Local and Compositional Reasoning for Optimized Reactive Systems

We develop a compositional, algebraic theory of skipping refinement, as well as local proof methods to effectively analyze the correctness of optimized reactive systems. A verification methodology based on refinement involves showing that any infinite behavior of an optimized low-level implementation is a behavior of the high-level abstract specification. Skipping refinement is a recently introduced notion to reason about the correctness of optimized implementations that run faster than their specifications, i.e., a step in the implementation can skip multiple steps of the specification. For the class of systems that exhibit bounded skipping, existing proof methods have been shown to be amenable to mechanized verification using theorem provers and model-checkers. However, reasoning about the correctness of reactive systems that exhibit unbounded skipping using these proof methods requires reachability analysis, significantly increasing the verification effort. In this paper, we develop two new sound and complete proof methods for skipping refinement. Even in presence of unbounded skipping, these proof methods require only local reasoning and, therefore, are amenable to mechanized verification. We also show that skipping refinement is compositional, so it can be used in a stepwise refinement methodology. Finally, we illustrate the utility of the theory of skipping refinement by proving the correctness of an optimized event processing system.

[1]  Gerwin Klein,et al.  Refinement in the Formal Verification of the seL4 Microkernel , 2010, Design and Verification of Microprocessor Systems for High-Assurance Applications.

[2]  Sandip Ray,et al.  Deductive Verification of Pipelined Machines Using First-Order Quantification , 2004, CAV.

[3]  Kedar S. Namjoshi,et al.  Witnessing Program Transformations , 2013, SAS.

[4]  Twan Basten,et al.  Branching Bisimilarity is an Equivalence Indeed! , 1996, Inf. Process. Lett..

[5]  Kedar S. Namjoshi A Simple Characterization of Stuttering Bisimulation , 1997, FSTTCS.

[6]  Panagiotis Manolios A Compositional Theory of Refinement for Branching Time , 2003, CHARME.

[7]  Srinath T. V. Setty,et al.  IronFleet: proving practical distributed systems correct , 2015, SOSP.

[8]  Panagiotis Manolios,et al.  The ACL2 Sedan Theorem Proving System , 2011, TACAS.

[9]  Ganesh Gopalakrishnan,et al.  Formal Verification of a Complex Pipelined Processor , 2003, Formal Methods Syst. Des..

[10]  Mark Aagaard,et al.  A Framework for Microprocessor Correctness Statements , 2001, CHARME.

[11]  Robin Milner,et al.  An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[12]  Liang Gu,et al.  CertiKOS: a certified kernel for secure cloud computing , 2011, APSys.

[13]  N. Klarlund Progress Measures and Finite Arguments for Infinite Computations , 1990 .

[14]  Panagiotis Manolios Correctness of Pipelined Machines , 2000, FMCAD.

[15]  Shaz Qadeer,et al.  Layered Concurrent Programs , 2018, CAV.

[16]  Rob J. van Glabbeek,et al.  The Linear Time-Branching Time Spectrum (Extended Abstract) , 1990, CONCUR.

[17]  Panagiotis Manolios,et al.  A complete compositional reasoning framework for the efficient verification of pipelined machines , 2005, ICCAD-2005. IEEE/ACM International Conference on Computer-Aided Design, 2005..

[18]  Xavier Leroy,et al.  Formal Verification of a C-like Memory Model and Its Uses for Verifying Program Transformations , 2008, Journal of Automated Reasoning.

[19]  Jayadev Misra,et al.  Distributed discrete-event simulation , 1986, CSUR.

[20]  Edmund M. Clarke,et al.  Reasoning about networks with many identical finite-state processes , 1986, PODC '86.

[21]  Panagiotis Manolios,et al.  Skipping Refinement , 2015, CAV.

[22]  Tingting Yu,et al.  Analyzing divergence in bisimulation semantics , 2017, POPL.

[23]  Leslie Lamport,et al.  What Good is Temporal Logic? , 1983, IFIP Congress.

[24]  Nancy A. Lynch,et al.  Forward and Backward Simulations: I. Untimed Systems , 1995, Inf. Comput..

[25]  Panagiotis Manolios Mechanical verification of reactive systems , 2001 .

[26]  Yu Guo,et al.  Deep Specifications and Certified Abstraction Layers , 2015, POPL.