Producing Short Counterexamples Using "Crucial Events"

Ideally, a model checking tool should be able to successfully tackle state space explosion for complete validation of the system, while providing short counterexamples in case an error exists. Techniques such as partial order (p.o.) reduction [1, 2] are very effective at tackling state space explosion, but do not concern themselves with the production of short counterexamples. On the other hand, directed model checking [3, 4] techniques use heuristic search strategies to find short counterexamples, but are not suited for exhaustive validation, because they are prone to state space explosion in the absence of errors. To the best of our knowledge, there is currently no single technique that meets both requirements. We present such a technique in this paper. We identify a subset of CTL, which we call CETL (Crucial Event Temporal Logic), that exhibits some interesting properties. Given any (Mazurkiewicz) trace of a program and any CETL formula, there exists a unique set of events, called crucial events, whose execution is both necessary and sufficient to lead to a state satisfying the formula. These crucial events can be executed in any order that is consistent with the dependency relation. Thus, for exhaustive validation, it is sufficient to explore a single interleaving, consisting entirely of crucial events, per maximal trace of the program. This results in significant state space reduction, comparable to partial order techniques. Additionally, by executing only crucial events, we narrow in on the error quickly, resulting in faster verification and short counterexamples. We present an explicit-state model checking algorithm for CETL, and show how crucial events can be identified. We have implemented our algorithms as an extension to SPIN, called SPICED (Simple PROMELA Interpreter with Crucial Event Detection). We present experimental results comparing our performance against that of SPIN with p.o. reduction. The experimental results presented show that we consistently produce significantly shorter error trails, often resulting in faster verification times, while achieving state space reduction similar to that of p.o. reduction.