Advertisement

Dealing with Incompleteness in Automata-Based Model Checking

  • Claudio MenghiEmail author
  • Paola Spoletini
  • Carlo Ghezzi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9995)

Abstract

A software specification is often the result of an iterative process that transforms an initial incomplete model through refinement decisions. A model is incomplete because the implementation of certain functionalities is postponed to a later development step or is delegated to third parties. An unspecified functionality may be later replaced by alternative solutions, which may be evaluated to analyze tradeoffs. Model checking has been proposed as a technique to verify that a model of the system under development is compliant with a formal specification of its requirements. However, most classical model checking approaches assume that a complete model of the system is given: they do not support incompleteness. A verification-driven design process would instead benefit from the ability to apply formal verification at any stage, hence also to incomplete models. After any change, it is desirable that only the portion affected by the change, called replacement, is analyzed. To achieve this goal, this paper extends the classical automata-based model checking procedure to deal with incompleteness. The proposed model checking approach is able not only to evaluate whether a property definitely holds, possibly holds or does not hold in an incomplete model but, when the satisfaction of the specification depends on the incomplete parts, to compute the constraints that must be satisfied by their future replacements. Constraints are properties on the unspecified components that, if satisfied by the replacement, guarantee the satisfaction of the original specification in the refined model. Each constraint is verified in isolation on the corresponding replacement.

