Inductively Verifying Invariant Properties of Parameterized Systems

Verification of distributed algorithms can be naturally cast as verifying parameterized systems, the parameter being the number of processes. In general, a parameterized concurrent system represents an infinite family (of finite state systems) parameterized by a recursively defined type such as chains, trees. It is therefore natural to verify parameterized systems by inducting over this type. However, construction of such proofs require combination of model checking with deductive capability. In this paper, we develop a logic program transformation based proof methodology which achieves this combination. One of our transformations (unfolding) represents a single resolution step. Thus model checking can be achieved by repeated application of unfolding. Other transformations (such as folding) represent deductive reasoning and help recognize the induction hypothesis in an inductive proof. Moreover the unfolding and folding transformations can be arbitrarily interleaved in a proof, resulting in a tight integration of decision procedures (such as model checking) with deductive verification. Based on this technique, we have designed and implemented an invariant prover for parameterized systems. Our proof technique is geared to automate nested induction proofs which do not involve strengthening of induction hypothesis. The prover has been used to automatically verify invariant properties of parameterized cache coherence protocols, including broadcast protocols and protocols with global conditions. Furthermore, we have employed the prover for automatic verification of mutual exclusion in the Java Meta-Locking Algorithm. Meta-Locking is a distributed algorithm developed recently by designers in Sun Microsystems for ensuring secure access of Java objects by an arbitrary number of Java threads.

[1]  Giorgio Delzanno Automatic Verification of Parameterized Cache Coherence Protocols , 2000, CAV.

[2]  Mandayam K. Srivas,et al.  Automatic Inductive Theorem Proving Using Prolog , 1987, Theor. Comput. Sci..

[3]  C. R. Ramakrishnan,et al.  Efficient Model Checking Using Tabled Resolution , 1997, CAV.

[4]  Alberto Pettorossi,et al.  Reducing nondeterminism while specializing logic programs , 1997, POPL '97.

[5]  Natarajan Shankar,et al.  An Integration of Model Checking with Automated Proof Checking , 1995, CAV.

[6]  Frank van Harmelen,et al.  The Oyster-Clam System , 1990, CADE.

[7]  C. R. Ramakrishnan,et al.  Verification of Parameterized Systems Using Logic Program Transformations , 2000, TACAS.

[8]  Nicolas Halbwachs,et al.  Automatic verification of parameterized linear networks of processes , 1997, POPL '97.

[9]  Subrata Kumar Das,et al.  Deductive Databases and Logic Programming , 1992 .

[10]  Hassen Saïdi,et al.  Verifying Invariants Using theorem Proving , 1996, CAV.

[11]  Natarajan Shankar,et al.  PVS: Combining Specification, Proof Checking, and Model Checking , 1996, FMCAD.

[12]  David L. Dill,et al.  The Murphi Verification System , 1996, CAV.

[13]  C. R. Ramakrishnan,et al.  A Parameterized Unfold/Fold Transformation Framework for Definite Logic Programs , 1999, PPDP.

[14]  James K. Archibald,et al.  Cache coherence protocols: evaluation using a multiprocessor simulation model , 1986, TOCS.

[15]  Annalisa Bossi,et al.  A method for specializing logic programs , 1990, TOPL.

[16]  Danny De Schreye,et al.  A Conceptual Embedding of Folding into Partial Deduction: Towards a Maximal Integration , 1996, JICSLP.

[17]  Robert S. Boyer,et al.  A Theorem Prover for a Computational Logic , 1990, CADE.

[18]  Samik Basu,et al.  Model checking the Java meta-locking algorithm , 2000, Proceedings Seventh IEEE International Conference and Workshop on the Engineering of Computer-Based Systems (ECBS 2000).

[19]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[20]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[21]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[22]  Zohar Manna,et al.  Automatic Generation of Invariants and Intermediate Assertions , 1997, Theor. Comput. Sci..

[23]  Deepak Kapur,et al.  Mechanical Verification of Adder Circuits using Rewrite Rule Laboratory , 1998, Formal Methods Syst. Des..

[24]  Robert S. Boyer,et al.  Proving Theorems about LISP Functions , 1973, JACM.

[25]  Y. S. Ramakrishna,et al.  An efficient meta-lock for implementing ubiquitous synchronization , 1999, OOPSLA '99.

[26]  Amir Pnueli,et al.  Checking that finite state concurrent programs satisfy their linear specification , 1985, POPL.

