research-article

Conditional model checking: a technique to pass information between verifiers

Authors:

Thomas A. Henzinger,

M. Erkan Keremoglu,

Philipp WendlerAuthors Info & Claims

FSE '12: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

Article No.: 57, Pages 1 - 11

https://doi.org/10.1145/2393596.2393664

Published: 11 November 2012 Publication History

Abstract

Software model checking, as an undecidable problem, has three possible outcomes: (1) the program satisfies the specification, (2) the program does not satisfy the specification, and (3) the model checker fails. The third outcome usually manifests itself in a space-out, time-out, or one component of the verification tool giving up; in all of these failing cases, significant computation is performed by the verification tool before the failure, but no result is reported. We propose to reformulate the model-checking problem as follows, in order to have the verification tool report a summary of the performed work even in case of failure: given a program and a specification, the model checker returns a condition Ψ ---usually a state predicate--- such that the program satisfies the specification under the condition Ψ ---that is, as long as the program does not leave the states in which Ψ is satisfied. In our experiments, we investigated as one major application of conditional model checking the sequential combination of model checkers with information passing. We give the condition that one model checker produces, as input to a second conditional model checker, such that the verification problem for the second is restricted to the part of the state space that is not covered by the condition, i.e., the second model checker works on the problems that the first model checker could not solve. Our experiments demonstrate that repeated application of conditional model checkers, passing information from one model checker to the next, can significantly improve the verification results and performance, i.e., we can now verify programs that we could not verify before.

References

[1]

T. Ball and S. K. Rajamani. The Slam project: Debugging system software via static analysis. In Proc. POPL, pages 1--3. ACM, 2002.

Digital Library

[2]

S. Ben-David, T. Heyman, O. Grumberg, and A. Schuster. Scalable distributed on-the-fly symbolic model checking. In Proc. FMCAD, LNCS 1954, pages 427--441. Springer, 2000.

Digital Library

[3]

D. Beyer. Competition on software verification (SV-COMP). In Proc. TACAS, LNCS 7214, pages 504--524. Springer, 2012.

Digital Library

[4]

D. Beyer, A. J. Chlipala, T. A. Henzinger, R. Jhala, and R. Majumdar. Generating tests from counterexamples. In Proc. ICSE, pages 326--335. IEEE, 2004.

Digital Library

[5]

D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar. The software model checker Blast. Int. J. Softw. Tools Technol. Transfer, 9(5--6):505--525, 2007.

Digital Library

[6]

D. Beyer, T. A. Henzinger, M. E. Keremoglu, and P. Wendler. Conditional Model Checking. Technical Report MIP-1107, University of Passau, 2011.

[7]

D. Beyer, T. A. Henzinger, and G. Théoduloz. Program analysis with dynamic precision adjustment. In Proc. ASE, pages 29--38. IEEE, 2008.

Digital Library

[8]

D. Beyer and M. E. Keremoglu. CPAchecker: A tool for configurable software verification. In Proc. CAV, LNCS 6806, pages 184--190. Springer, 2011.

Digital Library

[9]

D. Beyer, M. E. Keremoglu, and P. Wendler. Predicate abstraction with adjustable-block encoding. In Proc. FMCAD, pages 189--197. FMCAD, 2010.

Digital Library

[10]

A. Biere, A. Cimatti, E. M. Clarke, and Y. Zhu. Symbolic model checking without BDDs. In Proc. TACAS, LNCS 1579, pages 193--207. Springer, 1999.

Digital Library

[11]

M. Christakis, P. Müller, and V. Wüstholz. Collaborative verification and testing with explicit assumptions. In Proc. FM, 2012, to appear.

[12]

E. M. Clarke and E. A. Emerson. Design and synthesis of synchronization skeletons using branching-time temporal logic. In Proc. Logic of Programs 1981, LNCS 131, pages 52--71. Springer, 1982.

Digital Library

[13]

E. M. Clarke, O. Grumberg, S. Jha, Y. Lu, and H. Veith. Counterexample-guided abstraction refinement for symbolic model checking. J. ACM, 50(5):752--794, 2003.

Digital Library

[14]

E. M. Clarke, D. Kröning, and F. Lerda. A tool for checking ANSI-C programs. In Proc. TACAS, LNCS 2988, pages 168--176. Springer, 2004.

[15]

C. L. Conway, D. Dams, K. S. Namjoshi, and C. Barrett. Pointer analysis, conditional soundness, and proving the absence of errors. In Proc. SAS, pages 62--77. Springer, 2008.

Digital Library

[16]

P. Cousot, R. Cousot, J. Feret, L. Mauborgne, A. Miné, D. Monniaux, and X. Rival. Combination of abstractions in the Astrée static analyzer. In Proc. ASIAN'06, LNCS 4435, pages 272--300. Springer, 2008.

