## Model-checking processes with data (2005)

Venue: | In Science of Computer Programming |

Citations: | 8 - 3 self |

### BibTeX

@INPROCEEDINGS{Groote05model-checkingprocesses,

author = {J. F. Groote and T. A. C. Willemse},

title = {Model-checking processes with data},

booktitle = {In Science of Computer Programming},

year = {2005},

pages = {251--273},

publisher = {Elsevier}

}

### Years of Citing Articles

### OpenURL

### Abstract

We propose a procedure for automatically verifying properties (expressed in an extension of the modal µ-calculus) over processes with data, specified in µCRL. We first briefly review existing work, such as the theory of µCRL and we discuss the logic, called first order modal µ-calculus in more detail. Then, we introduce the formalism of first order boolean equation systems and focus on several lemmata that are at the basis of the soundness of our decision procedure. We discuss our findings on three non-trivial applications for a prototype implementation of this procedure. The results show that our prototype can deal with quite complex and interesting properties and systems, showing the efficacy of the approach.

### Citations

3280 |
Communication and Concurrency
- Milner
- 1989
(Show Context)
Citation Context ...ed work. 2 The Theory of µCRL Our main focus in this paper is on processes with data. As a framework, we use the process algebra µCRL [13]. Its basic constructs are along the lines of ACP [3] and CCS =-=[24]-=-, though its syntax is influenced mainly by ACP. In the process algebra µCRL, data is an integral part of the language, which makes the language more expressive than CCS or ACP (see discussion in [20]... |

3030 | Graph-based algorithms for boolean function manipulation
- Bryant
- 1986
(Show Context)
Citation Context ...tation The prototype implementation of our algorithm employs Equational Binary Decision Diagrams (EQ-BDDs) [16] for representing first order boolean expressions. These EQ-BDDs extend on standard BDDs =-=[9]-=- by explicitly allowing equality on nodes. We first define the grammar for EQ-BDDs. Definition 27 (Grammar for EQ-BDDs) We assume a set P of propositions and a set V of variables. The formulae we cons... |

622 | The algorithmic analysis of hybrid systems
- Alur, Courcoubetis, et al.
- 1995
(Show Context)
Citation Context ...1] seems to be able to produce results that are comparable to ours. Their techniques, however, are entirely different from ours. In fact, their approach is similar to the approach used by Alur et al. =-=[2]-=- for hybrid systems. It uses affine constraints on integer variables, logical connectives and quantifiers to symbolically encode transition relations and sets of states. The logic, used to 25sspecify ... |

545 |
A lattice-theoretical fixpoint theorem and its applications
- Tarski
- 1955
(Show Context)
Citation Context ...fixpoint expressions is then justified by the fact that the underlying lattice ([D→2 S ], ⊑) is a complete lattice and the functionals are monotonic over this lattice, see [12]. From Tarski’s Theorem =-=[28]-=-, the existence and uniqueness of fixpoints over this lattice readily follows. 7sFor ease of use, we introduce the following abbreviations for µ-calculus formulae ϕ, action formulae α and (both µ-calc... |

259 |
Results on the propositional mu-calculus
- Kozen
- 1983
(Show Context)
Citation Context ...the LPE format has the advantage of working with a finite representation of the (possibly infinite) state space. The language we use to denote our properties in is an extension of the modal µcalculus =-=[18]-=-. In particular, we allow first order logic predicates and parameterised fixpoint variables in our properties. These extensions, which are also described in e.g. [12], are needed to express properties... |

147 | Modeling and verifying systems using a logic of counter arithmetic with lambda expressions and uninterpreted functions
- BRYANT, LAHIRI, et al.
- 2002
(Show Context)
Citation Context ...does not support the data-based version of this language. It is well imaginable that this tool can be extended with our techniques. A different approach altogether is undertaken by e.g. Bryant et al. =-=[10]-=-. Their Counter arithmetic with Lambda expressions and Uninterpreted function (CLU) can be used to model both data and control, and is shown to be decidable. For this, CLU sacrifices expressiveness, a... |

118 |
Algorithms for Mutual Exclusion
- Raynal
- 1986
(Show Context)
Citation Context ...otype, the above properties are verified in less than 1 second, and both are proved to be satisfied. We next discuss two larger examples. We first report on our findings for Lamport’s Bakery Protocol =-=[26]-=-. A µCRL specification of the Bakery Protocol is given in Table 4. Table 4 Lamport’s Bakery Protocol comm get, send = c init ∂{get, send}(P(⊤)�P(⊥)) proc P(b:B) = request(b) · P0(b, 0) + send(b, 0) · ... |

88 | A.: The Syntax and Semantics of μCRL - Groote, Ponse - 1995 |

72 | On-the-fly Analysis of Systems with Unbounded, Lossy Fifo Channels
- Abdulla, Bouajjani, et al.
- 1998
(Show Context)
Citation Context ... to systems in which dependencies on infinite datatypes are absent, or can be abstracted from using dedicated techniques. Examples of such dedicated techniques are the use of e.g. regular expressions =-=[1]-=- and queue representations [5] for communications protocols, Presburger arithmetic [11] for networks and counter abstraction [25] for parameterised systems. While great progress has been made in ∗ Cor... |

