Algorithmic Verification of Component-based Systems

This dissertation discusses algorithmic verification techniques for concurrent component-based systems modeled in the Behavior-Interaction-Priority (BIP) framework with both bounded and unbounded concurrency. BIP is a component framework for mixed software/hardware system design in a rigorous and correct-by-construction manner. System design is defined as a formal, accountable and coherent process for deriving trustworthy and optimised implementations from high-level system models and the corresponding execution platform descriptions. The essential properties of a system model are guaranteed at the earliest possible design phase, and a correct implementation is then automatically generated from the validated high-level system model through a sequence of property preserving model transformations, which progressively refines the model with details specific to the target execution platform. The first major contribution of this dissertation is an efficient safety verification technique for BIP system models, where the number of participating components is fixed and the data variables can have infinite domains, but their manipulation is limited to linear arithmetic. The key insight of our technique is to take advantage of the structure features of the BIP system and handle the computation in the components and coordination between the components in the verification separately. On the computation level, we apply the state-of-the-art counterexample abstraction techniques to reason about the behavior of components and explore all the possible reachable states ; while on the coordination level, we exploit both partial order techniques and symmetry reduction techniques to handle the state space explosion problem due to concurrency, and reduce the redundant interleavings of concurrent interactions. We have implemented the proposed techniques in a prototype tool and carried out a comprehensive performance evaluation on a set of BIP system models. The second major contribution of this dissertation is a uniform design and verification framework for parameterized systems based on BIP. Parameterized systems are systems consisting of homogeneous processes, and the parameter indicates the number of such processes in the system. A parameterized system, therefore, describes an infinite family of systems, where instances of the family can be obtained by fixing the value of the parameter. Verification of correctness of such systems amounts to verifying the correctness of every member of the infinite family described by the system. First of all, we propose the first order interaction logic (FOIL) as a formal language for parameterized system architectures and communication primitives. This logic is powerful enough to express architectures found in distributed systems, including the classical architectures : token-passing rings, rendezvous cliques, broadcast cliques, rendezvous stars. We also identify a fragment of FOIL that is well-suited for the specification of parameterized BIP systems and prove its decidability. Second, we provide a framework for the integration of mathematical models from the parameterized model checking literature in an automated way. With our new framework, we close the gap between the mathematical formalisms and algorithms from the parameterized verification research and the practice of parameterized verification, which is usually done by engineers who are not familiar with the details of the literature.

[1]  Joseph Sifakis,et al.  D-Finder: A Tool for Compositional Deadlock Detection and Verification , 2009, CAV.

[2]  Krzysztof R. Apt,et al.  Limits for Automatic Verification of Finite-State Concurrent Systems , 1986, Inf. Process. Lett..

[3]  Vineet Kahlon,et al.  Reducing Model Checking of the Many to the Few , 2000, CADE.

[4]  Antti Valmari,et al.  A state space tool for concurrent system models expressed in C++ , 2015, SPLST.

[5]  Philippe Schnoebelen,et al.  Well-structured transition systems everywhere! , 2001, Theor. Comput. Sci..

[6]  Cadence Berkeley Labs Applications of Craig Interpolants in Model Checking , 2005 .

[7]  Ashutosh Gupta,et al.  Predicate abstraction and refinement for verifying multi-threaded programs , 2011, POPL '11.

[8]  Somesh Jha,et al.  Exploiting Symmetry In Temporal Logic Model Checking , 1993, CAV.

[9]  William Craig,et al.  Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory , 1957, Journal of Symbolic Logic.

[10]  Amir Pnueli,et al.  Automatic Deductive Verification with Invisible Invariants , 2001, TACAS.

[11]  Taylor T. Johnson,et al.  A Small Model Theorem for Rectangular Hybrid Automata Networks , 2012, FMOODS/FORTE.

[12]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[13]  Joseph Y. Halpern Presburger arithmetic with unary predicates is Π11 complete , 1991, Journal of Symbolic Logic.

[14]  Marco Roveri,et al.  Software Model Checking with Explicit Scheduler and Symbolic Threads , 2012, Log. Methods Comput. Sci..

[15]  Doron A. Peled,et al.  All from One, One for All: on Model Checking Using Representatives , 1993, CAV.

