Proving unreachability using bounded model checking

Quantified Score

Visualization

Abstract

Statemate Statecharts is widely used to specify the behaviour of reactive systems. The Statemate model checker that is used to analyse a Statemate statechart specification for properties such as state reachability, nondeterminism and races does not scale up to industry size specifications. In this paper we propose a technique - super step analysis - that uses bounded model checking to scale up analysis and yet proves non-reachability of states. The proposed technique is based on the asynchronous time model of Statemate in which a system interacts with its environment only when in a stable configuration. In a stable configuration the system reacts to external stimuli and starts a chain of steps until it reaches the next stable configuration. Stable means that further steps are not possible without new external stimuli. For practical Statemate systems adopting the asynchronous time model, in order to ensure that the system interacts with the environment at predictable intervals, there exists a finite bound on the number of steps between any two successive stable configurations. This finite bound between two stable configurations can be exploited to prove non-reachability of states using bounded model checking. In this paper we describe an algorithm that: First determines a finite upper bound K on the number of steps between any two consecutive stable configurations for a given Statemate model M. Then transforms M into another Statemate model M' whose set of initial configurations is a superset of the set of reachable stable configurations of M. Finally, uses bounded model checking up to bound K on M' to analyse properties of M. The paper concludes with the presentation of the results of applying this algorithm on an application from the automotive domain.