Learning Assumptions for Compositional Verification

Compositional verification is a promising approach to addressing the state explosion problem associated with model checking. One compositional technique advocates proving properties of a system by checking properties of its components in an assume-guarantee style. However, the application of this technique is difficult because it involves non-trivial human input. This paper presents a novel framework for performing assume-guarantee reasoning in an incremental and fully automated fashion. To check a component against a property, our approach generates assumptions that the environment needs to satisfy for the property to hold. These assumptions are then discharged on the rest of the system. Assumptions are computed by a learning algorithm. They are initially approximate, but become gradually more precise by means of counterexamples obtained by model checking the component and its environment, alternately. This iterative process may at any stage conclude that the property is either true or false in the system. We have implemented our approach in the LTSA tool and applied it to a NASA system.

[1]  Laurent Mounier,et al.  Compositional State Space Generation from Lotos Programs , 1997, TACAS.

[2]  Stephen N. Freund,et al.  Thread-Modular Verification for Shared-Memory Programs , 2002, ESOP.

[3]  Dana Angluin,et al.  Learning Regular Sets from Queries and Counterexamples , 1987, Inf. Comput..

[4]  Ronald L. Rivest,et al.  Inference of finite automata using homing sequences , 1989, STOC '89.

[5]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[6]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 2002, JACM.

[7]  Amir Pnueli,et al.  In Transition From Global to Modular Temporal Reasoning about Programs , 1989, Logics and Models of Concurrent Systems.

[8]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[9]  Thomas A. Henzinger,et al.  Interface Theories for Component-Based Design , 2001, EMSOFT.

[10]  Willem P. de Roever,et al.  The rely-guarantee method for verifying shared variable concurrent programs , 1997, Formal Aspects of Computing.

[11]  Alex Groce,et al.  Adaptive Model Checking , 2002, Log. J. IGPL.

[12]  Shing-Chi Cheung,et al.  Context constraints for compositional reachability analysis , 1996, TSEM.

[13]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[14]  Howard Barringer,et al.  Assumption generation for software component verification , 2002, Proceedings 17th IEEE International Conference on Automated Software Engineering,.

[15]  Cliff B. Jones,et al.  Specification and Design of (Parallel) Programs , 1983, IFIP Congress.

[16]  Thomas A. Henzinger,et al.  You Assume, We Guarantee: Methodology and Case Studies , 1998, CAV.

[17]  Edmund M. Clarke,et al.  Model Checking , 1999, Handbook of Automated Reasoning.

[18]  Mark S. Boddy,et al.  An Analysis of Time-Dependent Planning , 1988, AAAI.

[19]  Shing-Chi Cheung,et al.  Behaviour Analysis of Distributed Systems Using the Tracta Approach , 2004, Automated Software Engineering.

[20]  Jeff Magee,et al.  Concurrency - state models and Java programs , 2006 .

[21]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[22]  Shing-Chi Cheung,et al.  Checking safety properties using compositional reachability analysis , 1999, TSEM.

[23]  Edmund M. Clarke,et al.  Compositional model checking , 1989, [1989] Proceedings. Fourth Annual Symposium on Logic in Computer Science.

[24]  Tsun S. Chow,et al.  Testing Software Design Modeled by Finite-State Machines , 1978, IEEE Transactions on Software Engineering.

[25]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.