Abstract not found

We propose a new method for the verification of parameterized cache coherence protocols. Cache coherence protocols are used to maintain data consistency in commercial multiprocessor systems equipped with local fast caches. In our approach we use arithmetic constraints to model possibly infinite sets of global states of a multiprocessor system with many identical caches. In preliminary experiments using symbolic model checkers for infinite-state systems based on real arithmetics (HyTech [HHW97] and DMC [DP99]) we have automatically verified safety properties for parameterized versions of widely implemented write-invalidate and write-update cache coherence policies like the Mesi, Berkeley, Illinois, Firey and Dragon protocols [Han93]. With this application, we show that symbolic model checking tools originally designed for hybrid and concurrent systems can be applied successfully to a new class of infinite-state systems of practical interest.

Automated methods for an undecidable class of verification problems cannot be complete (terminate for every correct program). We therefore consider a new kind of quality measure for such methods, which is completeness relative to a (powerful but unrealistic) oracle-based method. More precisely, we ask whether an often implemented method known as "software model checking with abstraction refinement" is complete relative to fixpoint iteration with "oracle-guided" widening. We show that whenever backward fixpoint iteration with oracle-guided widening succeeds in proving a property' (for some sequence of widenings determined by the oracle) then software model checking with a particular form of backward refinement will succeed in proving'. Intuitively, this means that the use of fixpoint iteration over abstractions and a particular backwards refinement of the abstractions has the effect of exploring the entire state space of all possible sequences of widenings.

Abstract. Model checking is an automatic method for deciding if a circuit or a program, expressed as a concurrent transition system, satisfies a set of properties expressed in a temporal logic such as CTL. In this paper we argue that symbolic model checking is feasible in systems biology and that it shows some advantages over simulation for querying and validating formal models of biological processes. We report our experiments on using the symbolic model checker NuSMV and the constraint-based model checker DMC, for the modeling and querying of two biological processes: a qualitative model of the mammalian cell cycle control after Kohn's diagrams, and a quantitative model of gene expression regulation. 1 Introduction In recent years, Biology has clearly engaged an elucidation work of high-level biological processes in terms of their biochemical basis at the molecular level. The mass production of post genomic data, such as ARN expression, protein production and protein-protein interaction, raises the need of a strong parallel effort on the formal representation of biological processes. Metabolism networks, extracellular and intracellular signaling pathways, and gene expression regulation networks, are very complex dynamical systems. Annotating data bases with qualitative and quantitative information about the dynamics of biological systems, will not be sufficient to integrate and efficiently use the current knowledge about these systems. The design of formal tools for modeling biomolecular processes and for reasoning about their dynamics seems to be a mandatory research path to which the field of formal verification in computer science may contribute a lot.

Abstract. In this article we present the Biochemical Abstract Machine BIOCHAM and advocate its use as a formal modeling environment for networks biology. Biocham provides a precise semantics to biomolecular interaction maps. Based on this formal semantics, the Biocham system offers automated reasoning tools for querying the temporal properties of the system under all its possible behaviors. We present the main features of Biocham, provide details on a simple example of the MAPK signaling cascade and prove some results on the equivalence of models w.r.t. their temporal properties. 1 Introduction In networks biology, the complexity of the systems at hand (metabolic net-works, extracellular and intracellular networks, networks of gene regulation) clearly shows the necessity of software tools for reasoning globally about bio-logical systems [1]. Several formalisms have been proposed in recent years for modeling biochemical processes either qualitatively [2-4] or quantitatively [5-9].State-of-the-art tools integrate a graphical user interface and a simulator, yet few formal tools are available for reasoning about these processes and provingproperties about them. Our focus in Biocham has been on the design of a biochemical rule language and a query language of the model in temporal logic,that are intended to be used by biologists. Biocham has been designed in the framework of the ARC CPBIO on "ProcessCalculi and Biology of Molecular Networks " [10] which aims at pushing forward a declarative and compositional approach to modeling languages in SystemsBiology. Biocham is a language and a programming environment for modeling biochemical systems, making simulations, and checking temporal properties. Itis composed of:

Test case generation for concurrent reactive systems on the grounds of symbolic execution basically amounts to searching their state space. As in the case of model checkers, di#erent search strategies (depth-first, breadth-first, best-first, tabu) together with di#erent strategies for storing visited states have a significant impact on the performance of the generation algorithm. We present experimental data for the performance of di#erent search strategies and discuss the results, taking into account counter examples as generated by model checkers.

This paper is a contribution to the already existing series of work on the algorithmic principles of interprocedural analysis. We consider the generalization to the case of parallel programs. We give algorithms that compute the sets of backward resp. forward reachable configurations for parallel ow graph systems in linear time in the size of the graph viz. the program. These operations are important in dataflow analysis and in model checking. In our method, we first model configurations as terms (viz. trees) in the process algebra PA that can express call stack operations and parallelism. We then give a `declarative' Horn-clause specification of the sets of predecessors resp. successors. The `operational' computation of these sets is carried out using the Dowling-Gallier procedure for HornSat.

We present a computational framework based on tabled resolution and constraint processing for verifying real-time systems. We also discuss the implementation of this framework in the context of the XMC/RT verication tool. For systems specied using timed automata, XMC/RT oers backward and forward reachability analysis, as well as timed modal mu-calculus model checking. It can also handle timed innite-state systems, such as those with unbounded message buers, provided the set of reachable states is nite. We illustrate this capability on a real-time version of the leader election protocol. Finally, XMC/RT can function as a model checker for untimed systems. Despite this versatility, preliminary benchmarking experiments indicate that XMC/RT's performance remains competitive with that of other real-time verication tools. 1 Introduction In a recent paper [RRR + 97], we showed that logic programming with tabulation can be used to construct an ecient model checker for untime...

We propose a model checking scheme for a semantically complete fragment of CTL by combining techniques from constraint logic programming, a restricted form of constructive negation and tabled resolution. Our approach is symbolic in that it encodes and manipulates sets of states using constraints; it supports local model checking using goal-directed computation enhanced by tabulation. The framework is parameterized by the constraint domain and supports any finite constraint domain closed under disjunction, projection and complementation. We show how to encode our fragment of CTL in constraint logic programming; we outline an abstract execution model for the resulting type of programs and provide a preliminary evaluation of the approach.

We show how the problem of verifying parameterized systems can be...