Automated Software Engineering

, Volume 7, Issue 3, pp 263–304 | Cite as

Planning Proofs of Equations in CCS

  • Raúl Monroy
  • Alan Bundy
  • Ian Green
Article

Abstract

Most efforts to automate formal verification of communicating systems have centred around finite-state systems (FSSs). However, FSSs are incapable of modelling many practical communicating systems, including a novel class of problems, which we call VIPS. VIPSs are value-passing, infinite-state, parameterised systems. Existing approaches using model checking over FSSs are insufficient for VIPSs. This is due to their inability both to reason with and about domain-specific theories, and to cope with systems having an unbounded or arbitrary state space.

We use the Calculus of Communicating Systems (CCS) (Communication and Concurrency. London: Prentice Hall, 1989) to express and specify VIPSs. We take program verification to be proving the program and its intended specification equivalent. We use the laws of CCS to conduct the verification task. This approach allows us to study communicating systems and the data such systems communicate. Automating theorem proving in this context is an extremely difficult task.

We provide automated methods for CCS analysis; they are applicable to both FSSs and VIPSs. Adding these methods to the CL A M proof planner (Lecture Notes in Artificial Intelligence, Vol. 449, Springer, 1990, pp. 647, 648), we have implemented an automated verification planner capable of dealing with problems that previously required human interaction. This paper describes these methods, gives an account as to why they work, and provides a short summary of experimental results.

