Modular Verification of Synchronous Programs

In this paper, we develop an approach to the modular verification of synchronous programs. To this end, we have to solve two major problems: First, if a synchronous module is verified without its later context, outputs may not be completely determined (since the calling module may add further actions on the outputs of the called module). It is not difficult to see that the open system obtained by modular compilation simulates the closed one obtained by the linker, and therefore, we can preserve all universal temporal properties. Second, a module call may replace the formal input parameters by expressions which corresponds with a substitution of variables in the symbolic transition relation. In particular, this affects the starting point and potential preemption conditions of the module and can therefore dramatically affect the behavior of the module. For this reason, we have to modify the temporal specifications accordingly. We prove a preservation result for this transformation that defines a simulation preorder modulo substitution. Our results finally determine a proof rule for the verification of module calls in imperative synchronous programs.

[1]  Stephen A. Edwards,et al.  The Synchronous Languages Twelve Years Later , 1997 .

[2]  Klaus Schneider,et al.  Verification of Reactive Systems: Formal Methods and Algorithms , 2003 .

[3]  Nicolas Halbwachs,et al.  A synchronous language at work: the story of Lustre , 2005, Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2005. MEMOCODE '05..

[4]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[5]  Klaus Schneider,et al.  Separate compilation for synchronous programs , 2009, SCOPES.

[6]  Orna Kupferman,et al.  Module Checking , 1996, Inf. Comput..

[7]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[8]  Nicolas Halbwachs,et al.  Synchronous Observers and the Verification of Reactive Systems , 1993, AMAST.

[9]  Patrice Godefroid,et al.  Reasoning about Abstract Open Systems with Generalized Module Checking , 2003, EMSOFT.

[10]  Nicolas Halbwachs,et al.  Synchronous Programming of Reactive Systems , 1992, CAV.

[11]  Gérard Berry,et al.  The Esterel Synchronous Programming Language: Design, Semantics, Implementation , 1992, Sci. Comput. Program..

[12]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[13]  Klaus Schneider,et al.  A hoare calculus for the verification of synchronous languages , 2012, PLPV '12.

[14]  Orna Grumberg,et al.  Modular Model Checking of Software , 1998, TACAS.

[15]  Manuel Gesell,et al.  Interactive verification of synchronous systems , 2012, Tenth ACM/IEEE International Conference on Formal Methods and Models for Codesign (MEMCODE2012).

[16]  Helmut Veith,et al.  25 Years of Model Checking - History, Achievements, Perspectives , 2008, 25 Years of Model Checking.

[17]  A. Merceron Checking Synchronous Programs Using Automatic Abstraction, Modular Veriication and Assumption Discharge , 1996 .

[18]  Thomas A. Henzinger,et al.  Automating Modular Verification , 1999, CONCUR.

[19]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[20]  Stephen A. Edwards,et al.  The synchronous languages 12 years later , 2003, Proc. IEEE.

[21]  Klaus Schneider,et al.  The Synchronous Programming Language Quartz , 2009 .