## Formal verification of a partial-order reduction technique for model checking (1996)

### Cached

### Download Links

- [www.dcs.warwick.ac.uk]
- [ftp.cs.ucla.edu]
- DBLP

### Other Repositories/Bibliography

Venue: | In Proc. of the Second International Workshop on Tools and Algorithms for the Construction and Analysis of Systems |

Citations: | 20 - 1 self |

### BibTeX

@INPROCEEDINGS{Peled96formalverification,

author = {Doron Peled},

title = {Formal verification of a partial-order reduction technique for model checking},

booktitle = {In Proc. of the Second International Workshop on Tools and Algorithms for the Construction and Analysis of Systems},

year = {1996},

pages = {241--257},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

2The bulk of the contribution of the first author to this work was done when he was on leave from UCLA and doing a summer job at Bell Laboratories.

### Citations

767 |
Design and Validation of Computer Protocols
- Holzmann
- 1991
(Show Context)
Citation Context ...tting down the amount of state search performed by model checkers [16]. We choose this example for two reasons. First, this reduction technique has been implemented in the protocol analysis tool SPIN =-=[7, 8]-=- to significantly speed up the analysis of many practical protocols; hence its correctness has important practical consequences. Second, the correctness arguments involve nontrivial mathematics about ... |

530 |
A computational logic
- Boyer, Moore
- 1979
(Show Context)
Citation Context ...onsistency, and arbitrary axioms, which may introduce inconsistencies and hence should not be used casually. (For an eloquent objection to the casual use of axioms in verification, see the preface of =-=[1]-=-.) As is the case in almost all works using HOL, we have not found it necessary to introduce one single axiom in this work: all notions needed are formalized as definitions and all properties desired ... |

414 |
Computer-Aided Verification of Coordinating Processes
- Kurshan
- 1994
(Show Context)
Citation Context ...inal numbering. The more abstract requirement fits not only DFS but also other search mechanisms, e.g., BFS. This is useful, as sometimes one prefers BFS to DFS in model checking. For example, COSPAN =-=[10]-=- uses BFS because it simplifies the search for the shortest counterexample when a program does not satisfy its specification. Gaining experience in techniques and tools. The verification attempt was a... |

366 | ML for the Working Programmer - Paulson - 1991 |

189 | Combining partial order reductions with on-the-fly model checking
- Peled
- 1996
(Show Context)
Citation Context ...rs of verification. As a case study, we use the mechanical theorem prover HOL [7] to verify a partial-order reduction technique for cutting down the amount of state search performed by model checkers =-=[20]-=-. We choose this example for two reasons. First, this reduction technique has been implemented in the protocol analysis tool SPIN [9, 10] to significantly speed up the analysis of many practical proto... |

179 |
What good is temporal logic
- Lamport
(Show Context)
Citation Context ... of Q. We have formally verified only the simplest case: fair and off-line. The verification of the other three algorithms needs additional formal theories, such as those about stuttering equivalence =-=[13]-=-, Levi Lemma for traces [14], and finite automata on infinite sequences [18]. The work required to develop those formal theories is significant, but not very different from what we have already done. ... |

144 |
Exploiting symmetry in temporal logic model checking
- CLARKE, ENDERS, et al.
- 1993
(Show Context)
Citation Context ...pport for proving various automatic verification algorithms. Some of the theories described in Section 4 can be useful in verifying other model checking reduction algorithms, e.g., symmetry reduction =-=[3, 4]-=-. The theories outlined in Section 4 are not sufficient by themselves, as other algorithms may rely on other theories, e.g., permutation groups. We hope that the combined effort of several such proofs... |

114 | An Improvement in Formal Verification
- Holzmann, Peled
- 1994
(Show Context)
Citation Context ...tting down the amount of state search performed by model checkers [16]. We choose this example for two reasons. First, this reduction technique has been implemented in the protocol analysis tool SPIN =-=[7, 8]-=- to significantly speed up the analysis of many practical protocols; hence its correctness has important practical consequences. Second, the correctness arguments involve nontrivial mathematics about ... |

74 | Automating recursive type definitions in higher order logic
- Melham
- 1989
(Show Context)
Citation Context ...ambdasx + y \Lambdasy defines a constant sos : num! num! num that computes the sum of squares of its arguments. 6sNew types of literals can be defined using Melham's recursive type definition package =-=[18]-=- (though all literal types used in this paper are in fact non-recursive). For example, Melham's package can take a "BNF" of the form: (ff; fi)ttt ::= aaa j bbb(ff) j ccc(fi) and define a new parameter... |