References

  1. 1.
    Alur, R., Henzinger, T.A.: Reactive modules. Formal Methods Syst. Des. 15(1), 7–48 (1999)CrossRefGoogle Scholar
  2. 2.
    Alur, R., Yannakakis, M.: Model checking of hierarchical state machines. ACM Trans. Program. Lang. Syst. 23(3), 273–303 (2001)CrossRefGoogle Scholar
  3. 3.
    Baier, C., Katoen, J.: Principles of Model Checking. MIT Press, Cambridge (2008)zbMATHGoogle Scholar
  4. 4.
    Bruns, G., Godefroid, P.: Model checking partial state spaces with 3-valued temporal logics. In: Halbwachs, N., Peled, D. (eds.) CAV 1999. LNCS, vol. 1633, pp. 274–287. Springer, Heidelberg (1999). doi: 10.1007/3-540-48683-6_25 CrossRefGoogle Scholar
  5. 5.
    Bruns, G., Godefroid, P.: Generalized model checking: reasoning about partial state spaces. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 168–182. Springer, Heidelberg (2000). doi: 10.1007/3-540-44618-4_14 CrossRefGoogle Scholar
  6. 6.
    Büchi, J.R.: Symposium on decision problems: On a decision method in restricted second order arithmetic. Stud. Logic Found. Math. 44, 1–11 (1966)CrossRefGoogle Scholar
  7. 7.
    Cassandras, C.G., Lafortune, S.: Introduction to Discrete Event Systems, 2nd edn. Springer, New York (2008)CrossRefzbMATHGoogle Scholar
  8. 8.
    Chaki, S., Sharygina, N., Sinha, N.: Verification of evolving software. In: Specification and Verification of Component-Based Systems, SAVCBS (2004)Google Scholar
  9. 9.
    Chechik, M., Devereux, B., Easterbrook, S., Gurfinkel, A.: Multi-valued symbolic model-checking. Trans. Softw. Eng. Methodol. (TOSEM) 12(4), 371–408 (2003)CrossRefzbMATHGoogle Scholar
  10. 10.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. Trans. Program. Lang. Syst. (TOPLAS) 8(2), 244–263 (1986)CrossRefzbMATHGoogle Scholar
  11. 11.
    Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)Google Scholar
  12. 12.
    Classen, A., Cordy, M., Schobbens, P., Heymans, P., Legay, A., Raskin, J.: Featured transition systems: foundations for verifying variability-intensive systems and their application to LTL model checking. IEEE Trans. Softw. Eng. 39(8), 1069–1089 (2013)CrossRefGoogle Scholar
  13. 13.
    Classen, A., Heymans, P., Schobbens, P., Legay, A., Raskin, J.: Model checking lots of systems: efficient verification of temporal properties in software product lines. In: International Conference on Software Engineering, pp. 335–344. ACM (2010)Google Scholar
  14. 14.
    de Roever, W.-P., de Boer, F., Hanneman, U., Hooman, J., Lakhnech, Y., Poel, M., Zwiers, J., Verification, C.: Introduction to Compositional and Non-compositional Methods. Cambridge University Press, Cambridge (2012)Google Scholar
  15. 15.
    D’ippolito, N., Braberman, V., Piterman, N., Uchitel, S.: Synthesizing non-anomalous event-based controllers for liveness goals. Trans. Softw. Eng. Method. (TOSEM) 22(1), 9:1–9:36 (2013). Article no. 9Google Scholar
  16. 16.
    Famelis, M., Salay, R., Chechik, M.: Partial models: towards modeling and reasoning with uncertainty. In: International Conference on Software Engineering, ICSE, pp. 573–583. IEEE Computer Society (2012)Google Scholar
  17. 17.
    Famelis, M., Salay, R., Chechik, M.: The semantics of partial model transformations. In: International Workshop on Modeling in Software Engineering, pp. 64–69. IEEE Computer Society (2012)Google Scholar
  18. 18.
    Famelis, M., Salay, R., Sandro, A., Chechik, M.: Transformation of models containing uncertainty. In: Moreira, A., Schätz, B., Gray, J., Vallecillo, A., Clarke, P. (eds.) MODELS 2013. LNCS, vol. 8107, pp. 673–689. Springer, Heidelberg (2013). doi: 10.1007/978-3-642-41533-3_41 CrossRefGoogle Scholar
  19. 19.
    Giannakopoulou, D., Pasareanu, C.S., Barringer, H.: Assumption generation for software component verification. In: International Conference on Automated Software Engineering, ASE, pp. 3–12. IEEE Computer Society (2002)Google Scholar
  20. 20.
    Huth, M.: Model checking modal transition systems using Kripke structures. In: Cortesi, A. (ed.) VMCAI 2002. LNCS, vol. 2294, pp. 302–316. Springer, Heidelberg (2002). doi: 10.1007/3-540-47813-2_21 CrossRefGoogle Scholar
  21. 21.
    Huth, M., Jagadeesan, R., Schmidt, D.: Modal transition systems: a foundation for three-valued program analysis. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 155–169. Springer, Heidelberg (2001). doi: 10.1007/3-540-45309-1_11 CrossRefGoogle Scholar
  22. 22.
    Jones, C.B.: Tentative steps toward a development method for interfering programs. Trans. Program. Lang. Syst. (TOPLAS) 5(4), 596–619 (1983)CrossRefzbMATHGoogle Scholar
  23. 23.
    Larsen, K.G., Thomsen, B.: A modal process logic. In: Third Annual Symposium on Logic in Computer Science, LICS, pp. 203–210. IEEE Computer Society (1988)Google Scholar
  24. 24.
    Menghi, C.: Dealing with incompleteness in automata based model checking. Ph.D. thesis, Politecnico di Milano (2015). https://www.politesi.polimi.ithandle/10589/114509
  25. 25.
    Menghi, C., Spoletini, P., Ghezzi, C.: Modeling, refining and analyzing Incomplete Büchi Automata. ArXiv e-prints (2016). http://arxiv.org/abs/1609.00610
  26. 26.
    Miremadi, S., Lennartson, B., Åkesson, K.: BDD-based supervisory control on extended finite automata. In: Conference on Automation Science and Engineering, CASE, pp. 25–31. IEEE (2011)Google Scholar
  27. 27.
    Pnueli, A.: In transition from global to modular temporal reasoning about programs. In: Apt, K.R. (ed.) Logics and Models of Concurrent Systems. NATO ASI Series, vol. 13, pp. 123–144. Springer, Heidelberg (1985)CrossRefGoogle Scholar
  28. 28.
    Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: Symposium on Principles of Programming Languages, pp. 179–190. ACM Press (1989)Google Scholar
  29. 29.
    Ramadge, P.J., Wonham, W.M.: Supervisory control of a class of discrete event processes. SIAM J. Control Optim. 25(1), 206–230 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Ramadge, P.J., Wonham, W.M.: The control of discrete event systems. Proc. IEEE 77(1), 81–98 (1989)CrossRefzbMATHGoogle Scholar
  31. 31.
    Sery, O., Fedyukovich, G., Sharygina, N.: FunFrog: bounded model checking with interpolation-based function summarization. In: Chakraborty, S., Mukund, M. (eds.) ATVA 2012. LNCS, vol. 7561, pp. 203–207. Springer, Heidelberg (2012). doi: 10.1007/978-3-642-33386-6_17 CrossRefGoogle Scholar
  32. 32.
    Sharygina, N., Chaki, S., Clarke, E., Sinha, N.: Dynamic component substitutability analysis. In: Fitzgerald, J., Hayes, I.J., Tarlecki, A. (eds.) FM 2005. LNCS, vol. 3582, pp. 512–528. Springer, Heidelberg (2005). doi: 10.1007/11526841_34 CrossRefGoogle Scholar
  33. 33.
    Tabakov, D., Vardi, M.Y.: Experimental evaluation of classical automata constructions. In: Sutcliffe, G., Voronkov, A. (eds.) LPAR 2005. LNCS (LNAI), vol. 3835, pp. 396–411. Springer, Heidelberg (2005). doi: 10.1007/11591191_28 CrossRefGoogle Scholar
  34. 34.
    Tabakov, D., Vardi, M.Y.: Model checking Büchi specifications. In: International Conference on Language and Automata Theory and Applications, LATA, pp. 565–576. Research Group on Mathematical Linguistics, Universitat Rovira i Virgili, Tarragona (2007)Google Scholar
  35. 35.
    ter Beek, M.H., Fantechi, A., Gnesi, S., Mazzanti, F.: Modelling and analysing variability in product families: model checking of modal transition systems with variability constraints. J. Log. Algebr. Math. Program. 85(2), 287–315 (2016)MathSciNetzbMATHGoogle Scholar
  36. 36.
    Tsay, Y.-K., Tsai, M.-H., Chang, J.-S., Chang, Y.-W.: Büchi store: an open repository of Büchi automata. In: Abdulla, P.A., Leino, K.R.M. (eds.) TACAS 2011. LNCS, vol. 6605, pp. 262–266. Springer, Heidelberg (2011). doi: 10.1007/978-3-642-19835-9_23 CrossRefGoogle Scholar
  37. 37.
    Uchitel, S., Brunet, G., Chechik, M.: Synthesis of partial behavior models from properties and scenarios. IEEE Trans. Softw. Eng. 35(3), 384–406 (2009)CrossRefGoogle Scholar
  38. 38.
    Wulf, M., Doyen, L., Henzinger, T.A., Raskin, J.-F.: Antichains: a new algorithm for checking universality of finite automata. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 17–30. Springer, Heidelberg (2006). doi: 10.1007/11817963_5 CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.DEIB, Politecnico di MilanoMilanoItaly
  2. 2.Kennesaw State UniversityMariettaUSA

Personalised recommendations