Induction in Compositional Model Checking

This paper describes a technique of inductive proof based on model checking. It differs from previous techniques that combine induction and model checking in that the proof is fully mechanically checked and temporal variables (process identifiers, for example) may be natural numbers. To prove ∀n.φ(n) inductively, the predicate φ(n − 1) ⇒ φ(n) must be proved for all values of the parameter n. Its proof for a fixed n uses a conservative abstraction that partitions the natural numbers into a finite number of intervals. This renders the model finite. Further, the abstractions for different values of n fall into a finite number of isomorphism classes. Thus, an inductive proof of ∀n.φ(n) can be obtained by checking a finite number of formulas on finite models. The method isions for different values of n fall into a finite number of isomorphism classes. Thus, an inductive proof of ∀n.φ(n) can be obtained by checking a finite number of formulas on finite models. The method is integrated with a compositional proof system based on the SMV model checker. It is illustrated by examples, including the N-process “bakery” mutual exclusion algorithm.