Leyuan Liu,Weiqiang Kong,Shijie Zhou,Zhiguang Qin,Akira Fukuda

DOI: https://doi.org/10.1109/cit.2012.91

2012-01-01

Abstract:State Transition Matrix (STM) is a table-based modeling language for developing software system designs. Each STM abstracts a function module of the design in the form of a table, in which the behavior of the module is specified according to the dispatch of certain events on certain states. A Hierarchical STM (HSTM) consists of several STMs that are structured in a hierarchical way. A HSTM Design denote a system developed with HSTM. The STMs in a HSTM design execute asynchronously and communicate with each other through shared variables or message passing. In this paper, we present a formalization of HSTM designs that utilize message passing as the means of communication in the first place. Furthermore, based on this formalization, we propose a symbolic encoding approach, through which correctness of a HSTM design with respect to LTL properties could be represented as Bounded Model Checking (BMC) problems that could consequentially be determined by Satisfiability Modulo Theories (SMT) solving. Moreover we have implemented our encoding approach in a tool called Garakabu2 with the SMT solver CVC3 as its back-ended solver. Preliminary experiments show that counterexamples (design errors) could be discovered effectively with our method.

聂江波,边计年,薛宏熙,吴为民,朱明

DOI: https://doi.org/10.3969/j.issn.1000-7180.2003.12.018

2003-01-01

Abstract:As an important method to verify sequence circuit, model checking first transform the design implementation to Finite State Machine, and then search the state space to check if the specification is satisfied. In fact, the design implement described in high-level language always consists of many interrelated modules. According to this property, an approach to generate a hierarchical model based on modules is proposed in which the design implementation and the specification are both analyzed before building the FSMs. Experiments show that this method can reduce the number of the states effectively.

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1007/978-3-540-72863-4_31

2007-01-01

Abstract:Bounded Model Checking (BMC) based on SAT is a complementary technique to BDD-based Symbolic Model Checking, and it is useful for finding counterexamples of minimum length. However, for model checking of large real world systems, BMC is still limited by the state explosion problem, thus abstraction is essential. In this paper, BMC is implemented on a higher abstraction level - Register Transfer Level (RTL) within an abstraction framework of symbolic trajectory evaluation and hybrid three-valued SAT solving. An efficient SAT solver for RTL circuits is presented, and it is modified into a three-valued solver for the cooperative BMC application. The experimental results comparing with the ordinary BMC without abstraction show the efficiency of our method.

Margherita Napoli,Mimmo Parente

DOI: https://doi.org/10.48550/arXiv.1111.2768

2011-11-09

Abstract:Recently there has been a great attention from the scientific community towards the use of the model-checking technique as a tool for test generation in the simulation field. This paper aims to provide a useful mean to get more insights along these lines. By applying recent results in the field of graded temporal logics, we present a new efficient model-checking algorithm for Hierarchical Finite State Machines (HSM), a well established symbolism long and widely used for representing hierarchical models of discrete systems. Performing model-checking against specifications expressed using graded temporal logics has the peculiarity of returning more counterexamples within a unique run. We think that this can greatly improve the efficacy of automatically getting test cases. In particular we verify two different models of HSM against branching time temporal properties.

Logic in Computer Science,Formal Languages and Automata Theory

Yanyan Gao,Xi Li

DOI: https://doi.org/10.1109/samos.2013.6621107

2013-01-01

Abstract:SystemC has become a de-facto standard language for SoC and ASIP designs. The verification of implementation with SystemC is the key to guarantee the correctness of designs and prevent the errors from propagating to the lower levels. The gap between SystemC TLM model and its corresponding formal model makes it hard to perform automated translation between them. SystemC describes process behavior in sequential statements and usually employs intermediate variables, while most model checking languages for hardware only describe parallel behaviors, in which the usage of intermediate variables not only increases state space and may prolong execution time, but also introduce potential errors. For a model checking language which supports parallel description, the elimination of redundant intermediate variables is requisite and also an efficient way to reduce the state space. This paper intends to solve these issues: (1) proposing an extraction method that can implement the translation from a description which supports sequential execution to a description supports parallel execution; (2) identifying and removing redundant intermediate variables. In this paper, a novel mechanism is presented to automatically extract behavior description from SystemC to a widespreadly used model checking language SMV. We have implemented a tool SC2SMV and performed actual extraction process on it to demonstrate the effectiveness of the method presented in this paper.

