Exploiting Symmetry in the Model Checking of Relational Specifications

Errors in a software design can be detected early on by analyzing a formal model expressed in a specification language such as Z. Since software designs tend to involve infinite (or at least very big) state spaces, it has been assumed that this analysis cannot be automated. Consequently, few formal specifications have been extensively analyzed, and the potential for early detection of errors has not been realized. This paper argues that, while proving properties of designs may be intractable, detecting errors may not be. State transitions of an operation can be enumerated exhaustively, within a ''scope'' defined by the user that places a bound on the size of state components. Symmetry can then be exploited to reduce this finite state space. A state can be shown to be symmetrical, in the context of the analysis, to a state already examined, and thus guaranteed not to reveal an error. Preliminary experiments with a prototype are promising. A small scope often seems sufficient to catch errors, and exhibits enough symmetry to reduce search by a factor of 10 or more.

[1]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[2]  Samuel H. Valentine Z--, an Executable Subset of Z , 1991, Z User Workshop.

[3]  Peter Gorm Larsen,et al.  An Executable Subset of Meta-IV with Loose Specification , 1991, VDM Europe.

[4]  James J. Horning,et al.  Formal specification as a design tool , 1980, POPL '80.

[5]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[6]  Gunther Schmidt,et al.  Relations and Graphs , 1993, EATCS Monographs on Theoretical Computer Science.

[7]  Peter Gorm Larsen,et al.  The IFAD VDM-SL toolbox: a practical approach to formal specifications , 1994, SIGP.

[8]  J. E. Nicholls,et al.  Z User Workshop, York 1991 , 1992, Workshops in Computing.

[9]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[10]  Daniel Jackson,et al.  Abstract Model Checking of Infinite Specifications , 1994, FME.

[11]  Richard A. Kemmerer,et al.  Aslantest: a symbolic execution tool for testing Aslan formal specifications , 1994, ISSTA '94.

[12]  Pamela Zave,et al.  Formal Specification of Telephone Features , 1994, Z User Workshop.

[13]  Somesh Jha,et al.  Exploiting symmetry in temporal logic model checking , 1993, Formal Methods Syst. Des..