Induction in Compositional Model Checking.

It differs from previous techniques that combine induction and model checking in that the proof is fully mechanically checked and temporal variables (process identifiers, for example) may be natural numbers ... This paper describes a technique of inductive proof based on model checking. ... Here, we extend induction via model checking beyond finite state invariants, to problems that have not generally been considered amenable to solution by model checking. ...

doi:10.1007/10722167_25 fatcat:dz4pmenq65bx5n6qftlsuptifm

We present a compositional reasoning method using model checking and theorem proving to verify liveness properties of a communication protocol for chains of connections consisting of an unknown number ... We outline how our method is used to verify properties of the call protocol of AT&T's Distributed Feature Composition (DFC) architecture. ... These individual properties are verified by model checking each component, and the properties are combined using induction in a theorem prover. ...

doi:10.1145/1101908.1101974 dblp:conf/kbse/DominguezD05 fatcat:2mtlwrk2xvepbnxdrzlflem7vi

Both checkers have several model checking engines, based on various techniques, which run concurrently and in cooperation, with the goal of proving or disproving properties and contracts. ... Through the use of observers [12] , any (LTL) regular safety property can be expressed in Lustre as an invariant property, hence KIND 2 focuses on checking just invariant properties. ... induction-based model checking engines: kinduction [16] , IC3 [3] and various auxiliary invariant generation methods. ...

doi:10.1007/978-3-319-41540-6_29 fatcat:l44en7ot6fhcbme2kmzbhrmjq4

The secure information flow problem, which checks whether low-security outputs of a program are influenced by high-security inputs, has many applications in verifying security properties in programs. ... In this paper we present lazy self-composition, an approach for verifying secure information flow. ... We presented two instances of lazy self-composition: the first uses taint analysis and self-composition in a CEGAR loop; the second uses bounded model checking to dynamically query taint checks and self-composition ...

doi:10.1007/978-3-319-96142-2_11 fatcat:xa7ooq25mbafdee7cldktzw7a4

even harder n Safety and security properties harder and harder n Major problem of model checking in general: scalability Eventually either counterexample is found or ↓ ≡ ↓ +1 proving Definition ... at most times for increasing value of t Reduced to invariant checking t Very efficient for finite-state systems t Integrated with IC3 for an incremental check of different n Implemented in nuXmv t ...

doi:10.5281/zenodo.47985 dblp:conf/hipeac/RuessT15 fatcat:ovbvzpwbarh5dmeckjxa3ru2e4

Open Access

The technique combines the use of the process algebra CSP to model systems and their specifications, and the FDR tool to help reason about them. ... We give examples of the techniques implementation on a simple distributed system and a communications protocol involving the multiplexing of channels. 1. 0 The work in this paper was supported by DERA ... ACKNOWLEDGEMENTS We would like thank Ranko Lazic for his work on data independence, and Gavin Lowe whose independent and different work (as yet unpublished) on the integration of data independence and induction ...

doi:10.1007/978-0-387-35578-8_25 fatcat:upgoojcbgrbvrphzeqdascwblm

We analyse various further results concerning end-extensions of models of compositional truth and the collection scheme for the compositional truth predicate. ... contrast to the case of induction scheme. ... c, so we can check by induction that all formulae in d are true. ...

arXiv:2006.11124v1 fatcat:eyo7uk5irrh4lbp7cxkqzi37za

We consider the problem of model checking specifications involving co-inductive definitions such as are available for bisimulation. ... In the case of co-inductive proof search, tables allow a limited form of loop checking, which is often necessary for, say, checking bisimulation of non-terminating processes. ... Model checking as proof search In this paper, we address the problem of integrating (co-)inductively proved theorems with model checking and we will use bisimulation as a specific and important example ...

doi:10.1007/978-3-319-03545-1_13 fatcat:2py5ovqc3zb2tksrojeodg77t4

In particular, I discuss the use of higher-order functions in model checking, infinitestate bounded model checking, compositional specification and verification, and finally, mechanical theorem prover ... SAL contains novel and powerful features, many of which are not available in other model checkers. ... For shorthand, I refer to infinitestate bounded model checking via k-induction as inf-bmc in the remainder of this paper. ...