Kuanjiu Zhou,Jiawei Yong,Xiaolong Wang,Longtao Ren,Gang Hou,Junwang Chang

DOI: https://doi.org/10.1007/978-3-642-45293-2_26

2013-01-01

Abstract:Model checking technique has been gradually applied to verify the reliability of software systems. However, as to software with large scale and complex structure, the verification procedure suffers from the state space explosion, thus leading to a low efficiency or resource exhaustion. In this paper, we propose a method of accelerating software model checking based on program backbone to verify the properties in ANSI-C source codes. We prune the program with respect to the assertion property, and compress the circular paths by maximal strongly connected components to extract the program backbone. Subsequently, the Hoare theory is used to generate an invariant from the compressed circular nodes, which reduces the length of path encoding. The assertion property is finally translated into a quantifier-free formula and checked for satisfiability by the SMT solver Z3. The experiments show that this method substantially improves the efficiency of program verification.

Daisuke Ishii,Takashi Tomita,Toshiaki Aoki,Quyen Ngo,Thi Bich Ngoc Do,Hideaki Takai

DOI: https://doi.org/10.48550/arXiv.2206.02992

2022-06-07

Abstract:The development of embedded systems requires formal analysis of models such as those described with MATLAB/Simulink. However, the increasing complexity of industrial models makes analysis difficult. This paper proposes a model checking method for Simulink models using SMT solvers. The proposed method aims at (1) automated, efficient and comprehensible verification of complex models, (2) numerically accurate analysis of models, and (3) demonstrating the analysis of Simulink models using an SMT solver (we use Z3). It first encodes a target model into a predicate logic formula in the domain of mathematical arithmetic and bit vectors. We explore how to encode various Simulink blocks exactly. Then, the method verifies a given invariance property using the k-induction-based algorithm that extracts a subsystem involving the target block and unrolls the execution paths incrementally. In the experiment, we applied the proposed method and other tools to a set of models and properties. Our method successfully verified most of the properties including those unverified with other tools.

Logic in Computer Science

Zhi Yang,Guangsheng Ma,Gang Feng,Jingbo Shao

2008-01-01

Abstract:A bounded model checking method for the high-level design verification using Wu's method is proposed. By modeling high-level designs and targeting properties as polynomial equations, bounded model checking is reduced to the task of theorem proving, which can be solved by Wu's method efficiently. Experimental results demonstrated the superiority in time consumption of the proposed approach compared with the property checking methods based on Boolean SAT, LP-based RTL SAT and non-linear solver.

Zhi-Hong Tao,Hans Kleine Büning,Li-Fu Wang

DOI: https://doi.org/10.1007/s11390-006-0944-5

2006-01-01

Abstract:During the last decade, Model Checking has proven its efficacy and power in circuit design, network protocol analysis and bug hunting. Recent research on automatic verification has shown that no single model-checking technique has the edge over all others in all application areas. So, it is very difficult to determine which technique is the most suitable for a given model. It is thus sensible to apply different techniques to the same model. However, this is a very tedious and time-consuming task, for each algorithm uses its own description language. Applying Model Checking in software design and verification has been proved very difficult. Software architectures (SA) are engineering artifacts that provide high-level and abstract descriptions of complex software systems. In this paper a Direct Model Checking (DMC) method based on Kripke Structure and Matrix Algorithm is provided. Combined and integrated with domain specific software architecture description languages (ADLs), DMC can be used for computing consistency and other critical properties.

Junyan Qian,Baowen Xu,Yingzhou Zhang

2007-01-01

Journal of Computational Information Systems

Abstract:Model checking is an automatic formal verification technique for a finite state system. Iterative abstraction refinement has emerged recently as the leading approach to software model checking. We present a methodology for automatically verifying programs against safety specifications based on finite state machine. As the first step, an initial abstract model is automatically extracted from source code using predicate abstraction and theorem proving. In order to reduce time complexities of this process, we partition the set of candidate predicates into subsets, and then construct abstract model independently.

