Model checking LTL properties over C programs with bounded traces
Model checking LTL properties over C programs with bounded traces
Context-bounded model checking has been used successfully to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages such as C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL). Our approach checks the actual C program, rather than an extracted abstract model. It converts the LTL formulas into Büchi automata (BA) for the corresponding never claims and then further into C monitor threads, which are interleaved with the execution of the program under analysis. This combined system is then checked using the ESBMC model checker. We use an extended, four-valued LTL semantics to handle the finite traces that bounded model checking explores; we thus check the combined system several times with different acceptance criteria to derive the correct truth value. In order to mitigate the state space explosion, we use a dedicated scheduler that selects the monitor thread only after updates to global variables occurring in the LTL formula. We demonstrate our approach on the analysis of the sequential firmware of a medical device and a small multi-threaded control application.
n/a
Morse, Jeremy
8ce3f639-6ea2-4b40-be62-5c603e8d6957
Cordeiro, Lucas
fc7cb054-f39e-4013-9faa-a471bd006596
Nicole, Denis
0aca6dd1-833f-4544-b7a4-58fb91c7395a
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Morse, Jeremy
8ce3f639-6ea2-4b40-be62-5c603e8d6957
Cordeiro, Lucas
fc7cb054-f39e-4013-9faa-a471bd006596
Nicole, Denis
0aca6dd1-833f-4544-b7a4-58fb91c7395a
Fischer, Bernd
0c9575e6-d099-47f1-b3a2-2dbc93c53d18
Morse, Jeremy, Cordeiro, Lucas, Nicole, Denis and Fischer, Bernd
(2013)
Model checking LTL properties over C programs with bounded traces.
Software and Systems Modeling, n/a, .
(doi:10.1007/s10270-013-0366-0).
Abstract
Context-bounded model checking has been used successfully to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages such as C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL). Our approach checks the actual C program, rather than an extracted abstract model. It converts the LTL formulas into Büchi automata (BA) for the corresponding never claims and then further into C monitor threads, which are interleaved with the execution of the program under analysis. This combined system is then checked using the ESBMC model checker. We use an extended, four-valued LTL semantics to handle the finite traces that bounded model checking explores; we thus check the combined system several times with different acceptance criteria to derive the correct truth value. In order to mitigate the state space explosion, we use a dedicated scheduler that selects the monitor thread only after updates to global variables occurring in the LTL formula. We demonstrate our approach on the analysis of the sequential firmware of a medical device and a small multi-threaded control application.
Text
sosym.pdf
- Accepted Manuscript
Restricted to Repository staff only
Request a copy
More information
e-pub ahead of print date: July 2013
Organisations:
Electronics & Computer Science
Identifiers
Local EPrints ID: 354726
URI: http://eprints.soton.ac.uk/id/eprint/354726
ISSN: 1619-1366
PURE UUID: be9a3956-c368-4bee-b465-28800f98bc70
Catalogue record
Date deposited: 18 Jul 2013 10:22
Last modified: 14 Mar 2024 14:23
Export record
Altmetrics
Contributors
Author:
Jeremy Morse
Author:
Lucas Cordeiro
Author:
Denis Nicole
Author:
Bernd Fischer
Download statistics
Downloads from ePrints over the past year. Other digital versions may also be available to download e.g. from the publisher's website.
View more statistics