Abstract
Of special interest in formal verification are safety properties, which assert that the system always stays within some allowed region.A computation that violates a general linear property reaches a bad cycle, which witnesses the violation of the property. Accordingly, current methods and tools for model checking of linear properties are based on a search for bad cycles. A symbolic implementation of such a search involves the calculation of a nested fixed-point expression over the system’s state space, and is often very difficult. Every computation that violates a safety property has a finite prefix along which the property is violated. We use this fact in order to base model checking of safety properties on a search for finite bad prefixes. Such a search can be performed using a simple forward or backward symbolic reachability check. A naive methodology that is based on such a search involves a construction of an automaton (or a tableau) that is doubly exponential in the property.We present an analysis of safety properties that enables us to prevent the doubly-exponential blow up and to use the same automaton used for model checking of general properties, replacing the search for bad cycles by a search for bad prefixes.
Part of this work was done when this author was visiting Cadence Berkeley Laboratories.
Supported in part by the NSF grants CCR-9628400 and CCR-9700061, and by a grant from the Intel Corporation. Part of this work was done when this author was aVaronVisiting Professor at theWeizmann Institute of Science.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
B. Alpern and F.B. Schneider. Defining liveness. Information processing letters, 21:181–185, 1985.
B. Alpern and F.B. Schneider. Recognizing safety and liveness. Distributed computing, 2:117–126, 1987.
[BCM+92]_ J.R. Burch, E.M. Clarke, K.L. McMillan, D.L. Dill, and L.J. Hwang. Symbolic model checking: 1020 states and beyond. Information and Computation, 98(2):142–170, June 1992.
R.S. Boyer and J.S. Moore. Proof-checking, theorem-proving and program verification. Technical Report 35, Institute for Computing Science and ComputerApplications, University of Texas at Austin, January 1983.
E.M. Clarke and E.A. Emerson. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proc.Workshop on Logic of Programs, LNCS 131, pp. 52–71, 1981.
W. Canfield, E.A. Emerson, and A. Saha. Checking formal specifications under simulation. In Proc. International Conference on Computer Design, pp. 455–460, 1997.
A.K. Chandra, D.C. Kozen, and L.J. Stockmeyer. Alternation. Journal of the Association for Computing Machinery, 28(1):114–133, January 1981.
C. Courcoubetis, M.Y. Vardi, P. Wolper, and M. Yannakakis. Memory efficient algorithms for the verification of temporal properties. Formal Methods in System Design, 1:275–288, 1992.
E.A. Emerson. Alternative semantics for temporal logics. Theoretical Computer Science, 26:121–130, 1983.
N. Francez. Program verification. International Computer Science. Addison-Weflay, 1992.
R. Gerth, D. Peled, M.Y. Vardi, and P. Wolper. Simple on-the-fly automatic verification of linear temporal logic. In Protocol Specification, Testing, and Verification, pp. 3–18. Chapman & Hall, August 1995.
P. Godefroid and P. Wolper. Using partial orders for the efficient verification of deadlock freedom and safety properties. In Proc. 3rd CAV, LNCS 575, pp. 332–342, 1991.
R.H. Hardin, R.P. Kurshan, S.K. Shukla, and M.Y. Vardi. A new heuristic for bad cycle detection using BDDs. In Proc. 9th CAV, LNCS 1254, pp. 268–278, 1997.
H. Iwashita and T. Nakata. Forward model checking techniques oriented to buggy designs. In Proc. IEEE/ACM ICCAD, pp. 400–404, 1997.
O. Kupferman and M.Y. Vardi. Weak alternating automata are not that weak. In Proc. 5th ISTCS, pp. 147–158. IEEE Computer Society Press, 1997.
O. Kupferman and M.Y. Vardi. Freedom, weakness, and determinism: from linear-time to branching-time. In Proc. 13th LICS, pp. 81–92, June 1998.
L. Lamport. Logical foundation. In Distributed systems-methods and tools for specification, LNCS 190, 1985.
O. Lichtenstein and A. Pnueli. Checking that finite state concurrent programs satisfy their linear specification. In Proc. 12th POPL, pp. 97–107, 1985.
