#### DMCA

## Automatic Deductive Verification with Invisible Invariants (2001)

Citations: | 102 - 11 self |

### Citations

167 | Reasoning about systems with many processes
- German, Sistla
- 1992
(Show Context)
Citation Context ... sound but, necessarily incomplete, and hope that the system of interest will yield to one of these methods. Among the representatives of the first approach we can count the work of German and Sistla =-=[SG92]-=- which assumes a parameterized system where processes communicate synchronously, and shows how to verify single-index properties. Similarly, Emerson and Namjoshi [EN96] proved a PSPACE complete algori... |

114 | A structural induction theorem for processes
- Kurshan, McMillan
- 1989
(Show Context)
Citation Context ...uards, cannot be handled by the methods of [EK00]. The sound but incomplete methods include methods based on explicit induction ([EN95]) network invariants, which can be viewed as implicit induction (=-=[KM95]-=-, [WL89], [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], [CGJ95], [KP00]), and other methods that can be viewed as based on abst... |

112 | Reasoning about rings
- Emerson, Namjoshi
- 1995
(Show Context)
Citation Context ...der in Section 6 which contains some disjunctive and some conjunctive guards, cannot be handled by the methods of [EK00]. The sound but incomplete methods include methods based on explicit induction (=-=[EN95]-=-) network invariants, which can be viewed as implicit induction ([KM95], [WL89], [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], ... |

104 | Verifying properties of large sets of processes with network invariants,” in Automatic Verification Methods for Finite State Systems
- Wolper, Lovinfosse
- 1990
(Show Context)
Citation Context ...annot be handled by the methods of [EK00]. The sound but incomplete methods include methods based on explicit induction ([EN95]) network invariants, which can be viewed as implicit induction ([KM95], =-=[WL89]-=-, [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], [CGJ95], [KP00]), and other methods that can be viewed as based on abstraction ... |

97 | Verification of an implementation of Tomasulo’s algorithm by compositional model checking.
- McMillan
- 1998
(Show Context)
Citation Context ...state explosion. The work in [ID96] detects symmetries by inspection of the system description. Perhaps the closest in spirit to our work is the work of McMillan on compositional model-checking (e.g. =-=[McM98]-=-), which combines automatic abstraction with finite-instantiation due to symmetry. What started our research was the observation that, compared to fully deductive verification, McMillan's method requi... |

71 | Utilizing symmetry when modelchecking under fairness assumptions: An automata-theoretic approach - Emerson, Sistla - 1997 |

66 | V.: Reducing model checking of the many to the few
- Emerson, Kahlon
- 2000
(Show Context)
Citation Context ...ously communicating processes. Many of these methods fail when we move to asynchronous systems where processes communicate by shared variables. Perhaps the most advanced of this approach is the paper =-=[EK00]-=- which considers a general parameterized system allowing several different classes of processes. However, this work provides separate algorithms for the cases that the guards are either all disjunctiv... |

65 | K.S.: Automatic verification of parameterized synchronous systems (extended abstract
- Emerson, Namjoshi
- 1996
(Show Context)
Citation Context ...t the work of German and Sistla [SG92] which assumes a parameterized system where processes communicate synchronously, and shows how to verify single-index properties. Similarly, Emerson and Namjoshi =-=[EN96]-=- proved a PSPACE complete algorithm for verification of synchronously communicating processes. Many of these methods fail when we move to asynchronous systems where processes communicate by shared var... |

53 | Transitive closures of regular relations for verifying infinite-state systems,” Tools and Algorithms for the Construction and Analysis of Systems - Jonsson, Nilsson - 2000 |

48 | Verifying systems with replicated components in Murphi
- Ip, Dill
- 1996
(Show Context)
Citation Context ... [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], [CGJ95], [KP00]), and other methods that can be viewed as based on abstraction (=-=[ID96]-=-). Most of these methods require the user to provide auxiliary constructs, such as a network invariant or an abstraction mapping. Other attempts to verify parameterized protocols such as Burn's protoc... |

32 | Control and data abstraction: The cornerstones of practical formal verification
- Kesten, Pnueli
- 2000
(Show Context)
Citation Context ... invariants, which can be viewed as implicit induction ([KM95], [WL89], [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], [CGJ95], =-=[KP00]-=-), and other methods that can be viewed as based on abstraction ([ID96]). Most of these methods require the user to provide auxiliary constructs, such as a network invariant or an abstraction mapping.... |

32 | Automatic Verification of Parameterized Linear Networks of Processes
- Lesens, Halbwachs, et al.
- 1997
(Show Context)
Citation Context ...by the methods of [EK00]. The sound but incomplete methods include methods based on explicit induction ([EN95]) network invariants, which can be viewed as implicit induction ([KM95], [WL89], [HLR92], =-=[LHR97]-=-), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], [CGJ95], [KP00]), and other methods that can be viewed as based on abstraction ([ID96]). Most of ... |

31 | On-the-Fly Model Checking Under Fairness that Exploits Symmetry. Formal Methods - Gyuris, Sistla - 1999 |

27 |
An experience in proving regular networks of processes by modular model checking
- Halbwachs, Lagnier, et al.
- 1992
(Show Context)
Citation Context ... handled by the methods of [EK00]. The sound but incomplete methods include methods based on explicit induction ([EN95]) network invariants, which can be viewed as implicit induction ([KM95], [WL89], =-=[HLR92]-=-, [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], [CGJ95], [KP00]), and other methods that can be viewed as based on abstraction ([ID96]).... |

