Results 1  10
of
78
Interpolation and SATbased model checking
, 2003
"... Abstract. We consider a fully SATbased method of unbounded symbolic model checking based on computing Craig interpolants. In benchmark studies using a set of large industrial circuit verification instances, this method is greatly more efficient than BDDbased symbolic model checking, and compares f ..."
Abstract

Cited by 196 (9 self)
 Add to MetaCart
Abstract. We consider a fully SATbased method of unbounded symbolic model checking based on computing Craig interpolants. In benchmark studies using a set of large industrial circuit verification instances, this method is greatly more efficient than BDDbased symbolic model checking, and compares favorably to some recent SATbased model checking methods on positive instances. 1
Automatic Abstraction without Counterexamples
, 2002
"... A method of automatic abstraction is presented that uses proofs of unsatisfiability derived from SATbased bounded model checking as a guide to choosing an abstraction for unbounded model checking. Unlike earlier methods, this approach is not based on analysis of abstract counterexamples. The perfo ..."
Abstract

Cited by 108 (8 self)
 Add to MetaCart
A method of automatic abstraction is presented that uses proofs of unsatisfiability derived from SATbased bounded model checking as a guide to choosing an abstraction for unbounded model checking. Unlike earlier methods, this approach is not based on analysis of abstract counterexamples. The performance of this approach on benchmarks derived from microprocessor verification indicates that SAT solvers are quite effective in eliminating logic that is not relevant to a given property. Moreover, benchmark results suggest that when bounded model checking successfully terminates, and the problem is unsatisfiable, the number of state variables in the proof of unsatisfiability tends to be small. In all cases tested, when bounded model checking succeeded, unbounded model checking of the resulting abstraction also succeeded.
Lazy theorem proving for bounded model checking over infinite domains
, 2002
"... Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over program ..."
Abstract

Cited by 74 (11 self)
 Add to MetaCart
Abstract. We investigate the combination of propositional SAT checkers with domainspecific theorem provers as a foundation for bounded model checking over infinite domains. Given a program M over an infinite state type, a linear temporal logic formula ' with domainspecific constraints over program states, and an upper bound k, our procedure determines if there is a falsifying path of length k to the hypothesis that M satisfies the specification '. This problem can be reduced to the satisfiability of Boolean constraint formulas. Our verification engine for these kinds of formulas is lazy in that propositional abstractions of Boolean constraint formulas are incrementally refined by generating lemmas on demand from an automated analysis of spurious counterexamples using theorem proving. We exemplify bounded model checking for timed automata and for RTL level descriptions, and investigate the lazy integration of SAT solving and theorem proving. 1 Introduction Model checking decides the problem of whether a system satisfies a temporal logic property by exploring the underlying state space. It applies primarily to finitestate systems but also to certain infinitestate systems, and the state space can be represented in symbolic or explicit form. Symbolic model checking has traditionally employed a boolean representation of state sets using binary decision diagrams (BDD) [4] as a way of checking temporal properties, whereas explicitstate model checkers enumerate the set of reachable states of the system.
Bounded LTL model checking with stable models
 Proceedings of the 6th International Conference on Logic Programming and Nonmonotonic Reasoning
, 2003
"... In this paper bounded model checking of asynchronous concurrent systems is introduced as a promising application area for answer set programming. As the model of asynchronous systems a generalisation of communicating automata, 1safe Petri nets, are used. It is shown how a 1safe Petri net and a req ..."
Abstract

Cited by 45 (6 self)
 Add to MetaCart
In this paper bounded model checking of asynchronous concurrent systems is introduced as a promising application area for answer set programming. As the model of asynchronous systems a generalisation of communicating automata, 1safe Petri nets, are used. It is shown how a 1safe Petri net and a requirement on the behaviour of the net can be translated into a logic program such that the bounded model checking problem for the net can be solved by computing stable models of the corresponding program. The use of the stable model semantics leads to compact encodings of bounded reachability and deadlock detection tasks as well as the more general problem of bounded model checking of linear temporal logic. Correctness proofs of the devised translations are given, and some experimental results using the translation and the Smodels system are presented.
Compositional message sequence charts
 IN PROC. 7 TH INTL. CONFERENCE ON TOOLS AND ALGORITHMS FOR THE CONSTRUCTION AND ANALYSIS OF SYSTEMS (TACAS’01), VOLUME 2031 OF LECT. NOTES IN COMP. SCI
, 2001
"... Message sequence charts (MSCs) is a standard notation for describing the interaction between communicating objects. It is popular among the designers of communication protocols. MSCs enjoy both a visual and a textual representation. High level MSCs (HMSCs) allow specifying in nite scenarios and di ..."
Abstract

