## Abstract

Most efforts to automate formal verification of communicating systems have centred around finite-state systems (FSSs). However, FSSs are incapable of modelling many practical communicating systems, including a novel class of problems, which we call VIPS. VIPSs are value-passing, infinite-state, parameterised systems. Existing approaches using model checking over FSSs are insufficient for VIPSs. This is due to their inability both to reason with and about domain-specific theories, and to cope with systems having an unbounded or arbitrary state space.

We use the Calculus of Communicating Systems (CCS) (*Communication and Concurrency*. London: Prentice Hall, 1989) to express and specify VIPSs. We take *program verification* to be proving the program and its intended specification equivalent. We use the laws of CCS to conduct the verification task. This approach allows us to study communicating systems and the data such systems communicate. Automating theorem proving in this context is an extremely difficult task.

We provide automated methods for CCS analysis; they are applicable to both FSSs and VIPSs. Adding these methods to the *CL*^{ A }*M* proof planner (Lecture Notes in Artificial Intelligence, Vol. 449, Springer, 1990, pp. 647, 648), we have implemented an automated verification planner capable of dealing with problems that previously required human interaction. This paper describes these methods, gives an account as to why they work, and provides a short summary of experimental results.

## Preview

Unable to display preview. Download preview PDF.

## References

- Basin, D. and Walsh, T. 1992. Difference matching. In D. Kapur, editor,
*11th Conference on Automated Deduction*, pp. 295–309, NY, USA: Saratoga Springs. Published as Springer Lecture Notes in Artificial Intelligence, Vol. 607.Google Scholar - Basin, D. and Walsh, T. 1993. Difference unification. In Bajcsy, editor,
*Proceedings of the 13th IJCAI*, International Joint Conference on Artificial Intelligence. Also available as Technical Report MPI-I-92-247, Max-Planck-Institute f¨ur Informatik.Google Scholar - Basin, D. and Walsh, T. 1996. Annotated rewriting in inductive theorem proving.
*Journal of Automated Reasoning*, 16(1- 2):147–180.Google Scholar - Bergstra, J.A. and Klop, J.W. 1985. Algebra of communicating processes with abstraction.
*Theoretical Computer Science*, 37(1):77–121.Google Scholar - Bouali, A., Gnesi, S., and Larosa, S. 1994. JACK: Just Another Concurrency Kit.
*Bulletin of the European Association for Theoretical Computer Science*, 54:207–224.Google Scholar - Bouali, A., Ressouche, A., Roy, V., and de Simone, R. 1996. The FC2TOOLS set. In R. Alur and T. Henzinger, editors, '
*96)*, Springer-Verlag, pp. 441–445. Lecture Notes in Computer Science, Vol. 1102.Google Scholar - Boyer, R.S. and Moore, J.S. 1979.
*A Computational Logic*. Academic Press, ACM monograph series.Google Scholar - Bruns, G. 1991. A language for value-passing CCS. LFCS Report Series ECS-LFCS-91-175, Department of Computer Science, University of Edinburgh.Google Scholar
- Bundy, A. 1988. The use of explicit plans to guide inductive proofs. In R. Lusk and R. Overbeek, editors,
*9th Conference on Automated Deduction*, Springer-Verlag, pp. 111–120. Longer version available from Edinburgh as DAI Research Paper No. 349.Google Scholar - Bundy, A. 1991. A science of reasoning. In J.L. Lassez and G. Plotkin, editors,
*Computational Logic: Essays in Honor of Alan Robinson*, MIT Press, pp. 178–198. Also available from Edinburgh as DAI Research Paper 445.Google Scholar - Bundy, A., Stevens, A., van Harmelen, F., Ireland, A., and Smaill, A. 1993. Rippling: A heuristic for guiding inductive proofs.
