https://prob.hhu.de/w/index.php?action=history&feed=atom&title=Symbolic_Model_CheckingSymbolic Model Checking - Revision history2026-05-27T08:03:20ZRevision history for this page on the wikiMediaWiki 1.43.8https://prob.hhu.de/w/index.php?title=Symbolic_Model_Checking&diff=3334&oldid=prevSebastian Krings: Created page with "= Overview = The current nightly builds of ProB support different symbolic model checking algorithms: * Bounded Model Checking (BMC), * k-Induction, and * different Variant..."2016-01-22T15:53:45Z<p>Created page with "= Overview = The current nightly builds of ProB support different symbolic model checking algorithms: * Bounded Model Checking (BMC), * k-Induction, and * different Variant..."</p>
<p><b>New page</b></p><div>= Overview =<br />
<br />
The current nightly builds of ProB support different symbolic model checking algorithms:<br />
<br />
* Bounded Model Checking (BMC),<br />
* k-Induction, and<br />
* different Variants of the IC3 algorithm.<br />
<br />
As opposed to [[Constraint_Based_Checking|constraint-based checking]], these algorithms find counterexamples which are reachable from the INITIALISATION. As opposed to [[Consistency_Checking |ordinary model checking]], they do not build up the state space explicitly, e.g., they do not compute all possible solutions for parameters and constants.<br />
This can be useful when the out-degree of the state-space is very high, i.e., when there are many possible solutions for the constants, the initialisation and/or the individual operations and their parameters. <br />
<br />
In addition to the algorithms explained here, BMC*, a bounded model checking algorithm based on a different technique is available in Prob. See [[Bounded Model Checking|its wiki page]] for details.<br />
<br />
= Usage =<br />
<br />
Take the following example:<br />
<br />
<pre><br />
MACHINE VerySimpleCounterWrong<br />
CONSTANTS lim<br />
PROPERTIES lim = 2**25<br />
VARIABLES ct<br />
INVARIANT<br />
ct:INTEGER & ct < lim<br />
INITIALISATION ct::0..(lim-1)<br />
OPERATIONS<br />
Inc(i) = PRE i:1..1000 & ct + i <= lim THEN ct := ct+i END;<br />
Reset = PRE ct = lim THEN ct := 0 END<br />
END<br />
</pre><br />
<br />
The ProB model checker will here run for a very long time before uncovering the error that occurs when <tt>ct</tt> is set to lim. If you run the [[TLC|TLC backend]] you will get the error message "<tt>Too many possible next states for the last state in the trace.</tt>"<br />
<br />
However, for the symbolic model checking techniques this is less of a problem.<br />
You can use them via command-line version of ProB as follows:<br />
<br />
<pre><br />
$ probcli VerySimpleCounterWrong.mch -symbolic_model_check bmc<br />
K = 0<br />
solve/2: result of prob: contradiction_found<br />
K = 1<br />
solve/2: result of prob: contradiction_found<br />
K = 2<br />
solve/2: result of prob: contradiction_found<br />
K = 3<br />
solve/2: result of prob: contradiction_found<br />
K = 4<br />
solve/2: result of prob: solution<br />
successor_found(0)<br />
--> INITIALISATION(0)<br />
successor_found(1)<br />
--> Inc<br />
successor_found(2)<br />
--> Inc<br />
successor_found(3)<br />
--> Inc<br />
successor_found(4)<br />
--> Inc<br />
! *** error occurred ***<br />
! invariant_violation<br />
</pre><br />
<br />
Instead of "bmc" you can use "kinduction" and "ic3" as command line arguments in order to use the other algorithms.<br />
<br />
The algorithms are also available from within ProB Tcl/Tk. They can be found inside the "Symbolic Model Checking" sub-menu of the "Analyse" menu.<br />
<br />
= More details =<br />
<br />
A paper describing the symbolic model checking algorithms and how they are applied to B and Event-B machines has been submitted to ABZ 2016.</div>Sebastian Krings