Model checking and theorem proving: a unified framework

The never-ending growth of the complexity of modern hardware and software systems requires more and more sophisticated methods of verification. The state space explosion problem leaves little hope for automatic finite-state verification techniques like model checking to remain practical, especially when designs become parameterized. The use of theorem proving techniques is inevitable to cope with the new verification challenges. “Pure” theorem proving, on the other hand, can also be quite tedious and impractical for complex designs. Ideally, one would like to find an efficient combination of model checking and theorem proving, and the quest for such a combination has long been one of the major challenges in the field of formal verification. Many new methodologies have been proposed to make the two techniques work in ensemble. Observing such a wide variety of methodologies, one may even question the mere possibility of finding a universal technique that would combine model checking and theorem proving. Instead, it seems more practical to expand the collection of these problem-specific methodologies. The development of new methodologies is usually an iterative experimental process in which researchers implement their ideas in a prototype tool and run several verification examples in it. The experiments provide the necessary feedback for refining the methodology and generalizing it to handle wider class of examples, or give hints on how to tune the technique to specific applications. Since the methodologies often use both model checking and theorem proving techniques, implementing new tools becomes the main bottleneck in their development. In this work, we provide a new unified framework that includes both model checking and theorem proving, and is designed for fast prototyping of tools or manual but computer-assisted testing of new verification methodologies. The tool SyMP (Symbolic Model Prover) implements this framework in a theorem prover-like environment. Moreover, the tool is in fact a programmer’s kit for generating new, possibly highly specialized, theorem provers. It provides a base for the development of new tools for emerging methodologies and reduces the implementation time. The architecture of the tool and the theory behind it help organizing the new methodologies in a systematic and extensible way.

[1]  G. Winskel,et al.  A Compositional Proof System for the Modal mu-Calculus , 1994 .

[2]  Pierre Wolper,et al.  On the Construction of Automata from Linear Arithmetic Constraints , 2000, TACAS.

[3]  Hubert Comon-Lundh,et al.  Diophantine Equations, Presburger Arithmetic and Finite Automata , 1996, CAAP.

[4]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[5]  Tatu Ylonen,et al.  SSH Transport Layer Protocol , 1996 .

[6]  M. Oliver Moller,et al.  Solving Bit-Vector Equations - A Decision Procedure for Hardware Verification , 1998 .

[7]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.

[8]  David L. Dill,et al.  Validity Checking for Combinations of Theories with Equality , 1996, FMCAD.

[9]  Igor Walukiewicz,et al.  Completeness of Kozen's axiomatisation of the propositional /spl mu/-calculus , 1995, Proceedings of Tenth Annual IEEE Symposium on Logic in Computer Science.

[10]  Tzonelih Hwang,et al.  On the Security of SPLICE/AS - The Authentication System in WIDE Internet , 1995, Inf. Process. Lett..

[11]  Ganesh Gopalakrishnan,et al.  Decomposing the Proof of Correctness of pipelined Microprocessors , 1998, CAV.

[12]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[13]  Dawn Xiaodong Song,et al.  Athena: A Novel Approach to Efficient Automatic Security Protocol Analysis , 2001, J. Comput. Secur..

[14]  Joshua D. Guttman,et al.  Honest ideals on strand spaces , 1998, Proceedings. 11th IEEE Computer Security Foundations Workshop (Cat. No.98TB100238).

[15]  Bernd Finkbeiner,et al.  Verifying Temporal Properties of Reactive Systems: A STeP Tutorial , 2000, Formal Methods Syst. Des..

[16]  Edmund M. Clarke,et al.  Model checking, abstraction, and compositional verification , 1993 .

[17]  Carl-Johan H. Seger,et al.  Combining theorem proving and trajectory evaluation in an industrial environment , 1998, Proceedings 1998 Design and Automation Conference. 35th DAC. (Cat. No.98CH36175).

[18]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[19]  Igor Walukiewicz,et al.  Completeness of Kozen's Axiomatisation of the Propositional µ-Calculus , 2000, Inf. Comput..

[20]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[21]  A. Tarski A LATTICE-THEORETICAL FIXPOINT THEOREM AND ITS APPLICATIONS , 1955 .

[22]  Hassen Saïdi,et al.  Verifying Invariants Using theorem Proving , 1996, CAV.

[23]  Thomas A. Henzinger,et al.  Reactive Modules , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[24]  Yassine Lakhnech,et al.  InVeST: A Tool for the Verification of Invariants , 1998, CAV.

[25]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[26]  Frank Pfenning,et al.  System Description: Twelf - A Meta-Logical Framework for Deductive Systems , 1999, CADE.

[27]  Martín Abadi,et al.  Composing Specifications , 1989, REX Workshop.

[28]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[29]  Edmund M. Clarke,et al.  Analytica - A Theorem Prover in Mathematica , 1992, CADE.

[30]  Somesh Jha,et al.  Symmetry and Induction in Model Checking , 1995, Computer Science Today.

[31]  David L. Dill,et al.  Automatic verification of Pipelined Microprocessor Control , 1994, CAV.

[32]  L. McMillanmcmillan Circular Compositional Reasoning about Liveness , 1999 .

[33]  Kenneth L. McMillan,et al.  Circular Compositional Reasoning about Liveness , 1999, CHARME.

[34]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[35]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[36]  David Park,et al.  Concurrency and Automata on Infinite Sequences , 1981, Theoretical Computer Science.

[37]  G. Stålmarck,et al.  Modeling and Verifying Systems and Software in Propositional Logic , 1990 .

[38]  David A. Greve Symbolic Simulation of the JEM1 Microprocessor , 1998, FMCAD.

[39]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[40]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[41]  Kenneth L. McMillan,et al.  Verification of an Implementation of Tomasulo's Algorithm by Compositional Model Checking , 1998, CAV.

[42]  Joao Marques-Silva,et al.  GRASP-A new search algorithm for satisfiability , 1996, Proceedings of International Conference on Computer Aided Design.

[43]  Joshua D. Guttman,et al.  Strand Spaces: Proving Security Protocols Correct , 1999, J. Comput. Secur..

[44]  Sérgio Vale Aguiar Campos,et al.  Compositional Reasoning in Model Checking , 1997, COMPOS.

[45]  Frank Pfenning,et al.  Logical Frameworks , 2001, Handbook of Automated Reasoning.

[46]  Joshua D. Guttman,et al.  Strand spaces: why is a security protocol correct? , 1998, Proceedings. 1998 IEEE Symposium on Security and Privacy (Cat. No.98CB36186).

[47]  Christoph Berg,et al.  Formal Verification of the VAMP Floating Point Unit , 2001, Formal Methods Syst. Des..

[48]  Robin Milner,et al.  Algebraic laws for nondeterminism and concurrency , 1985, JACM.

[49]  William Pugh,et al.  The Omega test: A fast and practical integer programming algorithm for dependence analysis , 1991, Proceedings of the 1991 ACM/IEEE Conference on Supercomputing (Supercomputing '91).

[50]  Derek C. Oppen,et al.  A 2^2^2^pn Upper Bound on the Complexity of Presburger Arithmetic , 1978, J. Comput. Syst. Sci..