Formal Methods in System Design

, Volume 32, Issue 3, pp 235-266

First online:

Verification of evolving software via component substitutability analysis

  • Sagar ChakiAffiliated withSoftware Engineering Institute
  • , Edmund ClarkeAffiliated withSchool of Computer Science
  • , Natasha SharyginaAffiliated withSchool of Computer ScienceUniversita della Svizzera Italiana
  • , Nishant SinhaAffiliated withElectrical and Computer Engineering Department, Carnegie Mellon University Email author 

Rent the article at a discount

Rent now

* Final gross prices may vary according to local VAT.

Get Access


This paper presents an automated and compositional procedure to solve the substitutability problem in the context of evolving software systems. Our solution contributes two techniques for checking correctness of software upgrades: (1) a technique based on simultaneous use of over-and under-approximations obtained via existential and universal abstractions; (2) a dynamic assume-guarantee reasoning algorithm—previously generated component assumptions are reused and altered on-the-fly to prove or disprove the global safety properties on the updated system. When upgrades are found to be non-substitutable, our solution generates constructive feedback to developers showing how to improve the components. The substitutability approach has been implemented and validated in the ComFoRT reasoning framework, and we report encouraging results on an industrial benchmark.


Compositional verification Assume-guarantee reasoning Automata learning Predicate abstraction Software engineering Model checking