Component-based verification using incremental design and invariants

We propose invariant-based techniques for the efficient verification of safety and deadlock-freedom properties of component-based systems. Components and their interactions are described in the BIP language. Global invariants of composite components are obtained by combining local invariants of their constituent components with interaction invariants that take interactions into account. We study new techniques for computing interaction invariants. Some of these techniques are incremental, i.e., interaction invariants of a composite hierarchically structured component are computed by reusing invariants of its constituents. We formalize incremental construction of components in the BIP language as the process of building progressively complex components by adding interactions (synchronization constraints) to atomic components. We provide sufficient conditions ensuring preservation of invariants when new interactions are added. When these conditions are not satisfied, we propose methods for generating new invariants in an incremental manner by reusing existing invariants from the constituents in the incremental construction. The reuse of existing invariants reduces considerably the overall verification effort. The techniques have been implemented in the D-Finder toolset. Among the experiments conducted, we have been capable of verifying safety properties and deadlock-freedom of sub-systems of the functional level of the DALA autonomous robot. This work goes far beyond the capacity of existing monolithic verification tools.

[1]  Luciano Lavagno,et al.  Modeling and Designing Heterogeneous Systems , 2002, Concurrency and Hardware Design.

[2]  K. Mani Chandy,et al.  Parallel program design - a foundation , 1988 .

[3]  Stephan Merz,et al.  Model Checking , 2000 .

[4]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[5]  Joseph Sifakis,et al.  Modeling synchronous systems in BIP , 2009, EMSOFT '09.

[6]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[7]  David Luckham,et al.  Debugging Ada Tasking Programs , 1985, IEEE Software.

[8]  Thanh-Hung Nguyen,et al.  Constructive Verification for Component-based Systems , 2010 .

[9]  Matthieu Herrb,et al.  A tool for the specification and the implementation of operating modules in a distributed robot architecture , 1999 .

[10]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[11]  Axel Legay,et al.  Sociable Interfaces , 2005, FroCoS.

[12]  Joseph Sifakis,et al.  Incremental Invariant Generation for Compositional Design , 2010, 2010 4th IEEE International Symposium on Theoretical Aspects of Software Engineering.

[13]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[14]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[15]  Andreas Podelski,et al.  Terminator: Beyond Safety , 2006, CAV.

[16]  Sriram K. Rajamani,et al.  The SLAM Toolkit , 2001, CAV.

[17]  Stephen A. Edwards,et al.  Incremental Algorithms for Inter-procedural Analysis of Safety Properties , 2005, CAV.

[18]  Axel Legay,et al.  Efficient deadlock detection for concurrent systems , 2011, Ninth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMPCODE2011).

[19]  G. Shipman,et al.  Omega Library , 2011, Encyclopedia of Parallel Computing.

[20]  Joseph Sifakis,et al.  Modeling Heterogeneous Real-time Components in BIP , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).

[21]  Joseph Sifakis,et al.  Compositional Verification for Component-Based Systems and Application , 2008, ATVA.

[22]  Joseph Sifakis,et al.  D-Finder: A Tool for Compositional Deadlock Detection and Verification , 2009, CAV.

[23]  Axel Legay,et al.  A Formal Approach for Incremental Construction with an Application to Autonomous Robotic Systems , 2011, SC@TOOLS.

[24]  Nancy A. Lynch,et al.  An introduction to input/output automata , 1989 .

[25]  Yih-Kuen Tsay,et al.  Extending Automated Compositional Verification to the Full Class of Omega-Regular Languages , 2008, TACAS.

[26]  George S. Avrunin,et al.  Breaking up is hard to do: An evaluation of automated assume-guarantee reasoning , 2008, TSEM.

[27]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[28]  Joseph Sifakis,et al.  Automatic Verification Methods for Finite State Systems , 1989, Lecture Notes in Computer Science.

[29]  Sriram K. Rajamani,et al.  SLAM and Static Driver Verifier: Technology Transfer of Formal Methods inside Microsoft , 2004, IFM.

[30]  Ferhat Khendek,et al.  Incremental Construction Approach for Distributed System Specifications , 1993, FORTE.

[31]  Edward A. Lee,et al.  A modular formal semantics for Ptolemy† , 2013, Mathematical Structures in Computer Science.

[32]  Cyrille Jégourel,et al.  Statistical Model Checking QoS Properties of Systems with SBIP , 2012, ISoLA.

[33]  Joseph Sifakis,et al.  The Algebra of Connectors - Structuring Interaction in BIP , 2008, IEEE Trans. Computers.

[34]  Thomas A. Henzinger,et al.  You Assume, We Guarantee: Methodology and Case Studies , 1998, CAV.