[16]  Benjamin Männel,et al.  CubETH: low cost GNSS space experiment for precise orbit determination , 2014 .

[17]  E. Allen Emerson,et al.  From Asymmetry to Full Symmetry: New Techniques for Symmetry Reduction in Model Checking , 1999, CHARME.

[18]  Seif Haridi,et al.  Distributed Algorithms , 1992, Lecture Notes in Computer Science.

[19]  Parosh Aziz Abdulla,et al.  Constrained Monotonic Abstraction: A CEGAR for Parameterized Verification , 2010, CONCUR.

[20]  Christel Baier,et al.  Principles of model checking , 2008 .

[21]  Alberto Griggio,et al.  Software Model Checking via IC3 , 2012, CAV.

[22]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[23]  Antti Valmari,et al.  Stubborn Set Intuition Explained , 2016, PNSE @ Petri Nets.

[24]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[25]  Richard M. Karp,et al.  Parallel Program Schemata , 1969, J. Comput. Syst. Sci..

[26]  Antti Valmari,et al.  Stop It, and Be Stubborn! , 2015, 2015 15th International Conference on Application of Concurrency to System Design.

[27]  Patrice Godefroid Using Partial Orders to Improve Automatic Verification Methods , 1990, CAV.

[28]  Georg Weissenbacher,et al.  Counterexample to Induction-Guided Abstraction-Refinement (CTIGAR) , 2014, CAV.

[29]  Kedar S. Namjoshi,et al.  Reasoning about rings , 1995, POPL '95.

[30]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[31]  Karsten Stahl,et al.  Abstracting WS1S Systems to Verify Parameterized Networks , 2000, TACAS.

[32]  Qiang Wang,et al.  Formal Verification of Infinite-State BIP Models , 2015, ATVA.

[33]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[34]  Parosh Aziz Abdulla,et al.  Regular Model Checking Without Transducers (On Efficient Verification of Parameterized Systems) , 2007, TACAS.

[35]  A. Prasad Sistla Symmetry Reductions in Model-Checking , 2003, VMCAI.

[36]  Thomas A. Henzinger,et al.  Thread-Modular Abstraction Refinement , 2003, CAV.

[37]  Ashutosh Gupta,et al.  Threader: A Constraint-Based Verifier for Multi-threaded Programs , 2011, CAV.

[38]  Muffy Calder,et al.  Symmetry in temporal logic model checking , 2006, CSUR.

[39]  Lacramioara Astefanoaei,et al.  Compositional Verification of Parameterised Timed Systems , 2015, NFM.

[40]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[41]  Stefano Tonetta,et al.  Abstract Model Checking without Computing the Abstraction , 2009, FM.

[42]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[43]  Silvio Ghilardi,et al.  MCMT: A Model Checker Modulo Theories , 2010, IJCAR.

[44]  Kenneth L. McMillan,et al.  Lazy Abstraction with Interpolants , 2006, CAV.

[45]  Joseph Sifakis,et al.  The Algebra of Connectors - Structuring Interaction in BIP , 2008, IEEE Trans. Computers.

[46]  Kedar S. Namjoshi,et al.  On model checking for non-deterministic infinite-state systems , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[47]  Antti Valmari,et al.  Stubborn sets for reduced state space generation , 1991, Applications and Theory of Petri Nets.

[48]  Joseph Sifakis,et al.  Compositional Verification for Component-Based Systems and Application , 2008, ATVA.

[49]  Edmund M. Clarke,et al.  State space reduction using partial order techniques , 1999, International Journal on Software Tools for Technology Transfer.

[50]  Marco Roveri,et al.  The nuXmv Symbolic Model Checker , 2014, CAV.

[51]  Helmut Veith,et al.  Verification by Network Decomposition , 2004, CONCUR.

[52]  Philippe Schnoebelen,et al.  The Power of Well-Structured Systems , 2013, CONCUR.

[53]  Ludwig Staiger,et al.  Ω-languages , 1997 .

[54]  C. A. R. HOARE,et al.  An axiomatic basis for computer programming , 1969, CACM.

[55]  Joseph Sifakis,et al.  Configuration Logics: Modelling Architecture Styles , 2015, FACS.

[56]  Kenneth L. McMillan Interpolants and Symbolic Model Checking , 2007, VMCAI.