Y. Luo, T. Wongsonegoro, and A. Aziz. Hybrid techniques for fast functional simulation. In Proc. 35th DAC. IEEE Computer Society, 1998.
[MAB+94]_ Z. Manna, A. Anuchitanukul, N. Bjorner, A. Browne, E. Chang, M. Colon, L. DeAlfaro, H. Devarajan, H. Sipma, and T. Uribe. STeP: The Stanford Temporal Prover. Technical Report STAN-CS-TR-94-1518, Dept. of Computer Science, Stanford University, 1994.
K. McMillan. Using unfolding to avoid the state explosion problem in the verification of asynchronous circuits. In Proc. 4th CAV, LNCS 663, pp. 164–174, 1992.
A.R. Meyer and M.J. Fischer. Economy of description by automata, grammars, and formal systems. In Proc. 12th IEEE Symp. on Switching and Automata Theory, pp. 188–191, 1971.
Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Specification. Springer-Verlag, Berlin, January 1992.
Z. Manna and A. Pnueli. The Temporal Logic of Reactive and Concurrent Systems: Safety. Springer-Verlag, NewYork, 1995.
S. Melzer and S. Roemer. Deadlock checking using net unfoldings. In Proc. 9th CAV, LNCS 1254, pp. 364–375, 1997.
A.R. Meyer and L.J. Stockmeyer. The equivalence problem for regular expressions with squaring requires exponential time. In Proc. 13th IEEE Symp. on Switching and Automata Theory, pp. 125–129, 1972.
J.P. Queille and J. Sifakis. Specification and verification of concurrent systems in Cesar. In Proc. 5th International Symp. on Programming, LNCS 137, pp. 337–351, 1981.
K. Ravi and F. Somenzi. High-density reachability analysis. In Proc. CAD, pp. 154–158, 1995.
S. Safra. On the complexity of ω-automata. In Proc. 29th FOCS, pp. 319–327, White Plains, 1988.
A.P. Sistla and E.M. Clarke. The complexity of propositional linear temporal logic. Journal ACM, 32:733–749, 1985.
A.P. Sistla. Satefy, liveness and fairness in temporal logic. Formal Aspects of Computing, 6:495–511, 1994.
R.E. Shankar, S. Owre, and J.M. Rushby. The PVS proof checker: A reference manual (beta release). Technical report, Computer Science laboratory, SRI International, Menlo Park, California, March 1993.
H.J. Touati, R.K. Brayton, and R. Kurshan. Testing language containment for ω-automata using BDD’s. Information and Computation, 118(1):101–109, April 1995.
A. Valmari. On-the-fly verification with stubborn sets. In Proc. 5nd CAV, LNCS 697, 1993.
M.Y. Vardi. An automata-theoretic approach to linear temporal logic. In F. Moller and G. Birtwistle, editors, Logics for Concurrency: Structure versus Automata, LNCS 1043, pp. 238–266, 1996.
M.Y. Vardi and P. Wolper. An automata-theoretic approach to automatic program verification. In Proc. 1st LICS, pp. 322–331, 1986.
M.Y. Vardi and P. Wolper. Reasoning about infinite computations. Information and Computation, 115(1):1–37, November 1994.
P. Wolper. Synthesis of Communicating Processes from Temporal Logic Specifications. PhD thesis, Stanford University, 1982.
J. Yuan, J. Shen, J. Abraham, and A. Aziz. On combining formal and informal verification. In Proc 9th CAV, LNCS 1254, pp. 376–387, 1997.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Kupferman, O., Vardi, M. (1999). Model Checking of Safety Properties. In: Halbwachs, N., Peled, D. (eds) Computer Aided Verification. CAV 1999. Lecture Notes in Computer Science, vol 1633. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48683-6_17
Download citation
DOI: https://doi.org/10.1007/3-540-48683-6_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66202-0
Online ISBN: 978-3-540-48683-1
eBook Packages: Springer Book Archive