Luan V. Nguyen,Wesam Haddad,Taylor T. Johnson

DOI: https://doi.org/10.4204/EPTCS.361.4

2022-07-14

Abstract:Satisfiability Modulo Theories (SMT) solvers have been successfully applied to solve many problems in formal verification such as bounded model checking (BMC) for many classes of systems from integrated circuits to cyber-physical systems. Typically, BMC is performed by checking satisfiability of a possibly long, but quantifier-free formula. However, BMC problems can naturally be encoded as quantified formulas over the number of BMC steps. In this approach, we then use decision procedures supporting quantifiers to check satisfiability of these quantified formulas. This approach has previously been applied to perform BMC using a Quantified Boolean Formula (QBF) encoding for purely discrete systems, and then discharges the QBF checks using QBF solvers. In this paper, we present a new quantified encoding of BMC for rectangular hybrid automata (RHA), which requires using more general logics due to the real (dense) time and real-valued state variables modeling continuous states. We have implemented a preliminary experimental prototype of the method using the HyST model transformation tool to generate the quantified BMC (QBMC) queries for the Z3 SMT solver. We describe experimental results on several timed and hybrid automata benchmarks, such as the Fischer and Lynch-Shavit mutual exclusion algorithms. We compare our approach to quantifier-free BMC approaches, such as those in the dReach tool that uses the dReal SMT solver, and the HyComp tool built on top of nuXmv that uses the MathSAT SMT solver. Based on our promising experimental results, QBMC may in the future be an effective and scalable analysis approach for RHA and other classes of hybrid automata as further improvements are made in quantifier handling in SMT solvers such as Z3.

Logic in Computer Science,Formal Languages and Automata Theory,Symbolic Computation

Mo Xia,Guiming Luo,Mian Sun

DOI: https://doi.org/10.1145/2591062.2591149

2014-01-01

Abstract:Model checking is a common formal verification technique, but it is only applicable to white box systems. In order to allow users without much formal verification expertise to use model checking easily, this paper proposes a modular approach for software modeling and model checking. Efficiency, correctness, and reusability are our main concerns. A hierarchical model is constructed for a system by modules, and it is translated into the specific model checking codes. The M^3C tool is implemented to support our approach, and it is successfully applied to actual industrial cases, as well as to some cases in the literature.

Zhifeng Liu,Yun Ge,Dong Zhang

2011-01-01

Journal of Computational Information Systems

Abstract:The state exploration space is the major obstacle making model checking the computation tree logic CTL failure. In this paper, we present a new on the fly CTL model checking approach. Given a finite state machine we construct its reachable state space gradually and define the bounded semantics of CTL such that if the bounded semantics holds then there exists a witness or a counterexample for a given CTL formula in the reachable state space. Experimental results show that our method can verify actual CTL properties of large industrial models which can not be handled by conventional checkers. © 2011 Binary Information Press December, 2011.

ZhiHong Tao,Hans Kleine Büning,Decheng Ding

2004-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:During the past two decades Model Checking based on Kripke Semantics Structure has proven its efficacy and powerful in circuit design, network protocol analysis, program verification and bug hunting. Recently there has been considerable research on Model Checking without OBDDs such as using SAT Solver or Bounded Model Checking (BMC). A Dynamic Kripke Semantics Structure is introduced through allow the AP set changed. Based on this method, a new direct model checking algorithm is proposed.

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

Van Chan Ngo,Axel Legay

DOI: https://doi.org/10.1002/smr.1890

2017-12-05

Abstract:Transaction-level modeling with SystemC has been very successful in describing the behavior of embedded systems by providing high-level executable models, in which many of them have inherent probabilistic behaviors, e.g., random data and unreliable components. It thus is crucial to have both quantitative and qualitative analysis of the probabilities of system properties. Such analysis can be conducted by constructing a formal model of the system under verification and using Probabilistic Model Checking (PMC). However, this method is infeasible for large systems, due to the state space explosion. In this article, we demonstrate the successful use of Statistical Model Checking (SMC) to carry out such analysis directly from large SystemC models and allow designers to express a wide range of useful properties. The first contribution of this work is a framework to verify properties expressed in Bounded Linear Temporal Logic (BLTL) for SystemC models with both timed and probabilistic characteristics. Second, the framework allows users to expose a rich set of user-code primitives as atomic propositions in BLTL. Moreover, users can define their own fine-grained time resolution rather than the boundary of clock cycles in the SystemC simulation. The third contribution is an implementation of a statistical model checker. It contains an automatic monitor generation for producing execution traces of the model-under-verification (MUV), the mechanism for automatically instrumenting the MUV, and the interaction with statistical model checking algorithms.