64 | Symbolic model checking of infinite state systems using Presburger arithmetic
- Bultan, Gerber, et al.
- 1997
(Show Context)
Citation Context ...ed from using dedicated techniques. Examples of such dedicated techniques are the use of e.g. regular expressions [1] and queue representations [5] for communications protocols, Presburger arithmetic =-=[11]-=- for networks and counter abstraction [25] for parameterised systems. While great progress has been made in ∗ Corresponding author. Email addresses:j.f.groote@tue.nl (J.F. Groote), t.a.c.willemse@tue.... |

64 | Confluence for process verification
- Groote, Sellink
- 1995
(Show Context)
Citation Context ... also applies to systems with finite (but extremely large) state spaces. The framework we use for describing the behaviour of a system is process algebraic. We use the process algebraic language µCRL =-=[13,15]-=-, which is an extension of ACP [3]; this language includes a formal treatment of data, as well as an operational and axiomatic semantics of process terms. Compared to CCS or ACP, the language µCRL is ... |

64 | Sighireanu: Efficient On-the-fly Model-Checking for regular Alternation-Free m-Calculus
- Mateescu, M
(Show Context)
Citation Context ...nk of a least fixpoint as finite looping through a set of states and to think of a greatest fixpoint as looping through a set of states. A list of standard patterns of properties can be found in e.g. =-=[23]-=- The use of quantifiers inside modalities is illustrated by the following example. It shows how data-quantification in action formulae can be used for abstracting from the actual values for parameteri... |

56 | The power of QDDs
- Boigelot, Godefroid, et al.
- 1997
(Show Context)
Citation Context ...ies on infinite datatypes are absent, or can be abstracted from using dedicated techniques. Examples of such dedicated techniques are the use of e.g. regular expressions [1] and queue representations =-=[5]-=- for communications protocols, Presburger arithmetic [11] for networks and counter abstraction [25] for parameterised systems. While great progress has been made in ∗ Corresponding author. Email addre... |

48 |
Verification of Modal Properties Using Boolean Equation Systems. Edition versal 8, Bertz
- Mader
- 1997
(Show Context)
Citation Context ...ixpoint variables in our properties. These extensions, which are also described in e.g. [12], are needed to express properties about data. The approach we follow is inspired by the work of e.g. Mader =-=[21]-=-, and uses (in our case, first order) boolean equation systems as an intermediate formalism. We present a translation of first order modal µ-calculus expressions to first order boolean equation system... |

46 | Deciding separation formulas with SAT
- Strichman, Seshia, et al.
- 2002
(Show Context)
Citation Context ... welcome addition. Several other issues remain to be investigated. For instance, we think our technique may eventually be used to generalise specialised techniques, such as developed by Bryant et al. =-=[10,27]-=-. Also, in [17], we have identified rules and theorems for calculating with equation systems. These include special patterns and rules (such as the four deduction rules of Groote and Mateescu [12]) th... |

44 |
Local model checking for infinite state spaces
- Bradfield, Stirling
- 1992
(Show Context)
Citation Context ... formulae on finite and infinite state systems was studied by Mader [21]. As observed by Mader, the use of boolean equation systems is closely related to the tableau methods of Bradfield and Stirling =-=[7]-=-, but avoids certain redundancy of tableaux. It is therefore likely that in the case with data our approach performs better than tableau methods if these would be extended to deal with data. Closely r... |

43 |
Fixed point theorems and semantics: A folk tale
- Lassez, Nguyen, et al.
- 1982
(Show Context)
Citation Context ...he procedure in Table 1, the solution of the given equation system has been computed. PROOF. The technique to solve a single equation is based on well-established transfinite approximation techniques =-=[19]-=-. Termination of this approximation means we have computed a solution to a single equation. This solution can then be substituted in the remainder of the equation system, as a result of Lemmas 21 and ... |

36 | µCRL: A Toolset for Analysing Algebraic Specifications
- Blom, Fokkink, et al.
- 2001
(Show Context)
Citation Context ...riable d does not occur in expression ψ. Then, quantification over data-types can be removed in the following cases: 2 This prototype implementation is freely available as part of the µCRL tool-suite =-=[4]-=-, see the subdirectory checker. 20s• ∃d:D.ITE(d = e, ϕ, ψ) = ϕ[e/d] ∨ ψ provided D contains at least two elements. • ∀d:D.ITE(d = e, ϕ, ψ) = ϕ[e/d] ∧ ψ provided D contains at least two elements. • ∃d:... |

29 |
Linearization in µCRL
- Usenko
- 2002
(Show Context)
Citation Context ...uage µCRL is more expressive [20]. For our model checking procedure, we assume that the processes are written in a special format, the Linear Process Equation (LPE) format, which is discussed in e.g. =-=[29]-=-. Note that this does not pose a restriction on the set of processes that can be modelled using µCRL, as all sensible process descriptions can be transformed to this format [29]. When dealing with dat... |