*Artificial Intelligence*, 62: 185–253. Also available from Edinburgh as DAI Research PaperNo. 567.Google Scholar - Bundy, A., van Harmelen, F., Hesketh, J., Smaill, A., and Stevens, A. 1989. A rational reconstruction and extension of recursion analysis. In N.S. Sridharan, editor,
*Proceedings of the Eleventh International Joint Conference on Artificial Intelligence*, Morgan Kaufmann, pp. 359–365. Also available from Edinburgh as DAI Research Paper 419.Google Scholar - Bundy, A., van Harmelen, F., Horn, C., and Smaill, A. 1990. The Oyster-Clam system. In M.E. Stickel, editor,
*10th International Conference on Automated Deduction*, Springer-Verlag, pp. 647–648. Lecture Notes in Artificial Intelligence, Vol. 449. Also available from Edinburgh as DAI Research Paper 507.Google Scholar - Cantu, F., Bundy, A., Smaill, A., and Basin, D. 1996. Experiments in automating hardware verification using inductive proof planning. In M. Srivas and A. Camilleri, editors,
*Proceedings of the Formal Methods for Computer-Aided Design Conference*, Springer-Verlag, pp. 94–108. Lecture Notes in Computer Science, Vol. 1166.Google Scholar - Cleaveland, R., Lewis, P.M., Smolka, S.A., and Sokolsky, O. 1996. The concurrency factory: A development environment for concurrent systems. In R. Alur and T. Henzinger, editors, '
*96)*, Springer-Verlag, pp. 398–401. Lecture Notes in Computer Science, Vol. 1102.Google Scholar - Cleaveland, R. and Panangaden, P. 1988. Type theory and concurrency.
*International Journal of Parallel Programming*, 17(2):153–206.Google Scholar - Cleaveland, R., Parrow, J., and Steffen, B. 1990. The concurrency workbench. In J. Sifakis, editor,
*Proceedings of the International Workshop on Automatic Verification Methods for Finite State Systems*, Lecture Notes in Computer Science, Vol. 407, Springer-Verlag, pp. 24–37.Google Scholar - Constable, R.L., Allen, S.F., Bromley, H.M. et al. 1986.
*Implementing Mathematics with the Nuprl Proof Development System*. Prentice Hall.Google Scholar - Dershowitz, N. and Jouannaud, J.P. 1990. Rewrite systems. In J. van Leeuwen, editor,
*Handbook of Theoretical Computer Science*, Vol. B: Formal Models and Semantics, Elsevier, pp. 243–320.Google Scholar - Dowek, G., Felty, A., Herbelin, H., Huet, G., Paulin, C., and Werner, B. 1991. The Coq proof assistant user's guide, Version 5.6. Technical Report 134, INRIA.Google Scholar
- Failure Divergence Refinement: FDR2 User Manual. Formal Systems (Europe) Ltd. 1992- 1997.Google Scholar
- Fernandez, J.C., Garavel, H., Kerbrat, A., Mateescu, R., Mounier, L., and Sighireanu, M. 1996. CADP: A protocol validation and verification toolbox. In R. Alur and T. Henzinger, editors, '
*96)*, Springer-Verlag, pp. 437–440. Lecture Notes in Computer Science, Vol. 1102.Google Scholar - Godskesen, J.C., Larsen, K.G., and Zeeberg, M. 1989. TAV users manual. Internal report R-89-19, Department of Computer Science, Aalborg University.Google Scholar
- Gordon, M.J.C. and Melham, T.F. (eds.). 1993.
*Introduction to HOL: A Theorem Proving Environment for Higher Order Logic*. Cambridge University Press.Google Scholar - Groote, J.F., Monin, F., and van de Pol, J.C. 1998. Checking verifications of protocols and distributed systems by computer. In D. Sangiorgi and R. de Simone, editors,
