In existing simulation proof techniques, a single step in a low-level system may be simulated by an extended execution fragment in a high-level system. As a result, it is undecidable whether a given relation is a simulation, even if tautology checking is decidable for the underlying specification logic. This paper introduces various types of . In a normed simulation, each step in a low-level system can be simulated by at most one step in the high level system, for any related pair of states. We show that it is decidable whether a given relation is a normed simulation relation, given that tautology checking is decidable. We also prove that, at the semantic level, normed simulations form a complete proof method for establishing behavior inclusion, provided that the high-level system has finite invisible nondeterminism. As an illustration of our method we discuss the verification in PVS of a leader election algorithm that is used within the IEEE 1394 protocol.
Unable to display preview. Download preview PDF.
- 2.S. Bensalem, Y. Lakhnech, and H. Saidi. Powerful techniques for the automatic generation of invariants. In Proc. CAV'96, LNCS 1102, pp 323–335. Springer, 1996.Google Scholar
- 5.M. Devillers, W. Griffioen, and O. Müller. Possibly infinite sequences: A comparative case study. In Proc. TPHOLs'97, LNCS 1275, pp 89–104. Springer, 1997.Google Scholar
- 6.M. Devillers, W. Griffioen, J. Romijn, and F. Vaandrager. Verification of a leader election protocol — formal methods applied to IEEE 1394. Technical Report CSI-R9728, University of Nijmegen, 1997.Google Scholar
- 7.S. Garland, N. Lynch, and M. Vaziri. IOA: A language for specifiying, programming, and validating distributed systems, September 1997. Available through http://larch.lcs.mit.edu:8001/~garland/ioaLanguage.html.Google Scholar
- 8.R. Gawlick, R. Segala, J. Søgaard-Andersen, and N. Lynch. Liveness in timed and untimed systems. In Proc. 21 th ICALP, LNCS 820. Springer, 1994. A full version appears as MIT Technical Report MIT/LCS/TR-587.Google Scholar
- 10.J. Groote and J. Springintveld. Focus points and convergent process operators — a proof strategy for protocol verification. Report CS-119566, CWI, 1995.Google Scholar
- 11.L. Helmink, M. Sellink, and F. Vaandrager. Proof-checking a data link protocol. In Proc. TYPES'93, LNCS 806, pp 127–165. Springer, 1994.Google Scholar
- 12.IEEE Computer Society. IEEE Standard for a High Performance Serial Bus. Std 1394-1995, August 1996.Google Scholar
- 14.K. Namjoshi. A simple characterization of stuttering bisimulation. In Proc. FST & TCS'97, LNCS 1346, pp 284–296. Springer, 1997.Google Scholar
- 15.T. Nipkow and K. Slind. I/O automata in Isabelle/HOL. In Types for Proofs and Programs, LNCS 996, pp 101–119. Springer, 1995.Google Scholar
- 18.J. Søgaard-Andersen, S. Garland, J. Guttag, N. Lynch, and A. Pogosyants. Computer-assisted simulation proofs. In Proc. CAV'93, LNCS 697, pp 305–319. Springer, 1993.Google Scholar
- 19.J. Søgaard-Andersen, N. Lynch, and B. Lampson. Correctness of communication protocols — a case study. Report MIT/LCS/TR-589, MIT, Cambridge, MA, 1993.Google Scholar