Trace Algebra for Automatic Verification of Real-Time Concurrent Systems

Abstract

Verification methodologies for real-time systems can be classified according to whether they are based on a continuous time model or a discrete time model. Continuous time often provides a more accurate model of physical reality, while discrete time can be more efficient to implement in an automatic verifier based on state exploration techniques. Choosing a model appears to require a compromise between efficiency and accuracy. We avoid this compromise by constructing discrete time models that are conservative approximations of appropriate continuous time models. Thus, if a system is verified to be correct in discrete time, then it is guaranteed to also be correct in continuous time. We also show that models with explicit simultaneity can be conservatively approximated by models with interleaving semantics. Proving these results requires constructing several different domains of agent models. We have devised a new method for simplifying this task, based on abstract algebras we call trace algebra and trace structure algebra. A trace algebra has a set of traces as its carrier, along with operations of projection and renaming on traces. A trace can be any mathematical object that satisfies certain simple axioms, so the theory is quite general. A trace structure consists, in part, of a subset of the set of traces from some trace algebra. In a trace structures algebra, operations of parallel composition, projection and renaming are defined on trace structures, in terms of the operations on traces. General methods for constructing conservative approximations are described and are applied to several specific real-time models. We believe that trace algebra is a powerful tool for unifying many models of concurrency and abstraction beyond the particular ones described in this thesis. We also describe an automatic verifier based on the theory, and give examples of using it to verify speed-dependent asynchronous circuits. We analyze how several different delay models, including a new model called chaos delay, affect the verification results. The circuits and their specifications are represented in discrete time, but because of our conservative approximations, circuits that are verified correct are also correct in continuous time.