Symbolic Bounded Model Checking of Abstract State Machines
- Margus Veanes ,
- Nikolaj Bjørner ,
- Yuri Gurevich ,
- Wolfram Schulte
Int J Software Informatics | , pp. 149-170
Abstract State Machines (ASMs) allow modeling system behaviors at any desired level of abstraction, including a level with rich data types, such as sets or sequences. The availability of high-level data types allow state elements to be represented both abstractly and faithfully at the same time. AsmL is a rich ASM-based specification and programming language.
In this paper we look at symbolic analysis of model programs written in AsmL with a background T of linear arithmetic, sets, tuples, and maps. We first provide a rigorous account for the update semantics of AsmL in terms of T, and formulate the problem of bounded path exploration of model programs, or the problem of Bounded Model Program Checking (BMPC) as a satisfiability modulo T problem. Then we investigate the boundaries of decidable and undecidable cases for BMPC. In a general setting, BMPC is shown to be highly undecidable, it is effectively equivalent to satisfiability in second-order Peano arithmetic with sets; and even when restricting to finite sets the problem is as hard as the halting problem of Turing machines. On the other hand, BMPC is shown to be decidable for a class of basic model programs that are common in practice.
We use Satisfiability Modulo Theories (SMT) for BMPC. The recent SMT advances allow us to directly analyze specifications using sets and maps with specialized decision procedures for expressive fragments of these theories. Our approach is extensible; background theories need in fact only be partially solved by the SMT solver; we use simulation of ASMs to support additional theories that are beyond the scope of available decision procedures.