PLTL Partitioned Model Checking for Reactive Systems under Fairness Assumptions

TL;DR

This paper presents a partitioned model checking approach for reactive systems under fairness assumptions, enabling scalable verification of dynamic properties by dividing the state space and ensuring properties remain verifiable after refinement.

Contribution

It introduces a method to construct partitions via refinement that preserve verifiability of properties under fairness assumptions in a partitioned model checking framework.

Findings

Partitioned verification reduces state explosion.

Properties in class Bmod remain verifiable after refinement.

Application to chip card protocol demonstrates effectiveness.

Abstract

We are interested in verifying dynamic properties of finite state reactive systems under fairness assumptions by model checking. The systems we want to verify are specified through a top-down refinement process. In order to deal with the state explosion problem, we have proposed in previous works to partition the reachability graph, and to perform the verification on each part separately. Moreover, we have defined a class, called Bmod, of dynamic properties that are verifiable by parts, whatever the partition. We decide if a property P belongs to Bmod by looking at the form of the Buchi automaton that accepts the negation of P. However, when a property P belongs to Bmod, the property f => P, where f is a fairness assumption, does not necessarily belong to Bmod. In this paper, we propose to use the refinement process in order to build the parts on which the verification has to be performed. We then show that with such a partition, if a property P is verifiable by parts and if f is the expression of the fairness assumptions on a system, then the property f => P is still verifiable by parts. This approach is illustrated by its application to the chip card protocol T=1 using the B engineering design language.