Automatic generation of assumptions for modular verification of software specifications

Model checking is a powerful automated technique mainly used for the verification of properties of reactive systems. In practice, model checkers are limited due to the state explosion problem. Modular verification based on the assume-guarantee paradigm mitigates this problem using a "divide and conquer" technique. Unfortunately, this approach is not automated, for the reason that the user must specify the environment model. In this paper, a novel technique is presented for automatically generating component assumptions based on the behaviour of the environment (the remainder of components of the systems). In the first phase, the environment of the component is computed using state space exploration techniques, and then the assumptions are generated as association rules of the component environment interface. This approach presents a number of advantages. Firstly, user assistance to specify assumptions is not necessary and assumption discharge is avoided. Secondly, the component assumptions are more restrictive and real, and therefore reduce the resources needed by the model checker. The technique is applied to the specification of a steam boiler system.

[1]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[2]  Natarajan Shankar,et al.  Lazy Compositional Verification , 1997, COMPOS.

[3]  Howard Barringer,et al.  Proof Rules for Automated Compositional Verification through Learning , 2003 .

[4]  Howard Barringer,et al.  Component Verification with Automatically Generated Assumptions , 2005, Automated Software Engineering.

[5]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[6]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[7]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[8]  Egon Börger,et al.  Formal methods for industrial applications : specifying and programming the steam boiler control , 1996 .

[9]  Thomas A. Henzinger,et al.  Interface Theories for Component-Based Design , 2001, EMSOFT.

[10]  George S. Avrunin,et al.  Breaking up is hard to do: an investigation of decomposition for assume-guarantee reasoning , 2006, ISSTA '06.

[11]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[12]  Thomas A. Henzinger,et al.  You Assume, We Guarantee: Methodology and Case Studies , 1998, CAV.

[13]  Doron A. Peled,et al.  Combining partial order reductions with on-the-fly model-checking , 1994, Formal Methods Syst. Des..

[14]  Rakesh Agarwal,et al.  Fast Algorithms for Mining Association Rules , 1994, VLDB 1994.

[15]  Javier Tuya,et al.  Dynamic analysis of SA/RT models using Spin and modular verification , 1996, The Spin Verification System.

[16]  Shing-Chi Cheung,et al.  Context constraints for compositional reachability analysis , 1996, TSEM.

[17]  Thomas A. Henzinger,et al.  Thread-Modular Abstraction Refinement , 2003, CAV.

[18]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[19]  David Notkin,et al.  Optimizing Symbolic Model Checking for Statecharts , 2001, IEEE Trans. Software Eng..

[20]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[21]  Randal E. Bryant,et al.  Graph-Based Algorithms for Boolean Function Manipulation , 1986, IEEE Transactions on Computers.

[22]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[23]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[24]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[25]  Tomasz Imielinski,et al.  Mining association rules between sets of items in large databases , 1993, SIGMOD Conference.

[26]  Cliff B. Jones,et al.  Tentative steps toward a development method for interfering programs , 1983, TOPL.

[27]  Matthew B. Dwyer,et al.  Automated environment generation for software model checking , 2003, 18th IEEE International Conference on Automated Software Engineering, 2003. Proceedings..

[28]  Paola Inverardi,et al.  Static checking of system behaviors using derived component assumptions , 2000, TSEM.

[29]  Lalita Jategaonkar Jagadeesan,et al.  A formal approach to reactive systems software: A telecommunications application in Esterel , 1996, Formal Methods Syst. Des..

[30]  Torben Amtoft,et al.  Faithful Translations between Polyvariant Flows and Polymorphic Types , 2000, ESOP.

[31]  Lalita Jategaonkar Jagadeesan,et al.  A formal approach to reactive systems software: A telecommunications application in Esterel , 1995, Proceedings of 1995 IEEE Workshop on Industrial-Strength Formal Specification Techniques.

[32]  Cormac Flanagan,et al.  Thread-Modular Model Checking , 2003, SPIN.

[33]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[34]  Javier Tuya,et al.  Translating SA/RT Models to Synchronous Reactive Systems: An Approximation to Modular Verification Using the SMV Model Checker , 1999, Ershov Memorial Conference.

[35]  Thomas A. Henzinger,et al.  Automating Modular Verification , 1999, CONCUR.

[36]  David Notkin,et al.  Model checking large software specifications , 1996, SIGSOFT '96.

[37]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[38]  Joanne M. Atlee,et al.  Feasibility of model checking software requirements: a case study , 1996, Proceedings of 11th Annual Conference on Computer Assurance. COMPASS '96.

[39]  Philip S. Yu,et al.  Online generation of association rules , 1998, Proceedings 14th International Conference on Data Engineering.

[40]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[41]  Alex Groce,et al.  Efficient Verification of Sequential and Concurrent C Programs , 2004, Formal Methods Syst. Des..

[42]  Jakob Rehof,et al.  A Behavioral Module System for the Pi-Calculus , 2001, SAS.

[43]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[44]  Ramakrishnan Srikant,et al.  Fast Algorithms for Mining Association Rules in Large Databases , 1994, VLDB.

[45]  Susanne Graf,et al.  Compositional Minimization of Finite State Systems Using Interface Speciications , 1995 .

[46]  Amir Pnueli,et al.  On the Formal Semantics of Statecharts (Extended Abstract) , 1987, LICS.

[47]  Sagar Chaki,et al.  Automated Assume-Guarantee Reasoning for Simulation Conformance , 2005, CAV.