Invariants and Robustness of BIP Models

Verification techniques have become popular in software and hardware development. They increase confidence and potentially provide rich feedback. However, with increasing complexity verification techniques are more likely to contain errors themselves. Many verification tools use invariants of the considered systems for their analysis. These invariants are often generated by the verification tools in a first step. The correctness of these invariants is crucial for the analysis results. In this paper we address the problem of automatically generating realistic and guaranteed correct invariants. Since invariant generation mechanisms are error-prone, after the computation of invariants by a verification tool, we formally prove that the generated invariants are indeed invariants of the considered systems using a higher-order theorem prover and automated techniques. We regard invariants for BIP models. BIP (behavior, interaction, priority) is a language for specifying asynchronous component based systems. Proving that an invariant holds often requires an induction on possible system execution traces. For this reason, apart from generating invariants that precisely capture a system's behavior, inductiveness of invariants is an important goal. We establish a notion of robust BIP models. These can automatically be constructed from our original non-robust BIP models and over-approximate their behavior. We motivate that invariants of robust BIP models capture the behavior of systems in a more natural way than invariants of corresponding non-robust BIP models. Robust BIP models take imprecision due to values delivered by sensors into account. Invariants of robust BIP models tend to be inductive and are also invariants of the original non-robust BIP model.

[1]  Jan Olaf Blech,et al.  Certifying deadlock-freedom for BIP models , 2009, SCOPES.

[2]  Sharad Malik,et al.  Validating SAT solvers using an independent resolution-based checker: practical implementations and other applications , 2003, 2003 Design, Automation and Test in Europe Conference and Exhibition.

[3]  Andrew W. Appel,et al.  Foundational proof checkers with small witnesses , 2003, PPDP '03.

[4]  Bruno Dutertre,et al.  A Fast Linear-Arithmetic Solver for DPLL(T) , 2006, CAV.

[5]  Kedar S. Namjoshi,et al.  Certifying Model Checkers , 2001, CAV.

[6]  Zohar Manna,et al.  Temporal verification of reactive systems - safety , 1995 .

[7]  David L. Dill,et al.  Automatic Generation of Invariants in Processor Verification , 1996, FMCAD.

[8]  George C. Necula,et al.  Temporal-Safety Proofs for Systems Code , 2002, CAV.

[9]  Thomas A. Henzinger,et al.  Robust Timed Automata , 1997, HART.

[10]  Henny B. Sipma,et al.  Constructing invariants for hybrid systems , 2008, Formal Methods Syst. Des..

[11]  Hassen Saïdi,et al.  Powerful Techniques for the Automatic Generation of Invariants , 1996, CAV.

[12]  Rance Cleaveland,et al.  Evidence-Based Model Checking , 2002, CAV.

[13]  Thomas A. Henzinger,et al.  The Algorithmic Analysis of Hybrid Systems , 1995, Theor. Comput. Sci..

[14]  Joseph Sifakis,et al.  Compositional Verification for Component-Based Systems and Application , 2008, ATVA.

[15]  George C. Necula,et al.  Proof-Carrying Code , 2011, Encyclopedia of Cryptography and Security.

[16]  Henny B. Sipma,et al.  Constructing invariants for hybrid systems , 2004, Formal Methods Syst. Des..

[17]  Jan Olaf Blech On Certificate Generation and Checking for Deadlock-freedom of BIP Models , 2008 .

[18]  Zohar Manna,et al.  Property-directed incremental invariant generation , 2008, Formal Aspects of Computing.

[19]  Zohar Manna,et al.  Verification in Continuous Time by Discrete Reasoning , 1995, AMAST.

[20]  Joseph Sifakis,et al.  Modeling Heterogeneous Real-time Components in BIP , 2006, Fourth IEEE International Conference on Software Engineering and Formal Methods (SEFM'06).