Checking safety properties using compositional reachability analysis

Cheung, Shing-Chi; Kramer, Jeff

doi:10.1145/295558.295570

Cited by 77 publications

(54 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It has been proved that M violates P if and only if the π state is reachable in M P err [5]. For example, state π is not reachable in Input Output Order err , so we conclude that Input Output |= Order.…”

Section: Introductionmentioning

confidence: 78%

Learning Assumptions for Compositional Verification

Cobleigh

Giannakopoulou

Păsăreanu

2003

Lecture Notes in Computer Science

302

396

View full text Add to dashboard Cite

Abstract. Compositional verification is a promising approach to addressing the state explosion problem associated with model checking. One compositional technique advocates proving properties of a system by checking properties of its components in an assume-guarantee style. However, the application of this technique is difficult because it involves non-trivial human input. This paper presents a novel framework for performing assume-guarantee reasoning in an incremental and fully automated fashion. To check a component against a property, our approach generates assumptions that the environment needs to satisfy for the property to hold. These assumptions are then discharged on the rest of the system. Assumptions are computed by a learning algorithm. They are initially approximate, but become gradually more precise by means of counterexamples obtained by model checking the component and its environment, alternately. This iterative process may at any stage conclude that the property is either true or false in the system. We have implemented our approach in the LTSA tool and applied it to a NASA system.

show abstract

Section: Introductionmentioning

confidence: 78%

Learning Assumptions for Compositional Verification

Cobleigh

Giannakopoulou

Păsăreanu

2003

Lecture Notes in Computer Science

302

396

View full text Add to dashboard Cite

show abstract

“…Not shown in the chart is the size of the maximum state space which ranged from 2 31 -2 71 for the set of traders shown on the x-axis. The line on the left hand side in the chart plots the state space gained by using the Compositional Reachability Analysis (CRA) [1] of the LTSA model checker without applying any minimisation. The line on the right hand side shows the performance of our minimisation technique.…”

Section: Discussionmentioning

confidence: 99%

Validating Distributed Object and Component Designs

Kaveh

Emmerich

2003

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Distributed systems are increasingly built using distributed object or component middleware. The dynamic behaviour of those distributed systems is influenced by the particular combination of middleware synchronisation and threading primitives used for communication amongst distributed objects. A designer may accidentally choose combinations that cause a distributed application to enter undesirable states or violate liveness properties. We exploit the fact that modern object and component middleware offer only a small number of underlying synchronisation primitives and threading policies. For each of these we define a UML stereotype and a formal process algebra specification of the stereotype semantics. We devise a means to specify safety and liveness properties in UML and again map those to process algebra safety and liveness properties. We can thus apply model checking techniques to verify that a given design does indeed meet the desired properties. We propose how to reduce the state space that needs to be model checked by exploiting middleware characteristics. We finally show how model checking results can be related back to the input UML models. In this way we can hide the formalism and the model checking process entirely from UML designers, which we regard as critical for the industrial exploitation of this research.

show abstract

“…Additionally, we provided an algorithm for computing weakest assumptions. Update Ì using queries (5) Construct candidate DFSM from´Ë Ì µ (6) Make the conjecture (7) if is correct return else (8) Add ¾ ¦ £ that witnesses the counterexample to …”

Section: Weakest Assumptionmentioning

confidence: 99%

“…Compositional techniques have been shown particularly effective for wellstructured systems that have small interfaces between components [8,20]. Interfaces consist of all communication points through which components may influence each other's behavior.…”

Section: Introductionmentioning

confidence: 99%

Learning to divide and conquer: applying the L* algorithm to automate assume-guarantee reasoning

Păsăreanu

Giannakopoulou

Bobaru

et al. 2008

Form Methods Syst Des

105

123

View full text Add to dashboard Cite

Assume-guarantee reasoning enables a "divide-and-conquer" approach to the verification of large systems that checks system components separately while using assumptions about each component's environment. Developing appropriate assumptions used to be a difficult and manual process. Over the past five years, we have developed a framework for performing assume-guarantee verification of systems in an incremental and fully automated fashion. The framework uses an off-the-shelf learning algorithm to compute the assumptions. The assumptions are initially approximate and become more precise by means of counterexamples obtained by model checking components separately. The framework supports different assume-guarantee rules, both symmetric and asymmetric. Moreover, we have recently introduced alphabet refinement, which extends the assumption learning process to also infer assumption alphabets. This refinement technique starts with assumption alphabets that are a subset of the minimal interface between a component and its environment, and adds actions to it as necessary until a given property is shown to hold or to be violated in the system. We have applied the learning framework to a number of case studies that show that compositional verification by learning assumptions can be significantly more scalable than non-compositional verification.

show abstract

Checking safety properties using compositional reachability analysis

Cited by 77 publications

References 45 publications

Learning Assumptions for Compositional Verification

Learning Assumptions for Compositional Verification

Validating Distributed Object and Component Designs

Learning to divide and conquer: applying the L* algorithm to automate assume-guarantee reasoning

Contact Info

Product

Resources

About