Results 1  10
of
15
Combining Model Checking and Deduction for I/OAutomata
"... We propose a combination of model checking and interactive theorem proving where the theorem prover is used to represent finite and infinite state systems, reason about them compositionally and reduce them to small finite systems by verified abstractions. As an example we verify a version of the Alt ..."
Abstract

Cited by 45 (3 self)
 Add to MetaCart
We propose a combination of model checking and interactive theorem proving where the theorem prover is used to represent finite and infinite state systems, reason about them compositionally and reduce them to small finite systems by verified abstractions. As an example we verify a version of the Alternating Bit Protocol with unbounded lossy and duplicating channels: the channels are abstracted by interactive proof and the resulting finite state system is model checked.
Model Checking for Infinite State Systems Using Data Abstraction, AssumptionCommitment Style Reasoning and Theorem Proving
, 1995
"... A method combining data abstraction, model checking and theorem proving is presented. It provides a semiautomatic, formal framework for proving arbitrary linear time temporal logic properties of infinite state reactive systems. The paper contains a complete case study to prove safety and liveness o ..."
Abstract

Cited by 34 (0 self)
 Add to MetaCart
A method combining data abstraction, model checking and theorem proving is presented. It provides a semiautomatic, formal framework for proving arbitrary linear time temporal logic properties of infinite state reactive systems. The paper contains a complete case study to prove safety and liveness of an implementation of a scheduler for the readers/writers problem which uses unbounded queues and sets. We argue that the proposed framework could be automated to a very large extent making this approach feasible in an industrial environment.
Verifying Invariants Using Theorem Proving
 IN ALUR AND HENZINGER [AH96
, 1996
"... Our goal is to use a theorem prover in order to verify invariance properties of distributed systems in a "model checking like" manner. A system S is described by a set of sequential components, each one given by a transition relation and a predicate Init defining the set of initial states. In order ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
Our goal is to use a theorem prover in order to verify invariance properties of distributed systems in a "model checking like" manner. A system S is described by a set of sequential components, each one given by a transition relation and a predicate Init defining the set of initial states. In order to verify that P is an invariant of S, we try to compute, in a model checking like manner, the weakest predicate P 0 stronger than P and weaker than Init which is an inductive invariant, that is, whenever P 0 is true in some state, then P 0 remains true after the execution of any possible transition. The fact that P is an invariant can be expressed by a set of predicates (having no more quantifiers than P ) on the set of program variables, one for every possible transition of the system. In order to prove these predicates, we use either automatic or assisted theorem proving depending on their nature. We show in this paper how this can be done in an efficient way using the Prototype V...
Hardware Verification using Monadic SecondOrder Logic
 IN COMPUTER AIDED VERIFICATION : 7TH INTERNATIONAL CONFERENCE, CAV '95, LNCS 939
, 1995
"... We show how the secondorder monadic theory of strings can be used to specify hardware components and their behavior. This logic admits a decision procedure and countermodel generator based on canonical automata for formulas. We have used a system implementing these concepts to verify, or find e ..."
Abstract

Cited by 25 (10 self)
 Add to MetaCart
We show how the secondorder monadic theory of strings can be used to specify hardware components and their behavior. This logic admits a decision procedure and countermodel generator based on canonical automata for formulas. We have used a system implementing these concepts to verify, or find errors in, a number of circuits proposed in the literature. The techniques we use make it easier to identify regularity in circuits, including those that are parameterized or have parameterized behavioral specifications. Our proofs are semantic and do not require lemmas or induction as would be needed when employing a conventional theory of strings as a recursive data type.
Formal verification of a partialorder reduction technique for model checking
 In Proc. of the Second International Workshop on Tools and Algorithms for the Construction and Analysis of Systems
, 1996
"... 2The bulk of the contribution of the first author to this work was done when he was on leave from UCLA and doing a summer job at Bell Laboratories. ..."
Abstract

