Advertisement

Journal of Automated Reasoning

, Volume 60, Issue 1, pp 3–21 | Cite as

Formal Verification of an Executable LTL Model Checker with Partial Order Reduction

  • Julian BrunnerEmail author
  • Peter Lammich
Article

Abstract

We present a formally verified and executable on-the-fly LTL model checker that uses ample set partial order reduction. The verification is done using the proof assistant Isabelle/HOL and covers everything from the abstract correctness proof down to the generated SML code. Building on Doron Peled’s paper “Combining Partial Order Reductions with On-the-Fly Model-Checking”, we formally prove abstract correctness of ample set partial order reduction. This theorem is independent of the actual reduction algorithm. We then verify a reduction algorithm for a simple but expressive fragment of Promela. We use static partial order reduction, which allows separating the partial order reduction and the model checking algorithms regarding both the correctness proof and the implementation. Thus, the Cava model checker that we verified in previous work can be used as a back end with only minimal changes. Finally, we generate executable SML code using a stepwise refinement approach. We test our model checker on some examples, observing the effectiveness of the partial order reduction algorithm.

Keywords

Formal verification Model checking Partial order reduction 

References

  1. 1.
    Back, R.-J., von Wright, J.: Refinement Calculus. A Systematic Introduction. Graduate Texts in Computer Science. Springer, Berlin (1998)Google Scholar
  2. 2.
    Blanchette, J.C., Hölzl, J., Lochbihler, A., Panny, L., Popescu, A., Traytel, D.: Truly Modular (Co)datatypes for Isabelle/HOL. In: ITP, vol. 8558, pp. 93–110. LNCS, Springer (2014)Google Scholar
  3. 3.
    Brunner, J.: Implementation and Verification of Partial Order Reduction for on-the-fly model checking. MA thesis. Technische Universität München, 15 July, 2014. p. 83 (2014). url: http://www21.in.tum.de/~brunnerj/documents/ivporotfmc.pdf
  4. 4.
    Brunner, J., Lammich, P.: Formal Verification of an Executable LTL Model Checker with Partial Order Reduction. In: NFM. pp. 307–321, Springer (2016)Google Scholar
  5. 5.
    Chou, C.-T., Peled, D.: Formal verification of a partial-order reduction technique for model checking. In: TACAS. 1055. LNCS. Springer, pp. 241–257 (1996)Google Scholar
  6. 6.
    Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.-G. A Fully Verified Executable LTL Model Checker. In: CAV. vol. 8044, pp. 463-478. LNCS, Springer (2013)Google Scholar
  7. 7.
    Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.-G.: A fully verified executable LTL model checker. In: Archive of Formal Proofs (2014). Formal proof development. url: http://afp.sf.net/entries/CAVA_LTL_Modelchecker.shtml
  8. 8.
    Holzmann, G.J.: The SPIN Model Checker. Primer and Reference Manual. Addison-Wesley Professional, Boston (2003)Google Scholar
  9. 9.
    Holzmann, Gerard J., Peled, Doron, Yannakakis, Mihalis: On nested depth first search. SPIN Workshop 32, 81–89 (1996)zbMATHGoogle Scholar
  10. 10.
    Kurshan, R., Levin, V., Minea, M., Peled, D., Yenigün, H.: Static partial order reduction. In: TACAS, vol. 1384, pp. 345–357. LNCS, Springer (1998)Google Scholar
  11. 11.
    Lammich, P.: Collections framework. In: Archive of Formal Proofs (2009). Formal proof development. url:http://afp.sf.net/entries/Collections.shtml
  12. 12.
    Lammich, P.: Refinement for Monadic Programs. In: Archive of Formal Proofs (2012). Formal proof development. http://afp.sf.net/entries/Refine_Monadic.shtml
  13. 13.
    Lammich, P.: Refinement to imperative/HOL. In: ITP. vol. 9236, pp. 253–269. LNCS, Springer (2015)Google Scholar
  14. 14.
    Lammich, P.: The CAVA automata library. In: Archive of Formal Proofs (2014). Formal proof development. http://afp.sf.net/entries/CAVA_ Automata.shtml
  15. 15.
    Lammich, P.: The imperative refinement framework. In: Archive of Formal Proofs (2016). http://isa-afp.org/entries/Refine_Imperative_HOL.shtml, Formal proof development. issn: 2150-914x
  16. 16.
    Lammich, P.: Verified efficient implementation of Gabow’s strongly connected component algorithm. In: ITP. vol. 8558, pp. 325–340. LNCS, Springer (2014)Google Scholar
  17. 17.
    Lammich, P., Lochbihler, A.: The Isabelle collections framework. In: ITP, vol. 6172, pp. 339–354. LNCS, Springer (2010)Google Scholar
  18. 18.
    Lammich, P., Neumann, R.: A framework for verifying depth-first search algorithms. In: CPP, pp. 137–146. ACM, Jan 13, (2015),Google Scholar
  19. 19.
    Lammich, P., Tuerk, T.: Applying data refinement for monadic programs to Hopcroft’s algorithm. In: ITP, vol. 7406, pp. 166–182. LNCS, Springer (2012)Google Scholar
  20. 20.
    Lammisch, P.: The CAVA automata library. In: Isabelle Workshop 2014 (2014)Google Scholar
  21. 21.
    Lochbihler, A.: Coinductive. In: Archive of Formal Proofs (2010). Formal proof development. http://afp.sf.net/entries/Coinductive.shtml
  22. 22.
    Mazurkiewicz, A.: Trace theory. In: Advances in Petri Nets, Part II, vol. 255, pp. 278–324. LNCS, Springer (1987)Google Scholar
  23. 23.
    Merz, S.: Stuttering equivalence. In: Archive of Formal Proofs (May 2012). Formal proof development. http://afp.sf.net/entries/Stuttering_Equivalence.shtml
  24. 24.
    Naimi, M., Trehel, M., Arnold, A.: A log (N) distributed mutual exclusion algorithm based on path reversal. J. Parallel Distrib. Comput. 34(1), 1–13 (1996)CrossRefGoogle Scholar
  25. 25.
    Neumann, R.: Using promela in a fully verified executable LTL model checker. In: VSTTE, pp. 105–114. LNCS, Springer (2014)Google Scholar
  26. 26.
    Nipkow, T., Paulson, L.C., Wenzel, M.: Isabelle/HOL. A Proof Assistant for Higher-Order Logic, vol. 2283. LNCS. Springer (2002)Google Scholar
  27. 27.
    Paulson, L., Nipkow, T., Wenzel, M.: Isabelle (2014). http://isabelle.in.tum.de
  28. 28.
    Peled, D.: Combining partial order reductions with on-the-fly model-checking. Form Methods Syst. Des. 8(1), 39–64 (1996)CrossRefGoogle Scholar
  29. 29.
    Peled, D., Wilke, T.: Stutter-invariant temporal properties are expressible without the next-time operator. Info. Process. Lett. 63(5), 243–246 (1997)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Wadler, P.: Comprehending monads. In: Mathematical Structures in Computer Science, vol. 2, pp. 461–493 (1992)Google Scholar

Copyright information

© Springer Science+Business Media B.V. 2017

Authors and Affiliations

  1. 1.Technische Universität MünchenMunichGermany

Personalised recommendations