Morse, Jeremy, Cordeiro, Lucas, Nicole, Denis and Fischer, Bernd
Model checking LTL properties over ANSI-C programs with bounded traces
At 9th International Conference on Software Engineering and Formal Methods (SEFM 2011), Uruguay.
14 - 18 Nov 2011.
- Author's Original
Restricted to Registered users only
Context-bounded model checking has successfully been used to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages like ANSI-C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to liveness properties expressed in linear-time temporal logic (LTL). Our approach converts the LTL formulae into B ?chi-automata (BA) for the corresponding never claims and then further into C monitor threads, which are interleaved with the execution of the program under analysis. This combined system is then checked using the ESBMC model checker. We use an extended, four-valued LTL semantics to handle the finite traces that bounded model checking generates; we thus check the combined system several times with different acceptance criteria to derive the correct truth value. In order to mitigate the state space explosion, we use a dedicated scheduler that selects the monitor thread only after updates to any of the program variables occurring in the LTL formula. We demonstrate our approach on the analysis of the sequential firmware of a medical device and a small multi-threaded control application.
Actions (login required)