Cited by 20 (1 self)
 Add to MetaCart
2The bulk of the contribution of the first author to this work was done when he was on leave from UCLA and doing a summer job at Bell Laboratories.
A Case Study in Model Checking Software Systems
 Science of Computer Programming
, 1997
"... Model checking is a proven successful technology for verifying hardware. It works, however, on only finite state machines, and most software systems have infinitely many states. Our approach to applying model checking to software hinges on identifying appropriate abstractions that exploit the nature ..."
Abstract

Cited by 17 (0 self)
 Add to MetaCart
Model checking is a proven successful technology for verifying hardware. It works, however, on only finite state machines, and most software systems have infinitely many states. Our approach to applying model checking to software hinges on identifying appropriate abstractions that exploit the nature of both the system, S, and the property, OE, to be verified. We check OE on an abstracted, but finite, model of S. Following this approach we verified three cache coherence protocols used in distributed file systems. These protocols have to satisfy this property: "If a client believes that a cached file is valid then the authorized server believes that the client's copy is valid." In our finite model of the system, we need only represent the "beliefs" that a client and a server have about a cached file; we can abstract from the caches, the files' contents, and even the files themselves. Moreover, by successive application of the generalization rule from predicate logic, we need only conside...
Combinations of model checking and theorem proving
 Proceedings of the Third Intl. Workshop on Frontiers of Combining Systems, volume 1794 of LNCS
, 2000
"... Abstract. The two main approaches to the formal verification of reactive systems are based, respectively, on model checking (algorithmic verification) and theorem proving (deductive verification). These two approaches have complementary strengths and weaknesses, and their combination promises to enh ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
Abstract. The two main approaches to the formal verification of reactive systems are based, respectively, on model checking (algorithmic verification) and theorem proving (deductive verification). These two approaches have complementary strengths and weaknesses, and their combination promises to enhance the capabilities of each. This paper surveys a number of methods for doing so. As is often the case, the combinations can be classified according to how tightly the different components are integrated, their range of application, and their degree of automation. 1
Interactive Verification Exploiting Program Design Knowledge: A ModelChecker for UNITY
, 1996
"... ..."
Generating and Model Checking a Hierarchy of Abstract Models
, 1999
"... The use of automatic model checking algorithms to verify detailed gate or switch level designs of circuits is very attractive because the method is automatic and such models can accurately capture detailed functional, timing, and even subtle electrical behaviour of circuits. The use of binary decisi ..."
Abstract

Cited by 4 (1 self)
 Add to MetaCart
The use of automatic model checking algorithms to verify detailed gate or switch level designs of circuits is very attractive because the method is automatic and such models can accurately capture detailed functional, timing, and even subtle electrical behaviour of circuits. The use of binary decision diagrams has extended by orders of magnitude the size of circuits that can be so verified, but there are still very significant limitations due to the computational complexity of the problem. Verifying abstract versions of the model is attractive to reduce computational costs but this poses the problem of how to build abstractions easily without losing the accuracy of the lowlevel model. This paper proposes a method of bridging the gap between detailed designs and abstract models,...
The Incremental Development of Correct Specifications for Distributed Systems
 Proc. FME '96, LNCS (SpringerVerlag
, 1996
"... . Provably correct software can only be achieved by basing the development process on formal methods. For most industrial applications such a development never terminates because requirements change and new functionality has to be added to the system. Therefore a formal method that supports an incre ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
. Provably correct software can only be achieved by basing the development process on formal methods. For most industrial applications such a development never terminates because requirements change and new functionality has to be added to the system. Therefore a formal method that supports an incremental development of complex systems is required. The project CoCoN (Provably Correct Communication Networks) that is carried out jointly between Philips Research Laboratories Aachen and the University of Oldenburg takes results from the ESPRIT Basic Research Action ProCoS to show the applicability of a more formal approach to the development of correct telecommunications software. These ProCoSmethods have been adapted to support the development of extensible specifications for distributed systems. Throughout this paper our approach is exemplified by a case study how call handling software for telecommunication switching systems should be developed. keywords: extension of existing formal methods, combination of methods, incremental development 1