Temporal Logic Model Checking

  • Edmund Clarke
  • Ansgar Fehnker
  • Sumit Kumar Jha
  • Helmut Veith
Part of the Control Engineering book series (CONTRENGIN)

Errors in safety-critical systems such as embedded controllers may have drastic consequences and can even endanger human life. It is therefore crucially important to verify the correctness of such systems in a logically precise manner during system design itself. This chapter is an introduction to model checking—an automated and practically successful approach for the formal verification of the correctness of hardware and software systems.

The aim of this chapter is to introduce those important lines of research which transformed model checking from a method of primarily theoretical interest into a powerful tool for the analysis of computer hardware and soft ware. We shall focus in particular on those subjects which have shaped our thinking about model checking in the verification group of Carnegie Mellon University, most notably symbolic model checking and abstraction. The development of symbolic model checker [6, 24] was arguably a turning point in the formal methods field. Employing a combination of binary decision diagrams and fixed-point algorithms, the symbolic model verifier (SMV) became the first model checker to verify models with hundreds of Boolean variables and a tool to benchmark new ideas for more than a decade. Thus, after a brief theoretical introduction into logical foundations of model checking in Section 2, we will describe the methodology behind SMV in Section 3.1; we also cover bounded model checking, a more recent orthogonal symbolic model checking paradigm which is based on SAT solvers. Sections 3.2 and 3.3 finally are devoted to abstraction, the key principle underlying the big advances in software verification during the last few years. The focus in these sections will be on counterexample-guided abstraction refinement as well as predicate abstraction, both of which constitute key features of modern software verification tools.


