Abstract
Mechanical theorem proving and model checking are the two main methods of formal verification, each with its own strengths and weaknesses. While mechanical theorem proving is more general, it requires intensive human guidance. Model checking is automatic, but is applicable to a more restricted class of problems. It is appealing to combine these two methods in order to take advantage of their different strengths. Prior research in this direction has focused on how to decompose a verification problem into parts each of which is manageable by one of the two methods. In this paper we explore another possibility: we use mechanical theorem proving to formally verify a meta-theory of model checking. As a case study, we use the mechanical theorem prover HOL to verify the correctness of a partial-order reduction technique for cutting down the amount of state search performed by model checkers. We choose this example for two reasons. First, this reduction technique has been implemented in the protocol analysis tool SPIN to significantly speed up the analysis of many practical protocols; hence its correctness has important practical consequences. Second, the correctness arguments involve nontrivial mathematics, the formalization of which we hope will become the basis of a formal meta-theory of other model-checking algorithms and techniques. Interestingly, our formalization led to a nontrivial generalization of the original informal theory. We discuss the lessons, both encouraging and discouraging, learned from this exercise. In the appendix we highlight the important definitions and theorems from each of our HOL theories. The complete listing of our HOL proof is given in a separate document because of space limitations.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Boyer, R. S. and Moore, J S.: A Computational Logic, Academic Press, 1979.
Church, A.: A formulation of the simple theory of types, Journal of Symbolic Logic 5 (1940), 56-68.
Clarke, E. M., Filkorn, T. and Jha, S.: Exploiting symmetry in temporal logic model checking, in 5th International Conference on Computer Aided Verification Elounda, Greece, LNCS 697, 1993, pp. 450-462.
Courcoubetis, C., Vardi, M., Wolper, P. and Yannakakis, M.: Memory-efficient algorithms for the verification of temporal properties, Formal Methods in System Design 1(1) (1992), 275-288.
Curzon, P. and Wong, W.: A higher-order theory of lists for HOL, presented at 7th Int. Conf. on Higher Order Logic Theorem Proving And Its Applications, Malta, 19-22 September 1994.
Emerson, E. A. and Sistla, A. P.: Symmetry and model checking, in 5th International Conference on Computer Aided Verification Elounda, Greece, LNCS 697, 1993, pp. 463-479.
Gordon, M. J. C. and Melham, T. F. (eds.): Introduction to HOL: A Theorem-Proving Environment for Higher-Order Logic, Cambridge Univ. Press, Cambridge, 1993.
Gordon, M. J. C., Milner, A. J. R. G. and Wadsworth, C. P.: Edinburgh LCF: A Mechanized Logic of Computation, LNCS 78, Springer-Verlag, 1979.
Holzmann, G. J.: Design and Validation of Computer Protocols, Prentice-Hall, 1991.
Holzmann, G. J. and Peled, D.: An improvement in formal verification, in 7th International Conference on Formal Description Techniques Berne, Switzerland, 1994, pp. 177-194.
Holzmann, G. J., Peled, D. and Yannakakis, M.: On nested depth first search, in Second SPIN Workshop, 1996, AMS DIMACS series, to appear 1997, Piscataway, NJ, U.S.A.
Hungar, H.: Combining model checking and theorem proving to verify parallel processes, in 5th International Conference on Computer Aided Verification Elounda, Greece, LNCS 697, 1993, pp. 154-165.
Kurshan, R. P.: Computer-Aided Verification of Coordinating Processes, Princeton University Press, 1994.
Kurshan, R. P. and Lamport, L.: Verification of a multiplier: 64 bits and beyond, in 5th International Conference on Computer Aided Verification Elounda, Greece, LNCS 697, 1993, pp. 166-179.
Kwiatkowska, M. Z.: Event fairness and non-interleaving concurrency, Formal Aspects of Computing 1 (1989), 213-228.
Lamport, L.: What good is temporal logic, in R. E. A. Mason (ed.), Proceedings of IFIP Congress North-Holland, 1983, pp. 657-668.
Mazurkiewicz, A.: Trace theory, in W. Brauer, W. Reisig, and G. Rozenberg (eds.), Advances in Petri Nets 1986 Bad Honnef, Germany, LCNS 255, Springer, 1987, pp. 279-324.
Melham, T. F.: Automating recursive type definitions in higher-order logic, in G. Birtwistle and P. A. Subrahmanyam (eds.), Current Trends in Hardware Verification and Automated Theorem Proving, Springer-Verlag, 1989, pp. 341-386.
Peled, D.: Combining partial order reductions with on-the-fly model-checking, in 6th International Conference on Computer Aided Verification Stanford, CA, LNCS 818, 1994, pp. 377-390.
Rajan, S., Shankar, N., and Srivas, M. K.: An integration of model checking with automated proof checking, in 7th International Conference on Computer Aided Verification Liège, Belgium, LNCS 939, 1995, pp. 84-97.
Thomas, W.: Automata on infinite objects, in Jan van Leeuwen (ed.), Handbook of Theoretical Computer Science, Vol. B: Formal Models and Semantics, The MIT Press/Elsevier, 1990, pp. 133-192.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Chou, CT., Peled, D. Formal Verification of a Partial-Order Reduction Technique for Model Checking. Journal of Automated Reasoning 23, 265–298 (1999). https://doi.org/10.1023/A:1006225515062
Issue Date:
DOI: https://doi.org/10.1023/A:1006225515062