P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Automatic Veri cation Methods for Finite State Systems, volume 407 of Lecture Notes in Computer Science, pages 68-80. Springer-Verlag, 1989.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... conditions that enable their automatic veri cation and abstraction tools to facilitate the task (e.g. 7, 6, 19, 21] One of the promising approaches to the uniform veri cation of parameterized systems is the method of network invariants , rst mentioned in [3, 23] further developed in [24] (who also coined the name network invariant ) and elaborated in [13] into a working method. The formulation here follows [11] which is somewhat akin in spirit to both [24] and [13] A signi cant improvement of our approach over [24] and [13] and most other works that use abstraction for veri ....

....veri cation of parameterized systems is the method of network invariants , rst mentioned in [3, 23] further developed in [24] who also coined the name network invariant ) and elaborated in [13] into a working method. The formulation here follows [11] which is somewhat akin in spirit to both [24] and [13] A signi cant improvement of our approach over [24] and [13] and most other works that use abstraction for veri cation is that our notion of abstraction takes into account the fairness properties of the compared systems. Consequently, our abstraction can support and simplify proofs of ....

[Article contains additional citation context not shown here]

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, Automatic Veri cation Methods for Finite State Systems, volume 407 of Lect. Notes in Comp. Sci., pages 68-80. SpringerVerlag, 1989.

.... number, say N 0 , such that validity of (1) over S[N ] for every N N 0 suces to establish its validity for all N N [APR 01,EN95,EN96,EK00,PRZ01] To prove the liveness property of a parameterized system, we propose a variant of the network invariant strategy of [KP00] see also [WL89,BCG86,CGJ95] KM95] The approach is described by: 1. Divine a network invariant I which is an fds intended to provide an abstraction for the parallel composition of P 2 k k Pn for any n c for some small constant c. 2. Con rm that I is indeed a network invariant, by verifying that P ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, Automatic Veri cation Methods for Finite State Systems, volume 407 of Lect. Notes in Comp. Sci., pages 68-80. Springer-Verlag, 1989.

.... of such systems, and abstraction tools to facilitate the task (e.g. KP00,APR 01,EN95,EN96,EK00,KPSZ02] One of the promising approaches to the uniform verification of parameterized systems is the method of network invariants, first mentioned in [BCG86,SG89] further developed in [WL89] who also coined the name network invariant ) and elaborated in [KM95] into a working method. In [KP00,KPSZ02] we extended the approach by using a notion of abstraction that takes into account the fairness properties of the compared systems. The approach was developed into a working method and ....

....the liveness of a probabilistic N process mutual exclusion algorithm. Previous attempts to verify the same protocol were either manual [PZ86a] or automatic for N 10 [KNSJ00] 4. 3 Network Invariants The method of network invariants was first mentioned in [BCG86,SG89] further developed in [WL89] who also coined the name network invariant ) and elaborated in [KM95] into a working method. The formulation here follows [KP00] and [KPSZ02] which take into account the fairness properties of the compared systems and support proofs of liveness properties. In order to apply the method to ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, Automatic Verification Methods for Finite State Systems, volume 407 of LNCS, pages 68--80. Springer-Verlag, 1989.

....of a parameterized systems is one of the most thoroughly researched problems in computer science. Many methods have been proposed for the uniform verification of parameterized systems. These include explicit induction [EN96,SG92] network invariants, which can be viewed as implicit induction [WL89,HLR92,LHR97,KM95,KP00] methods that can be viewed as abstraction and approximation of network invariants [BCG86,SG89,CGJ95] and other methods that can be viewed as based on abstraction [ID96,EN96] Regular model checking has been advocated by [KMM 97] and [WB98] as a uniform paradigm for ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, Automatic Verification Methods for Finite State Systems, volume 407 of Lect. Notes in Comp. Sci., pages 68--80. Springer-Verlag, 1989. 26

....quantification [8] allowing one to examine different processes in different encountered states. Related Work: There exist several approaches to the parametric verification problem. We can mention, for example, the use of symbolic model checking, automated) abstraction, or network invariants [10, 1, 3, 14, 11, 12]. The idea of cut offs has already been used in several contexts [9, 6, 7, 5] too. However, to the best of our knowledge, there is no work covering the class of parametric systems considered here, i.e. parametric resource sharing systems with a prioritized FIFO resource management. The two ....

P. Wolper, V. Lovinfosse. Verifying Properties of Large Sets of Processes with Network Invariants. In Autom. Verification Methods for Finite State Systems, LNCS 407, 1989. Springer.