Digital Library

[17]

M. B. Dwyer, S. G. Elbaum, S. Person, and R. Purandare. Parallel randomized state-space search. In Proc. ICSE, pages 3--12. IEEE, 2007.

Digital Library

[18]

M. B. Dwyer, J. Hatcliff, R. Robby, C. S. Pasareanu, and W. Visser. Formal software analysis emerging trends in software model checking. In Proc. FOSE, pages 120--136. IEEE, 2007.

Digital Library

[19]

J. Fischer, R. Jhala, and R. Majumdar. Joining data flow with predicates. In Proc. ESEC/FSE, pages 227--236. ACM, 2005.

Digital Library

[20]

C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Proc. PLDI, pages 234--245. ACM, 2002.

Digital Library

[21]

A. Groce and W. Visser. Heuristics for model checking Java programs. Int. J. Softw. Tools Technol. Transfer, 6(4):260--276, 2004.

Digital Library

[22]

B. S. Gulavani, T. A. Henzinger, Y. Kannan, A. V. Nori, and S. K. Rajamani. Synergy: A new algorithm for property checking. In Proc. FSE, pages 117--127. ACM, 2006.

Digital Library

[23]

T. A. Henzinger, R. Jhala, R. Majumdar, G. C. Necula, G. Sutre, and W. Weimer. Temporal-safety proofs for systems code. In Proc. CAV, LNCS 2404, pages 526--538. Springer, 2002.

Digital Library

[24]

T. A. Henzinger, R. Jhala, R. Majumdar, and M. A. A. Sanvido. Extreme model checking. In International Symposium on Verification: Theory and Practice, LNCS 2772, pages 332--358. Springer, 2003.

[25]

T. A. Henzinger, R. Jhala, R. Majumdar, and G. Sutre. Lazy abstraction. In Proc. POPL, pages 58--70. ACM, 2002.

Digital Library

[26]

T. A. Henzinger, S. Qadeer, and S. K. Rajamani. You assume, we guarantee: Methodology and case studies. In Proc. CAV, LNCS 1427, pages 440--451. Springer, 1998.

Digital Library

[27]

G. J. Holzmann, R. Joshi, and A. Groce. Tackling large verification problems with the Swarm tool. In Proc. SPIN, LNCS 5156, pages 134--143. Springer, 2008.

Digital Library

[28]

J. C. King. Symbolic execution and program testing. Commun. ACM, 19(7):385--394, 1976.

Digital Library

[29]

S. Lauterburg, A. Sobeih, D. Marinov, and M. Viswanathan. Incremental state-space exploration for programs with dynamically allocated data. In Proc. ICSE, pages 291--300. IEEE, 2008.

Digital Library

[30]

F. Lerda and R. Sisto. Distributed-memory model checking with Spin. In Proc. SPIN, LNCS 1680, pages 22--39. Springer, 1999.

Digital Library

[31]

M. Musuvathi and D. R. Engler. Model checking large network-protocol implementations. In Proc. Networked Systems Design and Implementation, pages 155--168. USENIX, 2004.

Digital Library

[32]

J. W. Nimmer and M. D. Ernst. Automatic generation of program specifications. In Proc. ISSTA, pages 229--239. ACM, 2002.

Digital Library

[33]

J.-P. Queille and J. Sifakis. Specification and verification of concurrent systems in CESAR. In Proc. Symposium on Programming, LNCS 137, pages 337--351. Springer, 1982.

Digital Library

[34]

O. Sokolsky and S. A. Smolka. Incremental model checking in the modal mu-calculus. In Proc. CAV, LNCS 818, pages 351--363. Springer, 1994.

Digital Library

[35]

G. Yang, M. B. Dwyer, and G. Rothermel. Regression model checking. In Proc. ICSM, pages 115--124. IEEE, 2009.

Cited By

Kim YChoi Y(2024)PBE-Based Selective Abstraction and Refinement for Efficient Property Falsification of Embedded SoftwareProceedings of the ACM on Software Engineering10.1145/36437401:FSE(293-315)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643740
Haltermann JJakobs MRichter CWehrheim H(2024)Parallel program analysis on path rangesScience of Computer Programming10.1016/j.scico.2024.103154238:COnline publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1016/j.scico.2024.103154
Haltermann JWehrheim H(2024)Exchanging information in cooperative software validationSoftware and Systems Modeling (SoSyM)10.1007/s10270-024-01155-323:3(695-719)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10270-024-01155-3
Show More Cited By

Index Terms

Conditional model checking: a technique to pass information between verifiers

Recommendations

Reducer-based construction of conditional verifiers
ICSE '18: Proceedings of the 40th International Conference on Software Engineering

