Skip to main content
SpringerLink
Log in

Formal Verification of an Executable LTL Model Checker with Partial Order Reduction

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

We present a formally verified and executable on-the-fly LTL model checker that uses ample set partial order reduction. The verification is done using the proof assistant Isabelle/HOL and covers everything from the abstract correctness proof down to the generated SML code. Building on Doron Peled’s paper “Combining Partial Order Reductions with On-the-Fly Model-Checking”, we formally prove abstract correctness of ample set partial order reduction. This theorem is independent of the actual reduction algorithm. We then verify a reduction algorithm for a simple but expressive fragment of Promela. We use static partial order reduction, which allows separating the partial order reduction and the model checking algorithms regarding both the correctness proof and the implementation. Thus, the Cava model checker that we verified in previous work can be used as a back end with only minimal changes. Finally, we generate executable SML code using a stepwise refinement approach. We test our model checker on some examples, observing the effectiveness of the partial order reduction algorithm.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Back, R.-J., von Wright, J.: Refinement Calculus. A Systematic Introduction. Graduate Texts in Computer Science. Springer, Berlin (1998)

    Google Scholar 

  2. Blanchette, J.C., Hölzl, J., Lochbihler, A., Panny, L., Popescu, A., Traytel, D.: Truly Modular (Co)datatypes for Isabelle/HOL. In: ITP, vol. 8558, pp. 93–110. LNCS, Springer (2014)

  3. Brunner, J.: Implementation and Verification of Partial Order Reduction for on-the-fly model checking. MA thesis. Technische Universität München, 15 July, 2014. p. 83 (2014). url: http://www21.in.tum.de/~brunnerj/documents/ivporotfmc.pdf

  4. Brunner, J., Lammich, P.: Formal Verification of an Executable LTL Model Checker with Partial Order Reduction. In: NFM. pp. 307–321, Springer (2016)

  5. Chou, C.-T., Peled, D.: Formal verification of a partial-order reduction technique for model checking. In: TACAS. 1055. LNCS. Springer, pp. 241–257 (1996)

  6. Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.-G. A Fully Verified Executable LTL Model Checker. In: CAV. vol. 8044, pp. 463-478. LNCS, Springer (2013)

  7. Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.-G.: A fully verified executable LTL model checker. In: Archive of Formal Proofs (2014). Formal proof development. url: http://afp.sf.net/entries/CAVA_LTL_Modelchecker.shtml

  8. Holzmann, G.J.: The SPIN Model Checker. Primer and Reference Manual. Addison-Wesley Professional, Boston (2003)

    Google Scholar 

  9. Holzmann, Gerard J., Peled, Doron, Yannakakis, Mihalis: On nested depth first search. SPIN Workshop 32, 81–89 (1996)

    MATH  Google Scholar 

  10. Kurshan, R., Levin, V., Minea, M., Peled, D., Yenigün, H.: Static partial order reduction. In: TACAS, vol. 1384, pp. 345–357. LNCS, Springer (1998)

  11. Lammich, P.: Collections framework. In: Archive of Formal Proofs (2009). Formal proof development. url:http://afp.sf.net/entries/Collections.shtml

  12. Lammich, P.: Refinement for Monadic Programs. In: Archive of Formal Proofs (2012). Formal proof development. http://afp.sf.net/entries/Refine_Monadic.shtml

  13. Lammich, P.: Refinement to imperative/HOL. In: ITP. vol. 9236, pp. 253–269. LNCS, Springer (2015)

  14. Lammich, P.: The CAVA automata library. In: Archive of Formal Proofs (2014). Formal proof development. http://afp.sf.net/entries/CAVA_ Automata.shtml

  15. Lammich, P.: The imperative refinement framework. In: Archive of Formal Proofs (2016). http://isa-afp.org/entries/Refine_Imperative_HOL.shtml, Formal proof development. issn: 2150-914x

  16. Lammich, P.: Verified efficient implementation of Gabow’s strongly connected component algorithm. In: ITP. vol. 8558, pp. 325–340. LNCS, Springer (2014)

  17. Lammich, P., Lochbihler, A.: The Isabelle collections framework. In: ITP, vol. 6172, pp. 339–354. LNCS, Springer (2010)

  18. Lammich, P., Neumann, R.: A framework for verifying depth-first search algorithms. In: CPP, pp. 137–146. ACM, Jan 13, (2015),

  19. Lammich, P., Tuerk, T.: Applying data refinement for monadic programs to Hopcroft’s algorithm. In: ITP, vol. 7406, pp. 166–182. LNCS, Springer (2012)

  20. Lammisch, P.: The CAVA automata library. In: Isabelle Workshop 2014 (2014)

  21. Lochbihler, A.: Coinductive. In: Archive of Formal Proofs (2010). Formal proof development. http://afp.sf.net/entries/Coinductive.shtml

  22. Mazurkiewicz, A.: Trace theory. In: Advances in Petri Nets, Part II, vol. 255, pp. 278–324. LNCS, Springer (1987)

  23. Merz, S.: Stuttering equivalence. In: Archive of Formal Proofs (May 2012). Formal proof development. http://afp.sf.net/entries/Stuttering_Equivalence.shtml

  24. Naimi, M., Trehel, M., Arnold, A.: A log (N) distributed mutual exclusion algorithm based on path reversal. J. Parallel Distrib. Comput. 34(1), 1–13 (1996)

    Article  Google Scholar 

  25. Neumann, R.: Using promela in a fully verified executable LTL model checker. In: VSTTE, pp. 105–114. LNCS, Springer (2014)

  26. Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL. A Proof Assistant for Higher-Order Logic, vol. 2283. LNCS. Springer (2002)

  27. Paulson, L., Nipkow, T., Wenzel, M.: Isabelle (2014). http://isabelle.in.tum.de

  28. Peled, D.: Combining partial order reductions with on-the-fly model-checking. Form Methods Syst. Des. 8(1), 39–64 (1996)

    Article  Google Scholar 

  29. Peled, D., Wilke, T.: Stutter-invariant temporal properties are expressible without the next-time operator. Info. Process. Lett. 63(5), 243–246 (1997)

    Article  MathSciNet  MATH  Google Scholar 

  30. Wadler, P.: Comprehending monads. In: Mathematical Structures in Computer Science, vol. 2, pp. 461–493 (1992)

Download references

Author information

Authors and Affiliations

  1. Technische Universität München, Munich, Germany

    Julian Brunner & Peter Lammich

Authors
  1. Julian Brunner
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Peter Lammich
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Julian Brunner.

Additional information

Research supported by DFG Grant Cava (Computer Aided Verification of Automata, ES 139/5-1, NI 491/12-1, SM 73/2-1) and Cava2 (Verified Model Checkers, KR 4890/1-1, LA 3292/1-1).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Brunner, J., Lammich, P. Formal Verification of an Executable LTL Model Checker with Partial Order Reduction. J Autom Reasoning 60, 3–21 (2018). https://doi.org/10.1007/s10817-017-9418-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-017-9418-4

Keywords

Search

Navigation