Abstract
Model checking is a successful approach for verifying hardware and software systems. Despite its success, the technique suffers from the state explosion problem which arises due to the large state space of real-life systems. One solution to the state explosion problem is compositional verification, that aims to decompose the verification of a large system into the more manageable verification of its components. To account for dependencies between components, assume-guarantee reasoning defines rules that break-up the global verification of a system into local verification of individual components, using assumptions about the rest of the system. In recent years, compositional techniques have gained significant successes following a breakthrough in the ability to automate assume-guarantee reasoning. However, automation has been restricted to simple acyclic assume-guarantee rules. In this work, we focus on automating circular assume-guarantee reasoning in which the verification of individual components mutually depends on each other. We use a sound and complete circular assume-guarantee rule and we describe how to automatically build the assumptions needed for using the rule. Our algorithm accumulates joint constraints on the assumptions based on (spurious) counterexamples obtained from checking the premises of the rule, and uses a SAT solver to synthesize minimal assumptions that satisfy these constraints. To the best of our knowledge, our work is the first to fully automate circular assume-guarantee reasoning. We implemented our approach and compared it with established non-circular compositional methods that use learning or SAT-based techniques. The experiments show that the assumptions generated for the circular rule are generally smaller, and on the larger examples, we obtain a significant speedup.
Similar content being viewed by others
References
Alur R, Madhusudan P, Nam W (2005) Symbolic compositional verification by learning assumptions. In: Proceedings of the 17th international conference on computer aided verification, CAV 2005, Edinburgh, Scotland, UK, 6–10 July 2005, pp 548–562
Angluin D (1987) Learning regular sets from queries and counterexamples. Inf Comput 75(2): 87–106
Bobaru MG, Pasareanu CS, Giannakopoulou D (2008) Automated assume-guarantee reasoning by abstraction refinement. In: Proceedings of the 20th international conference on computer aided verification, CAV 2008, Princeton, NJ, USA, 7–14 July 2008, pp 135–148
Bshouty NH (1995) Exact learning boolean function via the monotone theory. Inf Comput 123(1): 146–153
Chen Y-F, Clarke EM, Farzan A, Tsai M-H, Tsay Y-K, Wang B-Y (2010) Automated assume-guarantee reasoning through implicit learning. In: Proceedings of the 22nd international conference on computer aided verification, CAV 2010, Edinburgh, UK, 15–19 July 2010, pp 511–526
Chaki S, Clarke EM, Sinha N, Thati P (2005) Automated assume-guarantee reasoning for simulation conformance. In: Proceedings of the 17th international conference on computer aided verification, CAV 2005, Edinburgh, Scotland, UK, 6–10 July 2005, pp 534–547
Chen Y-F, Farzan A, Clarke EM, Tsay Y-K, Wang B-Y (2009) Learning minimal separating DFA’s for compositional verification. In: Proceedings of the 15th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2009, held as part of the joint European conferences on theory and practice of software, ETAPS 2009, York, UK, 22–29 March 2009, pp 31–45
Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2003) Counterexample-guided abstraction refinement for symbolic model checking. J ACM 50(5): 752–794
Clarke EM, Grumberg O, Peled DA (1999) Model checking. MIT press, Cambridge
Cobleigh JM, Giannakopoulou D, Pasareanu CS (2003) Learning assumptions for compositional verification. In: Proceedings of the 9th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2003, held as part of the joint European conferences on theory and practice of software, ETAPS 2003, Warsaw, Poland, 7–11 April 2003, pp 331–346
Chaki S, Strichman O (2007) Optimized l*-based assume-guarantee reasoning. In: Proceedings of the 13th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2007, held as part of the joint European conferences on theory and practice of software, ETAPS 2007, Braga, Portugal, March 24–April 1 2007, pp 276–291
Chen Y-F, Wang B-Y (2012) Learning boolean functions incrementally. In: Proceedings of the 24th international conference on computer aided verification, CAV 2012, Berkeley, CA, USA, 7–13 July 2012, pp 55–70
de Roever WP, de~Boer FS, Hannemann U, Hooman J, Lakhnech Y, Poel M, Zwiers J (2000) Basic principles of a textbook on the compositional and noncompositional verification of concurrent programs. In: Formale beschreibungstechniken für verteilte systeme, 10. GI/ITG-Fachgespräch, Lübeck, Juni 2000, pp 3–5
