Assume, Guarantee or Repair

Frenkel, Hadar; Grumberg, Orna; Păsăreanu, Corina S.; Sheinvald, Sarai

doi:10.1007/978-3-030-45190-5_12

Cited by 10 publications

(12 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Contribution over conference version. Preliminary results of this work were published in [17]. This paper extends the results of [17] by the following new contributions.…”

Section: Introductionsupporting

confidence: 57%

“…In particular, since every iteration of AGR finds and removes an error trace t 2 , and no new erroneous traces are introduced in the updated system, then in case that M 2 has finitely many error traces, AGR is guaranteed to terminate with a repaired system, which is correct with respect to P . 17 To conclude the above discussion, Theorem 3 formally states the correctness and termination of the AGR algorithm. Recall that in Algorithm 2 we set M 0 2 := M 2 and that M i 2 is the repaired component after i iterations of repair.…”

Section: Correctness and Terminationmentioning

confidence: 99%

“…If the error trace t 2 was found during a MQ, then, since the L * learner issues queries in an increasing-length order, it holds that t 2 was not queried in a MQ in previous iterations as |t 2 | < |t 2 |. Moreover, it cannot be the case that t 2 was a negative counterexample to an EQ since these are only derived from error traces (Alg.1, lines [16][17][18][19], and t 2 is not an error trace. The same argument holds also if t 2 was found during an EQ.…”

mentioning

confidence: 99%

See 2 more Smart Citations

Assume, Guarantee or Repair -- A Regular Framework for Non Regular Properties (full version)

Frenkel¹,

Grumberg²,

Păsăreanu³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

We present Assume-Guarantee-Repair (AGR) -a novel framework which verifies that a program satisfies a set of properties and also repairs the program in case the verification fails. We consider communicating programs -these are simple C-like programs, extended with synchronous actions over communication channels. Our method, which consists of a learning-based approach to assume-guarantee reasoning, performs verification and repair simultaneously: in every iteration, AGR either makes another step towards proving that the (current) system satisfies the required properties, or alters the system in a way that brings it closer to satisfying the properties. To handle infinite-state systems we build finite abstractions, for which we check the satisfaction of complex properties that contain first-order constraints, using both syntactic and semantic-aware methods. We implemented AGR and evaluated it on various communication protocols. Our experiments present compact proofs of correctness and quick repairs.

show abstract

“…Contribution over conference version. Preliminary results of this work were published in [17]. This paper extends the results of [17] by the following new contributions.…”

Section: Introductionsupporting

confidence: 57%

Section: Correctness and Terminationmentioning

confidence: 99%

mentioning

confidence: 99%

See 1 more Smart Citation

Assume, Guarantee or Repair -- A Regular Framework for Non Regular Properties (full version)

Frenkel¹,

Grumberg²,

Păsăreanu³

et al. 2022

Preprint

Self Cite

View full text Add to dashboard Cite

show abstract

“…For instance, there are approaches that repair the program by adding atomic sections, which forbid the interruption of a sequence of program statements by other processes [9,41]. Assume-Guarantee-Repair [32] combines verification and repair, and uses a learning-based algorithm to find counterexamples and restrict transition guards to avoid errors. In contrast to ours, this algorithm is not guaranteed to terminate.…”

Section: Related Workmentioning

confidence: 99%

“…From lazy synthesis [27] we borrow the idea to construct the set of all error paths of a given length instead of a single concrete error path, but this approach only supports systems with a fixed number of components. Some of these existing approaches are more general than ours in that they support certain infinite-state processes [9,32,41], or more expressive specifications and other features like partial information [7,28].…”

Section: Related Workmentioning

confidence: 99%

Automatic Repair and Deadlock Detection for Parameterized Systems

Jacobs¹,

Sakr²,

Völp³

2021

Preprint

View full text Add to dashboard Cite

We present an algorithm for the repair of parameterized systems. The repair problem is, for a given process implementation, to find a refinement such that a given property is satisfied by the resulting parameterized system, and deadlocks are avoided. Our algorithm employs a constraint-based search for candidate repairs, and uses a parameterized model checker to determine their correctness and update the constraint system in case errors are reachable. We apply this algorithm on systems that can be represented as well-structured transition systems (WSTS), including disjunctive systems, pairwise rendezvous systems, and broadcast protocols. Moreover, we show that parameterized deadlock detection can be decided in NEXPTIME for disjunctive systems, vastly improving on the best known lower bound, and that it is in general undecidable for broadcast protocols.Contributions. Our main contribution is a counterexample-guided parameterized repair approach, based on model checking of well-structured transition systems (WSTS) [1,30]. We investigate which information a parameterized model checker needs to provide to guide the search for candidate repairs, and how this information can be encoded into propositional constraints. Moreover, we investigate how to systematically avoid deadlocks in the repaired system. Our repair algorithm supports many classes of systems, including guarded protocols with disjunctive guards [20], rendezvous systems [33] and broadcast protocols [24].Since existing model checking algorithms for WSTS do not support deadlock detection, our approach has a subprocedure to solve this problem, which relies on new theoretical results: for disjunctive systems, we provide a novel deadlock detection algorithm that vastly improves on the complexity of the best known solution, while for broadcast protocols we prove that deadlock detection is in general undecidable, so approximate methods have to be used. We evaluate an implementation of our algorithm on benchmarks from different application domains, including a distributed lock service and a robot-flocking protocol.This paper is organized as follows. In Sect. 2 we present our basic system model for disjunctive systems. In Sect. 3 we define the parameterized repair problem, propose a solution, and highlight three research challenges. In Sect. 4 we develop algorithms for parameterized model checking and deadlock detection that provide information on error paths for our repair approach. In Sect. 5 we introduce our parameterized repair algorithm, and in Sect. 6 we extend it to more general properties and systems. We provide our experimental evaluation in Sect. 7, followed by a discussion of related work in Sect. 8, and our conclusion and discussion of future work in Sect. 9. System ModelIn the following, let Q be a finite set of states.Processes. A process template is a transition system U = (Q U , init U , G U , δ U ), where Q U ⊆ Q is a finite set of states including the initial state init U , G U ⊆ P(Q) is a set of guards, and δ U :We denote by t U a transition of U ,...

show abstract

Automated Program Repair Using Formal Verification Techniques

Frenkel

Grumberg

Rothenberg

et al. 2022

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

We focus on two different approaches to automatic program repair, based on formal verification methods. Both repair techniques consider infinitestate C-like programs, and consist of a generate-validate loop, in which potentially repaired programs are repeatedly generated and verified. Both approaches are incremental -partial information gathered in previous verification attempts is used in the next steps. However, the settings of both approaches, including their techniques for finding repairs, are quite distinct. The first approach uses syntactic mutations to repair sequential programs with respect to assertions in the code. It is based on a reduction to the problem of finding unsatisfiable sets of constraints, which is addressed using an interplay between SAT and SMT solvers. A novel notion of must-fault-localization enables efficient pruning of the search space, without losing any potential repair. The second approach uses an Assume-Guarantee (AG) style reasoning in order to verify large programs, composed of two concurrent components. The AG reasoning is based on automata-learning techniques. When verification fails, the procedure repeatedly repairs one of the components, until a correct repair is found. Several different repair methods are considered, trading off precision and convergence to a correct repair.

show abstract

Assume, Guarantee or Repair

Cited by 10 publications

References 25 publications

Assume, Guarantee or Repair -- A Regular Framework for Non Regular Properties (full version)

Assume, Guarantee or Repair -- A Regular Framework for Non Regular Properties (full version)

Automatic Repair and Deadlock Detection for Parameterized Systems

Automated Program Repair Using Formal Verification Techniques

Contact Info

Product

Resources

About