Compositional model checking with divergence preserving branching bisimilarity is lively

Abstract Compositional model checking approaches attempt to limit state space explosion by iteratively combining the behaviour of the components in a concurrent system and reducing the result modulo an appropriate equivalence relation. In this article, we consider Labelled Transition Systems (LTSs), in which transitions are labelled by actions, to describe component behaviour, and LTS networks to combine the behaviour of all components in a system. For an equivalence relation to be useful for the compositional model checking of LTS networks, it should be a congruence for the parallel composition operator that is used to combine component behaviour. Such an operator may define synchronisations between the actions of component transitions. An equivalence relation preserving both safety and liveness properties is divergence-preserving branching bisimilarity (DPBB). It has long been generally assumed that DPBB is a congruence for parallel composition. Fokkink, Van Glabbeek and Luttik recently proposed a congruence format that implies that this is the case. In parallel, we were the first to prove, by means of the Coq proof assistant, that DPBB is a congruence for the parallel composition of two LTS networks with synchronisation on transition labels. In the current article, we also consider an instance of our parallel composition operator that is both associative and commutative, which are two essential properties for the compositional construction of state spaces. Furthermore, we show that DPBB is a congruence for LTS networks in which many LTSs are composed in parallel at once with support for multi-party synchronisation. Additionally, we discuss how to safely decompose an existing LTS network into components such that their recomposition is equivalent to the original LTS network. Finally, to demonstrate the effectiveness of compositional model checking with intermediate DPBB reductions, we discuss the results we obtained after having conducted a number of experiments.

[1]  Ivan Lanese,et al.  Towards a Unifying Theory for Web Services Composition , 2006, WS-FM.

[2]  Chris Verhoef,et al.  A Congruence Theorem for Structured Operational Semantics with Predicates and Negative Premises , 1994, Nord. J. Comput..

[3]  Anton Wijs Confluence Detection for Transformations of Labelled Transition Systems , 2015, GaM.

[4]  Anton Wijs GPU Accelerated Strong and Branching Bisimilarity Checking , 2015, TACAS.

[5]  Hubert Garavel,et al.  Specification and Verification of Various Distributed Leader Election Algorithms for Unidirectional Ring Networks , 1997, Sci. Comput. Program..

[6]  Jan A. Bergstra,et al.  Process Algebra for Synchronous Communication , 1984, Inf. Control..

[7]  Anton Wijs,et al.  From Χt to μCRL : Combining performance and functional analysis , 2004 .

[8]  Anton Wijs,et al.  Define, Verify, Refine: Correct Composition and Transformation of Concurrent System Semantics , 2013, FACS.

[9]  Pierre Castéran,et al.  Interactive Theorem Proving and Program Development , 2004, Texts in Theoretical Computer Science An EATCS Series.

[10]  Irek Ulidowski,et al.  Ordered SOS process languages for branching and Eager bisimulation , 2002 .

[11]  Anton Wijs,et al.  What to do next? Analysing and optimising system behaviour in time , 2007 .

[12]  Jan Friso Groote,et al.  An O(mlogn) Algorithm for Computing Stuttering Equivalence and Branching Bisimulation , 2017, ACM Trans. Comput. Log..

[13]  Anton Wijs,et al.  REFINER: Towards Formal Verification of Model Transformations , 2014, NASA Formal Methods.

[14]  Andrew William Roscoe,et al.  The Theory and Practice of Concurrency , 1997 .

[15]  Kim G. Larsen,et al.  A modal specification theory for components with data , 2011, Sci. Comput. Program..

[16]  Shing-Chi Cheung,et al.  Verification of liveness properties using compositional reachability analysis , 1997, ESEC '97/FSE-5.

[17]  Radu Mateescu,et al.  Compositional verification of asynchronous concurrent systems using CADP , 2015, Acta Informatica.

[18]  Radek Pelánek,et al.  BEEM: Benchmarks for Explicit Model Checkers , 2007, SPIN.

[19]  Bas Luttik,et al.  Branching Bisimilarity with Explicit Divergence , 2009, Fundam. Informaticae.

[20]  Rob J. van Glabbeek,et al.  Branching time and abstraction in bisimulation semantics , 1996, JACM.

[21]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[22]  George S. Avrunin,et al.  Comparing Finite-State Verification Techniques for Concurrent Software , 1999 .

[23]  Gary L. Peterson,et al.  Myths About the Mutual Exclusion Problem , 1981, Inf. Process. Lett..

[24]  Lubos Brim,et al.  DiVinE 3.0 - An Explicit-State Model Checker for Multithreaded C & C++ Programs , 2013, CAV.

[25]  A. Prasad Sistla,et al.  Symmetry Reductions in Model Checking , 1998, CAV.

[26]  Anton Wijs,et al.  To Compose, or Not to Compose, That Is the Question: An Analysis of Compositional State Space Generation , 2018, FM.

[27]  Jan Friso Groote,et al.  An O(m\log n) Algorithm for Stuttering Equivalence and Branching Bisimulation , 2016, TACAS.

