Skip to main content
SpringerLink
Log in

Proof Assisted Symbolic Model Checking for B and Event-B

  • Conference paper
  • First Online:
Abstract State Machines, Alloy, B, TLA, VDM, and Z (ABZ 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9675))

Abstract

We have implemented various symbolic model checking algorithms, like BMC, k-Induction and IC3 for B and Event-B. The high-level nature of B and Event-B accounts for complicated constraints arising in these symbolic analysis techniques. In this paper we suggest using static information stemming from proof obligations to simplify occurring constraints. We show how to include proof information in the aforementioned algorithms. Using different benchmarks we compare explicit state to symbolic model checking as well as techniques with and without proof assistance. In particular for models with large branching factor, e.g., due to complicated data values being manipulated, the symbolic techniques fare much better than explicit state model checking. The inclusion of proof information results in further clear performance improvements.

S. Krings and M. Leuschel—Part of this research has been initially sponsored by the EU funded FP7 project 287563 (ADVANCE).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    BDD-style model checking [10] is also called symbolic model checking. In recent work ProB has been integrated with LTSMin for such kind of model checking.

  2. 2.

    In theory, one could export proof information from Atelier B.

  3. 3.

    ProB gives the user the opportunity to set an upper-bound on the number of successor states per event for the explicit model checker; exhaustive model checking is then not possible but counterexamples can still be found.

  4. 4.

    We could have added theses constraints \(s_i \ne s_j\) also in Sect. 2.1.

  5. 5.

    Available at http://stups.hhu.de/ProB. Information on how to use the new algorithms can be found on the ProB wiki: For the BMC\(^*\) algorithm see

    http://stups.hhu.de/ProB/Bounded_Model_Checking. The other algorithms are documented at http://stups.hhu.de/ProB/Symbolic_Model_Checking.

  6. 6.

    For further information regarding TLA\(^+\) support in ProBhave a look at http://stups.hhu.de/ProB/TLA.

  7. 7.

    Like the Atelier B provers or the SMT solvers for Rodin.

References

  1. Abrial, J.-R., Butler, M., Hallerstede, S., Hoang, T., Mehta, F., Voisin, L.: Rodin: an open toolset for modelling and reasoning in Event-B. Int. J. Softw. Tools Technol. Transf. 12(6), 447–466 (2010)

    Article  Google Scholar 

  2. Abrial, J.-R., Su, W., Zhu, H.: Formalizing hybrid systems with event-B. In: Derrick, J., Fitzgerald, J., Gnesi, S., Khurshid, S., Leuschel, M., Reeves, S., Riccobene, E. (eds.) ABZ 2012. LNCS, vol. 7316, pp. 178–193. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  3. Arkoudas, K., Khurshid, S., Marinov, D., Rinard, M.: Integrating model checking and theorem proving for relational reasoning. In: Berghammer, R., Möller, B., Struth, G. (eds.) RelMiCS 2003. LNCS, vol. 3051, pp. 21–33. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  4. Bendisposto, J., Leuschel, M.: Proof assisted model checking for B. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 504–520. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Biere, A.: Bounded model checking. In: Handbook of Satisfiability, pp. 457–481 (2009)

    Google Scholar 

  6. Biere, A., Cimatti, A., Clarke, E., Zhu, Y.: Symbolic model checking without BDDs. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, p. 193. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  7. Birgmeier, J., Bradley, A.R., Weissenbacher, G.: Counterexample to induction-guided abstraction-refinement (CTIGAR). In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 831–848. Springer, Heidelberg (2014)

    Google Scholar 

  8. Boniol, F., Wiels, V.: The landing gear system case study. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014. CCIS, vol. 433, pp. 1–18. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  9. Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: \(10^{20}\) states and beyond. Inf. Comput. 98(2), 142–170 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  11. Cimatti, A., Griggio, A.: Software model checking via IC3. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 277–293. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  12. Déharbe, D., Fontaine, P., Guyot, Y., Voisin, L.: Integrating SMT solvers in Rodin. Sci. Comput. Program. 94(P2), 130–143 (2014)

    Article  Google Scholar 

  13. Een, N., Mishchenko, A., Brayton, R.: Efficient implementation of property directed reachability. In: Proceedings of the International Conference on Formal Methods in Computer-Aided Design (FMCAD 2011), pp. 125–134, Austin, TX, FMCAD Inc (2011)

    Google Scholar 

  14. Hallerstede, S., Leuschel, M.: Constraint-based deadlock checking of high-level specifications. Theor. Pract. Logic Program. 11(4–5), 767–782 (2011)

