Normed simulations

  • David Griffioen
  • Frits Vaandrager
Regular Papers
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1427)


In existing simulation proof techniques, a single step in a low-level system may be simulated by an extended execution fragment in a high-level system. As a result, it is undecidable whether a given relation is a simulation, even if tautology checking is decidable for the underlying specification logic. This paper introduces various types of . In a normed simulation, each step in a low-level system can be simulated by at most one step in the high level system, for any related pair of states. We show that it is decidable whether a given relation is a normed simulation relation, given that tautology checking is decidable. We also prove that, at the semantic level, normed simulations form a complete proof method for establishing behavior inclusion, provided that the high-level system has finite invisible nondeterminism. As an illustration of our method we discuss the verification in PVS of a leader election algorithm that is used within the IEEE 1394 protocol.




Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    M. Abadi and L. Lamport. The existence of refinement mappings. Theoretical Computer Science, 82(2):253–284, 1991.CrossRefGoogle Scholar
  2. 2.
    S. Bensalem, Y. Lakhnech, and H. Saidi. Powerful techniques for the automatic generation of invariants. In Proc. CAV'96, LNCS 1102, pp 323–335. Springer, 1996.Google Scholar
  3. 3.
    M. Browne, E. Clarke, and O. Grümberg. Characterizing finite Kripke structures in propositional temporal logic. Theoretical Comp. Sci., 59(1,2):115–131, 1988.CrossRefGoogle Scholar
  4. 4.
    R. De Nicola and F. Vaandrager. Three logics for branching bisimulation. Journal of the ACM, 42(2):458–487, 1995.CrossRefGoogle Scholar
  5. 5.
    M. Devillers, W. Griffioen, and O. Müller. Possibly infinite sequences: A comparative case study. In Proc. TPHOLs'97, LNCS 1275, pp 89–104. Springer, 1997.Google Scholar
  6. 6.
    M. Devillers, W. Griffioen, J. Romijn, and F. Vaandrager. Verification of a leader election protocol — formal methods applied to IEEE 1394. Technical Report CSI-R9728, University of Nijmegen, 1997.Google Scholar
  7. 7.
    S. Garland, N. Lynch, and M. Vaziri. IOA: A language for specifiying, programming, and validating distributed systems, September 1997. Available through Scholar
  8. 8.
    R. Gawlick, R. Segala, J. Søgaard-Andersen, and N. Lynch. Liveness in timed and untimed systems. In Proc. 21 th ICALP, LNCS 820. Springer, 1994. A full version appears as MIT Technical Report MIT/LCS/TR-587.Google Scholar
  9. 9.
    R. van Glabbeek and W. Weijland. Branching time and abstraction in bisimulation semantics. Journal of the ACM, 43(3):555–600, 1996.CrossRefGoogle Scholar
  10. 10.
    J. Groote and J. Springintveld. Focus points and convergent process operators — a proof strategy for protocol verification. Report CS-119566, CWI, 1995.Google Scholar
  11. 11.
    L. Helmink, M. Sellink, and F. Vaandrager. Proof-checking a data link protocol. In Proc. TYPES'93, LNCS 806, pp 127–165. Springer, 1994.Google Scholar
  12. 12.
    IEEE Computer Society. IEEE Standard for a High Performance Serial Bus. Std 1394-1995, August 1996.Google Scholar
  13. 13.
    N. Lynch and F. Vaandrager. Forward and backward simulations, I: Untimed systems. Information and Computation, 121(2):214–233, 1995.CrossRefGoogle Scholar
  14. 14.
    K. Namjoshi. A simple characterization of stuttering bisimulation. In Proc. FST & TCS'97, LNCS 1346, pp 284–296. Springer, 1997.Google Scholar
  15. 15.
    T. Nipkow and K. Slind. I/O automata in Isabelle/HOL. In Types for Proofs and Programs, LNCS 996, pp 101–119. Springer, 1995.Google Scholar
  16. 16.
    S. Owre, J. Rushby, N. Shankar, and F. von Henke. Formal verification for fault-tolerant architectures: Prolegomena to the design of PVS. IEEE Transactions on Software Engineering, 21(2):107–125, 1995.CrossRefGoogle Scholar
  17. 17.
    A. Sistla. Proving correctness with respect to nondeterministic safety specifications. Information Processing Letters, 39(1):45–49, 1991.CrossRefMathSciNetGoogle Scholar
  18. 18.
    J. Søgaard-Andersen, S. Garland, J. Guttag, N. Lynch, and A. Pogosyants. Computer-assisted simulation proofs. In Proc. CAV'93, LNCS 697, pp 305–319. Springer, 1993.Google Scholar
  19. 19.
    J. Søgaard-Andersen, N. Lynch, and B. Lampson. Correctness of communication protocols — a case study. Report MIT/LCS/TR-589, MIT, Cambridge, MA, 1993.Google Scholar

Copyright information

© Springer-Verlag 1998

Authors and Affiliations

  • David Griffioen
    • 1
    • 2
  • Frits Vaandrager
    • 2
  1. 1.CWIGB AmsterdamThe Netherlands
  2. 2.Computing Science InstituteUniversity of NijmegenGL NijmegenThe Netherlands

Personalised recommendations