[28]  Henrik Reif Andersen,et al.  Partial model checking , 1995, Proceedings of Tenth Annual IEEE Symposium on Logic in Computer Science.

[29]  Orna Grumberg,et al.  Automated Circular Assume-Guarantee Reasoning with N-way Decomposition and Alphabet Refinement , 2016, CAV.

[30]  Stephan Merz,et al.  Model Checking , 2000 .

[31]  A. Prasad Sistla Symmetry Reductions in Model-Checking , 2003, VMCAI.

[32]  Henrik Reif Andersen,et al.  Partial model checking of modal equations: A survey , 1999, International Journal on Software Tools for Technology Transfer.

[33]  Florence Maraninchi,et al.  Operational and Compositional Semantics of Synchronous Automaton Compositions , 1992, CONCUR.

[34]  L. Spaninks An axiomatisation for rooted branching bisimulation with explicit divergence , 2013 .

[35]  Cees T. A. M. de Laat,et al.  A Medium-Scale Distributed System for Computer Science Research: Infrastructure for the Long Term , 2016, Computer.

[36]  Anton Wijs Achieving Discrete Relative Timing with Untimed Process Algebra , 2007, 12th IEEE International Conference on Engineering Complex Computer Systems (ICECCS 2007).

[37]  Anton Wijs,et al.  Compositional Model Checking Is Lively , 2017, FACS.

[38]  Anton Wijs,et al.  From χt to µCRL: Combining Performance and Functional Analysis , 2005, 10th IEEE International Conference on Engineering of Complex Computer Systems (ICECCS'05).

[39]  David Luckham,et al.  Debugging Ada Tasking Programs , 1985, IEEE Software.

[40]  Scw Bas Ploeger,et al.  Analysis of ACS using mCRL2 , 2009 .

[41]  Mihaela Sighireanu,et al.  A Graphical Parallel Composition Operator for Process Algebras , 1999, FORTE.

[42]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[43]  Erik P. de Vink,et al.  The mCRL2 Toolset for Analysing Concurrent Systems - Improvements in Expressivity and Usability , 2019, TACAS.

[44]  Laurent Mounier,et al.  Compositional State Space Generation from Lotos Programs , 1997, TACAS.

[45]  Frédéric Lang,et al.  Refined Interfaces for Compositional Verification , 2006, FORTE.

[46]  Òòòðð,et al.  Shared-memory Mutual Exclusion: Major Research Trends Since 1986 , 1986 .

[47]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[48]  G. G. Stokes "J." , 1890, The New Yale Book of Quotations.

[49]  Bas Luttik,et al.  Divide and Congruence III: Stability & Divergence , 2017, CONCUR.

[50]  Bas Luttik,et al.  Computation Tree Logic with Deadlock Detection , 2009, Log. Methods Comput. Sci..

[51]  S. P. Luttik Description and formal specification of the Link Layer of P1394 , 1997, FME 1997.

[52]  Judi Romijn Model checking the HAVi leader election protocol , 1999 .

[53]  Anton Wijs,et al.  Compositional Model Checking with Incremental Counter-Example Construction , 2017, CAV.

[54]  Iso. Lotos,et al.  A Formal Description Technique Based on the Temporal Ordering of Observational Behaviour , 1985 .

[55]  Gérard Cécé Foundation for a series of efficient simulation algorithms , 2017, 2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science (LICS).

[56]  Iain C. C. Phillips,et al.  Ordered SOS Process Languages for Branching and Eager Bisimulations , 2002, Inf. Comput..

[57]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[58]  Wan Fokkink,et al.  Is Timed Branching Bisimilarity a Congruence Indeed? , 2008, Fundam. Informaticae.

[59]  Anton Wijs,et al.  Efficient Property Preservation Checking of Model Refinements , 2013, TACAS.

[60]  Yves Bertot,et al.  Interactive Theorem Proving and Program Development: Coq'Art The Calculus of Inductive Constructions , 2010 .

[61]  Frédéric Lang,et al.  Smart Reduction , 2011, FASE.

[62]  Frédéric Lang,et al.  Exp.Open 2.0: A Flexible Tool Integrating Partial Order, Compositional, and On-The-Fly Verification Methods , 2005, IFM.

[63]  Bard Bloom,et al.  Structural Operational Semantics for Weak Bisimulations , 1995, Theor. Comput. Sci..

[64]  Doron A. Peled,et al.  Ten Years of Partial Order Reduction , 1998, CAV.

[65]  Christel Baier,et al.  Principles of model checking , 2008 .

[66]  César Viho,et al.  An Industrial Experiment in Automatic Generation of Executable Test Suites for a Cache Coherency Protocol , 1998, IWTCS.

[67]  Anton Wijs,et al.  Verifying a Verifier: On the Formal Correctness of an LTS Transformation Verification Technique , 2016, FASE.

[68]  Anton Wijs,et al.  Property-dependent reductions adequate with divergence-sensitive branching bisimilarity , 2014, Sci. Comput. Program..