Local proofs for global safety properties

This paper explores locality in proofs of global safety properties of concurrent programs. Model checking on the full state space is often infeasible due to state explosion. A local proof, in contrast, is a collection of per-process invariants, which together imply the desired global safety property. Local proofs can be more compact than global proofs, but local reasoning is also inherently incomplete. In this paper, we present an algorithm for safety verification that combines local reasoning with gradual refinement. The algorithm gradually exposes facts about the internal state of components, until either a local proof or a real error is discovered. The refinement mechanism ensures completeness. Experiments show that local reasoning can have significantly better performance over the traditional reachability computation. Moreover, for some parameterized protocols, a local proof can be used as the basis of a correctness proof over all instances.

[1]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[2]  Edsger W. Dijkstra,et al.  A Discipline of Programming , 1976 .

[3]  Sagar Chaki,et al.  Automated Assume-Guarantee Reasoning for Simulation Conformance , 2005, CAV.

[4]  Alan J. Hu,et al.  Efficient Verification with BDDs using Implicitly Conjoined Invariants , 1993, CAV.

[5]  Amir Pnueli,et al.  Automatic Deductive Verification with Invisible Invariants , 2001, TACAS.

[6]  Thomas A. Henzinger,et al.  Thread-Modular Abstraction Refinement , 2003, CAV.

[7]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[8]  Edmund M. Clarke,et al.  Avoiding the state explosion problem in temporal logic model checking , 1987, PODC '87.

[9]  Amir Pnueli,et al.  A Platform for Combining Deductive with Algorithmic Verification , 1996, CAV.

[10]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[11]  Howard Barringer,et al.  Assumption generation for software component verification , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[12]  Ranjit Jhala,et al.  Microarchitecture Verification by Compositional Model Checking , 2001, CAV.

[13]  Edsger W. Dijkstra,et al.  Predicate Calculus and Program Semantics , 1989, Texts and Monographs in Computer Science.

[14]  Leslie Lamport,et al.  Proving the Correctness of Multiprocess Programs , 1977, IEEE Transactions on Software Engineering.

[15]  George S. Avrunin,et al.  Breaking up is hard to do: an investigation of decomposition for assume-guarantee reasoning , 2006, ISSTA '06.

[16]  Alan W. Biermann,et al.  Automatic Program Construction Techniques , 1984 .

[17]  Sanjit A. Seshia,et al.  Modular verification of multithreaded programs , 2005, Theor. Comput. Sci..

[18]  Cliff B. Jones,et al.  Developing methods for computer programs including a notion of interference , 1981 .

[19]  Orna Grumberg,et al.  Compositional Verification and 3-Valued Abstractions Join Forces , 2007, SAS.

[20]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[21]  Corina S. Pasareanu,et al.  Learning-Based Assume-Guarantee Verification (Tool Paper) , 2005, SPIN.

[22]  Cormac Flanagan,et al.  Thread-Modular Model Checking , 2003, SPIN.

[23]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[24]  C. Rattray,et al.  Specification and Verification of Concurrent Systems , 1990, Workshops in Computing.

[25]  永田 守男,et al.  Verifying Properties of Parallel Programs : An Axiomatic Approach , 1976 .

[26]  Andreas Podelski,et al.  Precise Thread-Modular Verification , 2007, SAS.

[27]  Richard Banach,et al.  Book Review: "Concurrency Verification: Introduction to Compositional and Non-compositional Methods" by Willem-Paul de Roever, Frank de Boer, Ulrich Hanneman, Jozef Hooman, Yassine Lakhnech, Mannes Poel and Job Zwiers (eds.) , 2003, J. Log. Comput..

[28]  Thomas A. Henzinger,et al.  Race checking by context inference , 2004, PLDI '04.

[29]  Amir Pnueli,et al.  IIV: An Invisible Invariant Verifier , 2005, CAV.

[30]  Patrick Cousot,et al.  Invariance proof methods and analysis techniques for parallel programs , 1984 .

[31]  Kenneth L. McMillan,et al.  A Compositional Rule for Hardware Design Refinement , 1997, CAV.

[32]  Matthew B. Dwyer,et al.  Automated environment generation for software model checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[33]  Kedar S. Namjoshi,et al.  Local Proofs for Linear-Time Properties of Concurrent Programs , 2008, CAV.

[34]  Kedar S. Namjoshi,et al.  Symmetry and Completeness in the Analysis of Parameterized Systems , 2007, VMCAI.

[35]  K. Mani Chandy,et al.  Proofs of Networks of Processes , 1981, IEEE Transactions on Software Engineering.