Skip to main content
SpringerLink
Log in

Toward Unbounded Model Checking for Region Automata

  • Conference paper
Book cover Automated Technology for Verification and Analysis (ATVA 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3299))

  • 351 Accesses

Abstract

The large number of program variables in a software verification model often makes model checkers ineffective. Since the performance of BDD’s is very sensitive to the number of variables, BDD-based model checking is deficient in this regard. SAT-based model checking shows some promise because the performance of SAT-solvers is less dependent on the number of variables. As a result, SAT-based techniques often outperform BDD-based techniques in discrete systems with a lot of variables. Timed systems, however, have not been as thoroughly investigated as discrete systems. The performance of SAT-based model checking in analyzing timing behavior – an essential task for verifying real-time systems – is not so clear. Moreover, although SAT-based model checking may be useful in bug hunting, their capability in proving properties has often been criticized. To address these issues, we propose a new bounded model checker, xBMC, to solve the reachability problem of dense-time systems. In xBMC, regions and transition relations are represented as Boolean formulae via discrete interpretations. To support both property refutation and verification, a complete inductive algorithm is deployed, in addition to the requirement of reaching an intrinsic threshold, i.e. the number of regions. In an experiment to verify the client authentication protocol of Cornell Single Sign-on systems, xBMC outperforms the efficient model checker, RED [35], even if no bugs exist. We believe that xBMC may provide an effective and practical method for timing behavior verification of large systems.

This research is partially supported by NSC project 93-2213-E-001-012-.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Alur, R.: Timed Automata. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 8–22. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  2. Alur, R., Courcoubetis, C., Dill, D.: Model-checking for Real-time Systems. In: IEEE 5th Annual Symposium on Logic In Computer Science (LICS), Philadelphia (June 1990)

    Google Scholar 

  3. Alur, R., Courcoubetis, C., Dill, D., Halbwachs, N., Wong-Toi, H.: An Implementation of Three Algorithms for Timing Verification Based on Automata Emptiness. In: Proc. of the 13th IEEE Real-Time Systems Symposium, pp. 166–1557 (1992)

    Google Scholar 

  4. Alur, R., Dill, D.L.: A Theory of Timed Automata. Theoretical Computer Science 126, 183–235 (1994)

    Article  MATH  MathSciNet  Google Scholar 

  5. Amla, N., Kurshan, R., McMillan, K., Medel, R.K.: Experimental Analysis of Different Techniques for Bounded Model Checking. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 34–48. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Asarin, E., Bozga, M., Kerbrat, A., Maler, O., Pnueli, A., Rasse, A.: Datastructures for the Verification of Timed Automata. In: Maler, O. (ed.) HART 1997. LNCS, vol. 1201, pp. 346–360. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  7. Audemard, G., Cimatti, A., Korniowicz, A., Sebastiani, R.: Bounded Model Checking for Timed Systems. In: Peled, D.A., Vardi, M.Y. (eds.) FORTE 2002. LNCS, vol. 2529, pp. 243–259. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  8. Beer, I., Ben-David, S., Landver, A.: On-the Fly Model Checking of RCTL Formulas. In: Dill, D.L. (ed.) CAV 1994. LNCS, vol. 818, Springer, Heidelberg (1994)

    Google Scholar 

  9. Biere, A., Cimatti, A., Clarke, E.M., Fujita, M., Zhu, Y.: Symbolic Model Checking Using SAT Procedures Instead of BDDs. In: Proc. of the 36th Design Automation Conference, pp. 317–320 (1999)

    Google Scholar 

  10. Bjesse, P., Claessen, K.: SAT-based verification without state space traversal. In: Johnson, S.D., Hunt Jr., W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 372–389. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  11. Bozga, M., Daws, C., Maler, O., Olivero, A., Tripakis, S., Yovine, S.: Kronos: a Model-Checking Tool for Real-Time Systems. In: Y. Vardi, M. (ed.) CAV 1998. LNCS, vol. 1427, Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  12. Bryant, R.E.: Graph-Based Algorithms for Boolean Function Manipulation. IEEE Trans. Computers 35(8), 677–691 (1986)

    Article  MATH  Google Scholar 

  13. Clarke, E., Biere, A., Raimi, R., Zhu, Y.: Bounded Model Checking Using Satisfiability Solving. Formal Methods in System Design (July 2001)

    Google Scholar 

  14. Clarke, E., Kroening, D., Yorav, K.: Behavioral Consistency of C and Verilog Programs using Bounded Model Checking. In: Proc. of the 40th Design Automation Conference, Session 23.3, Anaheim, CA (2003)

    Google Scholar 

  15. Déharbe, D., Moreira, A.: Symbolic model checking with fewer fixpoint computations. In: Wing, J.M., Woodcock, J.C.P., Davies, J. (eds.) FM 1999. LNCS, vol. 1708, pp. 272–288. Springer, Heidelberg (1999)

    Google Scholar 

  16. Göllü, A., Puri, A., Varaiya, P.: Discretization of timed automata. In: Proc. of the 33rd IEEE conference on decision and control, pp. 957–958 (1994)

    Google Scholar 

  17. Henzinger, T.A., Nicollin, X., Sifakis, J., Yovine, S.: Symbolic Model Checking for Real-Time Systems. Information and Computation 111, 193–244 (1994)

