Toward automated abstraction for protocols on branching networks

We have used various manual abstraction techniques to formally verify a transaction ordering property for an IO protocol over bus/bridge networks. In the context of network protocol verification, an abstraction is needed to reduce the unbounded number of network configurations to a small number of representative networks that can be checked using algorithmic methods. The manually derived abstraction was both brittle and difficult to validate. In this report, we discuss the need for abstraction techniques in the formal verification of protocols over networks and present our recent efforts to create an automatic abstraction technique for network protocols using predicate abstraction as a starting point. KeywordsFormal verification methods, parameterized systems, predicate abstraction We address the problem of abstraction in the formal verification of safety properties at the bus/bridge level for protocols defined over acyclic branching networks. Abstraction is needed in this context because formal methods applied directly to protocols over networks are either not applicable, or at best difficult and time-consuming. The main source of difficulty is the unbounded nature of branching networks. Because there are an unbounded number of configurations that must be checked, tt is not possible to apply algorithmic methods, such as model checking, to all possible network configurations. We have found [MHJGOO] that it is prohibitively difficult to apply interactive theorem proving in the context of protocols on branching networks. In this report, we discuss our recent efforts to increase the amount of automation available for creating and reasoning about abstractions of protocols defined over branching networks. The problem with manually derived abstractions is that they need to be validated. Validating an abstraction is the process of showing which properties are preserved by the abstract model. We have found [JGOO] that building a validation proof for a manually derived abstraction for protocols over networks is also difficult. The significance of this work is that it will provide a technique for creating abstractions of protocols over branching networks such that certain properties of the protocol can be checked with minimal manual effort. The novel feature of this work is a predicate abstraction technique suitable for use on protocols which are defined over networks in which the states and connectivity of intermediate nodes affect the property being checked. We begin by reviewing relevant results from predicate abstraction and parameterized system verification. Section I1 contains a detailed presentation of the abstraction scheme. The formal presentation in section I1 is closely patterned after the presentation in [GS97]. Section 111 gives an example, and we close with our thoughts on abstractions for networks in the final section.