Abstract
Model checking is a technique for determining whether a finite state-transition system satisfies a specification expressed in temporal logic. It has been used successfully to verify a number of highly complex circuit and protocol designs. A major hurdle in using this approach to verify realistic designs is the state explosion problem. This problem tends to occur when the number of state variables is very large. In this paper we discuss two techniques for handling this problem. The first technique is based on exploiting symmetry in the state-transition graph. We show how to construct a reduced quotient graph that satisfies the same temporal properties as the original graph. The second technique applies to systems that can have an arbitrary number of processes. In this case induction at the process level can be used to avoid the state explosion problem. An invariant process can frequently be found whose correctness implies the correctness of the system. We describe several methods for finding such an invariant process when one exists.
This research was sponsored in part by the Avionics Laboratory, Wright Research and Development Center, Aeronautical Systems Division (AFSC), U.S. Air Force, Wright-Patterson AFB, Ohio 45433-6543 under Contract F33615-90-C-1465, ARPA Order No. 7597 and in part by the National Science Foundation under Grant no. CCR-8722633 and in part by the Semiconductor Research Corporation under Contract 92-DJ-294.
The views and conclusions contained in this document are those of the authors and should not be interpreted as representing the official policies, either expressed or implied, of the U.S. government.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
K. Apt and D. Kozen. Limits for automatic verification of finite-state systems. IPL, 15:307–309, 1986.
M. Browne, E. Clarke, and O. Grumberg. Characterizing finite kripke structures in propositional temporal logic. Theoretical Comput. Sci., 59:115–131, 1988.
M. Browne, E. Clarke, and O. Grumberg. Reasoning about networks with many identical finite-state processes. Inf. and Computation, 81(1):13–31, Apr. 1989.
R. E. Bryant. Graph-based algorithms for boolean function manipulation. IEEE Trans. Comput, C-35(8), 1986.
J. R. Burch, E. M. Clarke, D. E. Long, K. L. McMillan, and D. L. Dill. Symbolic model checking for sequential circuit verification. To appear in IEEE Trans. Comput.-Aided Design Integrated Circuits.
J. R. Burch, E. M. Clarke, K. L. McMillan, D. L. Dill, and J. Hwang. Symbolic model checking: 1020 states and beyond. In Proc. 5th Ann. Symp. on Logic in Comput. Sci. IEEE Comp. Soc. Press, June 1990.
E. Clarke, O. Grumberg, and S. Jha. Parametrized networks. In S. Smolka and I. Lee, editors, Proc. CONCUR '95: 6th International Conference on Concurrency Theory, Lecture Notes in Computer Science. Springer-Verlag, Aug. 1995.
E. Clarke, T.Filkorn, and S.Jha. Exploiting symmetry in temporal logic model checking. In Courcoubetis [11], pp. 450–462.
E. M. Clarke, E. A. Emerson, and A. P. Sistla. Automatic verification of finitestate concurrent systems using temporal logic specifications. ACM Trans. Prog. Lang. Syst., 8(2):244–263, 1986.
E. M. Clarke, O. Grumberg, and D. E. Long. Model checking and abstraction. In Proc. 19th Ann. ACM Symp. on Principles of Prog. Lang., Jan. 1992.
C. Courcoubetis (Ed.). Computer Aided Verification, Proc. 5th Int. Conf. (CAV'93), volume 697 of Lecture Notes in Computer Science. Springer-Verlag, June 1993.
E. Emerson and K. S. Namjoshi. Reasoning about rings. In Proc. 22nd Ann. ACM Symp. on Principles of Prog. Lang., Jan. 1995.
E. A. Emerson and A. P. Sistla. Symmetry and model checking. In Courcoubetis [11], pp. 463–477.
IEEE Computer Society. IEEE Standard for Futurebus+-Logical Protocol Specification, Mar. 1992. IEEE Standard 896.1-1991.
C. Ip and D. Dill. Better verification through symmetry. In L. Claesen, editor, Proc. 11th Int. Symp. on Comput. Hardware Description Lang. and their Applications. North-Holland, Apr. 1993.
R. P. Kurshan and K. L. McMillan. A structural induction theorem for processes. In Proc. 8th Ann. ACM Symp. on Principles of Distributed Computing. ACM Press, Aug. 1989.
B. Lin and A. R. Newton. Efficient symbolic manipulation of equvialence relations and classes. In Proc. 1991 Int. Workshop on Formal Methods in VLSI Design, Jan. 1991.
R. Marelly and O. Grumberg. GORMEL-Grammar ORiented ModEL checker. Technical Report 697, The Technion, Oct. 1991.
R. Milner. A Calculus of Communicating Systems, volume 92 of Lecture Notes in Computer Science. Springer-Verlag, 1980.
Z. Shtadler and O. Grumberg. Network grammars, communication behaviors and automatic verification. In Sifakis [21], pp. 151–165.
J. Sifakis (Ed.). Automatic Verification Methods for Finite State Systems, Proc. Int Workshop, volume 407 of Lecture Notes in Computer Science. Springer-Verlag, June 1989.
P. D. Vigna and C. Ghezzi. Context-free graph grammars. Inf. and Computation, 37:207–233, Apr. 1978.
P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Sifakis [21], pp. 68–80.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1995 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Clarke, E.M., Jha, S. (1995). Symmetry and induction in model checking. In: van Leeuwen, J. (eds) Computer Science Today. Lecture Notes in Computer Science, vol 1000. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0015260
Download citation
DOI: https://doi.org/10.1007/BFb0015260
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-60105-0
Online ISBN: 978-3-540-49435-5
eBook Packages: Springer Book Archive