    Article  MathSciNet  Google Scholar 

  15. Hansen, D., Ladenberger, L., Wiegard, H., Bendisposto, J., Leuschel, M.: Validation of the ABZ landing gear system using ProB. In: Boniol, F., Wiels, V., Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014. CCIS, vol. 433, pp. 66–79. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  16. Hansen, D., Leuschel, M.: Translating TLA\(^\text{+ }\) to B for validation with ProB. In: Derrick, J., Gnesi, S., Latella, D., Treharne, H. (eds.) IFM 2012. LNCS, vol. 7321, pp. 24–38. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  17. Hansen, D., Leuschel, M.: Translating B to TLA\(^{+}\) for validation with TLC. In: Ait Ameur, Y., Schewe, K.-D. (eds.) ABZ 2014. LNCS, vol. 8477, pp. 40–55. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  18. Krings, S., Bendisposto, J., Leuschel, M.: From failure to proof: the prob disprover for B and event-B. In: Calinescu, R., Rumpe, B. (eds.) SEFM 2015. LNCS, vol. 9276, pp. 199–214. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  19. Krings, S., Leuschel, M.: SMT Solvers for Validation of B and Event-B models. In: Proceedings iFM’2016, LNCS. Springer (2016). to appear

    Google Scholar 

  20. Leuschel, M., Butler, M.: ProB: a model checker for B. In: Araki, K., Gnesi, S., Mandrioli, D. (eds.) FME 2003. LNCS, vol. 2805, pp. 855–874. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  21. Leuschel, M., Butler, M.: ProB: an automated analysis toolset for the B method. Int. J. Softw. Tools Technol. Transf. 10(2), 185–203 (2008)

    Article  Google Scholar 

  22. Ligot, O., Bendisposto, J., Leuschel, M.: Debugging event-B models using the ProB disprover plug-in. In: Proceedings AFADL 2007, June 2007

    Google Scholar 

  23. Matos, P.J., Fischer, B., Marques-Silva, J.: A lazy unbounded model checker for Event-B. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 485–503. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Müller, O., Nipkow, T.: Combining model checking and deduction for I/O- automata. In: Brinksma, E., Steffen, B., Cleaveland, W.R., Larsen, K.G., Margaria, T. (eds.) TACAS 1995. LNCS, vol. 1019, pp. 1–16. Springer, Heidelberg (1995)

    Chapter  Google Scholar 

  25. Plagge, D., Leuschel, M.: Validating B, Z and TLA \(^ \text{+ } \) using ProB and Kodkod. In: Giannakopoulou, D., Méry, D. (eds.) FM 2012. LNCS, vol. 7436, pp. 372–386. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  26. Pnueli, A., Ruah, S., Zuck, L.D.: Automatic deductive verification with invisible invariants. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, p. 82. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  27. Savary, A., Frappier, M., Leuschel, M., Lanet, J.-L.: Model-based robustness testing in event-B using mutation. In: Calinescu, R., Rumpe, B. (eds.) SEFM 2015. LNCS, vol. 9276, pp. 132–147. Springer, Heidelberg (2015)

    Chapter  Google Scholar 

  28. Shankar, N.: Combining theorem proving and model checking through symbolic analysis. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, p. 1. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  29. Sheeran, M., Singh, S., Stålmarck, G.: Checking safety properties using induction and a SAT-solver. In: Johnson, S.D., Hunt Jr., W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 108–125. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  30. Witulski, J., Leuschel, M.: Checking computations of formal method tools - a secondary toolchain for prob. In: Proceedings of the 1st Workshop on Formal-IDE (EPTCS), Electronic Proceedings in Theoretical Computer Science, vol. 149 (2014)

    Google Scholar 

  31. Yu, Y., Manolios, P., Lamport, L.: Model checking TLA \(^ \text{+ } \) specifications. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 54–66. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

Download references

Acknowledgements

We would like to thank the reviewers of ABZ’2016 for their useful feedback. We also thank Aymerick Savary for comments and ideas, in particular relating to BMC and test-case generation.

Author information

Authors and Affiliations

  1. Institut für Informatik, Universität Düsseldorf, Universitätsstr. 1, 40225, Düsseldorf, Germany

    Sebastian Krings & Michael Leuschel

Authors
  1. Sebastian Krings
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Leuschel
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sebastian Krings .

Editor information

Editors and Affiliations

  1. University of Southampton, Southampton, United Kingdom

    Michael Butler

  2. Software Competence Center, Hagenberg, Austria

    Klaus-Dieter Schewe

  3. Software Competence Center, Hagenberg, Austria

    Atif Mashkoor

  4. Software Competence Center, Hagenberg, Austria

    Miklos Biro

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Krings, S., Leuschel, M. (2016). Proof Assisted Symbolic Model Checking for B and Event-B. In: Butler, M., Schewe, KD., Mashkoor, A., Biro, M. (eds) Abstract State Machines, Alloy, B, TLA, VDM, and Z. ABZ 2016. Lecture Notes in Computer Science(), vol 9675. Springer, Cham. https://doi.org/10.1007/978-3-319-33600-8_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-33600-8_8

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-33599-5

  • Online ISBN: 978-3-319-33600-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation