Coverage metrics for temporal logic model checking

Hana Chockler*, Orna Kupferman, Moshe Y. Vardi

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

20 Scopus citations


In formal verification, we verify that a system is correct with respect to a specification. Even when the system is proved to be correct, there is still a question of how complete the specification is, and whether it really covers all the behaviors of the system. In this paper we study coverage metrics for model checking. Coverage metrics are based on modifications we apply to the system in order to check which parts of it were actually relevant for the verification process to succeed. We introduce two principles that we believe should be part of any coverage metric for model checking: a distinction between state-based and logic-based coverage, and a distinction between the system and its environment. We suggest several coverage metrics that apply these principles, and we describe two algorithms for finding the non-covered parts of the system under these definitions. The first algorithm is a symbolic implementation of a naive algorithm that model checks many variants of the original system. The second algorithm improves the naive algorithm by exploiting overlaps in the variants. We also suggest a few helpful outputs to the user, once the non-covered parts are found.

Original languageAmerican English
Pages (from-to)189-212
Number of pages24
JournalFormal Methods in System Design
Issue number3
StatePublished - May 2006

Bibliographical note

Funding Information:
Acknowledgment We thank Orna Grumberg, Yatin Hoskote, Amir Pnueli, and Uri Zwick for helpful discussions. Supported in part by NSF grant CCR-9700061, NSF grant CCR-9988322, and by a grant from the Intel Corporation.


  • Algorithms
  • Coverage metrics
  • Formal verification
  • Model checking


Dive into the research topics of 'Coverage metrics for temporal logic model checking'. Together they form a unique fingerprint.

Cite this