[57]  Joseph Sifakis,et al.  A Unified Approach for Studying the Properties of Transition Systems , 1982, Theor. Comput. Sci..

[58]  Parosh Aziz Abdulla Regular model checking , 2011, International Journal on Software Tools for Technology Transfer.

[59]  Alberto Griggio,et al.  IC3 Modulo Theories via Implicit Predicate Abstraction , 2013, TACAS.

[60]  François Vernadat,et al.  Covering Step Graph , 1996, Application and Theory of Petri Nets.

[61]  Joseph Sifakis,et al.  Modeling Dynamic Architectures Using Dy-BIP , 2012, SC@TOOLS.

[62]  Sami Evangelista,et al.  Solving the ignoring problem for partial order reduction , 2010, International Journal on Software Tools for Technology Transfer.

[63]  Kathleen Fisher Using formal methods to enable more secure vehicles: DARPA's HACMS program , 2014, ICFP.

[64]  Helmut Veith,et al.  25 Years of Model Checking - History, Achievements, Perspectives , 2008, 25 Years of Model Checking.

[65]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[66]  Darren D. Cofer,et al.  Software model checking takes off , 2010, Commun. ACM.

[67]  Somesh Jha,et al.  Combining Partial Order and Symmetry Reductions , 1997, TACAS.

[68]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[69]  Thomas Wahl,et al.  Replication and Abstraction: Symmetry in Automated Formal Verification , 2010, Symmetry.

[70]  Albert Oliveras,et al.  SMT Techniques for Fast Predicate Abstraction , 2006, CAV.

[71]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[72]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[73]  Parosh Aziz Abdulla,et al.  Monotonic Abstraction: on Efficient Verification of Parameterized Systems , 2009, Int. J. Found. Comput. Sci..

[74]  Robert K. Brayton,et al.  Partial-Order Reduction in Symbolic State-Space Exploration , 2001, Formal Methods Syst. Des..

[75]  Thomas A. Henzinger,et al.  Abstractions from proofs , 2004, SIGP.

[76]  Amir Pnueli,et al.  Liveness with (0, 1, infty)-Counter Abstraction , 2002, CAV.

[77]  A. Prasad Sistla,et al.  Symmetry and model checking , 1993, Formal Methods Syst. Des..

[78]  Silvio Ghilardi,et al.  Towards SMT Model Checking of Array-Based Systems , 2008, IJCAR.

[79]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[80]  Andreas Podelski,et al.  Thread-Modular Verification Is Cartesian Abstract Interpretation , 2006, ICTAC.

[81]  Stephan Merz,et al.  Model Checking , 2000 .

[82]  Thomas A. Henzinger,et al.  The Algorithmic Analysis of Hybrid Systems , 1995, Theor. Comput. Sci..

[83]  Joseph Sifakis,et al.  Rigorous Component-Based System Design Using the BIP Framework , 2011, IEEE Software.

[84]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[85]  Marco Roveri,et al.  Kratos - A Software Model Checker for SystemC , 2011, CAV.

[86]  Helmut Veith,et al.  Parameterized model checking of rendezvous systems , 2014, Distributed Computing.

[87]  Chao Wang,et al.  ConcBugAssist: constraint solving for diagnosis and repair of concurrency bugs , 2015, ISSTA.

[88]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[89]  Shuvendu K. Lahiri,et al.  A Symbolic Approach to Predicate Abstraction , 2003, CAV.

[90]  Wang Yi,et al.  Horn Clauses for Communicating Timed Systems , 2014, HCVS.

[91]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[92]  Antoni W. Mazurkiewicz,et al.  Trace Theory , 1986, Advances in Petri Nets.

[93]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[94]  Zohar Manna,et al.  The Temporal Logic of Reactive and Concurrent Systems , 1991, Springer New York.

[95]  Antti Valmari A stubborn attack on state explosion , 1992, Formal Methods Syst. Des..

[96]  S. Rajamani,et al.  A decade of software model checking with SLAM , 2011, Commun. ACM.

[97]  Helmut Veith,et al.  Decidability of Parameterized Verification , 2015, Synthesis Lectures on Distributed Computing Theory.

[98]  Andreas Wilhelm,et al.  Reduction for compositional verification of multi-threaded programs , 2014, 2014 Formal Methods in Computer-Aided Design (FMCAD).

