# An integration of model checking with automated proof checking

## Abstract

Although automated proof checking tools for general-purpose logics have been successfully employed in the verification of digital systems, there are inherent limits to the efficient automation of expressive logics. If the expressiveness is constrained, there are useful logic fragments for which efficient decision procedures can be found. The model checking paradigm yields an important class of decision procedures for establishing temporal properties of finite-state systems. Model checking is remarkably effective for automatically verifying finite automata with relatively small state spaces, but is inadequate when the state spaces are either too large or unbounded. For this reason, it is useful to integrate the complementary technologies of model checking and proof checking. Such an integration has to be carried out in a delicate manner in order to be more than just the sum of the techniques. We describe an approach for such an integration where a BDD-based model checker for the propositional mu-calculus has been used as a decision procedure within the framework of the PVS proof checker. We argue that our approach fits in nicely with the design philosophy of PVS of providing highly effective mechanical reasoning capability by using efficient decision procedures as the workhorses of an interactive proof checker.

## Keywords

Model Check Temporal Logic Decision Procedure Theorem Prove Binary Decision Diagram## References

- 1.Julian Bradfield and Colin Stirling. Verifying temporal properties of processes. In J. C. M. Baeten and J. W. Klop, editors,
*CONCUR '90*, number 458 in Lecture Notes in Computer Science, pages 115–125. Springer Verlag, 1990.Google Scholar - 2.J. R. Burch, E. M. Clarke, D. E. Long, K. L. McMillan, and D. L. Dill. Symbolic model checking for sequential circuit verification.
*IEEE Transactions on Computer-Aided Design*, 13(4):401–424, April 1994.CrossRefGoogle Scholar - 3.J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and L. J. Hwang. Symbolic model checking: 10
^{20}states and beyond.*Information and Computation*, 98(2): 142–170, June 1992.CrossRefGoogle Scholar - 4.E. Clarke, O. Grumberg, and K. Hamaguchi. Another look at LTL model checking. In David Dill, editor,
*Computer-Aided Verification 94*, volume 818 of*Lecture Notes in Computer Science*, pages 415–427, Stanford, CA, June 1994. Springer Verlag.Google Scholar - 5.Edmund M. Clarke, Orna Grumberg, and David E. Long. Model checking and abstraction.
*ACM Transactions on Programming Languages and Systems*, 16(5):1512–1542, September 1994.Google Scholar - 6.R. Cleaveland. Tableau-based model checking in the prepositional mu-calculus. Technical Report 2/89, University of Sussex, March 1989.Google Scholar
- 7.Dennis Dams, Orna Grumberg, and Rob Gerth. Abstract interpretation of reactive systems: Abstractions preserving ∀CTL
^{*}, ∃CTL^{*}and CTL^{*}. In Ernst-Rüdiger Olderog, editor,*Programming Concepts, Methods and Calculi (PROCOMET '94)*, pages 561–581, 1994.Google Scholar - 8.Jürgen Dingel and Thomas Filkorn. Model checking for infinite state systems using data abstraction, assumption-commitment style reasoning and theorem proving. In
*Computer-Aided Verification 95*, 1995. This volume.Google Scholar - 9.E. Allen Emerson. Temporal and modal logic. In Jan van Leeuwen, editor,
*Handbook of Theoretical Computer Science*, volume B: Formal Models and Semantics, chapter 16, pages 995–1072. Elsevier and MIT press, Amsterdam, The Netherlands, and Cambridge, MA, 1990.Google Scholar - 10.E.A. Emerson and C.L Lei. Efficient model checking in fragments of the propositional mu-calculus. In
*Proceedings of the 10th Symposium on Principles of Programming Languages*, pages 84–96, New Orleans, LA, January 1985. Association for Computing Machinery.Google Scholar - 11.Urban Engberg, Peter Grønning, and Leslie Lamport. Mechanical verification of concurrent systems with TLA. In G. v. Bochmann and D. K. Probst, editors,
*Computer-Aided Verification 92*, number 663 in Lecture Notes in Computer Science, pages 44–55. Springer Verlag, 1992.Google Scholar - 12.M. J. C. Gordon and T. F. Melham, editors.
*Introduction to HOL: A Theorem Proving Environment for Higher-Order Logic*. Cambridge University Press, Cambridge, UK, 1993.Google Scholar - 13.Susanne Graf. Verification of a distributed cache memory by using abstractions. In David L. Dill, editor,
*Computer-Aided Verification 94*, number 818 in Lecture Notes in Computer Science, pages 207–219. Springer Verlag, 1994.Google Scholar - 14.G. Janssen.
*ROBDD Software*. Department of Electrical Engineering, Eindhoven University of Technology, October 1993.Google Scholar - 15.Jeffrey J. Joyce and Carl-Johan H. Seger. Linking Bdd-based symbolic evaluation to interactive theorem proving. In
*Proceedings of the 30th Design Automation Conference*. Association for Computing Machinery, 1993.Google Scholar - 16.D. Kozen. Results on the propositional mu-calculus.
*Theoretical Computer Science*, pages 333–354, December 1983.Google Scholar - 17.R. Kurshan and L. Lamport. Verification of a multiplier: 64 bits and beyond. In Costas Courcoubetis, editor,
*Computer-Aided Verification93*, volume 697 of*Lecture Notes in Computer Science*, pages 166–179, Elounda, Greece, June/July 1993. Springer Verlag.Google Scholar - 18.R.P. Kurshan.
*Automata-Theoretic Verification of Coordinating Processes*. Princeton University Press, Princeton, NJ, 1993.Google Scholar - 19.R.P. Kurshan and K. McMillan. A structural induction theorem for processes. In
*8th ACM Symposium on Principles of Distributed Computing*, pages 239–248, Edmonton, Alberta, Canada, August 1989.Google Scholar - 20.Kenneth L. McMillan.
*Symbolic Model Checking*. Kluwer Academic Publishers, Boston, MA, 1993.Google Scholar - 21.Steven P. Miller and Mandayam Srivas. Formal verification of the AAMP5 microprocessor: A case study in the industrial use of formal methods. In
*WIFT '95: Workshop on Industrial-Strength Formal Specification Techniques*, pages 2–16, Boca Raton, FL, 1995. IEEE Computer Society.Google Scholar - 22.Olaf Müller and Tobias Nipkow. Combining model checking and deduction for I/O automata. Draft manuscript, 1995.Google Scholar
- 23.S. Owre, J. M. Rushby, and N. Shankar. PVS: A prototype verification system. In Deepak Kapur, editor,
*11th International Conference on Automated Deduction (CADE)*, volume 607 of*Lecture Notes in Artificial Intelligence*, pages 748–752, Saratoga, NY, June 1992. Springer-Verlag.Google Scholar - 24.D. Park. Finiteness is mu-effable. Technical Report 3, The University of Warwick, March 1989. Theory of Computation Report.Google Scholar
- 25.P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor,
*International Workshop on Automatic Verification Methods for Finite State Systems*, volume 407 of*Lecture Notes in Computer Science*, pages 68–80, Grenoble, France, June 1989. Springer-Verlag.Google Scholar