Conference Paper

An Automata-Theoretic Dynamic Completeness Criterion for Bounded Model-Checking.

DOI: 10.1007/978-3-540-93900-9_23 Conference: Verification, Model Checking, and Abstract Interpretation, 10th International Conference, VMCAI 2009, Savannah, GA, USA, January 18-20, 2009. Proceedings
Source: DBLP

ABSTRACT Bounded model-checking is a technique for finding bugs in very large designs. Bounded model-checking by itself is incomplete:
it can find bugs, but it cannot prove that a system satisfies a specification. A dynamic completeness criterion can allow bounded model-checking to prove properties. A dynamic completeness criterion typically searches for a “beginning”
of a bug or bad behavior; if no such “beginning” can be found, we can conclude that no bug exists, and bounded model-checking
can terminate. Dynamic completeness criteria have been suggested for several temporal logics, but most are tied to a specific
bounded model-checking encoding, and the ones that are not are based on nondeterministic Büchi automata. In this paper we
develop a theoretic framework for dynamic completeness criteria based on alternating Büchi automata. Our criterion generalizes
and explains several existing dynamic completeness criteria, and is suitable for both linear-time and universal branching-time
logic. We show that using alternating automata rather than nondeterministic automata can lead to much smaller completeness
thresholds.

0 Bookmarks
 · 
71 Views
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: There has been a major emphasis recently in the semiconductor industry on designing industrial-strength property specification languages. Two major languages are ForSpec and Sugar 2.0, which are both extensions of Pnueli's LTL.
    07/2003;
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Bounded Model Checking, although complete in theory, has been thus far limited in practice to falsication of properties that were not invariants. In this paper we propose a termination criterion for all of LTL, and we show its effectiveness through experiments. Our approach is based on converting the LTL formula to a B¤ uchi automaton so as to reduce model checking to the verication of a fairness constraint. This reduction leads to one termination criterion that applies to all formulae. We also discuss cases for which a dedicated termination test improves bounded model checking efcienc y.
    Computer Aided Verification, 16th International Conference, CAV 2004, Boston, MA, USA, July 13-17, 2004, Proceedings; 01/2004
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Increasing attention has been paid recently to criteria that allow one to conclude that a structure models a linear-time property from the knowledge that no counterexamples exist up to a certain length. These termination criteria effectively turn Bounded Model Checking into a full-fledged verification technique and sometimes result in considerable time savings. In [M. Awedh and F. Somenzi. Proving more properties with bounded model checking. In R. Alur and D. Peled, editors, Sixteenth Conference on Computer Aided Verification (CAV'04), pages 96–108. Springer-Verlag, Berlin, July 2004. LNCS 3114] we presented a criterion based on the translation of the linear-time specification into a Büchi automaton. BMC can be terminated if no fair cycle is found up to a given length, and one can prove that no fair cycle exists beyond that length. The maximum length for which counterexamples are explicitly checked is called the termination length; it obviously depends on the model, the property, and the termination criterion. In this paper we improve the criterion of [M. Awedh and F. Somenzi. Proving more properties with bounded model checking. In R. Alur and D. Peled, editors, Sixteenth Conference on Computer Aided Verification (CAV'04), pages 96–108. Springer-Verlag, Berlin, July 2004. LNCS 3114] by adding a check that often substantially reduces termination length. Our previous work employed translation to a non-generalized Büchi automaton. Though a well-known technique converts a generalized automaton into that form by composing it with a counter, it has the undesirable effect of considerably lengthening the cycles in the graph to be searched. We propose several alternatives to that approach and compare them experimentally. The translation to automata can be accomplished in more than one way, and in this paper we contrast two of them: one based on the algorithms of [F. Somenzi and R. Bloem. Efficient Büchi automata from LTL formulae. In E. A. Emerson and A. P. Sistla, editors, Twelfth Conference on Computer Aided Verification (CAV'00), pages 248–263. Springer-Verlag, Berlin, July 2000. LNCS 1855], and one based on the notion of tight automaton of [E. Clarke, O. Grumberg, and K. Hamaguchi. Another look at LTL model checking. In D. L. Dill, editor, Sixth Conference on Computer Aided Verification (CAV'94), pages 415–427. Springer-Verlag, Berlin, 1994. LNCS 818]. The latter yields shorter counterexamples, but the former often leads to earlier termination. In addition, it can help in identifying safety properties, for which termination checks are much more efficient than for the general case. We finally present results on comparing techniques based on cycle detection to the technique of [V. Schuppan and A. Biere. Efficient reduction of finite state model checking to reachability analysis. Software Tools for Technology Transfer, 5(2–3):185–204, Mar. 2004], which converts liveness properties into safety properties by augmentation of the model.
    Electronic Notes in Theoretical Computer Science. 01/2006;

Full-text

View
1 Download