Cited by 42 (8 self)
 Add to MetaCart
Message sequence charts (MSCs) is a standard notation for describing the interaction between communicating objects. It is popular among the designers of communication protocols. MSCs enjoy both a visual and a textual representation. High level MSCs (HMSCs) allow specifying in nite scenarios and di erent choices. Speci cally, anHMSC consists of a graph, where each node is a nite MSC with matched send and receive events, and vice versa. In this paper we demonstrate a weakness of HMSCs, which disallows one to model certain interactions. We will show, by means of an example, that some simple nite state and simple communication protocol cannot be represented using HMSCs. We then propose an extension to the MSC standard, which allows HMSC nodes to include unmatched messages. The corresponding graph notation will be called HCMSC, which stands for High level Compositional Message Sequence Charts. With the extended framework, we provide an algorithm for automatically constructing an MSC representation for nite state asynchronous message passing protocols.
Liveness Checking as Safety Checking
 In FMICS’02: Formal Methods for Industrial Critical Systems, volume 66(2) of ENTCS
, 2002
"... Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algo ..."
Abstract

Cited by 42 (4 self)
 Add to MetaCart
Temporal logic is widely used for specifying hardware and software systems. Typically two types of properties are distinguished, safety and liveness properties. While safety can easily be checked by reachability analysis, and many e#cient checkers for safety properties exist, more sophisticated algorithms have always been considered to be necessary for checking liveness. In this paper we describe an e#cient translation of liveness checking problems into safety checking problems. A counter example is detected by saving a previously visited state in an additional state recording component and checking a loop closing condition. The approach handles fairness and thus extends to full LTL.
Monitoring of realtime properties
 In Proceedings of the 26th Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), volume 4337 of LNCS
, 2006
"... Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for unti ..."
Abstract

Cited by 32 (11 self)
 Add to MetaCart
Abstract. This paper presents a construction for runtime monitors that check realtime properties expressed in timed LTL (TLTL). Due to D’Souza’s results, TLTL can be considered a natural extension of LTL towards realtime. Moreover, a typical obstacle in runtime verification is solved both for untimed and timed formulae, in that standard models of linear temporal logic are infinite traces, whereas in runtime verification only finite system behaviours are at hand. Therefore, a 3valued semantics (true, false, inconclusive) for LTL and TLTL on finite traces is defined that resembles the infinite trace semantics in a suitable and intuitive manner. Then, the paper describes how to construct, given a (T)LTL formula, a deterministic monitor with three output symbols that reads a finite trace and yields its according 3valued (T)LTL semantics. Notably, the monitor rejects a trace as early as possible, in that any minimal bad prefix results in false as a return value. 1
Rewritingbased Techniques for Runtime Verification
"... Techniques for efficiently evaluating future time Linear Temporal Logic (abbreviated LTL) formulae on finite execution traces are presented. While the standard models of LTL are infinite traces, finite traces appear naturally when testing and/or monitoring real applications that only run for limi ..."
Abstract

Cited by 29 (1 self)
 Add to MetaCart
Techniques for efficiently evaluating future time Linear Temporal Logic (abbreviated LTL) formulae on finite execution traces are presented. While the standard models of LTL are infinite traces, finite traces appear naturally when testing and/or monitoring real applications that only run for limited time periods. A finite trace variant of LTL is formally defined, together with an immediate executable semantics which turns out to be quite inefficient if used directly, via rewriting, as a monitoring procedure. Then three algorithms are investigated. First, a simple synthesis algorithm for monitors based on dynamic programming is presented; despite the e# ciency of the generated monitors, they unfortunately need to analyze the trace backwards, thus making them unusable in most practical situations. To circumvent this problem, two rewritingbased practical algorithms are further investigated, one using rewriting directly as a means for online monitoring, and the other using rewriting to generate automatalike monitors, called binary transition tree finite state machines (and abbreviated BTTFSMs). Both rewriting algorithms are implemented in Maude, an executable specification language based on a very e#cient implementation of term rewriting. The first rewriting algorithm essentially consists of a set of equations establishing an executable semantics of LTL, using a simple formula transforming approach. This algorithm is further improved to build automata onthefly via caching and reuse of rewrites (called memoization), resulting in a very e#cient and small Maude program that can be used to monitor program executions. The second rewriting algorithm builds on the first one and synthesizes provably minimal BTTFSMs from LTL formulae, which can then be used to a...
An analysis of SATbased model checking techniques in an industrial environment
 In CHARME
, 2005
"... ..."
MultipleCounterexample Guided Iterative Abstraction Refinement: An Industrial Evaluation
, 2003
"... In this paper, we describe a completely automated framework for iterative abstraction refinement that is fully integrated into a formalverification environment. This environment consists of three basic software tools: Forecast, a BDDbased model checker, Thunder, a SATbased bounded model checke ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
In this paper, we describe a completely automated framework for iterative abstraction refinement that is fully integrated into a formalverification environment. This environment consists of three basic software tools: Forecast, a BDDbased model checker, Thunder, a SATbased bounded model checker, and MCE, a technology for multiplecounterexample analysis. In our framework, the initial abstraction is chosen relative to the property under verification. The abstraction is model checked by Forecast; in case of failure, a counterexample is returned. Our framework includes an abstract counterexample analyzer module that applies techniques for bounded model checking to check whether the abstract counterexample holds in the concrete model. If it does, it is extended to a concrete counterexample. This important capability is provided as a separate tool that also addresses one of the major problems of verification by manual abstraction.