Nikolaj S. Bjørner

Automatic generation of invariants and intermediate assertions

Verifying temporal specifications of reactive and concurrent systems commonly relies on generating auxiliary assertions and strengthening given properties of the system. Two dual approaches find solutions to these problems: the bottom-up method performs an abstract forward propagation of the system, generating auxiliary properties; the top-down method performs an abstract backward propagation to strengthen given properties. Exact application of these methods is complete but is usually infeasible for large-scale verification. An approximate analysis can often supply enough information to complete the verification.

STeP: Deductive-Algorithmic Verification of Reactive and Real-Time Systems

The Stanford Temporal Prover, STeP, combines deductive methods with algorithmic techniques to verify linear-time temporal logic specifications of reactive and real-time systems. STeP uses verification rules, verification diagrams, automatically generated invariants, model checking, and a collection of decision procedures to verify finite- and infinite-state systems.

Verifying Temporal Properties of Reactive Systems: A STeP Tutorial

We review a number of formal verification techniques supported by STeP, the Stanford Temporal Prover, describing how the tool can be used to verify properties of several versions of the Bakery Mutual exclusion algorithm for mutual exclusion. We verify the classic two-process algorithm and simple variants, as well as an atomic parameterized version. The methods used include deductive verification rules, verification diagrams, automatic invariant generation, and finite-state model checking and abstraction.

Deductive Verification of Real-Time Systems Using STeP

We present a modular framework for proving temporal properties of real-time systems, based on clocked transition systems and linear-time temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of real-time systems in this framework. As an example, we present the mechanical verification of the generalized railroad crossing case study using the Stanford Temporal Prover, STeP.

Deductive verification of real-time systems using STeP

We present a modular framework for proving temporal properties of real-time systems, based on clocked transition systems and linear-time temporal logic. We show how deductive verification rules, verification diagrams, and automatic invariant generation can be used to establish properties of real-time systems in this framework. We also discuss global and modular proofs of the branching-time property of non-Zenoness. As an example, we present the mechanical verification of the generalized railroad crossing case study using the Stanford Temporal Prover, STeP.

A Practical Integration of First-Order Reasoning and Decision Procedures

We present a procedure for proving the validity of first-order formulas in the presence of decision procedures for an interpreted subset of the language. The procedure is designed to be practical: formulas can have large complex boolean structure, and include structure sharing in the form of let- expressions. The decision procedures are only required to decide the unsatisfiability of sets of literals. However, T-refuting substitutions are used whenever they can be computed; we show how this can be done for a theory of partial orders and equality. The procedure has been implemented as part of STeP, a tool for the formal verification of reactive systems. Although the procedure is incomplete, it eliminates the need for user interaction in the proof of many verification conditions.

Deiding Fixed and Non-fixed Size Bit-vectors

We develop a new, efficient, and compact decision procedure for fixed size bit-vectors with bit-wise boolean operations. The algorithm is designed such that it can also decide some common cases of parameterized (non-fixed) size. To handle even more parameterized cases for bit-vectors without bit-wise boolean operations we devise a unification based algorithm which invokes the first algorithm symbolically on parameters of the form aN + b, where a and b are integers and N is the only unknown.

An Update on STeP: Deductive-Algorithmic Verification of Reactive Systems

The Stanford Temporal Prover, STeP, is a tool for the computer-aided formal verification of reactive systems, including real-time and hybrid systems, based on their temporal specification. STeP integrates methods for deductive and algorithmic verification, including model checking, theorem proving, automatic invariant generation, abstraction and modular reasoning. We describe the most recent version of STeP, Version 2.0.

Deductive Verification of Parameterized Fault-Tolerant Systems: A Case Study

We present a methodology and a formal toolset for verifying fault tolerant systems, based upon the temporal verification system STeP. Our test case is the modeling and verification of a parameterized fault-tolerant leader-election algorithm recently proposed in (Garavel and Mounier, 1996).

Absolute Explicit Unification

This paper presents a system for explicit substitutions in Pure Type Systems (PTS). The system allows to solve type checking, type inhabitation, higher-order unification, and type inference for PTS using purely first-order machinery. A novel feature of our system is that it combines substitutions and variable declarations. This allows as a side-effect to type check let-bindings. Our treatment of meta-variables is also explicit, such that instantiations of meta-variables is internalized in the calculus. This produces a confluent λ-calculus with distinguished holes and explicit substitutions that is insensitive to α-conversion, and allows directly embedding the system into rewriting logic.