Software Engineering

Haitao Zhang,Zhuo Cheng,Cong Tian,Yonggang Lu,Guoqiang Li

DOI: https://doi.org/10.1109/icis.2016.7550826

2016-01-01

Abstract:OSEK/VDX, a standard of automobile OS, has been widely adopted by many manufacturers to design and implement a vehicle-mounted OS. Currently, with increasing functionalities in vehicles, more and more complex applications are developed based on the OSEK/VDX OS. However, how to ensure the reliability of developed applications is becoming a challenge for developers. Based on our previous work, in this paper we present an efficient approach to verify the developed OSEK/VDX applications. In the presented approach, SMT-based bounded model checking technique is used to carry out verification in order to handle complex applications. Moreover, a series of optimization strategies are proposed and employed to improve the checking capability of our approach. We have implemented a tool according to the proposed approach and conducted many experiments. The experiment results show that our approach is capable of checking the safety property of large-scale OSEK/VDX applications. We also compared our approach with existing checking method, the comparison results indicate that our approach is an efficient and powerful technique in verifying OSEK/VDX applications.

Ying Zhao,Jinhao Tan,Guoqiang Li

2021-01-01

Abstract: Program verification on concurrent programs is a big challenge due to general undecidable results. Petri nets and its extensions are used in most works. However, existing verifiers based on Petri nets are difficult to be complete and efficient. Basic Parallel Process (BPP), as a subclass of Petri nets, can be used as a model for describing and verifying concurrent programs with lower complexity. We propose and implement BPPChecker, the first model checker for verifying CTL on BPP. We propose constraint-based algorithms for the problem of model checking CTL on BPPs and handle formulas by SMT solver Z3. For EF operator, we reduce the model checking of EF-formulas to the satisfiability problem of existential Presburger formula. For EG operator, we provide a $k$-step bounded semantics and reduce the model checking of EG-formulas to the satisfiability problem of linear integer arithmetic. Besides, we give Actor Communicating System (ACS) the over-approximation BPP-based semantics and evaluate BPPChecker on ACSs generated from real Erlang programs. Experimental results show that BPPChecker performs more efficiently than the existing tools for a series of branching-time property verification problems of Erlang programs.

Guiming Luo,Graziano Chesi,Xiaoyu Song,Xiaojing Yang

DOI: https://doi.org/10.1155/2013/791363

2013-01-01

Journal of Applied Mathematics

Abstract:ion and find counterexamples. The paper entitled “Terminal satisfiability in GSTE” (Y. Xu et al.) gives a sixtuple definition and presents a new algorithm for model checking terminal satisfiability. The paper entitled “Towards light-weight probabilistic model checking” (S. Konur) presents a methodology to facilitate probabilistic model checking for nonexperts. A machine closed theorem proof of TLA+ in the theorem proving system Coq is presented in “Formal proof of a machine closed theorem in Coq” (H. Wan et al.).

Nathan Chong,Byron Cook,Konstantinos Kallas,Kareem Khazem,Felipe R. Monteiro,Daniel Schwartz-Narbonne,Serdar Tasiran,Michael Tautschnig,Mark R. Tuttle

DOI: https://doi.org/10.1145/3377813.3381347

2020-06-27

Abstract:This experience report describes a style of applying symbolic model checking developed over the course of four years at Amazon Web Services (AWS). Lessons learned are drawn from proving properties of numerous C-based systems, e.g., custom hypervisors, encryption code, boot loaders, and an IoT operating system. Using our methodology, we find that we can prove the correctness of industrial low-level C-based systems with reasonable effort and predictability. Furthermore, AWS developers are increasingly writing their own formal specifications. All proofs discussed in this paper are publicly available on GitHub.