A structural induction theorem for processes

In verifying finite state systems such as communication protocols or hardware controllers, we may be required to reason about systems comprised of a finite but effectively unbounded number of components. Examples are a network with an unspecified number of hosts, a multiprocessor with an unspecified number of CPU’s, or a queue with an unspecified number of buffers. We would like to show that the system performs a certain set of tasks, regardless of the number of components. There are two problems which prevent the direct application of automatic verification systems which use state-space search (e.g., COSPAN [HK88]) to such a problem. The first problem is that such methods can be applied directly only to a fixed state space; it is generally not possible to quantify over the number of processes. The second problem is commonly referred to as the state space explosion problem. In principle, the verification method could be applied exhaustively to the l-process system, the 2-process system, etc., until the largest possible system was verified. In practice, the fact that the number of states in a system increases geometrically with the number of components makes this approach infeasible. We present an induction method that allows us to infer properties of systems of unbounded size, but constructed by a uniform rule, from properties automatically verified on a system of fixed (and, presumably, small) size. The basis of this method is the sirvctzlral induction theorem for processes. Three methods have been described previously for verifying properties of systems with an unbounded number of identical processes. Homomorphic reduction [Kur85, Kur87] is a general framework for reducing the complexity of testing arbitrary w-regular properties in finite-state systems. The regularity of systems