CCS formal methods program verification automated reasoning theorem provers 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Basin, D. and Walsh, T. 1992. Difference matching. In D. Kapur, editor, 11th Conference on Automated Deduction, pp. 295–309, NY, USA: Saratoga Springs. Published as Springer Lecture Notes in Artificial Intelligence, Vol. 607.Google Scholar
  2. Basin, D. and Walsh, T. 1993. Difference unification. In Bajcsy, editor, Proceedings of the 13th IJCAI, International Joint Conference on Artificial Intelligence. Also available as Technical Report MPI-I-92-247, Max-Planck-Institute f¨ur Informatik.Google Scholar
  3. Basin, D. and Walsh, T. 1996. Annotated rewriting in inductive theorem proving. Journal of Automated Reasoning, 16(1- 2):147–180.Google Scholar
  4. Bergstra, J.A. and Klop, J.W. 1985. Algebra of communicating processes with abstraction. Theoretical Computer Science, 37(1):77–121.Google Scholar
  5. Bouali, A., Gnesi, S., and Larosa, S. 1994. JACK: Just Another Concurrency Kit. Bulletin of the European Association for Theoretical Computer Science, 54:207–224.Google Scholar
  6. Bouali, A., Ressouche, A., Roy, V., and de Simone, R. 1996. The FC2TOOLS set. In R. Alur and T. Henzinger, editors, '96), Springer-Verlag, pp. 441–445. Lecture Notes in Computer Science, Vol. 1102.Google Scholar
  7. Boyer, R.S. and Moore, J.S. 1979. A Computational Logic. Academic Press, ACM monograph series.Google Scholar
  8. Bruns, G. 1991. A language for value-passing CCS. LFCS Report Series ECS-LFCS-91-175, Department of Computer Science, University of Edinburgh.Google Scholar
  9. Bundy, A. 1988. The use of explicit plans to guide inductive proofs. In R. Lusk and R. Overbeek, editors, 9th Conference on Automated Deduction, Springer-Verlag, pp. 111–120. Longer version available from Edinburgh as DAI Research Paper No. 349.Google Scholar
  10. Bundy, A. 1991. A science of reasoning. In J.L. Lassez and G. Plotkin, editors, Computational Logic: Essays in Honor of Alan Robinson, MIT Press, pp. 178–198. Also available from Edinburgh as DAI Research Paper 445.Google Scholar
  11. Bundy, A., Stevens, A., van Harmelen, F., Ireland, A., and Smaill, A. 1993. Rippling: A heuristic for guiding inductive proofs. Artificial Intelligence, 62: 185–253. Also available from Edinburgh as DAI Research PaperNo. 567.Google Scholar
  12. Bundy, A., van Harmelen, F., Hesketh, J., Smaill, A., and Stevens, A. 1989. A rational reconstruction and extension of recursion analysis. In N.S. Sridharan, editor, Proceedings of the Eleventh International Joint Conference on Artificial Intelligence, Morgan Kaufmann, pp. 359–365. Also available from Edinburgh as DAI Research Paper 419.Google Scholar
  13. Bundy, A., van Harmelen, F., Horn, C., and Smaill, A. 1990. The Oyster-Clam system. In M.E. Stickel, editor, 10th International Conference on Automated Deduction, Springer-Verlag, pp. 647–648. Lecture Notes in Artificial Intelligence, Vol. 449. Also available from Edinburgh as DAI Research Paper 507.Google Scholar
  14. Cantu, F., Bundy, A., Smaill, A., and Basin, D. 1996. Experiments in automating hardware verification using inductive proof planning. In M. Srivas and A. Camilleri, editors, Proceedings of the Formal Methods for Computer-Aided Design Conference, Springer-Verlag, pp. 94–108. Lecture Notes in Computer Science, Vol. 1166.Google Scholar
  15. Cleaveland, R., Lewis, P.M., Smolka, S.A., and Sokolsky, O. 1996. The concurrency factory: A development environment for concurrent systems. In R. Alur and T. Henzinger, editors, '96), Springer-Verlag, pp. 398–401. Lecture Notes in Computer Science, Vol. 1102.Google Scholar
  16. Cleaveland, R. and Panangaden, P. 1988. Type theory and concurrency. International Journal of Parallel Programming, 17(2):153–206.Google Scholar
  17. Cleaveland, R., Parrow, J., and Steffen, B. 1990. The concurrency workbench. In J. Sifakis, editor, Proceedings of the International Workshop on Automatic Verification Methods for Finite State Systems, Lecture Notes in Computer Science, Vol. 407, Springer-Verlag, pp. 24–37.Google Scholar
  18. Constable, R.L., Allen, S.F., Bromley, H.M. et al. 1986. Implementing Mathematics with the Nuprl Proof Development System. Prentice Hall.Google Scholar
  19. Dershowitz, N. and Jouannaud, J.P. 1990. Rewrite systems. In J. van Leeuwen, editor, Handbook of Theoretical Computer Science, Vol. B: Formal Models and Semantics, Elsevier, pp. 243–320.Google Scholar
