Formal Verification of an Executable LTL Model Checker with Partial Order Reduction

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9690)

Abstract

We present a formally verified and executable on-the-fly LTL model checker that uses ample set partial order reduction. The verification is done using the proof assistant Isabelle/HOL and covers everything from the abstract correctness proof down to the generated SML code. Building on Doron Peled’s paper “Combining Partial Order Reductions with On-the-Fly Model-Checking”, we formally prove abstract correctness of ample set partial order reduction. This theorem is independent of the actual reduction algorithm. We then verify a reduction algorithm for a simple but expressive fragment of Promela. We use static partial order reduction, which allows separating the partial order reduction and the model checking algorithms regarding both the correctness proof and the implementation. Thus, the Cava model checker that we verified in previous work can be used as a back end with only minimal changes. Finally, we generate executable SML code using a stepwise refinement approach. We test our model checker on some examples, observing the effectiveness of the partial order reduction algorithm.

References

  1. 1.
    Back, R.J., von Wright, J.: Refinement Calculus: A Systematic Introduction. Graduate Texts in Computer Science. Springer, Heidelberg (1998)CrossRefMATHGoogle Scholar
  2. 2.
    Blanchette, J.C., Hölzl, J., Lochbihler, A., Panny, L., Popescu, A., Traytel, D.: Truly modular (co)datatypes for Isabelle/HOL. In: Klein, G., Gamboa, R. (eds.) ITP 2014. LNCS, vol. 8558, pp. 93–110. Springer, Heidelberg (2014)Google Scholar
  3. 3.
    Brunner, J.: Implementation and Verification of Partial Order Reduction for On-The-Fly Model Checking. MA thesis. Technische Universität München, 83 p., 15 July 2014. http://www21.in.tum.de/brunnerj/documents/ivporotfmc.pdf
  4. 4.
    Chou, C.T., Peled, D.: Formal verification of a partial-order reduction technique for model checking. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 241–257. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  5. 5.
    Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.-G.: A fully verified executable LTL model checker. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 463–478. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  6. 6.
    Esparza, J., Lammich, P., Neumann, R., Nipkow, T., Schimpf, A., Smaus, J.G.: A fully verified executable LTL model checker. Archive of Formal Proofs, May 2014. http://afp.sf.net/entries/CAVA_LTL_Modelchecker.shtml, formal proof development
  7. 7.
    Holzmann, G.J.: The SPIN Model Checker. Primer and Reference Manual. Addison-Wesley Professional, Reading (2003)Google Scholar
  8. 8.
    Holzmann, G.J., Peled, D., Yannakakis, M.: On nested depth first search. In: SPIN Workshop, vol. 32, pp. 81–89 (1996)Google Scholar
  9. 9.
    Kurshan, R.P., Levin, V., Minea, M., Peled, D.A., Yenigün, H.: Static partial order reduction. In: Steffen, B. (ed.) TACAS 1998. LNCS, vol. 1384, pp. 345–357. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  10. 10.
    Lammich, P.: Verified efficient implementation of Gabow’s strongly connected component algorithm. In: Klein, G., Gamboa, R. (eds.) ITP 2014. LNCS, vol. 8558, pp. 325–340. Springer, Heidelberg (2014)Google Scholar
  11. 11.
    Lammich, P.: Collections framework. Archive of Formal Proofs, November 2009. http://afp.sf.net/entries/Collections.shtml, formal proof development
  12. 12.
    Lammich, P.: Refinement for monadic programs. Archive of Formal Proofs, January 2012. http://afp.sf.net/entries/Refine_Monadic.shtml, formal proof development
  13. 13.
    Lammich, P.: The CAVA automata library. Archive of Formal Proofs, May 2014. http://afp.sf.net/entries/CAVA_Automata.shtml, formal proof development
  14. 14.
    Lammich, P.: Refinement to Imperative/HOL. In: Urban, C., Zhang, X. (eds.) ITP 2015. LNCS, vol. 9236, pp. 253–269. Springer, Switzerland (2015)Google Scholar
  15. 15.
    Lammich, P., Lochbihler, A.: The Isabelle collections framework. In: Kaufmann, M., Paulson, L.C. (eds.) ITP 2010. LNCS, vol. 6172, pp. 339–354. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Lammich, P., Neumann, R.: A Framework for Verifying Depth-First Search Algorithms. In: CPP, pp. 137–146. ACM, 13 January 2015Google Scholar
  17. 17.
    Lammich, P., Tuerk, T.: Applying data refinement for monadic programs to Hopcroft’s algorithm. In: Beringer, L., Felty, A. (eds.) ITP 2012. LNCS, vol. 7406, pp. 166–182. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Lochbihler, A.: Coinductive. Archive of Formal Proofs, February 2010. http://afp.sf.net/entries/Coinductive.shtml, formal proof development
  19. 19.
    Mazurkiewicz, A.: Trace theory. In: Reisig, W., Brauer, W., Rozenberg, G. (eds.) APN 1986. LNCS, vol. 255, pp. 278–324. Springer, Heidelberg (1987)Google Scholar
  20. 20.
    Merz, S.: Stuttering equivalence. Archive of Formal Proofs, May 2012. http://afp.sf.net/entries/Stuttering_Equivalence.shtml, formal proof development
  21. 21.
    Naimi, M., Trehel, M., Arnold, A.: A log (n) distributed mutual exclusion algorithm based on path reversal. J. Parallel Distrib. Comput. 34(1), 1–13 (1996)CrossRefGoogle Scholar
  22. 22.
    Neumann, R.: Using Promela in a fully verified executable LTL model checker. In: Giannakopoulou, D., Kroening, D. (eds.) VSTTE 2014. LNCS, vol. 8471, pp. 105–114. Springer, Heidelberg (2014)Google Scholar
  23. 23.
    Nipkow, T., Paulson, L.C., Wenzel, M. (eds.): Isabelle/HOL. LNCS, vol. 2283. Springer, Heidelberg (2002)MATHGoogle Scholar
  24. 24.
    Paulson, L., Nipkow, T., Wenzel, M.: Isabelle (2014). http://isabelle.in.tum.de
  25. 25.
    Peled, D.: Combining partial order reductions with on-the-fly model-checking. Formal Meth. Syst. Des. 8(1), 39–64 (1996)CrossRefGoogle Scholar
  26. 26.
    Peled, D., Wilke, T.: Stutter-invariant temporal properties are expressible without the next-time operator. Inf. Process. Lett. 63(5), 243–246 (1997)MathSciNetCrossRefMATHGoogle Scholar
  27. 27.
    Wadler, P.: Comprehending monads. Math. Struct. Comput. Sci. 2, 461–493 (1992)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  1. 1.Technische Universität MünchenMunichGermany

Personalised recommendations