Despite recent advances, software verification remains challenging. To solve hard verification tasks, we need to leverage not just one but several different verifiers employing different technologies. To this end, we need to exchange information between ...
Software Verification with CPAchecker 3.0: Tutorial and User Guide
Formal Methods
Abstract
This tutorial provides an introduction to CPAchecker for users. CPAchecker is a flexible and configurable framework for software verification and testing. The framework provides many abstract domains, such as BDDs, explicit values, intervals, ...
Combining Theorem Proving with Model Checking through Predicate Abstraction

This article presents a procedure for proving invariants of infinite-state reactive systems using a combination of two formal verification techniques: theorem proving and model checking. This method uses term rewriting on the definition of the target ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

FSE '12: Proceedings of the ACM SIGSOFT 20th International Symposium on the Foundations of Software Engineering

November 2012

494 pages

ISBN:9781450316149

DOI:10.1145/2393596

General Chair:
Will Tracz
Lockheed Martin Fellow Emeritus
,
Program Chairs:
Martin Robillard
McGill University
,
Tevfik Bultan
University of California, Santa Barbara

Copyright © 2012 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSOFT: ACM Special Interest Group on Software Engineering

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2012

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

SIGSOFT/FSE'12

Sponsor:

SIGSOFT

SIGSOFT/FSE'12: 20th ACM SIGSOFT Symposium on the Foundations of Software Engineering

November 11 - 16, 2012

North Carolina, Cary

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

85
Total Citations
View Citations
452
Total Downloads

Downloads (Last 12 months)24
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Kim YChoi Y(2024)PBE-Based Selective Abstraction and Refinement for Efficient Property Falsification of Embedded SoftwareProceedings of the ACM on Software Engineering10.1145/36437401:FSE(293-315)Online publication date: 12-Jul-2024
https://dl.acm.org/doi/10.1145/3643740
Haltermann JJakobs MRichter CWehrheim H(2024)Parallel program analysis on path rangesScience of Computer Programming10.1016/j.scico.2024.103154238:COnline publication date: 1-Dec-2024
https://dl.acm.org/doi/10.1016/j.scico.2024.103154
Haltermann JWehrheim H(2024)Exchanging information in cooperative software validationSoftware and Systems Modeling (SoSyM)10.1007/s10270-024-01155-323:3(695-719)Online publication date: 1-Jun-2024
https://dl.acm.org/doi/10.1007/s10270-024-01155-3
Beyer DLee N(2024)The Transformation Game: Joining Forces for VerificationPrinciples of Verification: Cycling the Probabilistic Landscape10.1007/978-3-031-75778-5_9(175-205)Online publication date: 18-Nov-2024
https://doi.org/10.1007/978-3-031-75778-5_9
Haas TMaseli RMeyer RPonce de León H(2023)Static Analysis of Memory Models for SMT EncodingsProceedings of the ACM on Programming Languages10.1145/36228557:OOPSLA2(1618-1647)Online publication date: 16-Oct-2023
https://dl.acm.org/doi/10.1145/3622855
Güdemann MSchrammel PHong JLanperne MPark JCerny TShahriar H(2023)BlueCov: Integrating Test Coverage and Model Checking with JBMCProceedings of the 38th ACM/SIGAPP Symposium on Applied Computing10.1145/3555776.3577829(1695-1697)Online publication date: 27-Mar-2023
https://dl.acm.org/doi/10.1145/3555776.3577829
G GKizhakkethottam J(2023)A Study on Formal Verification of Smart Contracts in Distributed Ledger Technology2023 IEEE International Conference on Recent Advances in Systems Science and Engineering (RASSE)10.1109/RASSE60029.2023.10363616(1-9)Online publication date: 8-Nov-2023
https://doi.org/10.1109/RASSE60029.2023.10363616
Jakobs MPollandt T(2023)diffDP: Using Data Dependencies and Properties in Difference Verification with ConditionsiFM 202310.1007/978-3-031-47705-8_3(40-61)Online publication date: 6-Nov-2023
https://doi.org/10.1007/978-3-031-47705-8_3
Haltermann JJakobs MRichter CWehrheim H(2023)Ranged Program Analysis via InstrumentationSoftware Engineering and Formal Methods10.1007/978-3-031-47115-5_9(145-164)Online publication date: 31-Oct-2023
https://doi.org/10.1007/978-3-031-47115-5_9
Kumazawa TTakimoto MKodama YKambayashi Y(2023)Enhancing Safety Checking Coverage with Multi-swarm Particle Swarm OptimizationAdvances in Practical Applications of Agents, Multi-Agent Systems, and Cognitive Mimetics. The PAAMS Collection10.1007/978-3-031-37616-0_12(137-148)Online publication date: 12-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-37616-0_12
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten