Context-Bounded Model Checking of LTL Properties for ANSI-C Software

  • Jeremy Morse
  • Lucas Cordeiro
  • Denis Nicole
  • Bernd Fischer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7041)

Abstract

Context-bounded model checking has successfully been used to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages like ANSI-C. In this paper, we describe and experiment with an approach to extend context-bounded model checking to liveness properties expressed in linear-time temporal logic (LTL). Our approach converts the LTL formulae into Büchi-automata and then further into C monitor threads, which are interleaved with the execution of the program under test. This combined system is then checked using the ESBMC model checker. Since this approach explores a larger number of interleavings than normal context-bounded model checking, we use a state hashing technique which substantially reduces the number of redundant interleavings that are explored and so mitigates state space explosion. Our experimental results show that we can verify non-trivial properties in the firmware of a medical device.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barnett, M., DeLine, R., Fähndrich, M., Jacobs, B., Leino, K.R.M., Schulte, W., Venter, H.: The spec# programming system: Challenges and directions. In: Meyer, B., Woodcock, J. (eds.) VSTTE 2005. LNCS, vol. 4171, pp. 144–152. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  2. 2.
    Beyer, D., Henzinger, T., Jhala, R., Majumdar, R.: The software model checker BLAST. STTT 9(5-6), 505–525 (2007)CrossRefGoogle Scholar
  3. 3.
    Biere, A., Heljanko, K., Junttila, T., Latvala, T., Schuppan, V.: Linear encodings of bounded LTL model checking. Logical Methods in Computer Science 2(5), 1–64 (2006)CrossRefMATHGoogle Scholar
  4. 4.
    Büchi, J.: On a Decision Method in Restricted Second Order Arithmetic. Studies in Logic and the Foundations of Mathematics, vol. 44, pp. 1–11 (1966)Google Scholar
  5. 5.
    Clarke, E., Kröning, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Clarke, E., Kroening, D., Sharygina, N., Yorav, K.: Predicate abstraction of ANSI–C programs using SAT. FMSD 25, 105–127 (2004)MATHGoogle Scholar
  7. 7.
    Clarke, E., Lerda, F.: Model Checking: Software and Beyond. J. Universal Computer Science 13(5), 639–649 (2007)Google Scholar
  8. 8.
    Cordeiro, L., et al.: Agile development methodology for embedded systems: A platform-based design approach. In: ECBS, pp. 195–202 (2007)Google Scholar
  9. 9.
    Cordeiro, L., Fischer, B.: Verifying Multi-threaded Software using SMT-based Context-Bounded Model Checking. To appear in ICSE (2011)Google Scholar
  10. 10.
    Cordeiro, L., Fischer, B., Marques-Silva, J.: SMT-based bounded model checking for embedded ANSI-C software. In: ASE, pp. 137–148 (2009)Google Scholar
  11. 11.
    Gastin, P., Oddoux, D.: Fast LTL to Büchi Automata Translation. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 53–65. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    He, A., Wu, J., Li, L.: An Efficient Algorithm for Transforming LTL Formula to Büchi Automaton. In: ICICTA, pp. 1215–1219 (2008)Google Scholar
  13. 13.
    Holzmann, G.: The model checker SPIN. IEEE Transactions on Software Engineering 23(5), 279–295 (1997)CrossRefGoogle Scholar
  14. 14.
    Holzmann, G.: The SPIN Model Checker - primer and reference manual. Addison-Wesley, Reading (2004)Google Scholar
  15. 15.
    Huth, M., Ryan, M.: Logic in Computer Science: modelling and reasoning about systems. Cambridge University Press, Cambridge (2004)CrossRefMATHGoogle Scholar
  16. 16.
    Jonsson, B., Tsay, Y.: Assumption/guarantee specifications in linear-time temporal logic. Theor. Comput. Sci 167(1&2), 47–72 (1996)CrossRefMATHGoogle Scholar
  17. 17.
    Kahlon, V., Wang, C., Gupta, A.: Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 398–413. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  18. 18.
    Lahiri, S., Qadeer, S., Rakamaric, Z.: Static and precise detection of concurrency errors in systems code using SMT solvers. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 509–524. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  19. 19.
    Lamport, L.: A new approach to proving the correctness of multiprocess programs. TOPLAS 1(1), 84–97 (1979)CrossRefMATHGoogle Scholar
  20. 20.
    Lamport, L.: What Good is Temporal Logic? Information Processing 83, 657–668 (1983)Google Scholar
  21. 21.
    McMillan, K.: Symbolic Model Checking, vol. 1003, p. 15. Kluwer, Dordrecht (1993)CrossRefMATHGoogle Scholar
  22. 22.
    Muchnick, S.: Advanced compiler design and implementation. Morgan Kaufmann, San Francisco (1997)Google Scholar
  23. 23.
    Secure Hash Standard. National Institute of Standards and Technology. Federal Information Processing Standard 180-2 (2002)Google Scholar
  24. 24.
    Rabinovitz, I., Grumberg, O.: Bounded model checking of concurrent programs. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 82–97. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  25. 25.
    Rozier, K., Vardi, M.: LTL Satisfiability Checking. STTE 12, 123–137 (2010)CrossRefGoogle Scholar
  26. 26.
    Visser, W., Havelund, K., Brat, G., Park, S., Lerda, F.: Model checking programs. Autom. Softw. Eng. 10(2), 203–232 (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Jeremy Morse
    • 1
  • Lucas Cordeiro
    • 2
  • Denis Nicole
    • 1
  • Bernd Fischer
    • 1
  1. 1.Electronics and Computer ScienceUniversity of SouthamptonUK
  2. 2.Electronic and Information Research CenterFederal University of AmazonasBrazil

Personalised recommendations