....9 presents the publications which have resulted from my research. 12 Related Work Many methods have been proposed for the uniform verification of parameterized systems. These include explicit induction ( EN95] SG92] network invariants, which can be viewed as implicit induction ( KM89] WL89] HLR92] LHR97] Sis97] methods that can be viewed as abstraction and approximation of network invariants ( BCG86] SG89] CGJ95] and other methods that can be viewed as based on abstraction ( ID96] EN96] One of the main inspirations to the work reported here was [CGJ95] and its ....

P. Wolper and V. Lovingfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, Automatic Verification Methods for Finite State Systems, volume 407 of Lect. Notes in Comp. Sci., pages 68--80. Springer-Verlag, 1989.

....aimed at verifying properties of parametric systems in which the size of the system depends on a parameter. One approach for the verification of parametric systems is the construction of a network invariant simulating the behavior of an environment that consists of an arbitrary number of threads [19]. In this approach, a network invariant is first constructed, and then used as an environment in the verification of a single thread. Construction of a network invariant can be automated in some cases [1] but often requires some insight and understanding of system behavior. In contrast, when ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, Proceedings of the International Workshop on Automatic Verification Methods for Finite State Systems, volume 407 of LNCS, pages 68 80, Berlin, June 1990. Springer.

....of processes in order to have the full behaviour of the algorithm. Then the usual verification methods are applied. However the search of the correct number is partially automatic. In [Sistla87] automatic verifications are obtained by restricting either the model, or the formulae language. In [Wolper89], an alternative approach is proposed where induction on formulae is used to verify a given invariant. In this paper we present a model for parametrized parallel computations close to the one of [Clarke87] this model is composed by two synchronized automata one of which represents the behaviour ....

Wolper P., Lovinfosse V.,Verifying Properties of Large Sets of Processes with Network Invariants, Automatic, Proc. International Workshop on automatic Verification Methods for Finite State Systems, Grenoble, France, 1989, LNCS 407, Springer Verlag, pages 68-80.

.... example we consider in Section 6 which contains some disjunctive and some conjunctive guards, cannot be handled by the methods of [EK00] The sound but incomplete methods include methods based on explicit induction ( EN95] network invariants, which can be viewed as implicit induction ( KM95] WL89] HLR92] LHR97] methods that can be viewed as abstraction and approximation of network invariants ( BCG86] SG89] CGJ95] KP00] and other methods that can be viewed as based on abstraction ( ID96] The papers in [CR99a,CR99b,CR00] use structural induction based on the notion of a ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In J. Sifakis, editor, Automatic Verication Methods for Finite State Systems, volume 407 of Lect. Notes in Comp. Sci., pages 68-80. Springer-Verlag, 1989.

....of the algorithm, i.e. for # = 3, # = 4#### but not for any #. In general, automated veri cation of parameterized systems has been shown to be undecidable [2] Thus, veri cation of parameterized networks is often accomplished via theorem proving [14, 17, 22] or by synthesizing network invariants [7, 19, 28]. Alternatively, one can identify subclasses of parameterized systems for # This work was partially supported by NSF grants CCR 9711386, CCR 9876242 and EIA 9705998. The rst author was a Ph.D. student at SUNY Stony Brook during part of this work. which veri cation is decidable [9, 10, 13, 15] ....

....and data of the protocol. This increases the number of nested proof obligations, and hence the running time. 6 Related Work and Conclusions Formal veri cation of parameterized systems has been researched widely in the last decade. Some of the well studied techniques include network invariants [7, 19, 20, 28] (where a nite state process invariant is synthesized) and use of general purpose theorem provers e.g. PVS [22] ACL2 [17] Coq [14] In the recent past, a lot of activity has been directed towards developing automated techniques for verifying (classes of) parameterized systems. These include ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In LNCS 407, 1989.

.... example we consider in [PRZ01] which contains some disjunctive and some conjunctive guards, cannot be handled by the methods of [EK00] The sound but incomplete methods include methods based on explicit induction ( EN95] network invariants, which can be viewed as implicit induction ( KM95] WL89] HLR92] LHR97] methods that can be viewed as abstraction and approximation of network invariants ( BCG86] SG89] CGJ95] KP00] and other methods that can be viewed as based on abstraction ( ID96] The papers in [CR99a,CR99b,CR00] use structural induction based on the notion of a ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Automatic Verication Methods for Finite State Systems, volume 407 of LNCS, pp. 68-80, 1989.

