Integrating Topological Proofs with Model Checking to Instrument Iterative Design

Menghi, Claudio; Rizzi, Alessandro; Bernasconi, Anna

doi:10.1007/978-3-030-45234-6_3

Cited by 5 publications

(7 citation statements)

References 65 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We present two implementations for the topological proof extractor component: our previous implementation [MRB20], which is based on PLTL-MUP [SGT13], and a novel SMT-based procedure, which is part of the contribution of this work. The versions of TOrPEDO that use these two topological proof extractor components are named TOrPEDO-MUP are TOrPEDO-SMT.…”

Section: Topological Proof Extractormentioning

confidence: 99%

“…To tackle this problem, we recently proposed the novel notion of topological proof (TP) [MRB20], which overcomes the complexity of deductive proofs and is designed to make proofs useful for the iterative verification of model revisions. A topological proof is a slice of the original model that witnesses which part of the model impacts the property satisfaction.…”

Section: Introductionmentioning

confidence: 99%

“…In our previous work [MRB20], we formally defined topological proofs by considering Partial Kripke Structures (PKSs) [BG99] and Linear-time Temporal Logic (LTL) to respectively express the model and the properties of interest. While it is possible to consider other modeling formalisms, we chose Partial Kripke Structures since (i) they are used in requirement elicitation to reason about system behavior from different points of view [EC01, BCE + 06], and are a common theoretical reference language used in the formal method community for the specification of uncertain models (e.g, [GJ03, BG99, GP09, BG00]); (ii) other modeling formalisms commonly used in software development [FUMK06,Uch09], such as Modal Transition Systems [LT88] (MTSs), can be converted into Partial Kripke Structures through a simple transformation [GJ03] making our solution easily applicable to those models; and (iii) Kripke Structures (KSs) are particular instances of Partial Kripke Structures that represent complete models.…”

Section: Introductionmentioning

confidence: 99%

“…To support the use of topological proofs during model design, we proposed TOrPEDO (TOpological Proof drivEn Development framewOrk) [MRB20], a novel automated verification framework, that: (i) supports Partial Kripke Structures and Linear-time Temporal Logic; (ii) allows performing analysis and verification in the context of models in which "incompleteness" represents a conceptual uncertainty; (iii) guides refinements and revisions through complementary outputs: counterexamples and proofs; and (iv) when the system is completely specified allows understanding which changes impact or not the satisfaction of certain properties.…”

Section: Introductionmentioning

confidence: 99%

“…There exists two variants of TOrPEDO: TOrPEDO-MUP and TOrPEDO-SMT. TOrPEDO-MUP was developed in our previous work [MRB20], TOrPEDO-SMT is part of the contribution of this work.…”

Section: Introductionmentioning

confidence: 99%

See 4 more Smart Citations

TOrPEDO: witnessing model correctness with topological proofs

et al. 2021

Self Cite

View full text Add to dashboard Cite

Model design is not a linear, one-shot process. It proceeds through refinements and revisions. To effectively support developers in generating model refinements and revisions, it is desirable to have some automated support to verify evolvable models. To address this problem, we recently proposed to adopt topological proofs, which are slices of the original model that witness property satisfaction. We implemented , a framework that provides automated support for using topological proofs during model design. Our results showed that topological proofs are significantly smaller than the original models, and that, in most of the cases, they allow the property to be re-verified by relying only on a simple syntactic check. However, our results also show that the procedure that computes topological proofs, which requires extracting unsatisfiable cores of LTL formulae, is computationally expensive. For this reason, currently handles models with a small dimension. With the intent of providing practical and efficient support for flexible model design and wider adoption of our framework, in this paper, we propose an enhanced—re-engineered—version of . The new version of relies on a novel procedure to extract topological proofs, which has so far represented the bottleneck of performances. We implemented our procedure within by considering Partial Kripke Structures (PKSs) and Linear-time Temporal Logic (LTL): two widely used formalisms to express models with uncertain parts and their properties. To extract topological proofs, the new version of converts the LTL formulae into an SMT instance and reuses an existing SMT solver (e.g., Microsoft ) to compute an unsatisfiable core. Then, the unsatisfiable core returned by the SMT solver is automatically processed to generate the topological proof. We evaluated by assessing (i) how does the size of the proofs generated by compares to the size of the models being analyzed; and (ii) how frequently the use of the topological proof returned by avoids re-executing the model checker. Our results show that provides proofs that are smaller ($$\approx $$ ≈ 60%) than their respective initial models effectively supporting designers in creating model revisions. In a significant number of cases ($$\approx $$ ≈ 79%), the topological proofs returned by enable assessing the property satisfaction without re-running the model checker. We evaluated our new version of by assessing (i) how it compares to the previous one; and (ii) how useful it is in supporting the evaluation of alternative design choices of (small) model instances in applied domains. The results show that the new version of is significantly more efficient than the previous one and can compute topological proofs for models with less than 40 states within two hours. The topological proofs and counterexamples provided by are useful to support the development of alternative design choices of (small) model instances in applied domains.

show abstract

Section: Topological Proof Extractormentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

“…There exists two variants of TOrPEDO: TOrPEDO-MUP and TOrPEDO-SMT. TOrPEDO-MUP was developed in our previous work [MRB20], TOrPEDO-SMT is part of the contribution of this work.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations