Advertisement

Software & Systems Modeling

, Volume 14, Issue 1, pp 65–81 | Cite as

Model checking LTL properties over ANSI-C programs with bounded traces

  • Jeremy Morse
  • Lucas Cordeiro
  • Denis Nicole
  • Bernd Fischer
Special Section Paper

Abstract

Context-bounded model checking has been used successfully to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages such as C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL). Our approach checks the actual C program, rather than an extracted abstract model. It converts the LTL formulas into Büchi automata for the corresponding never claims and then further into C monitor threads that are interleaved with the execution of the program under analysis. This combined system is then checked using the ESBMC model checker. We use an extended, four-valued LTL semantics to handle the finite traces that bounded model checking explores; we thus check the combined system several times with different acceptance criteria to derive the correct truth value. In order to mitigate the state space explosion, we use a dedicated scheduler that selects the monitor thread only after updates to global variables occurring in the LTL formula. We demonstrate our approach on the analysis of the sequential firmware of a medical device and a small multi-threaded control application.

Keywords

Model checking Linear temporal logic Software verification 

Notes

Acknowledgments

This work was supported by a Royal Society International Exchange Grant. The reviewers’ comments helped us to improve our presentation.

References

  1. 1.
    Alpern, B., Schneider, F.B.: Defining liveness. Inf. Process. Lett. 21(4), 181–185 (1985)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Alpern, B., Schneider, F.B.: Recognizing safety and liveness. Distrib. Comput. 2(3), 117–126 (1987)Google Scholar
  3. 3.
    Barnett, M., DeLine, R., Fähndrich, M., Jacobs, B., Leino, K.R.M., Schulte, W., Venter, H.: The Spec# programming system: challenges and directions. In: Meyer, B., Woodcock, J. (eds.) Proceedings of Conference on Verified Software: Theories, Tools, Experiments (VSTTE’05). Lecture Notes in Computer Science, vol. 4171, pp. 144–152. Springer (2008)Google Scholar
  4. 4.
    Bauer, A., Haslum, P.: LTL goal specifications revisited. In: Coelho, H., Studer, R., Wooldridge, M. (eds.) Proceedings of European Conference on Artificial Intelligence (ECAI’10). Frontiers in Artificial Intelligence and Applications, vol. 215, pp. 881–886. IOS Press (2010)Google Scholar
  5. 5.
    Bauer, A., Leucker, M., Schallhart, C.: The good, the bad, and the ugly, but how ugly is ugly?. In: Sokolsky, O., Tasiran, S. (eds.) Proceedings of the Workshop Runtime Verification (RV’07). Lecture Notes in Computer Science, vol. 4839, pp. 126–138. Springer (2007)Google Scholar
  6. 6.
    Bauer, A., Leucker, M., Schallhart, C.: Comparing LTL semantics for runtime verification. J. Log. Comput. 20(3), 651–674 (2010)CrossRefzbMATHMathSciNetGoogle Scholar
  7. 7.
    Bauer, A., Leucker, M., Schallhart, C.: Runtime verification for LTL and TLTL. ACM Trans. Softw. Eng. Methodol. 20(4), 14 (2011)Google Scholar
  8. 8.
    Büchi, J.R.: Symposium on decision problems: On a decision method in restricted second order arithmetic. In: Ernest Nagel, P.S., Tarski, A. (eds.) Proceedings of the 1960 International Congress for Logic, Methodology and Philosophy of Science. Studies in Logic and the Foundations of Mathematics, vol. 44, pp. 1–11. Elsevier (1966)Google Scholar
  9. 9.
    Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: The software model checker Blast. STTT 9(5–6), 505–525 (2007)CrossRefGoogle Scholar
  10. 10.
    Biere, A., Heljanko, K., Junttila, T.A., Latvala, T., Schuppan, V.: Linear encodings of bounded LTL model checking. Log. Methods Comput. Sci. 2(5), 1–64 (2006)Google Scholar
  11. 11.
    Clarke, E.M., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) Proceedings of the Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04). Lecture Notes in Computer Science, vol. 2988, pp. 168–176. Springer (2004)Google Scholar
  12. 12.
    Clarke, E.M., Kroening, D., Sharygina, N., Yorav, K.: Predicate abstraction of ANSI-C programs using SAT. Formal Methods Syst. Des. 25(2–3), 105–127 (2004)CrossRefzbMATHGoogle Scholar
  13. 13.
    Clarke, E.M., Lerda, F.: Model checking: software and beyond. J. UCS 13(5), 639–649 (2007)MathSciNetGoogle Scholar
  14. 14.
    Cordeiro, L., Barreto, R.S., Barcelos, R., Oliveira, M.N., Lucena, V., Maciel, P.R.M.: Agile development methodology for embedded systems: a platform-based design approach. In: Leaney, J., Rozenblit, J.W., Peng, J. (eds.) Proceedings of the Conference on Engineering of Computer Based Systems (ECBS’07), pp. 195–202. IEEE Computer Society (2007)Google Scholar
  15. 15.
    Cordeiro, L., Fischer, B.: Verifying multi-threaded software using SMT-based context-bounded model checking. In: Taylor, R.N., Gall, H., Medvidovic, N. (eds.) Proceedings of the International Conference on Software Engineering (ICSE’11), pp. 331–340. ACM (2011)Google Scholar
  16. 16.
    Cordeiro, L., Fischer, B., Chen, H., Marques-Silva, J.: Semiformal verification of embedded software in medical devices considering stringent hardware constraints. In: Chen, T., Serpanos, D.N., Taha, W. (eds.) Proceedings of International Conference on Embedded Software and Systems (ICESS’09), pp. 396–403. IEEE (2009)Google Scholar
  17. 17.
    Cordeiro, L., Fischer, B., Marques-Silva, J.: SMT-based bounded model checking for embedded ANSI-C software. In: Grundy, J., Taentzer, G., Heimdahl, M. (eds.) Proceedings of the Conference on Automated Software Engineering (ASE’09), pp. 137–148. IEEE Computer Society (2009)Google Scholar
  18. 18.
    Dwyer, M.B., Avrunin, G.S., Corbett, J.C.: Patterns in property specifications for finite-state verification. In: Boehm, B.W., Garlan, D., Kramer, J. (eds.) Proceedings of the International Conference on Software Engineering (ICSE’99), pp. 411–420. ACM (1999)Google Scholar
  19. 19.
    Eisner, C., Fisman, D., Havlicek, J., Lustig, Y., McIsaac, A., Campenhout, D.V.: Reasoning with temporal logic on truncated paths. In: Hunt, W.A., Somenzi, F. (eds.) Proceedings of the Conference on Computer Aided Verification (CAV’03). Lecture Notes in Computer Science, vol. 2725, pp. 27–39. Springer (2003)Google Scholar
  20. 20.
    Gastin, P., Oddoux, D.: Fast LTL to Büchi automata translation. In: Berry, G., Comon, H., Finkel, A. (eds.) Proceedings of the Conference on Computer Aided Verification (CAV’01). Lecture Notes in Computer Science, vol. 2102, pp. 53–65. Springer (2001)Google Scholar
  21. 21.
    Giannakopoulou, D., Havelund, K.: Automata-based verification of temporal properties on running programs. In: Richardson, D., Feather, M.S., Goedicke, M. (eds.) Proceedings of the 16th IEEE International Conference on Automated Software Engineering (ASE’01). pp. 412–416. IEEE Computer Society (2001)Google Scholar
  22. 22.
    He, A., Wu, J., Li, L.: An efficient algorithm for transforming LTL formula to Büchi automaton. In: Proceedings of Conference on Intelligent Computation Technology and Automation (ICICTA’08), vol. 01, pp. 1215–1219. IEEE Computer Society (2008)Google Scholar
  23. 23.
    Holzmann, G.J.: The model checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)CrossRefMathSciNetGoogle Scholar
  24. 24.
    Holzmann, G.J.: The SPIN Model Checker—primer and reference manual. Addison-Wesley, Boston, USA (2004)Google Scholar
  25. 25.
    Huth, M., Ryan, M.D.: Logic in Computer Science: Modelling and Reasoning About Systems, 2nd edn. Cambridge University Press, Cambridge, New York, NY, USA (2004)Google Scholar
  26. 26.
    ISO: ISO/IEC/IEEE 9945:2009 Information Technology—Portable Operating System Interface (POSIX) Base Specifications, Issue 7. International Organization for Standardization, Geneva, Switzerland, December (2009)Google Scholar
  27. 27.
    ISO: ISO/IEC 9899:2011 Information Technology—Programming languages—C. International Organization for Standardization, Geneva, Switzerland, December (2011)Google Scholar
  28. 28.
    Jonsson, B., Tsay, Y.K.: Assumption/guarantee specifications in linear-time temporal logic. Theor. Comput. Sci. 167(1 &2), 47–72 (1996)CrossRefzbMATHMathSciNetGoogle Scholar
