Model checking safety and liveness via k-induction and witness refinement with constraint generation

Abstract

• Automatic SAT-based model checking of concurrent software systems. • Incremental and complete bounded model checking based on k -induction. • Multi-model abstraction refinement technique that constructs global and local models. • Refinement based on path constraints derived from unsatisfiable cores. • Support of model checking liveness properties based on a reduction to safety. In this article, we revise our constraint-based abstraction refinement technique for checking temporal logic properties of concurrent software systems. Our technique employs predicate abstraction and SAT-based three-valued bounded model checking. In contrast to classical refinement techniques where a single state space model is iteratively explored and refined with predicates, our approach is as follows: We use a coarsely-abstracted global state space model where we check for abstract witness paths for the property of interest. For each detected abstract witness we construct a local model whose state space is restricted to refinements of the witness only. On the local models we check whether the witness is real or spurious. We eliminate spurious witnesses in the global model via spurious segment constraints , which do not increase the state space complexity. Our technique is complete and terminates when a real witness in a local model can be detected, or no more witnesses in the global model exist. While our technique was originally restricted to the verification of safety properties, we extend it here to the verification of liveness properties. For this, we make use of the state recording translation of the input system, which reduces liveness model checking to safety checking. Another restriction of our original approach was its incompleteness due to the nature of bounded model checking. Here we show how abstraction refinement-based bounded model checking can be combined with the k -induction principle, which enables unbounded model checking. Our approach is iterative with regard to the bound. The extended approach also allows us to define enhanced concepts for strengthening the constraints that we use to rule out spurious behaviour and for reusing constraints between bound iterations. We demonstrate that our approach enables the complete verification of safety and liveness properties with a reduced state space complexity and a better solving time in comparison to classical abstraction refinement techniques.