[35]  Joseph Sifakis,et al.  Rigorous Component-Based System Design Using the BIP Framework , 2011, IEEE Software.

[36]  Matthieu Herrb,et al.  G/sup en/oM: a tool for the specification and the implementation of operating modules in a distributed robot architecture , 1997, Proceedings of the 1997 IEEE/RSJ International Conference on Intelligent Robot and Systems. Innovative Robotics for Real-World Applications. IROS '97.

[37]  Thomas A. Henzinger,et al.  Interface Theories for Component-Based Design , 2001, EMSOFT.

[38]  Bruno Dutertre,et al.  A Fast Linear-Arithmetic Solver for DPLL(T) , 2006, CAV.

[39]  Jacques Pulou,et al.  Using BIP for Modeling and Verification of Networked Systems -- A Case Study on TinyOS-based Networks , 2007, Sixth IEEE International Symposium on Network Computing and Applications (NCA 2007).

[40]  Joseph Sifakis,et al.  Modeling Dynamic Architectures Using Dy-BIP , 2012, SC@TOOLS.

[41]  Kung-Kiu Lau,et al.  Incremental construction of component-based systems , 2012, CBSE '12.

[42]  Lothar Thiele,et al.  Mapping Applications to Tiled Multiprocessor Embedded Systems , 2007, Seventh International Conference on Application of Concurrency to System Design (ACSD 2007).

[43]  Joseph Sifakis,et al.  Incremental component-based construction and verification using invariants , 2010, Formal Methods in Computer Aided Design.

[44]  Corina S. Pasareanu,et al.  Editorial: automated compositional verification , 2010, IET Softw..

[45]  Günther Blaschek The Omega Library , 1994 .

[46]  Joseph Sifakis,et al.  The Algebra of Connectors—Structuring Interaction in BIP , 2007, IEEE Transactions on Computers.

[47]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.

[48]  Thomas A. Henzinger,et al.  Aligators for arrays , 2010, ICLP 2010.

[49]  Joseph Sifakis,et al.  Component Assemblies in the Context of Manycore , 2011, FMCO.

[50]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[51]  Mrv Michel Chaudron,et al.  A framework for formal component-based software architecting , 2001 .

[52]  Peter J. Stuckey,et al.  Incremental analysis of constraint logic programs , 2000, TOPL.

[53]  Ashutosh Gupta,et al.  Predicate abstraction and refinement for verifying multi-threaded programs , 2011, POPL '11.

[54]  Kevin Cheng,et al.  Rock solid , 2007, INTR.

[55]  Jens Palsberg,et al.  Complexity Results for 1-safe Nets , 1993, FSTTCS.

[56]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[57]  Andrey Rybalchenko,et al.  Compositional Termination Proofs for Multi-threaded Programs , 2012, TACAS.

[58]  Axel Legay,et al.  Verification of an AFDX Infrastructure Using Simulations and Probabilities , 2010, RV.

[59]  Thomas A. Henzinger,et al.  Reactive Modules , 1999, Formal Methods Syst. Des..

[60]  Howard Barringer,et al.  Assumption generation for software component verification , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[61]  Joseph Sifakis,et al.  Priority Systems , 2003, FMCO.

[62]  Kim G. Larsen,et al.  Modal Specifications , 1989, Automatic Verification Methods for Finite State Systems.

[63]  Axel Legay,et al.  Statistical Abstraction and Model-Checking of Large Heterogeneous Systems , 2010 .

[64]  Peter Fritzson,et al.  Modelica - A Unified Object-Oriented Language for System Modelling and Simulation , 1998, ECOOP.

[65]  C. Rattray,et al.  Specification and Verification of Concurrent Systems , 1990, Workshops in Computing.

[66]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[67]  Thanh-Hung Nguyen,et al.  Toward a More Dependable Software Architecture for Autonomous Robots , 2008 .

[68]  Zohar Manna,et al.  Temporal Verification of Reactive Systems , 1995, Springer New York.

[69]  Joseph Sifakis,et al.  Model-based implementation of real-time applications , 2010, EMSOFT '10.

[70]  Thanh-Hung Nguyen,et al.  Designing autonomous robots , 2009, IEEE Robotics & Automation Magazine.

[71]  Kim G. Larsen,et al.  Timed I/O automata: a complete specification theory for real-time systems , 2010, HSCC '10.

[72]  Cormac Flanagan,et al.  Thread-Modular Model Checking , 2003, SPIN.

[73]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[74]  Thomas A. Henzinger,et al.  Aligators for Arrays (Tool Paper) , 2010, LPAR.