Elkader KA, Grumberg O, Pasareanu CS, Shoham S (2016) Automated circular assume-guarantee reasoning with n-way decomposition and alphabet refinement. In: Proceedings of the 28th international conference computer aided verification, CAV 2016, Toronto, ON, Canada, 17–23 July 2016, Part I, pp 329–351
Een N, S̈orensson N The minisat. http://minisat.se
Gheorghiu M, Giannakopoulou D, Pasareanu CS (2007) Refining interface alphabets for compositional verification. In: Proceedings of the 13th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2007, held as part of the joint European conferences on theory and practice of software, ETAPS 2007, Braga, Portugal, March 24–April 1 2007, pp 292–307
Gupta A, McMillan KL, Fu Z (2008) Automated assumption generation for compositional verification. Form Methods Syst Des 32(3): 285–301
Giannakopoulou D, Pasareanu CS, Barringer H (2005) Component verification with automatically generated assumptions. Autom Softw Eng 12(3): 297–320
Graf S, Passerone R, Quinton S (2014) Contract-based reasoning for component systems with rich interactions. In: Sangiovanni-Vincentelli A, Zeng H, Di~Natale M, Marwedel P (eds) Embedded systems development, volume 20 of embedded systems. Springer, New York, pp 139–154
Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10): 576–580
Henzinger TA, Qadeer S, Rajamani SK (1998) You assume, we guarantee: methodology and case studies. In: Proceedings of the 10th international conference on computer aided verification, CAV ’98, Vancouver, BC, Canada, June 28–July 2 1998, pp 440–451
Henzinger TA, Qadeer S, Rajamani SK (2000) Decomposing refinement proofs using assume-guarantee reasoning. In: Proceedings of the 2000 IEEE/ACM international conference on computer-aided design, 2000, San Jose, California, USA, 5–9 Nov 2000, pp 245–252
Li B, Dillig I, Dillig T, McMillan KL, Sagiv M (2013) Synthesis of circular compositional program proofs via abduction. In: Proceedings of the 19th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2013, held as part of the European joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, 16–24 March 2013, pp 370–384
Maier P (2003) Compositional circular assume-guarantee rules cannot be sound and complete. In: Proceedings of the 6th international conference on foundations of software science and computational structures, FOSSACS 2003, held as part of the joint European conference on theory and practice of software, ETAPS 2003, Warsaw, Poland, 7–11 April 2003, pp 343–357
Misra J, Chandy KM (1981) Proofs of networks of processes. IEEE Trans Softw Eng 7(4): 417–426
McMillan KL (1998) Verification of an implementation of Tomasulo’s algorithm by compositional model checking. In: Proceedings of the 10th international conference on computer aided verification, CAV ’98, Vancouver, BC, Canada, June 28–July 2 1998, pp 110–121
McMillan KL (1999) Circular compositional reasoning about liveness. In: Proceedings of the 10th IFIP WG 10.5 advanced research working conference on correct hardware design and verification Mmethods, CHARME ’99, Bad Herrenalb, Germany, 27–29 Sept 1999, pp 342–345
McMillan KL (1999) Verification of infinite state systems by compositional model checking. In: Proceedings of the 10th IFIP WG 10.5 advanced research working conference on correct hardware design and verification methods, CHARME ’99, Bad Herrenalb, Germany, 27–29 Sept 1999, pp 219–234
Magee J, Kramer J (1999) Concurrency: state models and Java programs. Wiley, New york
Namjoshi KS, Trefler RJ (2000) On the competeness of compositional reasoning. In: Proceedings of the 12th international conference on computer aided verification, CAV 2000, Chicago, IL, USA, 15–19 July 2000, pp 139–153
Pasareanu CS, Giannakopoulou D, Bobaru MG, Cobleigh JM, Barringer H (2008) Learning to divide and conquer: applying the L* algorithm to automate assume-guarantee reasoning. Form Methods Syst Des 32(3): 175–205
Pnueli A (1985) In transition from global to modular temporal reasoning about programs. In: AptKR (ed) Logics and models of concurrent systems, NATO ASI series (Series F: Computer and systems sciences), vol 13. Springer, Berlin, Heidelberg
Rushby J (2001) Formal verification of Mcmillan’s compositional assume-guarantee rule. In: CSL technical report, SRI
Tasiran S, Brayton RK (1997) STARI: a case study in compositional and hierarchical timing verification. In: Proceedings of the 9th international conference computer aided verification, CAV ’97, Haifa, Israel, 22–25 June 1997, pp 191–201
Author information
Authors and Affiliations
Corresponding author
Additional information
Nikolaj Bjorner, Frank S. de Boer, and Andrew Butterfield
Rights and permissions
About this article
Cite this article
Abd Elkader, K., Grumberg, O., Păsăreanu, C.S. et al. Automated circular assume-guarantee reasoning. Form Asp Comp 30, 571–595 (2018). https://doi.org/10.1007/s00165-017-0436-0
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-017-0436-0