[99]  Doron A. Peled,et al.  Ten Years of Partial Order Reduction , 1998, CAV.

[100]  Radu Iosif Symmetry reductions for model checking of concurrent dynamic software , 2004, International Journal on Software Tools for Technology Transfer.

[101]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[102]  Viktor Kuncak,et al.  A Verification Toolkit for Numerical Transition Systems - Tool Paper , 2012, FM.

[103]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[104]  Vineet Kahlon,et al.  Model checking guarded protocols , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[105]  Alberto Griggio,et al.  The MathSAT5 SMT Solver , 2013, TACAS.

[106]  Daniel Kroening,et al.  Counterexample-guided abstraction refinement for symmetric concurrent programs , 2012, Formal Methods in System Design.

[107]  Parosh Aziz Abdulla,et al.  Optimal dynamic partial order reduction , 2014, POPL.

[108]  Joseph Sifakis System Design Automation: Challenges and Limitations , 2015, Proceedings of the IEEE.

[109]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[110]  Joël Ouaknine,et al.  Verifying multi-threaded software with impact , 2013, 2013 Formal Methods in Computer-Aided Design.

[111]  Thomas A. Henzinger,et al.  The Discipline of Embedded Systems Design , 2007, Computer.

[112]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[113]  Sriram K. Rajamani,et al.  The SLAM Toolkit , 2001, CAV.

[114]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[115]  Joseph Sifakis,et al.  A Theory Agenda for Component-Based Design , 2015, Software, Services, and Systems.

[116]  Chao Wang,et al.  Peephole Partial Order Reduction , 2008, TACAS.

[117]  Ichiro Suzuki,et al.  Proving Properties of a Ring of Finite-State Machines , 1988, Inf. Process. Lett..

[118]  Robert K. Brayton,et al.  Efficient implementation of property directed reachability , 2011, 2011 Formal Methods in Computer-Aided Design (FMCAD).

[119]  Chao Wang,et al.  Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique , 2009, CAV.

[120]  Thomas A. Henzinger,et al.  The Embedded Systems Design Challenge , 2006, FM.

[121]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[122]  Alain Finkel,et al.  On the verification of broadcast protocols , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[123]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[124]  Cormac Flanagan,et al.  Thread-Modular Model Checking , 2003, SPIN.

[125]  Thomas Wahl,et al.  Dynamic Symmetry Reduction , 2005, TACAS.

[126]  Jun Sun,et al.  Diamonds Are a Girl's Best Friend: Partial Order Reduction for Timed Automata with Abstractions , 2014, CAV.

[127]  Henri Hansen,et al.  Abstractions for Transition Systems with Applications to Stubborn Sets , 2017, Concurrency, Security, and Puzzles.

[128]  Aaron R. Bradley,et al.  SAT-Based Model Checking without Unrolling , 2011, VMCAI.

[129]  Alfons Laarman,et al.  Dynamic Reductions for Model Checking Concurrent Software , 2017, VMCAI.

[130]  Jean-François Raskin,et al.  Expand, Enlarge and Check: New algorithms for the coverability problem of WSTS , 2006, J. Comput. Syst. Sci..

[131]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[132]  Kenneth L. McMillan,et al.  Symbolic model checking , 1992 .

[133]  David L. Dill,et al.  Better verification through symmetry , 1996, Formal Methods Syst. Des..

[134]  A. Prasad Sistla,et al.  Reasoning about systems with many processes , 1992, JACM.

[135]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[136]  Corina S. Pasareanu,et al.  Automated Assume-Guarantee Reasoning by Abstraction Refinement , 2008, CAV.

[137]  Fabio Somenzi,et al.  Proving Parameterized Systems Safe by Generalizing Clausal Proofs of Small Instances , 2016, CAV.

[138]  Parosh Aziz Abdulla,et al.  Parameterized Verification of Infinite-State Processes with Global Conditions , 2007, CAV.

[139]  Robert W. Floyd,et al.  Assigning Meanings to Programs , 1993 .

[140]  Amir Pnueli,et al.  Network Invariants in Action , 2002, CONCUR.

[141]  Joseph Sifakis Rigorous system design , 2014, PODC '14.