Formal Methods in System Design

, Volume 14, Issue 3, pp 273–310 | Cite as

Verifying Systems with Replicated Components in Murϕ

  • C. Norris Ip
  • David L. Dill


An extension to the Murϕ verifier is presented to verify systems with replicated identical components. Although most systems are finite-state in nature, many of them are also designed to be scalable, so that a description gives a family of systems, each member of which has a different number of replicated components. It is therefore desirable to be able to verify the entire family of systems, independent of the exact number of replicated components.

The verification is performed by explicit state enumeration in an abstract state space where states do not record the exact numbers of components. We provide an extension to the existing Murϕ language, by which a designer can easily specify a system in its concrete form. Through a new datatype, called RepetitiveID, a designer can suggest the use of this abstraction to verify a family of systems.

First of all, Murϕ automatically checks the soundness of this abstraction. Then it automatically translates the system description to an abstract state graph for a system of a fixed size. During the verification of the system of a fixed size, Murϕ uses a simple run-time check to determine if the result can be generalized for a family of systems with sizes larger than the original system, including the system with an unbounded number of components.

formal verification protocol verification model checking Murϕ hardware description language symmetry replicated components abstraction state reduction cache coherence protocols scalable systems infinite systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    K.R. Apt and D.C. Kozen, “Limits for automatic verification of finite-state concurrent systems,” Information Processing Letters, Vol. 22, pp. 307–309, 1986.Google Scholar
  2. 2.
    F. Balarin and A.L. Sangiovanni-Vincentelli, “On the automatic computation of network invariants,” in 6th International Conference on Computer-Aided Verification, June 1994.Google Scholar
  3. 3.
    J. Billing, M.C. Wilbur-Ham, and M.Y. Bearman, “Automated protocol verification,” Protocol Specification, Testing, and Verification, V, 1986.Google Scholar
  4. 4.
    A. Bouajjani, S. Bensalem, S. Graf, C. Loiseaux, and J. Sifakis, “Property preserving abstractions for the verification of concurrent systems,” Formal Methods in System Design, Vol. 6,No. 1, pp. 11–44, 1993.Google Scholar
  5. 5.
    S. Chandra, B. Richards, and J.R. Larus, “Teapot: Language support for writing memory coherence protocols,” ACM SIGPLAN '96: Programming Language Design and Implementation, May 1996.Google Scholar
  6. 6.
    E.M. Clarke and O. Grumberg, “Avoiding the state explosion problem in temporal logic model checking algorithms,” in 6th Annual ACM Symposium on Principle of Distributed Computing, pp. 294–303, 1987.Google Scholar
  7. 7.
    E.M. Clarke, O. Grumberg, and S. Jha, “Verifying parameterized networks using abstraction and regular languages,” in 6th International Conference on Concurrency Theory, 1995.Google Scholar
  8. 8.
    P. Cousot and R. Cousot, “Abstract interpretation and application to logic programs,” Technical report, Ecole Polytechnique, Laboratoire d'Informatique, 1992.Google Scholar
  9. 9.
    D. Dams, O. Grumberg, and R. Gerth, “Abstract interpretation of reactive systems: Abstractions preserving ∀CTL*, ∃CTL* and CTL*,” Programming Concepts, Methods and Calculi (PROCOMET), pp. 561–581, 1994.Google Scholar
  10. 10.
    E.J. Dijkstra, “Invariance and nondeterminacy,” in Mathematical Logic and Programming Languages, Prentice-Hall, 1985.Google Scholar
  11. 11.
    D.L. Dill, “The Murϕ verification system,” in 8th International Conference on Computer Aided Verification, pp. 390–393, July/Aug. 1996.Google Scholar
  12. 12.
    D.L. Dill, A.J. Drexler, A.J. Hu, and C.H. Yang, “Protocol verification as a hardware design aid,” in IEEE International Conference on Computer Design: VLSI in Computers and Processors, pp. 522–525, 1992.Google Scholar
  13. 13.
    D.L. Dill, S. Park, and A. Nowatzyk, “Formal specification of abstract memory models,” in Research on Integrated Systems: Proceedings of the 1993 Symposium, pp. 38–52, March 1993.Google Scholar
  14. 14.
    E.A. Emerson, editor, Formal Methods in System Design, Special Issue on Symmetry in Automatic Verification, Kluwer Academic Publishers, Vol. 1,Nos. 1 and 2, Aug. 1996.Google Scholar
  15. 15.
    S.M. German and A.P. Sistla, “Reasoning about systems with many processes,” Journal of Association for Computing Machinery, Vol. 39,No. 3, pp. 675–735, 1992.Google Scholar
  16. 16.
    S. Graf, “Verification of a distributed cache memory by using abstractions,” in 6th International Conference on Computer-Aided Verification, pp. 207–219, 1994.Google Scholar
  17. 17.
    S. Graf and C. Loiseaux, “A tool for symbolic program verification and abstraction,” in 5th International Conference on Computer-Aided Verification, April 1993.Google Scholar
