Verification of liveness properties using compositional reachability analysis

The software architecture of a distributed program can be represented by a hierarchical composition of subsystems, with interacting processes at the leaves of the hierarchy. Compositional reachability analysis (CRA) is a promising state reduction technique which can be automated and used to derive in stages the overall behaviour of a distributed program based on its architecture. Conventional CRA however has a limitation. The properties available for analysis after composition and reduction are constrained by the set of actions that remain globally observable. The liveness properties which involve internal actions of subsystems may therefore not be analysed. In this paper, we extend compositional reachability analysis to check liveness properties which may involve actions that are not globally observable. In particular, our approach permits the hiding of actions independently of the liveness properties that are to be verified in the final graph. In addition, it supports the simultaneous checking of multiple properties (both liveness and safety), and identifies those properties that are violated. The effectiveness of the extended technique is illustrated using a case study of a Reliable Multicast Transport Protocol (RMTP) with over 96,000 states and 660,000 transitions.

[1]  Alexander Moshe Rabinovich,et al.  Checking Equivalences Between Concurrent Systems of Finite Agents (Extended Abstract) , 1992, ICALP.

[2]  Pierre Wolper,et al.  Adding liveness properties to coupled finite-state machines , 1990, TOPL.

[3]  Peter Øhrstrøm,et al.  Temporal Logic , 1994, Lecture Notes in Computer Science.

[4]  Shing-Chi Cheung,et al.  Context constraints for compositional reachability analysis , 1996, TSEM.

[5]  Bowen Alpern,et al.  Verifying temporal properties without temporal logic , 1989, TOPL.

[6]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[7]  Sanjoy Paul,et al.  RMTP: a reliable multicast transport protocol , 1996, Proceedings of IEEE INFOCOM '96. Conference on Computer Communications.

[8]  Alasdair Urquhart,et al.  Temporal Logic , 1971 .

[9]  Shing-Chi Cheung,et al.  Tracta : an environment for analysing the behaviour of distributed systems , 1997 .

[10]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[11]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[12]  John Beidler,et al.  Data Structures and Algorithms , 1996, Wiley Encyclopedia of Computer Science and Engineering.

[13]  Richard Gerber,et al.  Compositional verification by model checking for counter-examples , 1996, ISSTA '96.

[14]  George S. Avrunin,et al.  Automated Analysis of Concurrent Systems With the Constrained Expression Toolset , 1991, IEEE Trans. Software Eng..

[15]  Kasper Østerbye,et al.  Nordic Workshop on Programming Environment Research , 1992 .

[16]  Orna Grumberg,et al.  Verification of Temporal Properties , 1993, J. Log. Comput..

[17]  Michal Young,et al.  Compositional reachability analysis using process algebra , 1991, TAV4.

[18]  Gregory R. Andrews,et al.  Concurrent programming - principles and practice , 1991 .

[19]  Wei Jen Yeh Controlling state explosion in reachability analysis , 1993 .

[20]  Jeff Magee,et al.  Exposing the Skeleton in the Coordination Closet , 1997, COORDINATION.

[21]  Krishan K. Sabnani,et al.  An algorithmic procedure for checking safety properties of protocols , 1989, IEEE Trans. Commun..

[22]  Thierry Jéron,et al.  On-the-fly verification of finite transition systems , 1992, Formal Methods Syst. Des..

[23]  Shing-Chi Cheung,et al.  Checking subsystem safety properties in compositional reachability analysis , 1996, Proceedings of IEEE 18th International Conference on Software Engineering.

[24]  Scott A. Smolka,et al.  Winston: A Tool for Hierarchical Design and Simulation of Concurrent Systems , 1988, Specification and Verification of Concurrent Systems.