23 |
Network grammars, communication behaviors and automatic verification,” in Automatic Verification Methods for Finite State Systems
- Shtadler, Grumberg
- 1990
(Show Context)
Citation Context ... ([EN95]) network invariants, which can be viewed as implicit induction ([KM95], [WL89], [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], =-=[SG89]-=-, [CGJ95], [KP00]), and other methods that can be viewed as based on abstraction ([ID96]). Most of these methods require the user to provide auxiliary constructs, such as a network invariant or an abs... |

20 | Handling global conditions in parametrized system verification. - Abdulla, Bouajjani, et al. - 1999 |

20 |
Verifying parametrized networks using abstraction and regular languages
- Clarke, Grumberg, et al.
- 1995
(Show Context)
Citation Context ...) network invariants, which can be viewed as implicit induction ([KM95], [WL89], [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants ([BCG86], [SG89], =-=[CGJ95]-=-, [KP00]), and other methods that can be viewed as based on abstraction ([ID96]). Most of these methods require the user to provide auxiliary constructs, such as a network invariant or an abstraction ... |

20 | Symmetry and model checking. Formal methods in system design, - Emerson, Sistla - 1996 |

18 | Data Independent Induction over Structured Networks - Creese, Roscoe - 2000 |

17 |
Limits for automatic program verification of finite-state concurrent systems
- Apt, Kozen
- 1986
(Show Context)
Citation Context ...ine, even a shared one. We verified this property for any N ? 1 using only the instance of N = 4. Related Work The problem of uniform verification of parameterized systems is, in general, undecidable =-=[AK86]-=-. There are two possible remedies to this situation: either we should look for restricted families of parameterized systems for which the problem becomes decidable, or devise methods which are sound b... |

16 | Automated verification of Szymanski’s algorithm - Gribomont, Zenner - 1998 |

13 |
The PVS proof checker: A reference manual (draft
- Shankar, Owre, et al.
- 1993
(Show Context)
Citation Context ... on abstraction functions or lemmas provided by the user. The work in [LS97] deals with the verification of safety properties of parameterized networks by abstracting the behavior of the system. PVS (=-=[SOR93]) is used -=-to discharge the generated VCs. Among the automatic incomplete approaches, we should mention the methods relying on "regular model-checking" [KMM + 97, ABJN99, JN00, PS00], where a class of ... |

12 | Automatic Verification of Parameterized Networks of Processes by Abstraction
- Lesens, Sadi
- 1997
(Show Context)
Citation Context ... attempts to verify parameterized protocols such as Burn's protocol [JL98] and Szymanski's algorithm [GZ98, MAB + 94, MP90] relied on abstraction functions or lemmas provided by the user. The work in =-=[LS97]-=- deals with the verification of safety properties of parameterized networks by abstracting the behavior of the system. PVS ([SOR93]) is used to discharge the generated VCs. Among the automatic incompl... |

12 | Automatic veri of parameterized synchronous systems - Emerson, Namjoshi - 1996 |

12 | Automatic veri of parameterized linear networks of processes - Lesens, Halbwachs, et al. - 1997 |

11 | A proof of Burns n-process mutual exclusion algorithm using abstraction, in: B. Steffen (Ed
- Jensen, Lynch
- 1998
(Show Context)
Citation Context ...Most of these methods require the user to provide auxiliary constructs, such as a network invariant or an abstraction mapping. Other attempts to verify parameterized protocols such as Burn's protocol =-=[JL98]-=- and Szymanski's algorithm [GZ98, MAB + 94, MP90] relied on abstraction functions or lemmas provided by the user. The work in [LS97] deals with the verification of safety properties of parameterized n... |

11 | An exercise in the verification of multi – process programs - Manna, Pnueli - 1990 |

10 |
Reasoning about networks with many finite state processes
- Browne, Clarke, et al.
- 1986
(Show Context)
Citation Context ...induction ([EN95]) network invariants, which can be viewed as implicit induction ([KM95], [WL89], [HLR92], [LHR97]), methods that can be viewed as abstraction and approximation of network invariants (=-=[BCG86]-=-, [SG89], [CGJ95], [KP00]), and other methods that can be viewed as based on abstraction ([ID96]). Most of these methods require the user to provide auxiliary constructs, such as a network invariant o... |

7 | Automatic Veri of Parameterized Networks of Processes by Abstraction - Lesens, Saidi - 1997 |

6 | Verifying an in family of inductions simultaneously using data independence and fdr - Creese, Roscoe - 1999 |

5 | Formal veri of arbitrary network topologies - Creese, Roscoe - 1999 |

4 | Limits for automatic program veri of concurrent systems - Apt, Kozen - 1986 |

3 | Reasoning about networks with many state processes - Browne, Clarke, et al. - 1986 |

3 | Automated veri of szymanski's algorithm - Gribomont, Zenner - 1998 |

3 | A structural induction theorem for processes. Information and Computation - Kurshan, Mcmillan - 1995 |

2 | Livenss and acceleraiton in parameterized verification - Pnueli, Shahar - 2000 |

1 | Exploiting symmetry in temporal logic model checking - Filkron, Jha - 1996 |

1 | An exercise in the veri of multi { process programs - Manna, Pnueli - 1990 |