....components, i.e. without considering their behaviour by constructing a reachability graph and possibly encountering a state explosion. The latter points out the potential use of partial S invariants in compositional reduction in general. The xed point approach is very similar to the approach in [WL89]: there, a preorder is used instead of an equivalence; an invariant (or representative) process I has to be found manually, and then it is checked that P is less than I and that, whenever some Q is less than I, PkQ is less than I. This implies that the composition of any number of components P is ....

....token ring is shown. 24 Considering the construction of the complete system from its components, the veri cation of the above representatives is bottom up ignoring the context. Determining useful partial S invariants exactly looks at this context; how this can be done in the approach of [WL89] and [CGJ95] deserves further consideration. As Proposition 5.2 demonstrates, we could also work with the preorder FF instead of the equivalence = FF . An important point is that the referenced papers use labelled transition systems while we use Petri nets that in themselves are usually ....

[Article contains additional citation context not shown here]

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Automatic Verication Methods for Finite Systems, Lect. Notes Comp. Sci. 407, 68-80. Springer, 1989. 27

....by discharging a set of first order formulas called verification conditions (VCs) Each abstract state is a valuation of a set of predicates 1 ; defining the abstract state space and a valuation of the concrete global control configuration. On the other hand, several attempts [KM89,WL89,HLR92] were made to use an induction principle in order to verify systems with an infinite control part. In [CGJ95] this technique is applied to process networks generated by a regular grammar. They propose an extrapolation operator, based on the construction of the syntactic monoid [Eil74] to produce ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In International Workshop on Automatic Verification Methods for Finite State Systems, Grenoble. LNCS 407, Springer Verlag, 1989. 12

....finite state systems, and exclude parameters , like N (the number of stations) in mutual exclusion algorithms. Such algorithms can therefore be verified by model checking only for fixed (and quite small) values of N. In spite of some attempts to extend the scope of automatic model checking (see [19, 27]) there are theoretical limitations [1] and the preprocessing verification technique avoids the problem since it is fully automatic only in the purely propositional case, without parameter; the user has to give explicitly the connection schemes as soon as non propositional variables and or ....

P. Wolper and V. Lovinfosse, Verifying Properties of large Sets of Processes with Network Invariants, CAV'89, Lect. Notes in Comput. Sci. 407 (1990) 68-80.

.... possess certain limitations, which is perhaps not surprising since the PMCP is undecidable in general (cf. AK 86] Su 88] Many of the methods are only partially automated, requiring human ingenuity to construct, e.g. a process invariant or closure process (cf. CG 87] BCG 89] KM 89] WL 89] Some could be fully automated but do not appear to have a clearly defined class of protocols on which they are guaranteed to succeed (cf. ShG 89] V 93] CGJ 95] Abstract graphs (for asynchronous systems) were considered in [ESr 90] for synthesis, V 93] for automatic but incomplete ....

Wolper, P., Lovinfosse, V. Verifying Properties of Large Sets of Processes with Network Invariants. Springer-Verlag, LNCS 407. 13

....procedures to verify parameterized systems. The general problem is known to be undecidable [AK 86] however, algorithms exist for specific types of systems (cf. GS 92, EN 95, EN 96] and semi algorithmic procedures have been proposed to deal with general systems (cf. CG 87, SG 89, KM 89, WL 89, PD 95, CGJ 95] We present here a case study on the verification of an industrial standard parameterized protocol. The protocol is called the SAE J1850 protocol [SAE 92] and is an automobile industry standard for transmitting data between various sensors and controllers in an automobile. The ....

....systems is often done by hand, or with the guidance of a theorem prover (cf. MC 88, MP 94, HS 96] Several methods have been proposed that, to various degrees, automate this verification process. Methods based on manual construction of a process invariant are proposed in [CG 87, SG 89, KM 89, WL 89, LSY 94] and have been applied for the verification of the Gigamax cache consistency protocol in [McM 92] These constructions have been partially automated in [RS 93, CGJ 95] cf. V 93, PD 95, ID 96] however, as the general problem is undecidable [AK 86] it is not in general possible to ....

Wolper, P., Lovinfosse, V. Verifying Properties of Large Sets of Processes with Network Invariants. In J.Sifakis (ed), Automatic Verification Methods for Finite State Systems, Springer-Verlag, LNCS 407. 10

....network elements and the productions combine the primitives to form networks. A property is verified automatically by showing that the property holds for a suitable finite network model generated from the grammar. Rather than finding a process that is suitable for induction, Wolper and Lovinfosse [23] and Kurshan and McMillan [24] find a property which is suitable for induction. In this method, the user provides a network invariant I which is preserved by adding nodes to the network. Because I is unchanged by adding nodes to the network, I is called a network invariant. A model checker ....

