing an abstraction of C programs based on finite state machine. Firstly eliminate unneeded variables using program slicing technique and restrict C program to a simple intermediate form before constructing an abstract model of program. And then automatically extract a finite model from C source code using predicate abstraction and theorem proving. Finally, in order to reduce time complexities, we partition the set of candidate predicates into subsets, and construct abstract model independently.

CHEN Feng,LI Weihua,CHEN Hao,L(U) Zheng

2011-01-01

Abstract:In order to improve the analysis and design of software safety,on the basis of current researches on safety model and verification technology,a modeling and checking method is proposed for object-oriented software safety.Establishing non-formal UML models of software safety,safety extended deterministic finite automata and linear temporal logic are used to create the formal models and describe the safety properties separately.Through a model checker,we get the verification result.This approach realizes the combination of software safety model and verification technology.Experimental results show that the method can analyze and verify the safety properties effectively in the early stage of software design.

Guang Chen,Dexi Wang,Tianchi Li,Chao Zhang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/apsec.2018.00027

2018-01-01

Abstract:Software verification has been well applied in safety critical areas and has shown the ability to provide better quality assurance for modern software. However, as lines of code and complexity of software systems increase, the scalability of verification becomes a challenge. In this paper, we present an automatic software verification framework TSV to address the scalability issues: (i) the extended structural abstraction and property-guided program slicing to solve large-scale program verification problem, saving time and memory without losing accuracy; (ii) automatically select different verification methods according to the program and property context to improve the verification efficiency. For evaluation, we compare TSV's different configurations with existing C program verifiers based on open benchmarks. We found that TSV with auto-selection performs better than with bounded model checking only or with extended structural abstraction only. Compared to existing tools such as CMBC and CPAChecker, it acquires 10%-20% improvement of accuracy and 50%-90% improvement of memory consumption.

Wei-Tek Tsai,Hai Huang

2005-01-01

Abstract:Model checking is a formal approach for software verification. It can prove mathematically the absence of certain types of malicious behaviors, such as deadlocks. Because model checking exhaustively explores all possible states and transitions of given software system, its sluggish performance has impeded broad application in software development. Recent progress on leveraging the performance sheds light on its massive adoption in daily practices. One key contribution of this dissertation is an innovative model checking technique, proof slicing, that simultaneously reduces running time and storage requirement. Theoretical results have shown that proof slicing subsumes several existing abstraction-based, counterexample-driven model checking approaches, such as Lazy Abstraction, Craig Interpolation, and Localization. Experimental data have shown the superior performance in both running time and storage requirement of Blade, the model checker that implements proof slicing technique, over existing model checkers, such as BLAST from University of California at Berkeley. Web services and Services-Oriented Architecture (SOA) is a new paradigm for software development. SOA provide uniform data marshaling protocols (via Simple Object Access Protocol: SOAP and eXtensible Markup Language: XML), consistent information exchange infrastructure (via Web Service Definition Language: WSDL and HyperText Transfer Protocol: HTTP), and service query facility (via Universal Description, Discovery, and Integration: UDDI). New applications can be composed rapidly with SOA. Moreover, existing applications can be easily reconfigured or recomposed to meet new functional or non-functional requirements. The rapid development permitted by SOA imposes challenges on dynamic verification and validation on the newly developed applications. This dissertation reports an automated verification and validation framework powered by proof slicing and other techniques and its applications to dynamic verification and validation. This dissertation also reports the application of model checking techniques to the verification of service collaboration.

Lijun Wu,Huijia Huang,Kaile Su,Shaowei Cai,Xiaosong Zhang

DOI: https://doi.org/10.1109/tvlsi.2014.2330061

2015-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Model checking is a powerful approach for the formal verification of hardware and software systems. However, this approach suffers from the state space explosion problem, which limits its application to large-scale systems due to space shortage. To overcome this drawback, one of the most effective solutions is to use external memory algorithms. In this paper, we propose an I/O efficient model checking algorithm for large-scale systems. To lower I/O complexity and improve time efficiency, we combine three new techniques: 1) a linear hash-sorting technique; 2) a cached duplicate detection technique; and 3) a dynamic path management technique. We show that the new algorithm has a lower I/O complexity than state-of-the-art I/O efficient model checking algorithms, including detect accepting cycle, maximal accepting predecessors, and iterative-deepening depth-first search. In addition, the experiments show that our algorithm obviously outperforms these three algorithms on the selected representative benchmarks in terms of performance.

