Combining Theorem Proving with Model Checking through Predicate Abstraction

Ray, Sandip; Sumners, Rob

doi:10.1109/mdt.2007.38

Cited by 16 publications

(4 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Our developed framework relies on a combination of formal verification by theorem proving and less formal quantitative validation by mutation testing. Such a combination is also quite closely connected to recent numerous attempts to combine theorem proving and model checking, see, e.g., [36]. Most of general purpose theorem provers are nowadays using model checking techniques to test potential goals (theorem candidates) before attempting costly theorem proving.…”

Section: Related Workmentioning

confidence: 92%

Mutation Testing for Rule-Based Verification of Railway Signaling Data

Laibinis

Iliasov²,

Romanovsky

2021

IEEE Trans. Rel.

View full text Add to dashboard Cite

Industry applications of formal verification to signalling control tables require formulation of a large number of mathematical conjectures expressing verification rules. It is paramount to establish the validity and completeness of these conjectures. The paper discusses a mutation based validation technique that guides domain experts in the construction of such verification rules. Furthermore, we use genetic programming to quickly generate millions of well-formed data mutations of control tables and to synthesise mutation programs. The technique is illustrated by a synthetic running example and a discussion of our experience in using it in the industrial setting.

show abstract

Section: Related Workmentioning

confidence: 92%

Mutation Testing for Rule-Based Verification of Railway Signaling Data

Laibinis

Iliasov²,

Romanovsky

2021

IEEE Trans. Rel.

View full text Add to dashboard Cite

show abstract

“…Our developed framework relies on a combination of formal verification by theorem proving and less formal quantitative validation by statistical checking. Such a combination is also quite closely connected to recent numerous attempts to combine theorem proving and model checking, see, e.g., [16]. Most of general purpose theorem provers are nowadays using model checking techniques to test potential goals (theorem candidates) before attempting costly theorem proving.…”

Section: Related Workmentioning

confidence: 92%

Quantitative Validation of Formal Domain Models

Iliasov

Romanovsky

Laibinis

2019

2019 IEEE 19th International Symposium on High Assurance Systems Engineering (HASE)

View full text Add to dashboard Cite

Application of formal methods to verification of well-formedness and semantic correctness of data sets from a particular domain becomes increasingly practical with the advances in automated verification tools. However, it is difficult for domain experts to understand and formulate formal verification constraints (VCs), yet much trust is invested in their validity and completeness. The paper discusses a novel validation approach based on statistical testing of VCs against pre-validated data sets. We illustrate the proposed technique using a synthetic railway example and also relate our experience of integrating the approach within a large-scale industry-based project.

show abstract

“…We are currently attempting to integrate our work on automating invariant discovery [9] into KAS as a set of rewrite rules and filter functions. The straightforward integration of these efforts is complicated by the use of compiled functions in the invariant discovery process.…”

Section: Conclusion and Current Workmentioning

confidence: 99%

User control and direction of a more efficient simplifier in ACL2

Sumners

2009

Proceedings of the Eighth International Workshop on the ACL2 Theorem Prover and Its Applications

Self Cite

View full text Add to dashboard Cite

We present an efficient term simplifier written in ACL2 and interfaced with ACL2 as an untrusted clause processor. We also demonstrate how an advanced user can extend this simplifier in a sound manner by proving rewrite rules with special annotations and programmed constraints on their application. For problems requiring extensive case analysis, the simplifier is more efficient than ACL2 built-in simplification and we demonstrate this on some relevant examples. In addition, we discuss the issue of user control over predictable simplification and conclude the paper with the proposed implementation of invariant discovery using the simplifier. MOTIVATIONIn the course of proving theorems in ACL2, the vast majority of the computational resources are spent in the simplification stage of the prover. This is not too surprising when one considers that the majority of the ACL2 theorem proving code implementing the "waterfall" is dedicated to the simplification stage. It is, therefore, relevant to consider alternatives or extensions to ACL2 simplification -especially in cases in which it takes considerable human and computational resources to get the ACL2 simplifier to produce the desired result.In addition, for many problem domains tackled in ACL2 (e.g. proofs of concurrent program correctness), theorems are either proven directly by simplification or proven by a single induction followed by simplification. As an example, all of the proofs for the correctness of a concurrent deque in [13] in ACL2 were either proven by simplification or by a single induction followed by simplification. This highlights the importance of efficient simplification in the proofs of theorems about systems and program execution in ACL2.An alternative to using ACL2 for brute-force simplification is to use ACL2 to reduce the theorem to be proven to a problem that can be translated into a decidable logic that can be solved by an external tool (usually a propositional SAT checker) [4]. This approach is attractive because it separates the problem domains of the tools involved. The user may write high-level definitions in the more expressive language of ACL2 and use the theorem proving support in ACL2 to manually transform the problem to a tractable domain, which is handled by a decision procedure that can be written efficiently to handle problems in the more tractable domain. In cases where the manual effort required to transform the problem to the tractable domain is manageable, this process can certainly be effective, but in cases where this translation is difficult (i.e. when dealing with a concurrent system with an unbounded number of processes), then the translation may require considerable work on proofs and invariant definitions. A further issue arises when either the translation process or the decision procedure is ineffective in handling the problem efficiently -the user often only has coarse-grain control or guidance in the process.In other theorem provers, variations of Nelson-Oppen[7] or Shostak's [11,8,10] are often used as a method to int...

show abstract

Combining Theorem Proving with Model Checking through Predicate Abstraction

Cited by 16 publications

References 7 publications

Mutation Testing for Rule-Based Verification of Railway Signaling Data

Mutation Testing for Rule-Based Verification of Railway Signaling Data

Quantitative Validation of Formal Domain Models

User control and direction of a more efficient simplifier in ACL2

Contact Info

Product

Resources

About