$$2^5$$ Years of Model Checking [chapter]

Edmund M. Clarke, Qinsi Wang
2015 Lecture Notes in Computer Science  
Model Checking is an automatic verification technique for large state transition systems. It was originally developed for reasoning about finite-state concurrent systems. The technique has been used successfully to debug complex computer hardware, communication protocols, and software. It is beginning to be used for analyzing cyberphysical, biological, and financial systems as well. The major challenge for the technique is a phenomenon called the State Explosion Problem. This issue is
more » ... to avoid in the worst case; but, by using sophisticated data structures and clever search algorithms, it is now possible to verify state transition systems with an astronomical number of states. In this paper, we will briefly review the development of Model Checking over the past 32 years, with an emphasis on model checking stochastic hybrid systems. Model Checking and State Explosion Problem Model Checking, as a framework consisting of powerful techniques for verifying finite-state systems, was independently developed by Clarke and Emerson [22] and by Queille and Sifakis [52] in the early 1980s. Over the last few decades, it has been successfully applied to numerous theoretical and practical problems [17, 20, 36, 37, 45, 63] , such as verification of sequential circuit designs, communication protocols, software device drivers, security algorithms, cyberphysical systems, and biological systems. There are several major factors contributing to its success. Primarily, Model Checking is fully automated. Unlike deductive reasoning using theorem provers, this 'push-button' method neither requires proofs nor experts to check whether a finite-state model satisfies given system specifications. Besides verification of correctness, it permits bug detection as well. If a property does not hold, a model checker can return a diagnostic counterexample denoting an actual execution of the given system model leading to an error state. Such counterexamples can then help detect subtle bugs. Finally, from a practical aspect, Model Checking also works with partial specifications, which allows the separation of system design and development from verification and debugging. Typically, a model checker has three basic components: a modeling formalism adopted to encode a state machine representing the system to be verified, a specification language based on Temporal Logics [51], and a verification algorithm
doi:10.1007/978-3-662-46823-4_2 fatcat:g4tbd7fribgothf2bfgajkywfe