Library-based scalable refinement checking for contract-based design

Given a global specification contract and a system described by a composition of contracts, system verification reduces to checking that the composite contract refines the specification contract, i.e. that any implementation of the composite contract implements the specification contract and is able to operate in any environment admitted by it. Contracts are captured using high-level declarative languages, for example, linear temporal logic (LTL). In this case, refinement checking reduces to an LTL satisfiability checking problem, which can be very expensive to solve for large composite contracts. This paper proposes a scalable refinement checking approach that relies on a library of contracts and local refinement assertions. We propose an algorithm that, given such a library, breaks down the refinement checking problem into multiple successive refinement checks, each of smaller scale. We illustrate the benefits of the approach on an industrial case study of an aircraft electric power system, with up to two orders of magnitude improvement in terms of execution time.

[1]  Alberto L. Sangiovanni-Vincentelli,et al.  Quo Vadis, SLD? Reasoning About the Trends and Challenges of System Level Design , 2007, Proceedings of the IEEE.

[2]  László Babai,et al.  Canonical labeling of graphs , 1983, STOC.

[3]  Kenneth L. McMillan,et al.  Automated assumption generation for compositional verification , 2007, Formal Methods Syst. Des..

[4]  Ufuk Topcu,et al.  Distributed power allocation for vehicle management systems , 2011, IEEE Conference on Decision and Control and European Control Conference.

[5]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[6]  Roberto Passerone,et al.  Multiple Viewpoint Contract-Based Specification and Design , 2008, FMCO.

[7]  Ufuk Topcu,et al.  Automatic Synthesis of Robust Embedded Control Software , 2010, AAAI Spring Symposium: Embedded Reasoning.

[8]  A. Prasad Sistla,et al.  The complexity of propositional linear temporal logics , 1982, STOC '82.

[9]  Orna Grumberg,et al.  Model checking and modular verification , 1994, TOPL.

[10]  Corina S. Pasareanu,et al.  Learning Assumptions for Compositional Verification , 2003, TACAS.

[11]  Alberto L. Sangiovanni-Vincentelli,et al.  Taming Dr. Frankenstein: Contract-Based Design for Cyber-Physical Systems , 2012, Eur. J. Control.

[12]  Amir Pnueli,et al.  Synthesis of Reactive(1) designs , 2006, J. Comput. Syst. Sci..

[13]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[14]  Thomas A. Henzinger,et al.  Interface automata , 2001, ESEC/FSE-9.

[15]  Jacobo Torán,et al.  On the hardness of graph isomorphism , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[16]  Alessandro Cimatti,et al.  A Property-Based Proof System for Contract-Based Design , 2012, 2012 38th Euromicro Conference on Software Engineering and Advanced Applications.