  29. 29.
    Kamp, H.W.: Tense logic and the theory of linear order. Ph.D thesis, Computer Science Department, University of California at Los Angeles, USA (1968)Google Scholar
  30. 30.
    Kupferman, O., Vardi, M.Y.: Model checking of safety properties. Formal Methods Syst. Des. 19(3), 291–314 (2001)CrossRefzbMATHMathSciNetGoogle Scholar
  31. 31.
    Lahiri, S.K., Qadeer, S., Rakamaric, Z.: Static and precise detection of concurrency errors in systems code using SMT solvers. In: Bouajjani, A., Maler, O. (eds.) Proceedings of Conference on Computer Aided Verification (CAV’09). Lecture Notes in Computer Science, vol. 5643, pp. 509–524. Springer (2009)Google Scholar
  32. 32.
    Lamport, L.: A new approach to proving the correctness of multiprocess programs. ACM Trans. Program. Lang. Syst. 1(1), 84–97 (1979)CrossRefzbMATHGoogle Scholar
  33. 33.
    Lamport, L.: What good is temporal logic? In: IFIP Congress, pp. 657–668 (1983)Google Scholar
  34. 34.
    Leucker, M., Schallhart, C.: A brief account of runtime verification. J. Log. Algebr. Program. 78(5), 293–303 (2009)CrossRefzbMATHGoogle Scholar
  35. 35.
    Manna, Z., Pnueli, A.: Temporal verification of reactive systems: safety. Springer, New York (1995)CrossRefGoogle Scholar
  36. 36.
    McMillan, K.L.: Symbolic model checking. Norwell, MA, USA (1993)Google Scholar
  37. 37.
    Morse, J., Cordeiro, L., Nicole, D., Fischer, B.: Context-bounded model checking of LTL properties for ANSI-C software. In: Barthe, G., Pardo, A., Schneider, G. (eds.) Proceedings of Conference on Software Engineering and Formal Methods (SEFM’11). Lecture Notes in Computer Science, vol. 7041, pp. 302–317. Springer (2011)Google Scholar
  38. 38.
    Nguyen, A.C., Khoo, S.C.: Towards automation of LTL verification for Java Pathfinder (2008). In: Proceedings of the 15th National Undergraduate Research Opportunities Programme Congress, Singapore (2010)Google Scholar
  39. 39.
    Pnueli, A.: The temporal logic of programs. In: Proceedings of Symposium on the Foundations of Computer Science (FOCS’77), pp. 46–57. IEEE Computer Society (1977)Google Scholar
  40. 40.
    Rabinovitz, I., Grumberg, O.: Bounded model checking of concurrent programs. In: Etessami, K., Rajamani, S.K. (eds.) Proceedings of Conference on Computer Aided Verification (CAV’05). Lecture Notes in Computer Science, vol. 3576, pp. 82–97. Springer (2005)Google Scholar
  41. 41.
    Rozier, K.Y.: Linear temporal logic symbolic model checking. Comput. Sci. Rev. 5(2), 163–203 (2011)CrossRefzbMATHGoogle Scholar
  42. 42.
    Rozier, K.Y., Vardi, M.Y.: LTL satisfiability checking. STTT 12(2), 123–137 (2010)CrossRefGoogle Scholar
  43. 43.
    Staats, M., Heimdahl, M.P.E.: Partial translation verification for untrusted code-generators. In: Liu, S., Maibaum, T.S.E., Araki, K. (eds.) Proceedings of Conference on Formal Methods and Software Engineering (ICFEM’08). Lecture Notes in Computer Science, vol. 5256, pp. 226–237. Springer (2008)Google Scholar
  44. 44.
    Vardi, M.Y.: An automata-theoretic approach to linear temporal logic. In: Moller, F., Birtwistle, G.M. (eds.) Logics for Concurrency—Structure versus Automata. Lecture Notes in Computer Science, vol. 1043, pp. 238–266. Springer (1996)Google Scholar
  45. 45.
    Vardi, M.Y., Wolper, P.: An automata-theoretic approach to automatic program verification (preliminary report). In: Proceedings of the Symposium on Logic in Computer Science (LICS’86), pp. 332–344. IEEE Computer Society (1986)Google Scholar
  46. 46.
    Visser, W., Havelund, K., Brat, G.P., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. 10(2), 203–232 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Jeremy Morse
    • 1
  • Lucas Cordeiro
    • 2
  • Denis Nicole
    • 1
  • Bernd Fischer
    • 1
    • 3
  1. 1.Electronics and Computer ScienceUniversity of SouthamptonSouthamptonUK
  2. 2.Electronic and Information Research CenterFederal University of AmazonasManausBrazil
  3. 3.Division of Computer ScienceStellenbosch UniversityStellenboschSouth Africa

Personalised recommendations