Checking for Language Inclusion Using Simulation Preorders

Systems involving interaction among state machines, such as protocols, concurrent algorithms, and certain kinds of haxdwarc, often contain subtle design errors that defy detection by conventional means, such as inspection, simulation, and testing a prototype. As a result, formal verification methods for such systems axe of increasing interest. We are interested in a.utoma.tic verification using finite-state models of systems, with the underlying assumption that system behavior can be represented as a set of sequences representing all the possible histories (or traces) of the system (we assume linear-time). In this model, verification consists of testing for languagc inclusion: the implementation describes a set of as traces and the specification gives the set of allowed traces; the implementation meets the specification if every actual trace is allowed. In this paper, we consider only the case where both the implementation and the specification are represented by finite-state automata. The automata used here can describe both safety properties (which intuitively say that nothing bad happens), and liveness properties (which intuitively assert that something good eventually happens). More specifically, we deal with safety automata and Bi'tchi automata. As specifications beconm more complicated, it becomes less natural to express them with deterministic automata. This occurs because a complicated specification is more likely to have invisible internal state that is not a function of the externally visible state. Although such specifications ca~x be expressed using deterministic automata, this places an unnecessary burden on the user. Determinization algorithnls may cause exponential blowups ~'nd a~'e also difficult to program. Deciding language inclusion for non-deterministic automata is PSPACE-complete. Therefore it is highly unlikely that a polynomial technique can be used to decide language inclusion. However, deciding language inclusion tbr deterministic automata is known to be polynomial. Our main goal is to provide polynomial methods that work not only for deterministic automata, but also work for non-deterministic automata in cases of practical interest. The simulation preorder is one of many preorders and equivalences considered by people studying bra~lching-time models of concurrency. Simulation preorder is decidable in polynomial time (proportional to the product of the sizes of the two automata) even when the specification automaton is nondeterministic. However, the simulation preorder is a stronger relation between automata than language inclusion. So from our perspective (linear time), the simulation preorder should be regarded as an al)proximation (sufficient condition) for language inclusion that is much easier to check.

[1]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[2]  A. Udaya Shankar,et al.  Protocol Verification via Projections , 1984, IEEE Transactions on Software Engineering.

[3]  Rance Cleaveland,et al.  The Concurrency Workbench , 1990, Automatic Verification Methods for Finite State Systems.

[4]  Abraham Ginzburg,et al.  Chapter 5 – Coverings of Automata , 1968 .

[5]  Robert P. Kurshan,et al.  Analysis of Discrete Event Coordination , 1989, REX Workshop.

[6]  Robin Milner,et al.  An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[7]  David Park,et al.  Concurrency and Automata on Infinite Sequences , 1981, Theoretical Computer Science.

[8]  Nancy A. Lynch,et al.  Using mappings to prove timing properties , 1990, PODC '90.

[9]  N. Klarlund Progress Measures and Finite Arguments for Infinite Computations , 1990 .

[10]  Fred B. Schneider,et al.  Verifying Safety Properties Using Non-deterministic Infinite-state Automata , 1989 .

[11]  Nancy A. Lynch,et al.  Hierarchical correctness proofs for distributed algorithms , 1987, PODC '87.

[12]  Randal E. Bryant,et al.  Efficient implementation of a BDD package , 1991, DAC '90.

[13]  Azer Bestavros The Input Output Timed Automaton - A model for real-time parallel computation , 1990 .

[14]  Edmund M. Clarke,et al.  Sequential circuit verification using symbolic model checking , 1991, DAC '90.

[15]  Abraham Ginzburg,et al.  Algebraic theory of automata , 1968 .

[16]  David L. Dill,et al.  Formal verification of cache systems using refinement relations , 1990, Proceedings., 1990 IEEE International Conference on Computer Design: VLSI in Computers and Processors.

[17]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..