# Automated circular assume-guarantee reasoning

- 21 Downloads

## Abstract

Model checking is a successful approach for verifying hardware and software systems. Despite its success, the technique suffers from the state explosion problem which arises due to the large state space of real-life systems. One solution to the state explosion problem is compositional verification, that aims to decompose the verification of a large system into the more manageable verification of its components. To account for dependencies between components, *assume-guarantee* reasoning defines rules that break-up the global verification of a system into local verification of individual components, using *assumptions* about the rest of the system. In recent years, compositional techniques have gained significant successes following a breakthrough in the ability to automate assume-guarantee reasoning. However, automation has been restricted to simple acyclic assume-guarantee rules. In this work, we focus on automating *circular* assume-guarantee reasoning in which the verification of individual components mutually depends on each other. We use a sound and complete circular assume-guarantee rule and we describe how to automatically build the assumptions needed for using the rule. Our algorithm accumulates *joint* constraints on the assumptions based on (spurious) counterexamples obtained from checking the premises of the rule, and uses a SAT solver to synthesize minimal assumptions that satisfy these constraints. To the best of our knowledge, our work is the first to fully automate circular assume-guarantee reasoning. We implemented our approach and compared it with established non-circular compositional methods that use learning or SAT-based techniques. The experiments show that the assumptions generated for the circular rule are generally smaller, and on the larger examples, we obtain a significant speedup.

## Keywords

Assume-guarantee SAT based assume-guarantee Circular assume-guarantee Model checking## Preview

Unable to display preview. Download preview PDF.

## References

- AMN05.Alur R, Madhusudan P, Nam W (2005) Symbolic compositional verification by learning assumptions. In: Proceedings of the 17th international conference on computer aided verification, CAV 2005, Edinburgh, Scotland, UK, 6–10 July 2005, pp 548–562Google Scholar
- Ang87.Angluin D (1987) Learning regular sets from queries and counterexamples. Inf Comput 75(2): 87–106MathSciNetCrossRefMATHGoogle Scholar
- BPG08.Bobaru MG, Pasareanu CS, Giannakopoulou D (2008) Automated assume-guarantee reasoning by abstraction refinement. In: Proceedings of the 20th international conference on computer aided verification, CAV 2008, Princeton, NJ, USA, 7–14 July 2008, pp 135–148Google Scholar
- Bsh95.Bshouty NH (1995) Exact learning boolean function via the monotone theory. Inf Comput 123(1): 146–153MathSciNetCrossRefMATHGoogle Scholar
- CCF+10.Chen Y-F, Clarke EM, Farzan A, Tsai M-H, Tsay Y-K, Wang B-Y (2010) Automated assume-guarantee reasoning through implicit learning. In: Proceedings of the 22nd international conference on computer aided verification, CAV 2010, Edinburgh, UK, 15–19 July 2010, pp 511–526Google Scholar
- CCST05.Chaki S, Clarke EM, Sinha N, Thati P (2005) Automated assume-guarantee reasoning for simulation conformance. In: Proceedings of the 17th international conference on computer aided verification, CAV 2005, Edinburgh, Scotland, UK, 6–10 July 2005, pp 534–547Google Scholar
- CFC+09.Chen Y-F, Farzan A, Clarke EM, Tsay Y-K, Wang B-Y (2009) Learning minimal separating DFA’s for compositional verification. In: Proceedings of the 15th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2009, held as part of the joint European conferences on theory and practice of software, ETAPS 2009, York, UK, 22–29 March 2009, pp 31–45Google Scholar
- CGJ+03.Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2003) Counterexample-guided abstraction refinement for symbolic model checking. J ACM 50(5): 752–794MathSciNetCrossRefMATHGoogle Scholar
- CGP99.Clarke EM, Grumberg O, Peled DA (1999) Model checking. MIT press, CambridgeGoogle Scholar
- CGP03.Cobleigh JM, Giannakopoulou D, Pasareanu CS (2003) Learning assumptions for compositional verification. In: Proceedings of the 9th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2003, held as part of the joint European conferences on theory and practice of software, ETAPS 2003, Warsaw, Poland, 7–11 April 2003, pp 331–346Google Scholar
- CS07.Chaki S, Strichman O (2007) Optimized l*-based assume-guarantee reasoning. In: Proceedings of the 13th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2007, held as part of the joint European conferences on theory and practice of software, ETAPS 2007, Braga, Portugal, March 24–April 1 2007, pp 276–291Google Scholar
- CW12.Chen Y-F, Wang B-Y (2012) Learning boolean functions incrementally. In: Proceedings of the 24th international conference on computer aided verification, CAV 2012, Berkeley, CA, USA, 7–13 July 2012, pp 55–70Google Scholar
- dRdBH+00.de Roever WP, de~Boer FS, Hannemann U, Hooman J, Lakhnech Y, Poel M, Zwiers J (2000) Basic principles of a textbook on the compositional and noncompositional verification of concurrent programs. In: Formale beschreibungstechniken für verteilte systeme, 10. GI/ITG-Fachgespräch, Lübeck, Juni 2000, pp 3–5Google Scholar
- EGPS16.Elkader KA, Grumberg O, Pasareanu CS, Shoham S (2016) Automated circular assume-guarantee reasoning with n-way decomposition and alphabet refinement. In: Proceedings of the 28th international conference computer aided verification, CAV 2016, Toronto, ON, Canada, 17–23 July 2016, Part I, pp 329–351Google Scholar
- ES.Een N, S̈orensson N The minisat. http://minisat.se
- GGP07.Gheorghiu M, Giannakopoulou D, Pasareanu CS (2007) Refining interface alphabets for compositional verification. In: Proceedings of the 13th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2007, held as part of the joint European conferences on theory and practice of software, ETAPS 2007, Braga, Portugal, March 24–April 1 2007, pp 292–307Google Scholar
- GMF08.Gupta A, McMillan KL, Fu Z (2008) Automated assumption generation for compositional verification. Form Methods Syst Des 32(3): 285–301CrossRefMATHGoogle Scholar
- GPB05.Giannakopoulou D, Pasareanu CS, Barringer H (2005) Component verification with automatically generated assumptions. Autom Softw Eng 12(3): 297–320CrossRefGoogle Scholar
- GPQ14.Graf S, Passerone R, Quinton S (2014) Contract-based reasoning for component systems with rich interactions. In: Sangiovanni-Vincentelli A, Zeng H, Di~Natale M, Marwedel P (eds) Embedded systems development, volume 20 of embedded systems. Springer, New York, pp 139–154Google Scholar
- Hoa69.Hoare CAR (1969) An axiomatic basis for computer programming. Commun ACM 12(10): 576–580CrossRefMATHGoogle Scholar
- HQR98.Henzinger TA, Qadeer S, Rajamani SK (1998) You assume, we guarantee: methodology and case studies. In: Proceedings of the 10th international conference on computer aided verification, CAV ’98, Vancouver, BC, Canada, June 28–July 2 1998, pp 440–451Google Scholar
- HQR00.Henzinger TA, Qadeer S, Rajamani SK (2000) Decomposing refinement proofs using assume-guarantee reasoning. In: Proceedings of the 2000 IEEE/ACM international conference on computer-aided design, 2000, San Jose, California, USA, 5–9 Nov 2000, pp 245–252Google Scholar
- LDD+13.Li B, Dillig I, Dillig T, McMillan KL, Sagiv M (2013) Synthesis of circular compositional program proofs via abduction. In: Proceedings of the 19th international conference on tools and algorithms for the construction and analysis of systems, TACAS 2013, held as part of the European joint conferences on theory and practice of software, ETAPS 2013, Rome, Italy, 16–24 March 2013, pp 370–384Google Scholar
- Mai03.Maier P (2003) Compositional circular assume-guarantee rules cannot be sound and complete. In: Proceedings of the 6th international conference on foundations of software science and computational structures, FOSSACS 2003, held as part of the joint European conference on theory and practice of software, ETAPS 2003, Warsaw, Poland, 7–11 April 2003, pp 343–357Google Scholar
- MC81.Misra J, Chandy KM (1981) Proofs of networks of processes. IEEE Trans Softw Eng 7(4): 417–426MathSciNetCrossRefMATHGoogle Scholar
- McM98.McMillan KL (1998) Verification of an implementation of Tomasulo’s algorithm by compositional model checking. In: Proceedings of the 10th international conference on computer aided verification, CAV ’98, Vancouver, BC, Canada, June 28–July 2 1998, pp 110–121Google Scholar
- McM99a.McMillan KL (1999) Circular compositional reasoning about liveness. In: Proceedings of the 10th IFIP WG 10.5 advanced research working conference on correct hardware design and verification Mmethods, CHARME ’99, Bad Herrenalb, Germany, 27–29 Sept 1999, pp 342–345Google Scholar
- McM99b.McMillan KL (1999) Verification of infinite state systems by compositional model checking. In: Proceedings of the 10th IFIP WG 10.5 advanced research working conference on correct hardware design and verification methods, CHARME ’99, Bad Herrenalb, Germany, 27–29 Sept 1999, pp 219–234Google Scholar
- MK99.Magee J, Kramer J (1999) Concurrency: state models and Java programs. Wiley, New yorkMATHGoogle Scholar
- NT00.Namjoshi KS, Trefler RJ (2000) On the competeness of compositional reasoning. In: Proceedings of the 12th international conference on computer aided verification, CAV 2000, Chicago, IL, USA, 15–19 July 2000, pp 139–153Google Scholar
- PGB+08.Pasareanu CS, Giannakopoulou D, Bobaru MG, Cobleigh JM, Barringer H (2008) Learning to divide and conquer: applying the L* algorithm to automate assume-guarantee reasoning. Form Methods Syst Des 32(3): 175–205CrossRefMATHGoogle Scholar
- Pnu85.Pnueli A (1985) In transition from global to modular temporal reasoning about programs. In: AptKR (ed) Logics and models of concurrent systems, NATO ASI series (Series F: Computer and systems sciences), vol 13. Springer, Berlin, HeidelbergGoogle Scholar
- Rus01.Rushby J (2001) Formal verification of Mcmillan’s compositional assume-guarantee rule. In: CSL technical report, SRIGoogle Scholar
- TB97.Tasiran S, Brayton RK (1997) STARI: a case study in compositional and hierarchical timing verification. In: Proceedings of the 9th international conference computer aided verification, CAV ’97, Haifa, Israel, 22–25 June 1997, pp 191–201Google Scholar