  20. Dowek, G., Felty, A., Herbelin, H., Huet, G., Paulin, C., and Werner, B. 1991. The Coq proof assistant user's guide, Version 5.6. Technical Report 134, INRIA.Google Scholar
  21. Failure Divergence Refinement: FDR2 User Manual. Formal Systems (Europe) Ltd. 1992- 1997.Google Scholar
  22. Fernandez, J.C., Garavel, H., Kerbrat, A., Mateescu, R., Mounier, L., and Sighireanu, M. 1996. CADP: A protocol validation and verification toolbox. In R. Alur and T. Henzinger, editors, '96), Springer-Verlag, pp. 437–440. Lecture Notes in Computer Science, Vol. 1102.Google Scholar
  23. Godskesen, J.C., Larsen, K.G., and Zeeberg, M. 1989. TAV users manual. Internal report R-89-19, Department of Computer Science, Aalborg University.Google Scholar
  24. Gordon, M.J.C. and Melham, T.F. (eds.). 1993. Introduction to HOL: A Theorem Proving Environment for Higher Order Logic. Cambridge University Press.Google Scholar
  25. Groote, J.F., Monin, F., and van de Pol, J.C. 1998. Checking verifications of protocols and distributed systems by computer. In D. Sangiorgi and R. de Simone, editors, Proceedings of CONCUR'98, Springer Verlag, pp. 629–655. Lecture Notes in Computer Science, Vol. 1466. Also available as Computer Science Report 98/13, Department of Mathematics and Computer Science, Eindhoven University, 1998.Google Scholar
  26. Groote, J.F. and van de Pol, J.C. 1996. A bounded retransmission protocol for large data packets. A case study in computer checked verification. In M. Wirsing and M. Nivat, editors, Proceedings of AMAST'96, Springer Verlag, pp. 536–550. Lecture Notes in Computer Science, Vol. 1101.Google Scholar
  27. Groote, J.F. and Ponse, A. 1990. The syntax and semantics of µCRL. Technical report CS-R9076, CWI, Amsterdam.Google Scholar
  28. Groote, J.F. and Ponse, A. 1991. Proof theory for µCRL. Technical report CS-R9138, CWI, Amsterdam.Google Scholar
  29. Hennessy, M. and Lin, H. 1995. Symbolic bisimulations. Theoretical Computer Science, 138:353–389. Also available from Sussex as Computing Science Technical Report 1/92.Google Scholar
  30. Hennessy,M. and Milner, R. 1985. Algebraic laws for nondeterminism and concurrency. Journal of the Association for Computing Machinery, 32(1):137–161.Google Scholar
  31. Hirshfeld, Y., Jerrum, M., and Moller, F. 1996a. A polynomial algorithm for deciding bisimilarity of normed context-free processes. Theoretical Computer Science, 158:143–159. Also available from Edinburgh as LFCS report ECS-LFCS-94-286.Google Scholar
  32. Hirshfeld, Y., Jerrum, M., and Moller, F. 1996b. A polynomial-time algorithm for deciding bisimulation equivalence of normed basic parallel processes. Mathematical Structures in Computer Science, 6(3):251–259. Also available from Edinburgh as LFCS report ECS-LFCS-94-288.Google Scholar
  33. Hoare, C.A.R. 1978. Communicating sequential processes. Communications of the Association for Computing Machinery, 21(8):666–677.Google Scholar
  34. Inverardi, P. and Nesi, M. 1995. Deciding observational congruence of finite-state CCS expressions by rewriting. Theoretical Computer Science, 139:315–354.Google Scholar
  35. Ireland, A. 1992. The use of planning critics in mechanizing inductive proofs. In A. Voronkov, editor, International Conference on Logic Programming and Automated Reasoning—LPAR 92, St.Petersburg, Springer-Verlag, pp. 178–189. Lecture Notes in Artificial Intelligence, Vol. 624. Also available from Edinburgh as DAI Research Paper 592.Google Scholar
  36. Ireland, A. and Bundy, A. 1996a. Productive use of failure in inductive proof. Journal of Automated Reasoning, 16(1- 2):79–111. Also available as DAI Research Paper No. 716, Dept. of Artificial Intelligence, Edinburgh.Google Scholar
  37. Ireland, A. and Bundy, A. 1996b. Extensions to a generalization critic for inductive proof. In M.A. McRobbie and J.K. Slaney, editors, 13th Conference on Automated Deduction, Springer-Verlag, pp. 47–61. Lecture Notes in Artificial Intelligence, Vol. 1104. Also available from Edinburgh as DAI Research Paper 786.Google Scholar
  38. ISO. 1989. Information processing systems—Open Systems Interconnection—LOTOS—A formal description technique based on the temporal ordering of observational behaviour. ISO 8807.Google Scholar
  39. Korver, H. and Springintveld, J. 1994. A computer-checked verification of Milner's schedulers. In M. Hagiya and J.C. Mitchel, editors, '94), Springer-Verlag, pp. 161–178. Lecture Notes in Computer Science, Vol. 789.Google Scholar
