Morse, Jeremy, Cordeiro, Lucas, Nicole, Denis and Fischer, Bernd
Model checking LTL properties over C programs with bounded traces
Software and Systems Modeling, n/a, . (doi:10.1007/s10270-013-0366-0).
- Accepted Manuscript
Restricted to Repository staff only
Context-bounded model checking has been used successfully to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages such as C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL). Our approach checks the actual C program, rather than an extracted abstract model. It converts the LTL formulas into Buchi automata (BA) for the corresponding never claims and then further into C monitor threads, which are interleaved with the execution of the program under analysis. This combined system is then checked using the ESBMC model checker. We use an extended, four-valued LTL semantics to handle the finite traces that bounded model checking explores; we thus check the combined system several times with different acceptance criteria to derive the correct truth value. In order to mitigate the state space explosion, we use a dedicated scheduler that selects the monitor thread only after updates to global variables occurring in the LTL formula. We demonstrate our approach on the analysis of the sequential firmware of a medical device and a small multi-threaded control application.
Actions (login required)