Model Check Boolean Function Temporal Logic Winning Strategy Kripke Structure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R. Alur, K. Etessami, and P. Madhusudan. A Temporal Logic of Nested Calls and Returns. In Proc. Tools and Algorithms for the Construction and Analysis of Systems (TACAS), volume 2988 of LNCS, pages 467-481, 2004.Google Scholar
  2. 2.
    T. Ball and S. K. Rajamani. Automatically Validating Temporal Safety Prop-erties of Interfaces. In Proc. Model Checking Software, 8th International SPIN Workshop, volume 2057 of LNCS, pages 103-122, 2001.Google Scholar
  3. 3.
    A. Biere, A. Cimatti, E. Clarke, M. Fujita, and Y. Zhu. Symbolic model checking using SAT procedures instead of BDDs. In Proc. 36th Conference on Design Automation (DAC), pages 317-320, 1999.Google Scholar
  4. 4.
    A. Bouajjani, B. Jonsson, M. Nilsson, and T. Touili. Regular Model Checking. In Proc. 12th Int. Conf. Computer Aided Verification (CAV), volume 1855 of LNCS, pages 403-418, 2000.Google Scholar
  5. 5.
    R.E. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Transactions on Computers 35(8), pages 677-691, 1986.zbMATHCrossRefGoogle Scholar
  6. 6.
    J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and L. J. Hwang. Symbolic Model Checking: 1020 States and Beyond. In Proceedings of the Fifth Annual IEEE Symposium on Logic in Computer Science, 1990.Google Scholar
  7. 7.
    S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular Verification of Software Components in C. In Proc. 25th Int. Conference on Software Engi-neering (ICSE), pages 385-395, 2003. Extended version in IEEE Transactions on Software Engineering, 2004.Google Scholar
  8. 8.
    E. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Logics of Programs: Workshop, volume 131 of LNCS, pages 52-71, 1981.Google Scholar
  9. 9.
    E. Clarke, T. Filkorn, S. Jha. Exploiting Symmetry In Temporal Logic Model Checking. Proc. Computer Aided Verification (CAV), volume 697 of LNCS, pages 450-462, 1996.Google Scholar
  10. 10.
    E. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement. In Proc. 12th Int. Conf. Computer Aided Verification (CAV), volume 1855 of LNCS, pages 154-169, 2000. Extended version in J. ACM 50 (5): 752-794, 2003.Google Scholar
  11. 11.
    E. Clarke, O. Grumberg, and D. Long. Model checking and abstraction. ACM Transactions on Programming Languages and Systems, 16(5):1512-1542, September 1994.CrossRefGoogle Scholar
  12. 12.
    E. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, Cambridge, MA, 1999.Google Scholar
  13. E. Clarke and H. Schlingloff. Model checking. In J. Robinson and A. Voronkov, editors, Handbook of Automated Reasoning, pages 1367-1522. Elsevier, Amster-dam, 2000.Google Scholar
  14. 14.
    P. Cousot and R. Cousot. Abstract interpretation: A unified lattice model for static analysis of programs by construction or approximation of fixpoints. In Proc. Symposium on Principles of Programming Languages (POPL), pages 238-252,1977.Google Scholar
  15. 15.
    E. Emerson. Temporal and modal logic. In J. van Leeuven, editor, Handbook of Theoretical Computer Science, Vol. B., pages 995-1072. Elsevier, Amsterdam, 1990.Google Scholar
  16. 16.
    E.A. Emerson and A.P. Sistla. Symmetry and model checking. Proc. Computer Aided Verification (CAV), volume 697 of LNCS, pages 463-478, 1996.Google Scholar
  17. 17.
    J. Esparza, D. Hansel, P. Rossmanith, and S. Schwoon. Efficient Algorithms for Model Checking Pushdown Systems. In Proc. 12th Int. Conf. Computer Aided Verification (CAV), volume 1855 of LNCS, pages 232-247, 2000.Google Scholar
  18. 18.
    P. Godefroid. Using partial orders to improve automatic verification methods. In Proc. Computer Aided Verification (CAV), volume 531 of LNCS, pages 176-185, 1990.Google Scholar
  19. 19.
    S. Graf and H. Saidi. Construction of Abstract State Graphs with PVS. In Proc. Computer Aided Verification (CAV), volume 1254 of LNCS, pages 72-83, 1997.Google Scholar
  20. 20.
    T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy Abstraction. In Proc. ACM SIGPLAN-SIGACT Conference on Principles of Programming Languages, pages 58-70, 2002.Google Scholar
  21. 21.
    G. J. Holzmann. The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading, MA, 2003.Google Scholar
  22. 22.
    M. Huth and M. Ryan. Logic in Computer Science: Modelling and Reasoning about Systems. Cambridge University Press, London, 1999.Google Scholar
  23. 23.
    R. P. Kurshan. Computer-Aided Verification of Coordinating Processes. Prince-ton University Press, Princeton, NJ, 1994.Google Scholar
  24. 24.
    K. McMillan. Symbolic Model Checking: An Approach to the State Explosion Problem. Kluwer Academic Publishers, Dordrecht, 1993.zbMATHGoogle Scholar
  25. 25.
    A. Pnueli. The temporal logic of programs. In Proc. 18th Symposium on Foun-dations of Computer Science (FOCS), pages 46-67, 1977.Google Scholar
  26. 26.
    J. Queille and J. Sifakis. Specification and verification of concurrent systems in CESAR. In Proc. 5th Int. Symposium in Programming, volume 137 of LNCS, pages 337-351, 1982.Google Scholar
  27. 27.
    M. Sagiv, T. Reps, and R. Wilhelm. Parametric shape analysis via 3-valued logic. In Proc. ACM Transactions on Programming Languages and Systems 24, 3, pages 217-298, 2002.CrossRefGoogle Scholar
  28. 28.
    C. Stirling. Bisimulation, Modal Logic and Model Checking Games. Logic Journal of the IGPL, 7(1), pages 103-124, 1999.zbMATHCrossRefMathSciNetGoogle Scholar
  29. 29.
    A. Tiwari and G. Khanna. Series of Abstractions for Hybrid Systems. In Proc. 5th Int. Workshop on Hybrid Systems: Computation and Control (HSCC 2002), volume 2289 of LNCS, pages 465-478, 2002.Google Scholar
  30. 30.
    M. Y. Vardi and P. Wolper. Reasoning about infinite computations. In Infor-mation and Computation, 115(1): pages 1-37, 1994.zbMATHCrossRefMathSciNetGoogle Scholar

Copyright information

© Birkhäuser Boston 2005

Authors and Affiliations

  • Edmund Clarke
    • 1
  • Ansgar Fehnker
    • 2
  • Sumit Kumar Jha
    • 1
  • Helmut Veith
    • 3
  1. 1.School of Computer ScienceCarnegie Mellon UniversityPittsburghUSA
  2. 2.National ICT AustraliaUniversity of New South WalesAustralia
  3. 3.Institut für InformatikTechnische Universität MünchenMunichGermany

Personalised recommendations