A verified model checker for the modal Μ-calculus in Coq

  • Christoph Sprenger
Regular Sessions Various Applications
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1384)


We report on the formalisation and correctness proof of a model checker for the modal Μ-calculus in Coq's constructive type theory. Using Coq's extraction mechanism we obtain an executable Caml program, which is added as a safe decision procedure to the system. We thereby avoid the generation of large proof objects while preserving the high reliability of the proof environment. An example illustrates the combination of model checking with deductive techniques.


Model Checker Atomic Proposition Label Transition System Correctness Proof Inductive Type 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    H. R. Andersen. Verification of Temporal Properties of Concurrent Systems. PhD thesis, Computer Science Department, Aarhus University, June 1993.Google Scholar
  2. 2.
    L. Augustsson, T. Coquand, and B. Nordström. A short description of another logical framework. In G. Huet and P. G., editors, Preliminary Proceedings of Logical Frameworks, 1990.Google Scholar
  3. 3.
    H. P. Barendregt. Lambda calculi with types. In S. Abramsky, D. M. Gabbay, and T. S. E. Maibaum, editors, Handbook of Logic in Computer Science, volume 2: Background: Computational Structures, pages 118–309. Oxford University Press, 1992.Google Scholar
  4. 4.
    B. Barras. Coq en Coq. Technical Report 3026, INRIA, Oct. 1996.Google Scholar
  5. 5.
    B. Barras, S. Boutin, C. Cornes, J. Courant, j.-C. Filiâtre, E. Giménez, H. Herbelin, G. Huet, and al. The Coq Proof Assistant Reference Manual, Version 6.1. Projet Coq, INRIA Rocquencourt, CNRS — ENS Lyon, Dec. 1996.Google Scholar
  6. 6.
    J. Bradfield and C. Stirling. Local model checking for infinite state spaces. Theoretical Computer Science, 96:157–174, 1992.zbMATHMathSciNetCrossRefGoogle Scholar
  7. 7.
    E. M. Clarke, O. Grumberg, and D. E. Long. Model checking and abstraction. ACM Transactions on Programming Languages and Systems, 16(5):1512–1542, Sept. 1994.CrossRefGoogle Scholar
  8. 8.
    R. Cleaveland. Tableau-based model checking in the propositional Μ-calculus. Acta Informatica, 27:725–747, 1990.zbMATHMathSciNetCrossRefGoogle Scholar
  9. 9.
    R. Cleaveland and B. Steffen. A preorder for partial process specifications. In CONCUR ' 90, volume 458 of Lecture Notes in Computer Science. Springer-Verlag, 1990.Google Scholar
  10. 10.
    T. Coquand and G. Huet. The calculus of constructions. Information and Computation, 76:95–120, 1988.zbMATHMathSciNetCrossRefGoogle Scholar
  11. 11.
    D. Dams, O. Grumberg, and R. Gerth. Abstract interpretation of reactive systems. ACM Transactions on Programming Languages and Systems, 19(2):253–291, 1997.CrossRefGoogle Scholar
  12. 12.
    J. Dingel and T. Filkorn. Model checking for infinite state systems using data abstraction, assumption-commitment style reasoning and theorem proving. In CAV '95, volume 939 of Lecture Notes in Computer Science. Springer-Verlag, 1995.Google Scholar
  13. 13.
    J.-Y. Girard, Y. Lafont, and P. Taylor. Proofs and Types, volume 7 of Cambrdge Tracts in Theoretical Computer Science. Cambridge University Press, 1989.Google Scholar
  14. 14.
    R. P. Kurshan and K. McMillan. A structural induction theorem for processes. In 8th ACM Symposium on Principles of Distributed Computing, pages 239–248, 1989.Google Scholar
  15. 15.
    C. Loiseaux, S. Graf, J. Sifakis, A. Bouajjani, and B. S. Property preserving abstractions for the verification of concurrent systems. Formal Methods in System Design, 6:11–44, 1995.zbMATHCrossRefGoogle Scholar
  16. 16.
    Z. Luo and R. Pollack. Lego proof development system: User's manual. Technical Report ECS-LFCS-92-211, Department of Computer Science, University of Edinburgh, 1992.Google Scholar
  17. 17.
    R. Milner. Communication and Concurrency. Prentice Hall International Series in Computer Science. Prentice Hall, 1989.Google Scholar
  18. 18.
    O. Müller and T. Nipkow. Combining model checking and deduction for I/O-automata. In TACAS 95, volume 1019 of Lecture Notes in Computer Science, pages 1–16. Springer-Verlag, 1995.Google Scholar
  19. 19.
    C. Parent. Synthèse de preuves de programmes dans le Calcul des Constructions Inductives. PhD thesis, Ecole Normale Supérieure de Lyon, Jan. 1995.Google Scholar
  20. 20.
    C. Paulin-Mohring. Extracting programs from proofs in the Calculus of Constructions. In Sixteenth Annual ACM Symposium on the Priciples of Programming Languages, Austin, Texas, Jan. 1989.Google Scholar
  21. 21.
    C Paulin-Mohring. Extraction de programmes dans le Calcul des Constructions. PhD thesis, Université de Paris VII, Jan. 1989.Google Scholar
  22. 22.
    C. Paulin-Mohring. Inductive definitions in the system Coq — rules and properties. Technical Report 92-49, Laboratoire de l'Informatique du Parallélisme, ENS Lyon, France, Dec. 1992.Google Scholar
  23. 23.
    C. Paulin-Mohring and B. Werner. Synthesis of ML programs in the system coq. Journal of Symbolic Computation, 11:1–34, 1993.MathSciNetGoogle Scholar
  24. 24.
    S. Rajan, N. Shankar, and M. K. Srivas. An integration of model checking with automated proof checking. In CAV '95, volume 939 of Lecture Notes in Computer Science, pages 84–97. Springer-Verlag, 1995.Google Scholar
  25. 25.
    B. Werner. Une Théorie des Constructions Inductives. PhD thesis, Université de Paris 7, France, 1994.Google Scholar
  26. 26.
    G. Winskel. A note on model checking the modal Μ-calculus. Theoretical Computer Science, 83:157–167, 1991.zbMATHCrossRefGoogle Scholar
  27. 27.
    P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, International Workshop on Automatic Verification Methods for Finite State Systems, volume 407 of Lecture Notes in Computer Science, pages 68–80. Springer-Verlag, 1989.Google Scholar
  28. 28.
    S. Yu and Z. Luo. Implementing a model checker for LEGO. In Formal Methods Europe, 1997.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Christoph Sprenger
    • 1
  1. 1.Computer Networking LaboratorySwiss Federal Institute of TechnologyLausanneSwitzerland

Personalised recommendations