    Article  MATH  MathSciNet  Google Scholar 

  18. Huang, Y.-W., Yu, F., Hang, C., Tsai, C.-H., Lee, D.-T., Kuo, S.-Y.: Verifying Web Applications Using Bounded Model Checking. In: To appear: Proceedings of the 2004 International Conference on Dependable Systems and Networks, Florence, Italy, June 28, July 1, pp. 199–208 (2004)

    Google Scholar 

  19. Josephson, W., Sirer, E.G., Schneider, F.B.: Peer-to-Peer Authentication with a Distributed Single Sign-On Services. In: Proc. of IPTPS 2004 (2004)

    Google Scholar 

  20. Laroussinie, F., Larsen, K.G., Weise, C.: From timed automata to logic - and back. In: Hájek, P., Wiedermann, J. (eds.) MFCS 1995. LNCS, vol. 969, pp. 529–539. Springer, Heidelberg (1995)

    Google Scholar 

  21. Larsen, K.G., Pettersson, P., Wang, Y.: Compositional and Symbolic Model Checkingof Real-time System. In: Proc. RTSS 1995, Pisa, Italy (1995)

    Google Scholar 

  22. Larsen, K.G., Pettersson, P., Wang, Y.: UPPAAL in a Nutshell. Int. Journal on Software Tools for Technology Transfer 1(1-2), 134–152 (1998)

    Article  Google Scholar 

  23. Lu, F. Wnag, Li-C., Cheng, Kwang-Ting, Huan, Ric, C.-Y.: A Circuit SAT Solver with Signal Correlation Guided Learning. In: Proc. of DATE 2003 (March 2003)

    Google Scholar 

  24. McMillan, K.L.: Interpolation and SAT-Based Model Checking. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 1–13. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  25. Moller, M.O., Rue, H., Sorea, M.: Predicate Abstraction for Dense Real-time Systems. In: Proc. of Theory and Practice of Timed Systems (TPTS 2002) (2002)

    Google Scholar 

  26. Moskewicz, M.W., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: Engineering an Efficient SAT Solver. In: Proc. of the 38th Design Automation Conference (DAC 2001) (June 2001)

    Google Scholar 

  27. de Moura, L., Rueß, H., Sorea, M.: Lazy Theorem Proving for Bounded Model Checking over Infinite Domains. In: Voronkov, A. (ed.) CADE 2002. LNCS (LNAI), vol. 2392, pp. 438–455. Springer, Heidelberg (2002)

    Google Scholar 

  28. de Moura, L., Rueß, H., Sorea, M.: Bounded Model Checking and Induction: from Refutation to Verification. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 14–26. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  29. de Moura, L., Owre, S., Rueß, H., Rushby, J., Shanker, N., Sorea, M.: SAL 2, accepted for publication, CAV 2004 (2004)

    Google Scholar 

  30. Niebert, P., Mahfoudh, M., Asarin, E., Bozga, M., Jain, N., Maler, O.: Verification of Timed Automata via Satisfiability Checking. In: Damm, W., Olderog, E.-R. (eds.) FTRTFT 2002. LNCS, vol. 2469, pp. 225–244. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  31. Penczek, W., Wozna, B., Zbrzezny, A.: Towards Bounded Model Checking for the Universal Fragment of TCTL. In: Damm, W., Olderog, E.-R. (eds.) FTRTFT 2002. LNCS, vol. 2469, pp. 265–288. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  32. Seshia, S.A., Bryant, R.: Unbounded, Fully Symbolic Model Checking of Timed Automata using Boolean Methods. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 154–166. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  33. Sheeran, M., Singh, S., Stålmarck, G.: Checking Safety Properties Using Induction and a SAT-solver. In: Johnson, S.D., Hunt Jr., W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 108–125. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  34. Sorea, M.: Bounded Model Checking for Timed Automata.” CSL Technical Report SRI-CSL-02-03 (2002)

    Google Scholar 

  35. Wang, F.: Efficient Verification of Timed Automata with BDD-like Data-Structures. In: Zuck, L.D., Attie, P.C., Cortesi, A., Mukhopadhyay, S. (eds.) VMCAI 2003. LNCS, vol. 2575, pp. 189–205. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  36. Wozna, B., Penczek, W., Zbrzezny, A.: Checking Reachability Properties for Timed Automata via SAT. Fundamenta Informaticae 55(2), 223–241 (2003)

    MATH  MathSciNet  Google Scholar 

  37. Yovine, S.: Model-checking Timed Automata. In: Rozenberg, G. (ed.) EEF School 1996. LNCS, vol. 1494, pp. 114–152. Springer, Heidelberg (1998)

    Google Scholar 

  38. Yu, F., Wang, B.-Y., Huang, Y.-W.: Bounded Model Checking for Region Automata. In: Proc. of FORMATS and FTRTFT 2004, Grenoble, France (September 2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Science, Academia Sinica, Taipei, 115, Taiwan, Republic of China

    Fang Yu & Bow-Yaw Wang

Authors
  1. Fang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Bow-Yaw Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Grad. Inst. of Electronic Engineering, National Taiwan University, Taiwan, ROC

    Farn Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yu, F., Wang, BY. (2004). Toward Unbounded Model Checking for Region Automata. In: Wang, F. (eds) Automated Technology for Verification and Analysis. ATVA 2004. Lecture Notes in Computer Science, vol 3299. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30476-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30476-0_7

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23610-8

  • Online ISBN: 978-3-540-30476-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation