Refined Interfaces for Compositional Verification

Lang, Frédéric

doi:10.1007/11888116_13

Cited by 26 publications

(22 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The implementation of quotienting as a synchronous product opens the way for combining partial model checking with techniques originating from compositional model generation, such as (compositional) τ -confluence reduction [30,36,40], or restriction using interface constraints following the approach developed in [23] and refined in [19,27,29]. Note also that partial model checking and compositional model generation are complementary.…”

Section: Resultsmentioning

confidence: 99%

“…One such approach, which we call compositional model generation in this paper, consists in building the model of the system -usually an Lts (Labelled Transition System) -in a stepwise manner, by successive compositions and minimisations modulo equivalence relations, possibly using interface constraints [23,27] to avoid explosion of intermediate compositions. Tools using this approach [19,28,29,16] are available in the Cadp (Construction and Analysis of Distributed Processes) [20] toolbox.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Partial Model Checking Using Networks of Labelled Transition Systems and Boolean Equation Systems

Lang

Mateescu

2012

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Abstract. Partial model checking was proposed by Andersen in 1995 to verify a temporal logic formula compositionally on a composition of processes. It consists in incrementally incorporating into the formula the behavioural information taken from one process -an operation called quotienting -to obtain a new formula that can be verified on a smaller composition from which the incorporated process has been removed. Simplifications of the formula must be applied at each step, so as to maintain the formula at a tractable size. In this paper, we revisit partial model checking. First, we extend quotienting to the network of labelled transition systems model, which subsumes most parallel composition operators, including m among n synchronisation and parallel composition using synchronisation interfaces, available in the E-Lotos standard. Second, we reformulate quotienting in terms of a simple synchronous product between a graph representation of the formula (called formula graph) and a process, thus enabling quotienting to be implemented efficiently and easily, by reusing existing tools dedicated to graph compositions. Third, we propose simplifications of the formula as a combination of bisimulations and reductions using Boolean equation systems applied directly to the formula graph, thus enabling formula simplifications also to be implemented easily and efficiently. Finally, we describe an implementation in the Cadp (Construction and Analysis of Distributed Processes) toolbox and present some experimental results in which partial model checking uses hundreds of times less memory than on-the-fly model checking.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Partial Model Checking Using Networks of Labelled Transition Systems and Boolean Equation Systems

Lang

Mateescu

2012

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…This section introduces networks of Ltss [25,26], a concurrent model close to Mec [1] and Fc2 [4], which consists of a set of Ltss composed in parallel and synchronizing following general synchronization rules.…”

Section: Network Of Ltssmentioning

confidence: 99%

Partial Order Reductions Using Compositional Confluence Detection

Lang

Mateescu

2009

FM 2009: Formal Methods

Self Cite

View full text Add to dashboard Cite

Abstract. Explicit state methods have proven useful in verifying safetycritical systems containing concurrent processes that run asynchronously and communicate. Such methods consist of inspecting the states and transitions of a graph representation of the system. Their main limitation is state explosion, which happens when the graph is too large to be stored in the available computer memory. Several techniques can be used to palliate state explosion, such as on-the-fly verification, compositional verification, and partial order reductions. In this paper, we propose a new technique of partial order reductions based on compositional confluence detection (Ccd), which can be combined with the techniques mentioned above. Ccd is based upon a generalization of the notion of confluence defined by Milner and exploits the fact that synchronizing transitions that are confluent in the individual processes yield a confluent transition in the system graph. It thus consists of analysing the transitions of the individual process graphs and the synchronization structure to identify such confluent transitions compositionally. Under some additional conditions, the confluent transitions can be given priority over the other transitions, thus enabling graph reductions. We propose two such additional conditions: one ensuring that the generated graph is equivalent to the original system graph modulo branching bisimulation, and one ensuring that the generated graph contains the same deadlock states as the original system graph. We also describe how Ccd-based reductions were implemented in the Cadp toolbox, and present examples and a case study in which adding Ccd improves reductions with respect to compositional verification and other partial order reductions.

show abstract

“…The module and the environment are refined in an alternating fashion so that the module accepts only input actions generated by the environment, and issues output actions corresponding to these input actions. Refinement of interface automata in the component-based design is similar to refinement of environment assumptions in compositional verification [1] [24], [31]. A similar approach, thread-modular reasoning, is proposed in [28] for multithreaded program verification.…”

Section: Related Workmentioning

confidence: 99%

Automated Interface Refinement for Compositional Verification

Yao

Zheng

2009

IEEE Trans. Comput.-Aided Des. Integr. Circuits Syst.

View full text Add to dashboard Cite

Abstract-Compositional verification is essential for verifying large systems. However, approximate environments are needed when verifying the constituent modules in a system. Effective compositional verification requires finding a simple but accurate over-approximate environment for each module. Otherwise, many verification failures may be produced, therefore incuring high computational penalty for distinguishing the false failures from the real ones. This paper presents an automated method to refine the state space of each module within an over-approximate environment. This method is sound as long as an over-approximate environment is found for each module at the beginning of the verification process, and it has less restrictions on system partitioning. It is also coupled with several state space reduction techniques for better results. Experiments of this method on several large asynchronous designs show promising results.

show abstract

Refined Interfaces for Compositional Verification

Cited by 26 publications

References 26 publications

Partial Model Checking Using Networks of Labelled Transition Systems and Boolean Equation Systems

Partial Model Checking Using Networks of Labelled Transition Systems and Boolean Equation Systems

Partial Order Reductions Using Compositional Confluence Detection

Automated Interface Refinement for Compositional Verification

Contact Info

Product

Resources

About