Hostname: page-component-78c5997874-fbnjt Total loading time: 0 Render date: 2024-11-10T15:13:38.262Z Has data issue: false hasContentIssue false
  • English
  • Français

On model checking data-independent systems with arrays without reset

Published online by Cambridge University Press:  12 August 2004

R. S. LAZIĆ ,
T. C. NEWCOMB  and
A. W. ROSCOE
R. S. LAZIĆ
Affiliation:
Department of Computer Science, University of Warwick, Coventry CV4 7AL, UK (e-mail: ranko.lazic@dcs.warwick.ac.uk)
T. C. NEWCOMB
Affiliation:
Oxford University Computing Laboratory, Wolfson Buildings, Parks Road, Oxford OX1 3QD, UK (e-mail: tom.newcomb@comlab.ox.ac.uk, bill.roscoe@comlab.ox.ac.uk)
A. W. ROSCOE
Affiliation:
Oxford University Computing Laboratory, Wolfson Buildings, Parks Road, Oxford OX1 3QD, UK (e-mail: tom.newcomb@comlab.ox.ac.uk, bill.roscoe@comlab.ox.ac.uk)
Get access Rights & Permissions [Opens in a new window]

Abstract

A system is data-independent with respect to a data type $X$ iff the operations it can perform on values of type $X$ are restricted to just equality testing. The system may also store, input and output values of type $X$. We study model checking of systems which are data-independent with respect to two distinct type variables $X$ and $Y$, and may in addition use arrays with indices from $X$ and values from $Y$. Our main interest is the following parameterised model-checking problem: whether a given program satisfies a given temporal-logic formula for all non-empty finite instances of $X$ and $Y$. Initially, we consider instead the abstraction where $X$ and $Y$ are infinite and where partial functions with finite domains are used to model arrays. Using a translation to data-independent systems without arrays, we show that the $\mu$-calculus model-checking problem is decidable for these systems. From this result, we can deduce properties of all systems with finite instances of $X$ and $Y$. We show that there is a procedure for the above parameterised model-checking problem of the universal fragment of the $\mu$-calculus, such that it always terminates but may give false negatives. We also deduce that the parameterised model-checking problem of the universal disjunction-free fragment of the $\mu$-calculus is decidable. Practical motivations for model checking data-independent systems with arrays include verification of memory and cache systems, where $X$ is the type of memory addresses, and $Y$ the type of storable values. As an example we verify a fault-tolerant memory interface over a set of unreliable memories.

Keywords

model checkingdata independencearrays$\mu$-calculus
Type
Regular Papers
Information
Theory and Practice of Logic Programming , Volume 4 , Issue 5-6 , September 2004 , pp. 659 - 693
Copyright
© 2004 Cambridge University Press

Access options

Get access to the full version of this content by using one of the access options below. (Log in options will check for institutional or personal access. Content may require purchase if you do not have access.)

Footnotes

This work was funded in part by the EPSRC standard research grant ‘Exploiting data independence’, GR/M32900. The first author is affiliated to the Mathematical Institute, Belgrade, and was supported partly by a grant from the Intel Corporation, a Junior Research Fellowship from Christ Church, Oxford, and previously by a scholarship from Hajrija & Boris Vukobrat and Copechim France SA. The second author was funded in part by QinetiQ Malvern. The third author was funded in part by the US ONR.