Liveness with Invisible Ranking [chapter]

Yi Fang, Nir Piterman, Amir Pnueli, Lenore Zuck
2004 Lecture Notes in Computer Science  
The method of Invisible Invariants was developed originally in order to verify safety properties of parameterized systems fully automatically. Roughly speaking, the method is based on a small model property that implies it is sufficient to prove some properties on small instantiations of the system, and on a heuristic that generates candidate invariants. Liveness properties usually require well founded ranking, and do not fall within the scope of the small model theorem. In this paper we
more » ... novel proof rules for liveness properties, all of whose proof obligations are of the correct form to be handled by the small model theorem. We then develop abstractions and generalization techniques that allow for fully automatic verification of liveness properties of parameterized systems. We demonstrate the application of the method on several examples. 1. Identify some auxiliary constructs which appear in the premises of the rule. 2. Establish the logical validity of the premises, using the auxiliary constructs identified in step 1. When performing manual deductive verification, the first task is usually the more difficult, requiring ingenuity, expertise, and a good understanding of the behavior of the program and the techniques for formalizing these insights. The second task is often performed using theorem provers such as PVS [21] or STeP [4] . The difficulty in the execution of these two steps is the main reason why deductive verification is not used more extensively. A representative case is the verification of invariance properties using the invariance rule of [17] . In order to prove that assertion @ is an invariant of program , the rule requires coming up with an auxiliary assertion A which is inductive (i.e. is implied by the B
doi:10.1007/978-3-540-24622-0_19 fatcat:4mdxlyk63jbivl6pclhweysk2m