71 | Memory-efficient algorithms for the verification of temporal properties
- Courcoubetis, Vardi, et al.
- 1992
(Show Context)
Citation Context ...ation of partial-order reduction was found. The error was caused by the combination of the partial-order reduction algorithm in [20] and the on-thefly search algorithm used by SPIN, which is based on =-=[4]-=-. In the off-line algorithm, a reduced state space is constructed before a temporal property is checked against it. In contrast, in the on-the-fly algorithm, the product space of the state space and t... |

70 | On nested depth first search
- Holzmann, Peled, et al.
- 1996
(Show Context)
Citation Context ...nly selected for the same state in the two phases. To correct this problem, the second search must be forced to select the same ample sets as the first search; the corrected algorithm is described in =-=[11]-=-. Thus, the abstraction about well-founded ordering used in our proof does not actually apply to the SPIN implementation of partial-order reduction. Justifying this abstraction against the double dept... |

69 |
Edinburgh LCF, A Mechanized Logic
- Gordon, Milner, et al.
- 1979
(Show Context)
Citation Context ...nstructors of thm are the mechanizations of the primitive inference rules of higher-order logic. (Note that axioms can be viewed as 2 In fact, ML was invented for the very purpose of implementing LCF =-=[6]-=-, a very influential mechanical theorem prover of which HOL is a descendant. Formal Verification of a Partial-Order Reduction Technique 119 degenerate primitive inference rules.) For example, the prim... |

58 |
eds.): Introduction to HOL: a theorem proving environment for higher order logic
- Gordon, Melham
- 1993
(Show Context)
Citation Context ...hanical theorem proving can be amortized. We hope this will make mechanical theorem proving more attractive to practitioners of verification. As a case study, we use the mechanical theorem prover HOL =-=[5]-=- to verify a partial-order reduction technique for cutting down the amount of state search performed by model checkers [16]. We choose this example for two reasons. First, this reduction technique has... |

35 | Verification of a multiplier: 64 bits and beyond
- Kurshan, Lamport
- 1993
(Show Context)
Citation Context ...ts its use in very big systems. Combining the two formal verification methods is appealing, as it has the potential of exploiting the strengths of both methods. Prior research in this direction, e.g. =-=[9, 11, 17]-=-, has focused on how to decompose a verification problem into parts each of which is manageable by one of the two methods. Although some impressive case studies have been conducted, it is still not cl... |

20 |
Combining model checking and theorem proving to verify parallel processes
- Hungar
- 1993
(Show Context)
Citation Context ...ts its use in very big systems. Combining the two formal verification methods is appealing, as it has the potential of exploiting the strengths of both methods. Prior research in this direction, e.g. =-=[9, 11, 17]-=-, has focused on how to decompose a verification problem into parts each of which is manageable by one of the two methods. Although some impressive case studies have been conducted, it is still not cl... |

7 | An Improvement
- Holzmann, Peled
- 1994
(Show Context)
Citation Context ...tting down the amount of state search performed by model checkers [20]. We choose this example for two reasons. First, this reduction technique has been implemented in the protocol analysis tool SPIN =-=[9, 10]-=- to significantly speed up the analysis of many practical protocols; hence its correctness has important practical consequences. Second, the correctness arguments involve nontrivial mathematics about ... |

6 | An Integration of ModelChecking with Automated - Rajan, Shankar, et al. - 1995 |

5 |
Event Fairness and Non-Interleaving Concurrency, Formal Aspects of Computing 1
- Kwiatkowska
- 1989
(Show Context)
Citation Context ...elation between executions mentioned above is called trace equivalence, which was originally proposed for finite sequences by Mazurkiewicz [14] and later extended to infinite sequences by Kwiatkowska =-=[12]-=-. Trace equivalence is defined in five stages: T1. The 1-step relation : = ` A \Theta A : v : = w iff there exist actions a and b and finite sequences x and y such that a ? b, v = x a b y, and w = x b... |

2 |
A Formulation of the Simple Theory of Types", in
- Church
- 1940
(Show Context)
Citation Context ...ories is significant, but not very different from what we have already done. 3 Higher-Order Logic and HOL Higher-order logic, also known as the simple theory of types, was introduced by Alonzo Church =-=[2] as a foun-=-dation of mathematics. It is sufficiently expressive to allow the formalization of virtually all of "ordinary mathematics" as definitional extensions of a handful of axioms and primitive inf... |

1 | A Higher-order Theory of Lists for HOL", presented at - Curzon, Wong - 1994 |

1 |
Automata on Infinite Objects", pp.133-192 of Jan van Leeuwen (Ed
- Thomas
- 1990
(Show Context)
Citation Context ...The verification of the other three algorithms needs additional formal theories, such as those about stuttering equivalence [16], Levi Lemma for traces [17], and finite automata on infinite sequences =-=[22]-=-. The work required to develop those formal theories is significant, but not very different from what we have already done. 1Intuitively, each type in higher-order logic is a set, while the collection... |