doi:10.1145/1345169.1345172 fatcat:oqszu4vnnrgeniulyw4o36uula

In this approach, the problem of checking k-safety over the original program is reduced to checking an "ordinary" safety property over a program that executes k copies of the original program in some order ... the inductive invariant needed to verify safety of the composed program, where both are restricted to a given language. ... Our work infers the composition explicitly and can use off-the-shelf model checking tools. ...

doi:10.1007/978-3-030-25540-4_9 fatcat:o2hcmxclgjdufnhgxtylnuhsde

Com- positionality makes it possible to reduce the verification task to subtasks manageable by symbolic model checking. ... 475 lows compositional reasoning about safety and liveness properties expressed in terms of symbolic timing diagrams. ...

Acknowledgements We thank the anonymous reviewers for their helpful comments that have resulted in significant improvements of the paper. ... To cope with this problem we combine an induction-based technique for invariant generation and conventional model checking of finite state systems. ... In order to verify parameterized RSVP model according to the technique described in Section 4 we break the checking procedure into two stages. ...

doi:10.1016/j.jsc.2008.11.006 fatcat:z2erlk7mpjcfdovfv3kbgazzpq

Szczepanski

Additionally, we demonstrate efficient methods for model checking in the logic and for checking the preorder in several special cases. ... Satisfaction of a formula in the logic corresponds to being below a particular structure (a tableau for the formula) in the preorder. ... Compositional IEEE Computer Society Pressj Los Alamitos, Calif. ACM, New York. STIRLING, C., AND WALKER, D. J. 1989. Local model checking in the modal mu-calculus. ...

doi:10.1145/177492.177725 fatcat:jip5fgegondkhpvwglpr2mlfw4

An implementation is proved live for arbitrary resources using compositional model checking. ... This paper presents a method of circular compositional reasoning that applies to liveness properties as well. It is based on a new circular compositional rule implemented in the SMV proof assistant. ... However, we can use an appropriate circular compositional rule, combined with model checking, to prove such mutually dependent liveness properties by induction over time. ...

doi:10.1007/3-540-48153-2_30 fatcat:b4t4le5bfbhttdj53iw3myg3li

They are a simple model for in nite state concurrent systems. We show that the model checking problem for the branching time temporal logic EF is decidable for PA-processes. ... A :, t j = :a 1^: : :^:a n The decidability proof of the model checking problem is done by induction on the nesting depth d of modal operators in the formula. ... Introduction The Process Algebra PA is a simple model of in nite state concurrent systems. It has operators for nondeterministic choice, parallel composition, sequential composition and recursion. ...

doi:10.1007/3-540-63141-0_23 fatcat:ofyscwf65rarheajfj7ijkbkme

Induction in Compositional Model Checking [chapter]

Preserved Fulltext

Compositional reasoning for port-based distributed systems

Preserved Fulltext

The Kind 2 Model Checker [chapter]

Preserved Fulltext

Lazy Self-composition for Security Verification [chapter]

Preserved Fulltext

Distributed Mils (D-Mils) Specification, Analysis, Deployment, And Assurance Of Distributed Critical Systems

Preserved Fulltext

Verifying an infinite family of inductions simultaneously using data independence and FDR [chapter]

Preserved Fulltext

Local collection scheme and end-extensions of models of compositional truth [article]

Preserved Fulltext

Extracting Proofs from Tabled Proof Search [chapter]

Preserved Fulltext

Model checking for the practical verificationist

Preserved Fulltext

Property Directed Self Composition [chapter]

Preserved Fulltext

Page 475 of Mathematical Reviews Vol. , Issue 96a [page]

Preserved Fulltext

An invariant-based approach to the verification of asynchronous parameterized networks

Preserved Fulltext

Model checking and modular verification

Preserved Fulltext

Circular Compositional Reasoning about Liveness [chapter]

Preserved Fulltext

Model checking PA-processes [chapter]

Preserved Fulltext