*Proceedings of CONCUR*'98, Springer Verlag, pp. 629–655. Lecture Notes in Computer Science, Vol. 1466. Also available as Computer Science Report 98/13, Department of Mathematics and Computer Science, Eindhoven University, 1998.Google Scholar - Groote, J.F. and van de Pol, J.C. 1996. A bounded retransmission protocol for large data packets. A case study in computer checked verification. In M. Wirsing and M. Nivat, editors,
*Proceedings of AMAST*'96, Springer Verlag, pp. 536–550. Lecture Notes in Computer Science, Vol. 1101.Google Scholar - Groote, J.F. and Ponse, A. 1990. The syntax and semantics of
*µ*CRL. Technical report CS-R9076, CWI, Amsterdam.Google Scholar - Groote, J.F. and Ponse, A. 1991. Proof theory for
*µ*CRL. Technical report CS-R9138, CWI, Amsterdam.Google Scholar - Hennessy, M. and Lin, H. 1995. Symbolic bisimulations.
*Theoretical Computer Science*, 138:353–389. Also available from Sussex as Computing Science Technical Report 1/92.Google Scholar - Hennessy,M. and Milner, R. 1985. Algebraic laws for nondeterminism and concurrency.
*Journal of the Association for Computing Machinery*, 32(1):137–161.Google Scholar - Hirshfeld, Y., Jerrum, M., and Moller, F. 1996a. A polynomial algorithm for deciding bisimilarity of normed context-free processes.
*Theoretical Computer Science*, 158:143–159. Also available from Edinburgh as LFCS report ECS-LFCS-94-286.Google Scholar - Hirshfeld, Y., Jerrum, M., and Moller, F. 1996b. A polynomial-time algorithm for deciding bisimulation equivalence of normed basic parallel processes.
*Mathematical Structures in Computer Science*, 6(3):251–259. Also available from Edinburgh as LFCS report ECS-LFCS-94-288.Google Scholar - Hoare, C.A.R. 1978. Communicating sequential processes.
*Communications of the Association for Computing Machinery*, 21(8):666–677.Google Scholar - Inverardi, P. and Nesi, M. 1995. Deciding observational congruence of finite-state CCS expressions by rewriting.
*Theoretical Computer Science*, 139:315–354.Google Scholar - Ireland, A. 1992. The use of planning critics in mechanizing inductive proofs. In A. Voronkov, editor,
*International Conference on Logic Programming and Automated Reasoning—LPAR 92, St*.*Petersburg*, Springer-Verlag, pp. 178–189. Lecture Notes in Artificial Intelligence, Vol. 624. Also available from Edinburgh as DAI Research Paper 592.Google Scholar - Ireland, A. and Bundy, A. 1996a. Productive use of failure in inductive proof.
*Journal of Automated Reasoning*, 16(1- 2):79–111. Also available as DAI Research Paper No. 716, Dept. of Artificial Intelligence, Edinburgh.Google Scholar - Ireland, A. and Bundy, A. 1996b. Extensions to a generalization critic for inductive proof. In M.A. McRobbie and J.K. Slaney, editors,
*13th Conference on Automated Deduction*, Springer-Verlag, pp. 47–61. Lecture Notes in Artificial Intelligence, Vol. 1104. Also available from Edinburgh as DAI Research Paper 786.Google Scholar - ISO. 1989.
*Information processing systems—Open Systems Interconnection—LOTOS—A formal description technique based on the temporal ordering of observational behaviour*. ISO 8807.Google Scholar - Korver, H. and Springintveld, J. 1994. A computer-checked verification of Milner's schedulers. In M. Hagiya and J.C. Mitchel, editors, '
*94)*, Springer-Verlag, pp. 161–178. Lecture Notes in Computer Science, Vol. 789.Google Scholar - Kraan, I., Basin, D., and Bundy, A. 1993. Logic program synthesis via proof planning. In K.K. Lau and T. Clement, editors,
*Logic ProgramSynthesis and Transformation*, Springer-Verlag, pp. 1–14. Also available as Max-Planck-Institut f¨ur Informatik Report MPI-I-92-244 and Edinburgh DAI Research Report 603.Google Scholar - Kurshan, R.P. and McMillan, K. 1989. A structural induction theorem for processes. In