Kun Liu,Xiaozhen Zhang,Weiqiang Kong,Gang Hou,Masahiko Watanabe,Akira Fukuda

DOI: https://doi.org/10.1109/dsa.2019.00013

2020-01-01

Abstract:Bounded model checking, an effective way to reduce the state space, plays a significant role in verifying the reliability of a system. By combining bounded model checking and interpolation sequence, the verification of the properties out of some certain boundary can be completed. However, the introduction of interpolation-sequence increases the complexity of the model encoding and then affects the overall performance of a model checker. In order to alleviate the problem, we propose interpolation-based multi-core bounded model checking technology. Decomposing large problems into small ones, multicore parallel solutions can effectively shorten the elapsed time of problem processing. According to the conditional predicates, the paths in the model are divided into path clusters, and the interpolation sequence is used to determine if there is no counterexample path in each path cluster. Based on the nature of fixpoint in the path cluster, we propose a path cluster pruning algorithm in order to reduce the scale of the state space to be searched, which contributes to improving the efficiency. In this paper, we also present two optimization methods: incremental encoding and verification hypothesis. We have implemented the algorithms in the verification of the Hierarchical State Transition Matrix (HSTM) model design, and the experimental results have shown that our method have significantly increase the credibility of the verification results.

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Weiqiang Kong,Leyuan Liu,Yamagata, Y.,Taguchi, K.

DOI: https://doi.org/10.1109/APSEC.2012.38

2012-01-01

Abstract:Hierarchical State Transition Matrix (HSTM) is a table-based modeling language for developing designs of software systems. We have proposed a Satisfiability Modulo Theory (SMT) based Bounded Model Checking (BMC) approach in [1] to provide formal verification supports for conducting rigorous and automatic analysis to improve reliability of HSTM designs. In this paper, we continue that work by developing and evaluating approaches to accelerating BMC of HSTM designs. The approaches center around an unrolled Bounded Reach ability Tree (BRT) of a HSTM design that is built with stateless explicit state exploration. Specifically, reach ability of invalid cells (representing undesired states) of a HSTM design, which occurs within the bound concerned, could be discovered during construction of the BRT, and furthermore, if no such occurrence, the constructed BRT could be utilized to rule out unnecessary subformulas of a BMC instance for verification of LTL properties. We have implemented these approaches in a tool called Garakabu2 with the state-of-the-art SMT solver CVC3 as its back-ended solver. Our preliminary experiments show that verification could be accelerated substantially.

邝宏斌,罗贵明

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.19.009

2008-01-01

Abstract:Parallelism is an effective method in improving the efficiency of model checking. C program model checking based on LTS is studied and a methodology for parallel software model checking is presented. It utilizes modularity of MAGIC, a software model checker, to decompose C program into components, distributes them over computational nodes and parallel call MAGIC to complete the verification. Close to linear speedup and good scalability can be achieved due to little synchronization and inter-nodes communication. The reduction of time expense is beneficial to formal verification of large-scale software.

Xiaoyu Zhang,Shengping Xiao,Yechuan Xia,Jianwen Li,Mingsong Chen,Geguang Pu

DOI: https://doi.org/10.1109/tcad.2023.3236272

IF: 2.9

2023-01-01

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

Abstract:Model checking is an automatic formal verification method that is widely applied to hardware verification. Safety properties are the mainly verified properties in practice that can be falsified within finite steps if they do not hold for systems. However, state-of-the-art safety model-checking algorithms cannot meet the performance requirement driven by the industry as the sizes of (hardware) systems to be verified increase rapidly. Therefore, more efficient techniques are still eagerly in demand. Recently, a new safety model-checking technique complementary approximate reachability (CAR) was presented and received considerable concerns from the community. CAR has shown its advantages in unsafe checking (bug finding), but cannot be as competitive as other state-of-the-art techniques, e.g., IC3/PDR, on safe checking (proving correctness). In this article, we propose four kinds of heuristics, two inspired by IC3/PDR and another two dedicated to CAR, to improve the performance of CAR. We integrate the heuristics into the open-source model checker SimpleCAR and compare the performance to the original CAR and IC3/PDR on 748 instances from the hardware model-checking competitions. Our results show that by fixing the time and memory resources, CAR can solve 124 more instances with the four proposed heuristics, i.e., 53.4% more instances can be solved comparing to the original CAR. Furthermore, CAR in both forward and backward directions can solve ten more instances than IC3/PDR in corresponding directions, and uniquely solve 44 more instances that IC3/PDR in corresponding directions cannot solve, which increases the capability of the current model-checking portfolio.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.15388/informatica.2007.178

2007-01-01

Informatica

Abstract:Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The approach eliminates unneeded variables using program slicing technique, and then automatically extracts an initial abstract model from C source code using predicate abstraction and theorem proving. In order to reduce time complexities, we partition the set of candidate predicates into subsets, and construct abstract model independently. On the basis of a counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Our methods can be extended to verifying concurrency C programs by parallel composition.

