Symmetry in temporal logic model checking

Temporal logic model checking involves checking the state-space of a model of a system to determine whether errors can occur in the system. Often this involves checking symmetrically equivalent areas of the state-space. The use of symmetry reduction to increase the efficiency of model checking has inspired a wealth of activity in the area of model checking research. We provide a survey of the associated literature

Replication and Abstraction: Symmetry in Automated Formal Verification.

This article surveys fundamental and applied aspects of symmetry in system models, and of symmetry reduction methods used to counter state explosion in model checking, an automated formal verification technique. While covering the research field broadly, we particularly emphasize recent progress in applying the technique to realistic systems, including tools that promise to elevate the scope of symmetry reduction to large-scale program verification. The article targets researchers and engineers interested in formal verification of concurrent systems

Translation between S/R and Promela

S/R and Promela are two concurrent programming languages used in finite state automated verification of communication protocols. The semantics of S/R supports synchronous parallel composition, while semantics of Promela supports an interleaving parallel composition of processes. Because of the differences in the execution model, the verification tools available for the models written in these languages are optimized differently. SPIN, a verification tool for models written in Promela, uses partial order reduction reductions based upon commutativity of interleaving to combat the state explosion problem due to the amount of concurrency in concurrent models. COSPAN, a tool used largely for hardware verification for models written in S/R, offers implicit enumeration and automatic reduction of the specification with respect to the properties to be verified. Because of such differences in the techniques used for combating the practical problems faced in verification of protocols, it may be d..

Partial Order Reduction without the Proviso

In this paper, we present a new partial order reduction algorithm that can help reduce both space and time requirements of on-the-fly explicit enumeration based verifiers. The partial order reduction algorithms described in [God95, HP94, Pel94, Pel96] were observed to yield very little savings in many practical examples. The reason was traced to the proviso in these algorithms that often caused their search to generate many unnecessary states. Our algorithm, called the two-phase algorithm, avoids the proviso, and follows an execution strategy consistingof alternating phases of partial order reduction of deterministic states and depth-first search. In this paper, we describe the two-phase algorithm, prove its correctness, describe a new verification tool employing it, and provide a number of significant examples, including directory based protocols of a multiprocessor, that demonstrate the superior performance of the two-phase algorithm

Deriving Efficient Cache Coherence Protocols through Refinement

. We address the problem of developing efficient cache coherence protocols implementing distributed shared memory (DSM) using message passing. A serious drawback of traditional approaches to this problem is that designers are required to state the desired coherence protocol at the level of asynchronous message interactions. We propose a method in which designers express the desired protocol at a high-level using rendezvous communication. These descriptions are much easier to understand and computationally more efficient to verify than asynchronous protocols due to their small state spaces. The rendezvous protocol can also be synthesized into efficient asynchronous protocols. We present our protocol refinement procedure, prove its soundness, and provide examples of its efficiency. 1 Introduction With the growing complexity of concurrent systems, automated procedures for developing protocols are growing in importance. In this paper, we are interested in protocol refinement procedures,..

PV: A Model-Checker for Verifying LTL-X Properties

We present a verification tool PV (Protocol Verifier) that checks stutter-free LTL (LTL-X) properties using a new partial order reduction algorithm called Two phase. Two phase significantly reduces space and time requirements on many practically important protocols on which the partial order reduction algorithms implemented in previous tools [God95, HP94, Pel96] yield very little savings. In some cases, such as one version of the invalidate directory protocol of the Utah Avalanche multiprocessor, current tools did not finish their search while Two phase finished and discovered a bug that was missed by the unfinished runs of existing tools. Two phase's performance is largely due to the fact that it does not employ a run-time proviso such as used in other tools. In [NG97], we motivated the problems caused by the proviso, presented Two phase, and proved that it preserves stutter-free safety properties. In this paper, we provide a proof that the Two phase algorithm also preserves all stut..

Explicit-enumeration based Verification made Memory-efficient

We investigate new techniques for reducing the memory requirements of an on-the-fly model checking tool that employs explicit enumeration. Two techniques are studied in depth: exploiting symmetries in the model, and exploiting sequential regions in the model. These techniques can result in a significant reduction in memory requirements, and often find progress violations at much lower stack depths. Both techniques have been implemented as part of the SPIN verifier, a widely used on-the-fly model-checking tool. I. Introduction With the growing complexity of hardware and software systems, there is growing awareness that they must be formally verified. Model-checking [3] is a popular approach for verification, especially for reactive systems. Modelchecking can be done in many ways, two popular methods being implicit enumeration and explicit enumeration. Explicit enumeration proceeds by building the state graph of the model and checking the desired properties on the state graph. Explicit e..

Deriving efficient cache coherence protocols through refinement

Abstract. We address the problem of developing efficient cache coherence protocols implementing distributed shared memory (DSM) using message passing. A serious drawback of traditional approaches to this problem is that designers are required to state the desired coherence protocol at the level of asynchronous message interactions. We propose a method in which designers express the desired protocol at a high-level using rendezvous communication. These descriptions are much easier to understand and computationally more efficient to verify than asynchronous protocols due to their small state spaces. The rendezvous protocol can also be synthesized into efficient asynchronous protocols. We present our protocol refinement procedure, prove its soundness, and provide examples of its efficiency.

An Improvement to Partial Order Reductions

In this paper, we present a new partial order reduction algorithm that can help reduce both space and time requirements of automatic verifiers. The partial order reduction algorithms described in [God95, Hol94] (both incorporated in SPIN [Hol91]) were observed to yield very little savings in many practical cases due to the proviso in them. Our algorithm, called the two-phase algorith, is different from these algorithms in that it avoids the proviso, and follows a new execution strategy consisting of alternating phases of depth-first-search and partial order reduction. The two-phase algorithm is shown to preserve safety properties. It has been implemented in a new verifier which, like SPIN, takes Promela as input. Comparisons between these algorithms and the two-phase algorithm are provided for a significant number of examples, including directory based protocols of a new multiprocessor where significant performance gains are obtained. 1 Introduction Partial order reductions has been a..