[27]  Luis Urbina,et al.  Analysis of Hybrid Systems in CLP(R) , 1996, CP.

[28]  Alan Bundy,et al.  The Use of Explicit Plans to Guide Inductive Proofs , 1988, CADE.

[29]  Marcus Nilsson,et al.  Transitive Closures of Regular Relations for Verifying Infinite-State Systems , 2000, TACAS.

[30]  I. V. Ramakrishnan,et al.  Automated Inductive Verification of Parameterized Protocols , 2001, CAV.

[31]  Giorgio Delzanno,et al.  Model Checking in CLP , 1999, TACAS.

[32]  Amir Pnueli,et al.  Symbolic Model Checking with Rich ssertional Languages , 1997, CAV.

[33]  J. Lloyd Foundations of Logic Programming , 1984, Symbolic Computation.

[34]  John C. Shepherdson,et al.  Unfold/fold transformations of logic programs , 1992, Mathematical Structures in Computer Science.

[35]  David L. Dill,et al.  Verifying Systems with Replicated Components in Murϕ , 1999, Formal Methods Syst. Des..

[36]  Luis Urbina,et al.  A Framework for Symbolic Simulation of Hybrid Systems in Constraint Logic Programming , 1995, WLP.

[37]  Natarajan Shankar,et al.  PVS: A Prototype Verification System , 1992, CADE.

[38]  Taisuke Sato,et al.  Equivalence-Preserving First-Order Unfold/Fold Transformation Systems , 1990, Theor. Comput. Sci..

[39]  Pierre Wolper,et al.  Verifying Properties of Large Sets of Processes with Network Invariants , 1990, Automatic Verification Methods for Finite State Systems.

[40]  A. Prasad Sistla,et al.  Reasoning about systems with many processes , 1992, JACM.

[41]  I. V. Ramakrishnan,et al.  Program transformations for verifying parameterized systems , 2000 .

[42]  Kedar S. Namjoshi,et al.  Automatic Verification of Parameterized Synchronous Systems (Extended Abstract) , 1996, CAV.

[43]  Kedar S. Namjoshi,et al.  On model checking for non-deterministic infinite-state systems , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[44]  Patrick Cousot,et al.  Comparing the Galois Connection and Widening/Narrowing Approaches to Abstract Interpretation , 1992, PLILP.

[45]  Ulf Nilsson,et al.  Constraint Logic Programming for Local and Symbolic Model-Checking , 2000, Computational Logic.

[46]  Kedar S. Namjoshi,et al.  Reasoning about rings , 1995, POPL '95.

[47]  C. R. Ramakrishnan,et al.  Beyond Tamaki-Sato Style Unfold/Fold Transformations for Normal Logic Programs , 2002, Int. J. Found. Comput. Sci..

[48]  Rajeev Alur,et al.  Computer aided verification : 8th International Conference, CAV '96, New Brunswick, NJ, USA, July 31-August 3, 1996 : proceedings , 1996, CAV 1996.

[49]  Robert P. Kurshan,et al.  A structural induction theorem for processes , 1989, PODC.

[50]  Jørgen Staunstrup Specification and Verification of Concurrent Programs , 1979 .

[51]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[52]  Edmund M. Clarke,et al.  Reasoning about Networks with Many Identical Finite State Processes , 1989, Inf. Comput..

[53]  Somesh Jha,et al.  Verifying parameterized networks , 1997, TOPL.

[54]  Hiroshi Fujita,et al.  Formulation of Induction Formulas in Verification of Prolog Programs , 1986, CADE.

[55]  Christine Paulin-Mohring,et al.  The coq proof assistant reference manual , 2000 .

[56]  Alain Finkel,et al.  On the verification of broadcast protocols , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[57]  Amir Pnueli,et al.  Automatic Deductive Verification with Invisible Invariants , 2001, TACAS.

[58]  Deepak Kapur,et al.  An Overview of Rewrite Rule Laboratory (RRL) , 1989, RTA.

[59]  Amir Pnueli,et al.  Symbolic model checking with rich assertional languages , 2001, Theor. Comput. Sci..

[60]  Michel Dubois,et al.  A New Approach for the Verification of Cache Coherence Protocols , 1995, IEEE Trans. Parallel Distributed Syst..

[61]  Alberto Pettorossi,et al.  Synthesis and Transformation of Logic Programs Using Unfold/Fold Proofs , 1999, J. Log. Program..

[62]  E. Allen Emerson,et al.  Temporal and Modal Logic , 1991, Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics.