Modular Model Checking of Software Specifications with Simultaneous Environment Generation

Model checking is a powerful automated formal technique that is used for verifying reactive system’s properties. In practice, model checkers are limited, due to the state explosion problem (the number of states to explore grows exponentially with the number of the system’s processes). Modular verification based on assume-guarantee paradigm mitigates this problem by using a ”divide and conquer” technique: the system’s components are checked with a set of user-supply assumptions of the environment (environment model), and then, these assumptions must be verified on the environment (guarantee or assumption discharge). Unfortunately, this approach is not automated because the user must specify the environment model (assumptions). In this work, a novel technique is shown to, automatically, generate assumptions for all the system’s components. The proposed algorithm simultaneously computes the environments of all components in the system, such as the generated assumptions for a component, which can be used in order to determine the assumptions of another component with the one that communicates it. The assumptions are computed as association rules between the component’s interfaces. We applied our approach to the modular verification of a steam boiler control program.

[1]  Amnon Naamad,et al.  The STATEMATE semantics of statecharts , 1996, TSEM.

[2]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[3]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[4]  Krzysztof R. Apt,et al.  Logics and Models of Concurrent Systems , 1989, NATO ASI Series.

[5]  Martín Abadi,et al.  Conjoining specifications , 1995, TOPL.

[6]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[7]  Paola Inverardi,et al.  Static checking of system behaviors using derived component assumptions , 2000, TSEM.

[8]  Manfred Broy,et al.  Perspectives of System Informatics , 2001, Lecture Notes in Computer Science.

[9]  Natarajan Shankar,et al.  Lazy Compositional Verification , 1997, COMPOS.

[10]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[11]  Kenneth L. McMillan,et al.  Symbolic model checking: an approach to the state explosion problem , 1992 .

[12]  Nancy G. Leveson,et al.  Requirements Specification for Process-Control Systems , 1994, IEEE Trans. Software Eng..

[13]  Jozef Hooman,et al.  Concurrency Verification: Introduction to Compositional and Noncompositional Methods , 2001, Cambridge Tracts in Theoretical Computer Science.

[14]  Lalita Jategaonkar Jagadeesan,et al.  A formal approach to reactive systems software: A telecommunications application in Esterel , 1995, Proceedings of 1995 IEEE Workshop on Industrial-Strength Formal Specification Techniques.

[15]  David Notkin,et al.  Optimizing Symbolic Model Checking for Statecharts , 2001, IEEE Trans. Software Eng..

[16]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[17]  Thomas A. Henzinger,et al.  Interface Theories for Component-Based Design , 2001, EMSOFT.

[18]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[19]  Tomasz Imielinski,et al.  Mining association rules between sets of items in large databases , 1993, SIGMOD Conference.

[20]  Robert P. Kurshan,et al.  Verification of Digital and Hybrid Systems , 2000, NATO ASI Series.

[21]  Egon Börger,et al.  Formal Methods for Industrial Applications , 1996, Lecture Notes in Computer Science.

[22]  Sanjit A. Seshia,et al.  A Modular Checker for Multithreaded Programs , 2002, CAV.

[23]  Lalita Jategaonkar Jagadeesan,et al.  A formal approach to reactive systems software: A telecommunications application in Esterel , 1996, Formal Methods Syst. Des..

[24]  Javier Tuya,et al.  Translating SA/RT Models to Synchronous Reactive Systems: An Approximation to Modular Verification Using the SMV Model Checker , 1999, Ershov Memorial Conference.

[25]  Amir Pnueli,et al.  Compositionality: The Significant Difference , 1999, Lecture Notes in Computer Science.

[26]  Howard Barringer,et al.  Assumption generation for software component verification , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[27]  Egon Börger,et al.  Formal methods for industrial applications : specifying and programming the steam boiler control , 1996 .

[28]  Albert Benveniste,et al.  The synchronous approach to reactive and real-time systems , 1991 .

[29]  Doron A. Peled Combining Partial Order Reductions with On-the-fly Model-Checking , 1994, CAV.