Pierre Wolper and Vinciane Lovinfosse, "Verifying properties of large sets of processes with network invariants," in Automatic Verification Methods for Finite State Systems, J. Sifakis, Ed., June 1989, vol. 407 of Lecture Notes in Computer Science, pp. 68--80.

.... example we consider in [PRZ01] which contains some disjunctive and some conjunctive guards, cannot be handled by the methods of [EK00] The sound but incomplete methods include methods based on explicit induction ( EN95] network invariants, which can be viewed as implicit induction ( KM95] WL89] HLR92] LHR97] methods that can be viewed as abstraction and approximation of network invariants ( BCG86] SG89] CGJ95] KP00] and other methods that can be viewed as based on abstraction ( ID96] The papers in [CR99a,CR99b,CR00] use structural induction based on the notion of a ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Automatic Verification Methods for Finite State Systems, volume 407 of LNCS, pp. 68--80, 1989.

....and semi algorithmic procedures to verify parameterized systems. The general problem is known to be undecidable [AK 86] however, algorithms exist for specific types of systems (cf. GS 92] EN 95] EN 96] and many semi algorithmic procedures have been proposed (cf. CG 87] SG 89] KM 89] WL 89] PD 95] CGJ 95] We present a case study on the verification of an parameterized industrial standard protocol. The protocol is called the SAE J1850 protocol [SAE 92] and This work was supported in part by NSF grant CCR 941 5496 and SRC Contract 97 DP 388. The authors may be reached at ....

....is often done by hand, or with the guidance of a theorem prover (cf. MC 88] MP 94] HS 96] Several methods have been proposed that, to various degrees, automate this verification process. Methods based on manual construction of a process invariant are proposed in [CG 87] SG 89] KM 89] WL 89] LSY 94] and have been applied for the verification of the Gigamax cache consistency protocol in [McM 92] These constructions have been partially automated in [RS 93] CGJ 95] cf. V 93] PD 95] ID 96] however, as the general problem is undecidable [AK 86] it is not in general possible ....

Wolper, P., Lovinfosse, V. Verifying Properties of Large Sets of Processes with Network Invariants. In J.Sifakis (ed), Automatic Verification Methods for Finite State Systems, Springer-Verlag, LNCS 407.

....the algorithm, i.e. for n = 3, n = 4; but not for any n. In general, automated veri cation of parameterized systems has been shown to be undecidable [2] Thus, veri cation of parameterized networks is often accomplished via theorem proving [14, 17, 22] or by synthesizing network invariants [7, 19, 28]. Alternatively, one can identify subclasses of parameterized systems for This work was partially supported by NSF grants CCR 9711386, CCR 9876242 and EIA 9705998. The rst author was a Ph.D. student at SUNY Stony Brook during part of this work. which veri cation is decidable [9, 10, 13, 15] ....

....and data of the protocol. This increases the number of nested proof obligations, and hence the running time. 6 Related Work and Conclusions Formal veri cation of parameterized systems has been researched widely in the last decade. Some of the well studied techniques include network invariants [7, 19, 20, 28] (where a nite state process invariant is synthesized) and use of general purpose theorem provers e.g. PVS [22] ACL2 [17] Coq [14] In the recent past, a lot of activity has been directed towards developing automated techniques for verifying (classes of) parameterized systems. These include ....

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In LNCS 407, 1989.

No context found.

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Automatic Veri cation Methods for Finite State Systems, volume 407 of Lecture Notes in Computer Science, pages 68-80. Springer-Verlag, 1989.

No context found.

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Automatic Verification Methods for Finite State Systems, Volumne 407 Lecture Notes in Computer Science, pages 68--80. Springer-Verlag, June 1989.

No context found.

Wolper, P. and V. Lovinfosse, Verifying properties of large sets of processes with network invariants, in: Proceedings of the International Workshop on Automatic Verification Methods for Finite State Systems, Lecture Notes in Computer Science 407 (1989), pp. 68--80.

No context found.

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Automatic Veri cation Methods for Finite State Systems, volume 407 of Lecture Notes in Computer Science, pages 68-80. Springer-Verlag, June 1989.

No context found.

P. Wolper and V. Lovinfosse. Verifying properties of large sets of processes with network invariants. In Proceedings of the International Workshop on Automatic Veri cation Methods for Finite State Systems, number 407 in Lecture Notes in Computer Science, pages 68-80, Grenoble, France, 1989. Springer-Verlag.

First 50 documents  Next 50

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC