Communicating sequential processes
Communicating sequential processes
Symbolic model checking: 1020 states and beyond
Information and Computation - Special issue: Selections from 1990 IEEE symposium on logic in computer science
A classical mind
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Model checking
Casper: a compiler for the analysis of security protocols
Journal of Computer Security
Contemporary Logic Design
The Theory and Practice of Concurrency
The Theory and Practice of Concurrency
Checking Safety Properties Using Induction and a SAT-Solver
FMCAD '00 Proceedings of the Third International Conference on Formal Methods in Computer-Aided Design
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Ten Years of Partial Order Reduction
CAV '98 Proceedings of the 10th International Conference on Computer Aided Verification
Tuning SAT Checkers for Bounded Model Checking
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
NuSMV 2: An OpenSource Tool for Symbolic Model Checking
CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Software Abstractions: Logic, Language, and Analysis
Software Abstractions: Logic, Language, and Analysis
Principles of Model Checking (Representation and Mind Series)
Principles of Model Checking (Representation and Mind Series)
Bounded Model Checking of Compositional Processes
TASE '08 Proceedings of the 2008 2nd IFIP/IEEE International Symposium on Theoretical Aspects of Software Engineering
Understanding Concurrent Systems
Understanding Concurrent Systems
Effective preprocessing in SAT through variable and clause elimination
SAT'05 Proceedings of the 8th international conference on Theory and Applications of Satisfiability Testing
Operational semantics for fun and profit
CSP'04 Proceedings of the 2004 international conference on Communicating Sequential Processes: the First 25 Years
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
A formal framework for software product lines
Information and Software Technology
Hi-index | 0.00 |
In this paper, we address the problem of applying SAT-based bounded model checking (BMC) and temporal k-induction to asynchronous concurrent systems. We investigate refinement checking in the process-algebraic setting of Communicating Sequential Processes (CSP), focusing on the CSP traces model which is sufficient for verifying safety properties. We adapt the BMC framework to the context of CSP and the existing refinement checker FDR yielding bounded refinement checking which also lays the foundation for tailoring the k-induction technique. As refinement checking reduces to checking for reverse containment of possible behaviours, we exploit the SAT-solver to decide bounded language inclusion as opposed to bounded reachability of error states, as in most existing model checkers. Due to the harder problem to decide and the presence of invisible silent actions in process algebras, the original syntactic translation of BMC to SAT cannot be applied directly and we adopt a semantic translation algorithm based on watchdog transformations. We propose a Boolean encoding of CSP processes resting on FDR's hybrid two-level approach for calculating the operational semantics using supercombinators. We have implemented a prototype tool, SymFDR, written in C++, which uses FDR as a shared library for manipulating CSP processes and the state-of-the-art incremental SAT-solver MiniSAT 2.0. Experiments with BMC indicate that in some cases, especially in complex combinatorial problems, SymFDR significantly outperforms FDR and even copes with problems that are beyond FDR's capabilities. SymFDR in k-induction mode works reasonably well for small test cases, but is inefficient for larger ones as the threshold becomes too large, due to concurrency.