Advertisement

State/Event-Based Software Model Checking

  • Sagar Chaki
  • Edmund M. Clarke
  • Joël Ouaknine
  • Natasha Sharygina
  • Nishant Sinha
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2999)

Abstract

We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexample-guided abstraction refinement and compositional reasoning. Our specification language is a state/event extension of linear temporal logic, and allows us to express many properties of software in a concise and intuitive manner. We show how standard automata-theoretic LTL model checking algorithms can be ported to our framework at no extra cost, enabling us to directly benefit from the large body of research on efficient LTL verification.

We have implemented this work within our concurrent C model checker, MAGIC, and checked a number of properties of OpenSSL-0.9.6c (an open-source implementation of the SSL protocol) and Micro-C OS version 2 (a real-time operating system for embedded applications). Our experiments show that this new approach not only eases the writing of specifications, but also yields important gains both in space and in time during verification. In certain cases, we even encountered specifications that could not be verified using traditional pure event-based or state-based approaches, but became tractable within our state/event framework. We report a bug in the source code of Micro-C OS version 2, which was found during our experiments.

Keywords

Model Check Temporal Logic Linear Temporal Logic Parallel Composition Atomic Proposition 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [ACFM85]
    Anantharaman, T.S., Clarke, E.M., Foster, M.J., Mishra, B.: Compiling path expressions into VLSI circuits. In: Proceedings of POPL, pp. 191–204 (1985)Google Scholar
  2. [BLA]
  3. [BLO98]
    Bensalem, S., Lakhnech, Y., Owre, S.: Computing abstractions of infinite state systems compositionally and automatically. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, pp. 319–331. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  4. [BMMR01]
    Ball, T., Majumdar, R., Millstein, T.D., Rajamani, S.K.: Automatic predicate abstraction of C programs. In: SIGPLAN Conference on Programming Language Design and Implementation, pp. 203–213 (2001)Google Scholar
  5. [BR01]
    Ball, T., Rajamani, S.K.: Automatically validating temporal safety properties of interfaces. In: Dwyer, M.B. (ed.) SPIN 2001. LNCS, vol. 2057, pp. 103–122. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. [Bro89]
    Browne, M.C.: Automatic verification of finite state machines using temporal logic. PhD thesis, Carnegie Mellon University, Technical report no. CMU-CS-89-117 (1989)Google Scholar
  7. [BS01]
    Bradfield, J., Stirling, C.: Modal Logics and Mu-Calculi: An Introduction. Handbook of Process Algebra, pp. 293–330. Elsevier, Amsterdam (2001)Google Scholar
  8. [Bur92]
    Burch, J.: Trace algebra for automatic verification of real-time concurrent systems. PhD thesis, Carnegie Mellon University, Technical report no. CMU-CS-92-179 (1992)Google Scholar
  9. [CCG+03]
    Chaki, S., Clarke, E.M., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. In: Proceedings of ICSE 2003, pp. 385–395 (2003)Google Scholar
  10. [CCK+02]
    Chauhan, P., Clarke, E.M., Kukula, J.H., Sapra, S., Veith, H., Wang, D.: Automated abstraction refinement for model checking large state spaces using SAT based conflict analysis. In: Proceedings of FMCAD, pp. 33–51 (2002)Google Scholar
  11. [CDH+00]
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Păsăreanu, C.S., Robby, Zheng, H.: Bandera: extracting finite-state models from Java source code. In: Proceedings of ICSE, pp. 439–448. IEEE Computer Society, Los Alamitos (2000)CrossRefGoogle Scholar
  12. [CE81]
    Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs 1981. LNCS, vol. 131, Springer, Heidelberg (1982)CrossRefGoogle Scholar
  13. [CES86]
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems 8(2), 244–263 (1986)zbMATHCrossRefGoogle Scholar
  14. [CGJ+00]
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample guided abstraction refinement. Computer Aided Verification, 154–169 (2000)Google Scholar
  15. [CGKS02]
    Clarke, E.M., Gupta, A., Kukula, J.H., Shrichman, O.: SAT based abstraction-refinement using ILP and machine learning techniques. In: Proceedings of CAV, pp. 265–279 (2002)Google Scholar
  16. [CGP99]
    Clarke, E., Grumberg, O., Peled, D.: Model Checking, December 1999. MIT Press, Cambridge (1999)Google Scholar
  17. [CGP03]
    Cobleigh, J.M., Giannakopoulou, D., Păsăreanu, C.S.: Learning assumptions for compositional verification. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 331–346. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  18. [COYC03]
    Chaki, S., Ouaknine, J., Yorav, K., Clarke, E.M.: Automated compositional abstraction refinement for concurrent C programs: A two-level approach. In: Proceedings of SoftMC 2003. ENTCS, vol. 89(3) (2003)Google Scholar
  19. [Dil88]
    Dill, D.L.: Trace theory for automatic hierarchical verification of speedindependent circuits. PhD thesis, Carnegie Mellon University, Technical report no. CMU-CS-88-119 (1988)Google Scholar
  20. [GL94]
    Grumberg, O., Long, D.E.: Model checking and modular verification. ACM Trans. on Programming Languages and Systems 16(3), 843–871 (1994)CrossRefGoogle Scholar
  21. [GM03]
    Giannakopoulou, D., Magee, J.: Fluent model checking for event-based systems. In: Proceedings of FSE, ACM Press, New York (2003)Google Scholar
  22. [GPVW95]
    Gerth, R., Peled, D., Vardi, M.Y., Wolper, P.: Simple on-the-fly automatic verification of linear temporal logic. In: Protocol Specification Testing and Verification, Warsaw, Poland, pp. 3–18. Chapman & Hall, Sydney (1995)Google Scholar
  23. [HJMQ03]
    Henzinger, T.A., Jhala, R., Majumdar, R., Qadeer, S.: Thread-modular abstraction refinement. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 262–274. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. [HJMS02]
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proceedings of POPL, pp. 58–70 (2002)Google Scholar
  25. [HJS01]
    Huth, M., Jagadeesan, R., Schmidt, D.: Modal transition systems: A foundation for three-valued program analysis. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, p. 155. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. [Hoa85]
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)zbMATHGoogle Scholar
  27. [HQR00]
    Henzinger, T.A., Qadeer, S., Rajamani, S.K.: Decomposing refinement proofs using assume-guarantee reasoning. In: Proceedings of ICCAD, pp. 245–252. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  28. [Koz83]
    Kozen, D.: Results on the propositional mu-calculus. Theoretical Computer Science 27, 333–354 (1983)zbMATHCrossRefMathSciNetGoogle Scholar
  29. [Kur94]
    Kurshan, R.P.: Computer-aided verification of coordinating processes: the automata-theoretic approach. Princeton University Press, Princeton (1994)Google Scholar
  30. [KV98]
    Kindler, E., Vesper, T.: ESTL: A temporal logic for events and states. In: Desel, J., Silva, M. (eds.) ICATPN 1998. LNCS, vol. 1420, p. 365. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  31. [LBBO01]
    Lakhnech, Y., Bensalem, S., Berezin, S., Owre, S.: Incremental verification by abstraction. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 98–112. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  32. [LP85]
    Lichtenstein, O., Pnueli, A.: Checking that finite state concurrent programs satisfy their linear specification. In: Proceedings of POPL (1985)Google Scholar
  33. [MAG]
  34. [McM97]
    McMillan, K.L.: A compositional rule for hardware design refinement. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 24–35. Springer, Heidelberg (1997)Google Scholar
  35. [Mil89]
    Milner, R.: Communication and Concurrency. Prentice-Hall International, London (1989)zbMATHGoogle Scholar
  36. [NCOD97]
    Naumovich, G., Clarke, L.A., Osterweil, L.J., Dwyer, M.B.: Verification of concurrent software with FLAVERS. In: Proceedings of ICSE, pp. 594–595. ACM Press, New York (1997)CrossRefGoogle Scholar
  37. [NFGR93]
    De Nicola, R., Fantechi, A., Gnesi, S., Ristori, G.: An action-based framework for verifying logical and behavioural properties of concurrent systems. Computer Networks and ISDN Systems 25(7), 761–778 (1993)zbMATHCrossRefGoogle Scholar
  38. [NV95]
    De Nicola, R., Vaandrager, F.: Three logics for branching bisimulation. Journal of the ACM (JACM) 42(2), 458–487 (1995)zbMATHCrossRefGoogle Scholar
  39. [PDV01]
    Păsăreanu, C.S., Dwyer, M.B., Visser, W.: Finding feasible counterexamples when model checking abstracted Java programs. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 284–298. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  40. [Pnu86]
    Pnueli, A.: Application of temporal logic to the specification and verification of reactive systems: A survey of current trends. In: Rozenberg, G., de Bakker, J.W., de Roever, W.-P. (eds.) Current Trends in Concurrency. LNCS, vol. 224, pp. 510–584. Springer, Heidelberg (1986)CrossRefGoogle Scholar
  41. [QS81]
    Quielle, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: proceedings of Fifth Intern. Symposium on Programming, pp. 337–350 (1981)Google Scholar
  42. [Ros97]
    Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice-Hall International, London (1997)Google Scholar
  43. [SB00]
    Somenzi, F., Bloem, R.: Efficient Büchi automata from LTL formulae. Computer-Aided Verification, 248–263 (2000)Google Scholar
  44. [SLA]
  45. [SSL]
  46. [Sto02]
    Stoller, S.D.: Model-checking multi-threaded distributed Java programs. International Journal on Software Tools for Technology Transfer 4(1), 71–91 (2002)CrossRefGoogle Scholar
  47. [Wri]

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Sagar Chaki
    • 1
  • Edmund M. Clarke
    • 1
  • Joël Ouaknine
    • 1
  • Natasha Sharygina
    • 1
  • Nishant Sinha
    • 1
  1. 1.Computer Science DepartmentCarnegie Mellon UniversityPittsburghUSA

Personalised recommendations