Abstract
We present an abstraction refinement-based technique for checking safety properties of software. The technique employs predicate abstraction and SAT-based 3-valued bounded model checking. In contrast to classical refinement techniques where a single state space model is iteratively explored and refined with predicates, our approach is as follows: We use a coarsely-abstracted model of the full state space where we check for abstract witness paths for the property of interest. For each detected abstract witness we construct a partial model whose state space is restricted to refinements of the witness only. On the partial models we check whether the witness is real or spurious. We eliminate spurious witnesses in the full model via constraints, which do not increase the state space complexity. Our technique terminates when a real witness in a partial model can be detected, or no more witnesses in the full model exist. The approach enables verification with a reduced state space complexity.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
In contrast to the Boolean predicates over the control flow, predicates over system variables have a 3-valued domain as they may evaluate to u due to abstraction. In order to enable the later reduction of 3BMC to SAT, there must be a complementary predicate \(\overline{p}\) with \(\overline{p} \equiv \lnot p\) for each predicate p over system variables [16].
References
Beyer, D., Henzinger, T.A., Keremoglu, M.E., Wendler, P.: Conditional model checking: a technique to pass information between verifiers. In: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering, FSE 2012, pp. 57:1–57:11. ACM, New York (2012)
Bruns, G., Godefroid, P.: Model checking partial state spaces with 3-valued temporal logics. In: Halbwachs, N., Peled, D. (eds.) CAV 1999. LNCS, vol. 1633, pp. 274–287. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48683-6_25
Clarke, E., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 154–169. Springer, Heidelberg (2000). https://doi.org/10.1007/10722167_15
Degiovanni, R., Ponzio, P., Aguirre, N., Frias, M.: Improving lazy abstraction for SCR specifications through constraint relaxation. Softw. Test. Verif. Reliab. 28(2), e1657 (2018)
Fecher, H., Shoham, S.: Local abstraction-refinement for the \(\mu \)-calculus. In: Bošnački, D., Edelkamp, S. (eds.) SPIN 2007. LNCS, vol. 4595, pp. 4–23. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73370-6_3
Fitting, M.: Kleene’s three valued logics and their children. Fundamenta Informaticae 20(1–3), 113–131 (1994)
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proceedings of the 29th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL 2002, pp. 58–70. ACM, New York (2002)
Hsu, K., Majumdar, R., Mallik, K., Schmuck, A.: Lazy abstraction-based control for reachability. CoRR abs/1804.02722 (2018)
Kroening, D., Ouaknine, J., Strichman, O., Wahl, T., Worrell, J.: Linear completeness thresholds for bounded model checking. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 557–572. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_44
Madhukar, K., Srivas, M., Wachter, B., Kroening, D., Metta, R.: Verifying synchronous reactive systems using lazy abstraction. In: 2015 Design, Automation Test in Europe Conference Exhibition (DATE), pp. 1571–1574, March 2015
Nadel, A.: Boosting minimal unsatisfiable core extraction. In: Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design, FMCAD 2010, pp. 221–229. FMCAD Inc., Austin (2010)
Schrieb, J., Wehrheim, H., Wonisch, D.: Three-valued spotlight abstractions. In: Cavalcanti, A., Dams, D.R. (eds.) FM 2009. LNCS, vol. 5850, pp. 106–122. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-05089-3_8
Shoham, S., Grumberg, O.: 3-valued abstraction: more precision at less cost. Inf. Comput. 206(11), 1313–1333 (2008)
Timm, N., Gruner, S.: Three-valued bounded model checking with cause-guided abstraction refinement (manuscript submitted for publication). http://www.github.com/ssfm-up/TVMC/raw/unbounded/SCICO2018.pdf
Timm, N., Gruner, S., Harvey, M.: A bounded model checker for three-valued abstractions of concurrent software systems. In: Ribeiro, L., Lecomte, T. (eds.) SBMF 2016. LNCS, vol. 10090, pp. 199–216. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-49815-7_12
Wehrheim, H.: Bounded model checking for partial Kripke structures. In: Fitzgerald, J.S., Haxthausen, A.E., Yenigun, H. (eds.) ICTAC 2008. LNCS, vol. 5160, pp. 380–394. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-85762-4_26
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Timm, N., Gruner, S. (2019). Abstraction Refinement with Path Constraints for 3-Valued Bounded Model Checking. In: Artho, C., Ölveczky, P. (eds) Formal Techniques for Safety-Critical Systems. FTSCS 2018. Communications in Computer and Information Science, vol 1008. Springer, Cham. https://doi.org/10.1007/978-3-030-12988-0_9
Download citation
DOI: https://doi.org/10.1007/978-3-030-12988-0_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-12987-3
Online ISBN: 978-3-030-12988-0
eBook Packages: Computer ScienceComputer Science (R0)