  40. Kraan, I., Basin, D., and Bundy, A. 1993. Logic program synthesis via proof planning. In K.K. Lau and T. Clement, editors, Logic ProgramSynthesis and Transformation, Springer-Verlag, pp. 1–14. Also available as Max-Planck-Institut f¨ur Informatik Report MPI-I-92-244 and Edinburgh DAI Research Report 603.Google Scholar
  41. Kurshan, R.P. and McMillan, K. 1989. A structural induction theorem for processes. In 8th ACM Symposium on Principles Of Distributed Computing (PODC), ACM Press, pp. 239–247.Google Scholar
  42. Lin, H. 1993. A verification tool for value-passing processes. In Proceedings of 13th International Symposium on Protocol Specification, Testing and Verification, North-Holland. Series IFIP Transactions. Also available from Sussex as Computing Science Technical Report 8/93.Google Scholar
  43. Lin, H. 1995. PAM: A process algebra manipulator. Formal Methods in System Design, 7:243–259. Kluwer Academic publishers.Google Scholar
  44. Milner, R. 1989. Communication and Concurrency. London: Prentice Hall.Google Scholar
  45. Milner, R. and Moller, F. 1993. Unique decomposition of processes. Theoretical Computer Science, 107:357–363.Google Scholar
  46. Milner, R., Parrow, J., and Walker, D. 1993. Mobile logics for mobile processes. Theoretical Computer Science, 114:149–171. Also available from Edinburgh, as LFCS Report ECS-LFCS-91-136.Google Scholar
  47. Monroy, R. 1997. Planning proofs of correctness of CCS systems. Ph.D. Thesis, Department of Artificial Intelligence, University of Edinburgh.Google Scholar
  48. Monroy, R., Bundy, A., and Green I. 1998a. Annotated term rewriting for deciding observation congruence. In H. Prade, editor, 13th European Conference on Artificial Intelligence, ECAI'98, Wiley & Sons, pp. 393–397.Google Scholar
  49. Monroy, R., Bundy, A., and Green I. 1998b. Planning equational verification in CCS. In D. Redmiles and B. Nuseibeh, editors, 13th Conference on Automated Software Engineering, ASE'98, IEEE Computer Society Press, pp. 43–52. Candidate to best paper award.Google Scholar
  50. Monroy, R., Bundy, A., and Ireland, A. 1994. Proof plans for the correction of false conjectures. In F. Pfenning, editor, 5th International Conference on Logic Programming and Automated Reasoning, LPAR'94s, Springer-Verlag, pp. 54–68. Lecture Notes in Artificial Intelligence, Vol. 822. Also available from Edinburgh as DAI Research Paper 681.Google Scholar
  51. Negrete, S. 1996. Proof planning with logic presentations. Ph.D. Thesis, Department of Artificial Intelligence, University of Edinburgh.Google Scholar
  52. Nesi, M. 1992. Mechanizing a proof by induction of process algebra specifications in higher-order logic. In K.G. Larsen and A. Skou, editors, Proceedings of the 3rd InternationalWorkshop in Computer Aided Verification ('91), Springer Verlag, pp. 288–298. Lecture Notes in Computer Science, Vol. 575.Google Scholar
  53. Nesi, M. 1999. Formalising a value-passing calculus in HOL. Formal Aspects of Computing, 11:160–199.Google Scholar
  54. Park, D. 1981. Concurrency and automata on infinite sequences. In P. Deussen, editor, Proceedings of the 5th GI-Conference on Theoretical Computer Science, Springer Verlag, pp. 167–183. Lecture Notes in Computer Science, Vol. 104.Google Scholar
  55. Paulson, L.C. 1994. Isabelle: A Generic Theorem Prover. Springer-Verlag. Lecture Notes in Computer Science, Vol. 828.Google Scholar
  56. Sellink, M.P.A. 1993. Verifying process algebra proofs in type-theory. Technical Report Logic Group Preprint Series 87, Utrecht University.Google Scholar
  57. Walsh, T., Nunes, A., and Bundy, A. 1992. The use of proof plans to sum series. In D. Kapur, editor, 11th Conference on Automated Deduction, Springer Verlag, pp. 325–339. Lecture Notes in Computer Science, Vol. 607. Also available from Edinburgh as DAI Research Paper 563.Google Scholar
  58. Yoshida, T., Bundy, A., Green, I., Walsh, T., and Basin, D. 1994. Coloured rippling: An extension of a theorem proving heuristic. In A.G. Cohn, editor, Proceedings of ECAI-94, John Wiley, pp. 85–89.Google Scholar

Copyright information

© Kluwer Academic Publishers 2000

Authors and Affiliations

  • Raúl Monroy
    • 1
  • Alan Bundy
    • 2
  • Ian Green
    • 3
  1. 1.Department of Computer ScienceITESM Campus Estado de MéxicoMéxico
  2. 2.Division of InformaticsThe University of EdinburghEdinburghScotland, UK
  3. 3.QSS LtdEdinburghScotland, UK

Personalised recommendations