29 | Semantics and Verification in Process Algebras with Data and Timing. Faculty of Mathematics and Computer Science, TU/e. 2003-05 S.V. Nedea. Analysis and Simulations of Catalytic Reactions. Faculty of Mathematics and Computer Science, TU/e. 2003-06 M.E.M. - Willemse |

24 | Verification of Temporal Properties of Processes in a Setting with Data
- Groote, Mateescu
- 1998
(Show Context)
Citation Context ... extension of the modal µcalculus [18]. In particular, we allow first order logic predicates and parameterised fixpoint variables in our properties. These extensions, which are also described in e.g. =-=[12]-=-, are needed to express properties about data. The approach we follow is inspired by the work of e.g. Mader [21], and uses (in our case, first order) boolean equation systems as an intermediate formal... |

23 |
Liveness with (0,1,infinity)-counter abstraction
- PNUELI, XU, et al.
- 2002
(Show Context)
Citation Context ...es of such dedicated techniques are the use of e.g. regular expressions [1] and queue representations [5] for communications protocols, Presburger arithmetic [11] for networks and counter abstraction =-=[25]-=- for parameterised systems. While great progress has been made in ∗ Corresponding author. Email addresses:j.f.groote@tue.nl (J.F. Groote), t.a.c.willemse@tue.nl (T.A.C. Willemse). Preprint submitted t... |

21 |
C.: Modal logic and mu-calculi
- Bradfield, Stirling
- 2001
(Show Context)
Citation Context ...[⊤]Z ∧ 〈⊤〉⊤), respectively. Absence of deadlock, i.e. the ability to always execute an action, is thus expressed as νZ.([⊤]Z ∧ 〈⊤〉⊤). A popular interpretation, due to Stirling and Bradfield (see e.g. =-=[8]-=-) is to think of a least fixpoint as finite looping through a set of states and to think of a greatest fixpoint as looping through a set of states. A list of standard patterns of properties can be fou... |

21 | Linearization in parallel pcrl
- Groote, Ponse, et al.
- 2001
(Show Context)
Citation Context ...into our theory does not pose any theoretical challenges, but is omitted in our exposition for brevity. Several techniques and tools exist to translate a guarded µCRL process to linear form (see e.g. =-=[14,29]-=-). In the remainder of this paper, we use the LPE-notation as a vehicle for our exposition of the theory and practice. The operational semantics for µCRL can be found in e.g. [13,15]. Since we restric... |

18 |
Choice Quantification in Process Algebra
- Luttik
- 2002
(Show Context)
Citation Context ...tension of ACP [3]; this language includes a formal treatment of data, as well as an operational and axiomatic semantics of process terms. Compared to CCS or ACP, the language µCRL is more expressive =-=[20]-=-. For our model checking procedure, we assume that the processes are written in a special format, the Linear Process Equation (LPE) format, which is discussed in e.g. [29]. Note that this does not pos... |

16 | Local Model-Checking of an Alternation-Free Value-Based Modal Mu-Calculus
- Mateescu
- 1998
(Show Context)
Citation Context ... depends largely on the data types that are used and not so much on the class of (first order) modal µ calculus formulae. For instance, the alternation-free fragment of the modal µ-calculus (see e.g. =-=[22]-=-) still allows for coding the halting problem. Below, we illustrate how the model checking problem of various small data-dependent systems is solved using the translation of Def. 17 and the procedure ... |

6 | d. Equational binary decision diagrams
- Groote, Pol
(Show Context)
Citation Context ... this section, we briefly sketch this implementation, without going into detail. 6.1 Implementation The prototype implementation of our algorithm employs Equational Binary Decision Diagrams (EQ-BDDs) =-=[16]-=- for representing first order boolean expressions. These EQ-BDDs extend on standard BDDs [9] by explicitly allowing equality on nodes. We first define the grammar for EQ-BDDs. Definition 27 (Grammar f... |

4 |
Parameterised boolean equation systems (extended abstract
- Groote, Willemse
- 2004
(Show Context)
Citation Context ...h the modal formula itself does not carry any parameters, the parameter n stems from the LPE X. Obviously, the resulting equation system can be further simplified using rules of calculation, see e.g. =-=[12,17]-=-. This, however, is not the objective of this paper. The following result, due to Groote and Mateescu [12, proposition 1], confirms the relation between the model checking problem and the problem of s... |

1 |
Analysis of fair extended automata
- Bouajjani, Collomb-Annichini, et al.
- 2001
(Show Context)
Citation Context ...or infinite state systems. Much work on symbolic reachability analysis of infinite state systems has been undertaken, but most of it concentrates on safety properties only. Bouajjani et al. (see e.g. =-=[6]-=-) describe how first-order arithmetical formulae, expressing safety and liveness conditions, can be verified over Parametric Extended Automaton models, by specifying extra fairness conditions on the t... |