*8th ACM Symposium on Principles Of Distributed Computing (PODC)*, ACM Press, pp. 239–247.Google Scholar - Lin, H. 1993. A verification tool for value-passing processes. In
*Proceedings of 13th International Symposium on Protocol Specification*,*Testing and Verification*, North-Holland. Series IFIP Transactions. Also available from Sussex as Computing Science Technical Report 8/93.Google Scholar - Lin, H. 1995. PAM: A process algebra manipulator.
*Formal Methods in System Design*, 7:243–259. Kluwer Academic publishers.Google Scholar - Milner, R. 1989.
*Communication and Concurrency*. London: Prentice Hall.Google Scholar - Milner, R. and Moller, F. 1993. Unique decomposition of processes.
*Theoretical Computer Science*, 107:357–363.Google Scholar - Milner, R., Parrow, J., and Walker, D. 1993. Mobile logics for mobile processes.
*Theoretical Computer Science*, 114:149–171. Also available from Edinburgh, as LFCS Report ECS-LFCS-91-136.Google Scholar - Monroy, R. 1997. Planning proofs of correctness of CCS systems. Ph.D. Thesis, Department of Artificial Intelligence, University of Edinburgh.Google Scholar
- Monroy, R., Bundy, A., and Green I. 1998a. Annotated term rewriting for deciding observation congruence. In H. Prade, editor,
*13th European Conference on Artificial Intelligence, ECAI*'98, Wiley & Sons, pp. 393–397.Google Scholar - Monroy, R., Bundy, A., and Green I. 1998b. Planning equational verification in CCS. In D. Redmiles and B. Nuseibeh, editors,
*13th Conference on Automated Software Engineering, ASE*'98, IEEE Computer Society Press, pp. 43–52. Candidate to best paper award.Google Scholar - Monroy, R., Bundy, A., and Ireland, A. 1994. Proof plans for the correction of false conjectures. In F. Pfenning, editor,
*5th International Conference on Logic Programming and Automated Reasoning, LPAR*'94s, Springer-Verlag, pp. 54–68. Lecture Notes in Artificial Intelligence, Vol. 822. Also available from Edinburgh as DAI Research Paper 681.Google Scholar - Negrete, S. 1996. Proof planning with logic presentations. Ph.D. Thesis, Department of Artificial Intelligence, University of Edinburgh.Google Scholar
- Nesi, M. 1992. Mechanizing a proof by induction of process algebra specifications in higher-order logic. In K.G. Larsen and A. Skou, editors,
*Proceedings of the 3rd InternationalWorkshop in Computer Aided Verification*('*91*), Springer Verlag, pp. 288–298. Lecture Notes in Computer Science, Vol. 575.Google Scholar - Nesi, M. 1999. Formalising a value-passing calculus in HOL.
*Formal Aspects of Computing*, 11:160–199.Google Scholar - Park, D. 1981. Concurrency and automata on infinite sequences. In P. Deussen, editor,
*Proceedings of the 5th GI-Conference on Theoretical Computer Science*, Springer Verlag, pp. 167–183. Lecture Notes in Computer Science, Vol. 104.Google Scholar - Paulson, L.C. 1994.
*Isabelle: A Generic Theorem Prover*. Springer-Verlag. Lecture Notes in Computer Science, Vol. 828.Google Scholar - Sellink, M.P.A. 1993. Verifying process algebra proofs in type-theory. Technical Report Logic Group Preprint Series 87, Utrecht University.Google Scholar
- Walsh, T., Nunes, A., and Bundy, A. 1992. The use of proof plans to sum series. In D. Kapur, editor,
*11th Conference on Automated Deduction*, Springer Verlag, pp. 325–339. Lecture Notes in Computer Science, Vol. 607. Also available from Edinburgh as DAI Research Paper 563.Google Scholar - Yoshida, T., Bundy, A., Green, I., Walsh, T., and Basin, D. 1994. Coloured rippling: An extension of a theorem proving heuristic. In A.G. Cohn, editor,
*Proceedings of ECAI-94*, John Wiley, pp. 85–89.Google Scholar