  18. 18.
    G.J. Holzmann, Automated Protocol Validation in Argos, Assertion Proving and Scatter Searching, Computer Science Press, 1987.Google Scholar
  19. 19.
    C.N. Ip and D.L. Dill, “Better verification through symmetry,” in 11th International Symposium on Computer Hardware Description Languages and Their Applications, pp. 87–100, April 1993.Google Scholar
  20. 20.
    C.N. Ip and D.L. Dill, “Efficient verification of symmetric concurrent systems,” in IEEE International Conference on Computer Design: VLSI in Computers and Processors, pp. 230–234, Oct. 1993.Google Scholar
  21. 21.
    C.N. Ip and D.L. Dill, “Better verification through symmetry,” Formal Methods in System Design, Vol. 9,Nos. 1 and 2, pp. 41–75, Aug. 1996.Google Scholar
  22. 22.
    C.N. Ip and D.L. Dill, “State reduction using reversible rules,” in 33rd Design Automation Conference, pp. 564–567, June 1996.Google Scholar
  23. 23.
    C.N. Ip, State Reduction Methods for Automatic Formal Verification, Ph.D. Thesis, Stanford University, Dec. 1996.Google Scholar
  24. 24.
    R.P. Kurshan, M. Merritt, A. Orda, and S.R. Sachs, “A structural linearization principle for processes,” Formal Methods in System Design, Vol. 5, pp. 227–244, 1994.Google Scholar
  25. 25.
    R.P. Kurshan and K. McMillan, “A structural induction theorem for processes,” in 8th ACM Symposium on Principles of Distributed Computing, pp. 239–247, 1989.Google Scholar
  26. 26.
    D. Lenoski, J. Laudon, K. Gharachorloo, A. Gupta, and J. Hennessy, “The directory-based cache coherence protocol for the DASH multiprocessor,” in 17th International Symposium on Computer Architecture, 1990.Google Scholar
  27. 27.
    B.D. Lubachevsky, “An approach to automating the verification of compact parallel coordination programs I,” Acta Informatica, Vol. 21, pp. 125–169, 1984.Google Scholar
  28. 28.
    S. Park, Computer Assisted Analysis of Multiprocessor Memory Systems, Section 4.3 on ‘Verification Using A Finite State Method’, Ph.D. Thesis, Stanford University, June 1994.Google Scholar
  29. 29.
    S. Park and D.L. Dill, “An executable specification, analyzer and verifier for RMO (relaxed memory order),” in 7th ACM Symposium on Parallel Algorithms and Architectures, pp. 34–41, 1995.Google Scholar
  30. 30.
    G.L. Peterson, “Myths about the mutual exclusion problem,” Information Processing Letters, Vol. 12,No. 3, 1981.Google Scholar
  31. 31.
    F. Pong and M. Dubois, “A new approach for the verification of cache coherence protocols,” IEEE Transactions on Parallel and Distributed Systems, Vol. 6,No. 2, pp. 773–787, 1995.Google Scholar
  32. 32.
    F. Pong, A. Nowatzyk, G. Aybay, and M. Dubois, “Verifying distributed directory-based cache coherence protocols:, a case study,” in First International EURO-PAR Conference on Parallel Processing, 1995.Google Scholar
  33. 33.
    F. Pong, Symbolic State Model: A New Approach for the Verification of Cache Coherence Protocols, Ph.D. Thesis, University of Southern California, 1995.Google Scholar
  34. 34.
    J.-K. Rho and F. Somenzi, “Automatic generation of network invariants for the verification of iterative sequential systems,” in 5th International Conference on Computer-Aided Verification, June 1993.Google Scholar
  35. 35.
    K. Shibata, Y. Hirakawa, A. Takura, and T. Ohta, “Reachability analysis for specified processes in a behavior description,” IEICE Transaction on Communication, Vol. E76-B,No. 11, Nov. 1993.Google Scholar
  36. 36.
    A.P. Sistla and S.M. German, “Reasoning with many processes,” Symposium on Logic in Computer Science, pp. 138–152, 1987.Google Scholar
  37. 37.
    U. Stern and D.L. Dill, “Automatic verification of the SCI cache coherence protocol,” Correct Hardware Design and Verification Methods: IFIP WG10.5 Advanced Research Working Conference Proceedings, 1995.Google Scholar
  38. 38.
    D. Weaver and T. Germond, editors, The SPARC Architecture Manual Version 9, Appendix D on ‘Formal Specification of the Memory Models’, Prentice Hall, 1994.Google Scholar
  39. 39.
    P. Wolper and V. Lovinfosse, “Verifying properties of large sets of processes with network invariants,” in Automatic Verification Methods for Finite State Systems, volume 407 of LNCS, Springer-Verlag, pp. 68–80. 1989.Google Scholar
  40. 40.
    L. Yang, D. Gao, J. Mostoufi, R. Joshi, and P. Loewenstein, “System design methodology of UltraSPARC-I,” in 32nd Design Automation Conference, pp. 7–12, 1995.Google Scholar
  41. 41.
    P. Zafiropulo, C.H. West, H. Rudin, D.D. Cowan, and D. Brand, “Towards analyzing and synthesizing protocols,” IEEE Transactions on Communications, Vol. 28,No. 4, April 1980.Google Scholar

Copyright information

© Kluwer Academic Publishers 1999

Authors and Affiliations

  • C. Norris Ip
    • 1
  • David L. Dill
    • 2
  1. 1.Cadence Berkeley LaboratoriesCadence Design Systems, Inc.USA
  2. 2.Computer Systems LaboratoryStanford UniversityUSA

Personalised recommendations