An experience in proving regular networks of processes by modular model checking

This paper presents a complete example of the use of the synchronous declarative language LUSTRE for the specification, description and verification of a resource arbiter, which is a regular network of hardware devices. The fact that both programs and properties may be expressed in LUSTRE is used to perform an inductive verification. An invariant property of the network is found, and merged with the description program. Verification is performed by model checking.

[1]  Gerard J. Holzmann,et al.  Automated Protocol Validation in Argos: Assertion Proving and Scatter Searching , 1987, IEEE Transactions on Software Engineering.

[2]  Amir Pnueli,et al.  The Glory of the Past , 1985, Logic of Programs.

[3]  Edmund M. Clarke,et al.  Reasoning about networks with many identical finite-state processes , 1986, PODC '86.

[4]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[5]  Nicolas Halbwachs,et al.  Programming and verifying critical systems by means of the synchronous data-flow language LUSTRE , 1991 .

[6]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[7]  Nicolas Halbwachs,et al.  LUSTRE: A declarative language for programming synchronous systems* , 1987 .

[8]  Ichiro Suzuki,et al.  Proving Properties of a Ring of Finite-State Machines , 1988, Inf. Process. Lett..

[9]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[10]  Joseph Sifakis,et al.  Verification in XESAR of the Sliding Window Protocol , 1987, PSTV.

[11]  Edmund M. Clarke,et al.  Reasoning about Networks with Many Identical Finite State Processes , 1989, Inf. Comput..

[12]  Zohar Manna,et al.  The anchored version of the temporal framework , 1988, REX Workshop.

[13]  Robert P. Kurshan,et al.  A structural induction theorem for processes , 1989, PODC.

[14]  C. Rattray,et al.  Specification and Verification of Concurrent Systems , 1990, Workshops in Computing.

[15]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[16]  Grzegorz Rozenberg,et al.  Linear Time, Branching Time and Partial Order in Logics and Models for Concurrency , 1988, Lecture Notes in Computer Science.

[17]  Bernhard Steffen,et al.  Compositional Minimization of Finite State Systems , 1990, CAV.

[18]  A. Prasad Sistla,et al.  Reasoning with Many Processes , 1987, LICS.

[19]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[20]  Nicolas Halbwachs,et al.  LUSTRE: a declarative language for real-time programming , 1987, POPL '87.

[21]  Pierre Wolper,et al.  Verifying Properties of Large Sets of Processes with Network Invariants , 1990, Automatic Verification Methods for Finite State Systems.

[22]  Patrice Godefroid,et al.  Verification of safety properties , 1996 .

[23]  Olivier Coudert,et al.  Verification of Synchronous Sequential Machines Based on Symbolic Execution , 1989, Automatic Verification Methods for Finite State Systems.

[24]  Laurent Mounier,et al.  "On the Fly" Verification of Behavioural Equivalences and Preorders , 1991, CAV.

[25]  Olivier Coudert,et al.  Verifying Temporal Properties of Sequential Machines without Building Their State Diagrams , 1990, CAV.

[26]  Pascal Raymond,et al.  The synchronous data flow programming language LUSTRE , 1991, Proc. IEEE.