Nacha Chondamrongkul,Jing Sun,Bingyang Wei,Ian Warren

DOI: https://doi.org/10.1109/HASE.2019.00018

2019-01-01

Abstract:In the component-based software system, certain behaviours of components and their composition may affect system reliability at runtime. This problem can be early detected through the automated verification of software architecture design, by which model checking is one of the techniques to achieve this. However, its practicality and performance issue remain challenges. This paper presents a scalable approach for the software architecture verification. The modelling is proposed to manifest the behaviours in the software component, in order to detect problematic behaviours, such as circular dependency and performance bottleneck. The outcome of the verification identifies the problem and the scenarios that cause it. In order to mitigate the verification performance issue, the parallelism is applied to the verification process so that multiple decomposed models can be simultaneously verified on a multi-threaded environment. As some software systems are designed as the monolithic architecture, we present a method that helps to automatically decompose a large monolithic model into a set of smaller sub-models. Our approach was evaluated and proved to enhance the performance of the verification process for the large-scale complex software systems.

Leyuan Liu,Weiqiang Kong,Takahiro Ando,Hirokazu Yatsu,Akira Fukuda

DOI: https://doi.org/10.1109/csa.2013.135

2013-01-01

Abstract:Model checking is wildly acknowledged to be an effective formal technique for verifying that a finite state system satisfies desired properties expressed in temporal logic. There are primarily two types of model checking approaches: explicit model checking and symbolic model checking. To mitigate the notorious state exploration problems suffered by explicit model checking, bounded model checking (BMC) has been proposed as an alternative to other symbolic model checking approaches based on binary decision diagrams. Although originally SAT solvers are used by BMC as the reasoning engine, a recent trend is to switch from SAT to SMT solvers. In this paper, we survey contributions on acceleration of SMT-based BMC. In addition, we discuss some related techniques that could be potentially used as well for the acceleration purpose.

He Jia,Zhang Min,Guo Yannan,Lyu Yue

DOI: https://doi.org/10.3969/j.issn.1001-3695.2016.10.037

2016-01-01

Abstract:Statistical model checking is an efficient verifying technique.It is suitable for verifying complex stochastic systems, such as distributed algorithm.But its performance drops down when verification is over extremely long path.To address this problem,this paper presented a heuristic statistical model checking approach.In verification stage,it searched for the shortest prefix of path to help pruning.In latter sampling stages,it used these prefixes to determine whether current path satisfied the property.This helped to avoid path verification that was time-consuming.In comparison with PRISM,the results show that it verifies less and samples shorter paths in average.As a result,it can use statistical model checking to verify properties over ex-tremely long paths.

WanXia Qu,Tun Li,Yang Guo,XiaoDong Yang

DOI: https://doi.org/10.1109/ICYCS.2008.457

2008-01-01

Abstract:As the size of the formal model grows, the reachable state space grows exponentially thereby creating state space explosion problem. To alleviate the efficiency and memory bottleneck of explicit model checking, we present a technique that efficiently organizes the reachable state space, and implement an efficient explicit model checking system. The new method could not only effectively shorten verification cycle, but also generates counter example in cases system specification is unsatisfiable, which helps system designer to locate error rapidly. Experiments on some real-world models are conducted. Analysis and experiment results prove the effectiveness of our method.

Chaoqun Chu,Guiming Luo,Mingyang Zhang

DOI: https://doi.org/10.1109/ICCICC46617.2019.9146097

2019-01-01

Abstract:With the continuous advancement of the information society, the dependence of hardware and software systems in almost all fields is increasing. Model checking is a method of automatically verifying hardware and software systems in a finite state space. If system does not satisfy the formal formula description, then the system's counterexamples are given and the system's error will be corrected. However, the typical state explosion problem increases its complexity in time and space, which severely limits its applicability. In this paper, an optimized parallel algorithm for searching strongly connected components based on CUDA(FW-BW-CUDA) is proposed, which can effectively accelerate the speed of LTL model checking algorithm. More over, experimental results based on benchmark datasets show that compared with some state-of-the-art model checking algorithms, FW-BW-CUDA performs better in terms of speed in most cases.

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

Zhen Yao,Jing Liu,Xiaohong Chen,Li Han,Haiying Sun

DOI: https://doi.org/10.1109/qrs62785.2024.00079

2024-01-01

Abstract:Multi-agent systems (MASs) have garnered significant interest across various academic fields. Although MASs are widely applicable, they continue to encounter several challenges, particularly in terms of security.. Model checking, a verification technique that examines all possible system states, is employed to address these challenges. However, the state space of many practical systems can be prohibitively large, leading to exponential growth in verification time. This study introduces a new method for verifying MASs using Strategy Computation Tree Logic (SCTL) via the connective probe machine, a model of fully parallel computing. This approach is pioneering in utilizing the probe machine to speed up MAS verification, specifically allowing for the parallel resolution of SCTL formulas. Unlike conventional model checkers, our method can uncover multiple counterexamples for specified properties, facilitating the identification of various system flaws. We have developed a model checker named MC2PM based on our approach and have validated its feasibility and efficiency through experiments.