Formal Verification of a Partial-Order Reduction Technique for Model Checking

Mechanical theorem proving and model checking are the two main methods of formal verification, each with its own strengths and weaknesses. While mechanical theorem proving is more general, it requires intensive human guidance. Model checking is automatic, but is applicable to a more restricted class of problems. It is appealing to combine these two methods in order to take advantage of their different strengths. Prior research in this direction has focused on how to decompose a verification problem into parts each of which is manageable by one of the two methods. In this paper we explore another possibility: we use mechanical theorem proving to formally verify a meta-theory of model checking. As a case study, we use the mechanical theorem prover HOL to verify the correctness of a partial-order reduction technique for cutting down the amount of state search performed by model checkers. We choose this example for two reasons. First, this reduction technique has been implemented in the protocol analysis tool SPIN to significantly speed up the analysis of many practical protocols; hence its correctness has important practical consequences. Second, the correctness arguments involve nontrivial mathematics, the formalization of which we hope will become the basis of a formal meta-theory of other model-checking algorithms and techniques. Interestingly, our formalization led to a nontrivial generalization of the original informal theory. We discuss the lessons, both encouraging and discouraging, learned from this exercise. In the appendix we highlight the important definitions and theorems from each of our HOL theories. The complete listing of our HOL proof is given in a separate document because of space limitations.

[1]  Doron A. Peled Combining Partial Order Reductions with On-the-fly Model-Checking , 1994, CAV.

[2]  Wolfgang Thomas,et al.  Automata on Infinite Objects , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.

[3]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[4]  Alonzo Church,et al.  A formulation of the simple theory of types , 1940, Journal of Symbolic Logic.

[5]  Natarajan Shankar,et al.  An Integration of Model Checking with Automated Proof Checking , 1995, CAV.

[6]  Thomas F. Melham,et al.  Automating Recursive Type Deenitions in Higher Order Logic 1 , 1988 .

[7]  Mihalis Yannakakis,et al.  On nested depth first search , 1996, The Spin Verification System.

[8]  Robin Milner,et al.  Edinburgh lcf: a mechanized logic of computation , 1978 .

[9]  Robert S. Boyer,et al.  Computational Logic , 1990, ESPRIT Basic Research Series.

[10]  Hardi Hungar Combining Model Checking and Theorem Proving to Verify Parallel Processes , 1993, CAV.

[11]  Gerard J. Holzmann,et al.  An improvement in formal verification , 1994, FORTE.

[12]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[13]  Leslie Lamport,et al.  What Good is Temporal Logic? , 1983, IFIP Congress.

[14]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[15]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[16]  Somesh Jha,et al.  Exploiting symmetry in temporal logic model checking , 1993, Formal Methods Syst. Des..

[17]  Pierre Wolper,et al.  Memory-efficient algorithms for the verification of temporal properties , 1990, Formal Methods Syst. Des..

[18]  T. Melham Automating recursive type definitions in higher order logic , 1989 .

[19]  Marta Z. Kwiatkowska,et al.  Event fairness and non-interleaving concurrency , 1989, Formal Aspects of Computing.

[20]  M. Gordon,et al.  Introduction to HOL: a theorem proving environment for higher order logic , 1993 .

[21]  Leslie Lamport,et al.  Verification of a Multiplier: 64 Bits and Beyond , 1993, CAV.

[22]  Antoni W. Mazurkiewicz,et al.  Trace Theory , 1986, Advances in Petri Nets.

[23]  Michael J. C. Gordon,et al.  Edinburgh LCF: A mechanised logic of computation , 1979 .

[24]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..