Automata construction for on-the-fly Model Checking PSL Safety Simple Subset

Symbolic model checking has been found extremely efficient in the verification of hardware designs, and has been widely adopted in industry in recent years. While traditional model checkers ([McM93]) used the temporal logics ctl or ltl as their specification language, contemporary industrial languages, have sought ways to make the specification language easier to learn and use. The temporal language psl [Acc04], which has been standardized by the Accellera standards organization, augments ltl with new language constructs, including Regular Expressions. In order to be model-checked, a psl formula needs to be translated into a verifiable form, usually an automaton. In this paper we present the translation into automata of a subset of psl called SafetyPSL. This subset, as can be understood by its name, consists of safety properties. Such properties are of special interest, because they can be model checked efficiently, as will be explained in the sequel. A property is considered to be safe if its violation can be detected by a finite path. Formally, consider a language L of finite and infinite words over an alphabet Σ. A finite word u over Σ is a bad prefix for L iff ∀v ∈ Σ∗ ∪ Σ, uv 6∈ L. A language L is a safety language if every word not in L has a finite bad prefix. Model checking of a general linear property φ involves the construction of a Büchi automaton B¬φ, of size exponential in φ, that accepts exactly all the infinite computations violating the property φ. Model checking φ is done by checking the emptiness of the product of the model M and B¬φ [VW86]. For safety properties, however, we can many times do better. Since computations violating a safety formula are all finite, a finite automaton A can detect them. Model checking can then be reduced to invariant checking, with the invariant being “A is not in an accepting state”. Invariant checking is typically easier to