# An Assume-Guarantee Rule for Checking Simulation

## Abstract

The simulation preorder on state transition systems is widely accepted as a useful notion of refinement, both in its own right and as an efficiently checkable sufficient condition for trace containment. For composite systems, due to the exponential explosion of the state space, there is a need for decomposing a simulation check of the form *P*<_{ s } *Q* into simpler simulation checks on the components of *P* and *Q*. We present an assume-guarantee rule that enables such a decomposition. To the best of our knowledge, this is the first assume-guarantee rule that applies to a refinement relation different from trace containment. Our rule is circular, and its soundness proof requires induction on trace trees. The proof is constructive: given simulation relations that witness the simulation preorder between corresponding components of *P* and *Q*, we provide a procedure for constructing a witness relation for *P*<_{ s } *Q*. We also extend our assume-guarantee rule to account for fairness assumptions on transition systems.

## Keywords

Simulation Relation Fairness Constraint State Transition System Fairness Assumption Tree Containment## Preview

Unable to display preview. Download preview PDF.

## References

- AH96.R. Alur and T.A. Henzinger. Reactive modules. In
*Proceedings of the 11th Annual Symposium on Logic in Computer Science*, pages 207–218. IEEE Computer Society Press, 1996.Google Scholar - AL91.M. Abadi and L. Lamport. The existence of refinement mappings.
*Theoretical Computer Science*, 82(2):253–284, 1991.MATHCrossRefMathSciNetGoogle Scholar - AL95.M. Abadi and L. Lamport. Conjoining specifications.
*ACM Transactions on Programming Languages and Systems*, 17(3):507–534, 1995.CrossRefGoogle Scholar - CLM89.E.M. Clarke, D.E. Long, and K.L. McMillan. Compositional model checking. In
*Proceedings of the 4th Annual Symposium on Logic in Computer Science*, pages 353–362. IEEE Computer Society Press, 1989.Google Scholar - Dil89.D.L. Dill.
*Trace Theory for Automatic Hierarchical Verification of Speed-independent Circuits*. The MIT Press, 1989.Google Scholar - GL94.O. Grumberg and D.E. Long. Model checking and modular verification.
*ACM Transactions on Programming Languages and Systems*, 16(3):843–871, 1994.CrossRefGoogle Scholar - HKR97.T.A. Henzinger, O. Kupferman, and S. K. Rajamani. Fair simulation. In
*CONCUR 97: Theories of Concurrency*, Lecture Notes in Computer Science 1243, pages 273–287. Springer-Verlag, July 1997.Google Scholar - Kur94.R.P. Kurshan.
*Computer-aided Verification of Coordinating Processes*. Princeton University Press, 1994.Google Scholar - Lyn96.N.A. Lynch.
*Distributed Algorithms*. Morgan-Kaufmann, 1996.Google Scholar - McM97.K.L. McMillan. A compositional rule for hardware design refinement. In
*CAV 97: Computer-Aided Verification*, Lecture Notes in Computer Science1254, pages 24–35. Springer-Verlag, 1997.Google Scholar - Mil71.R. Milner. An algebraic definition of simulation between programs. In
*Proceedings of the 2nd International Joint Conference on Artificial Intelligence*, pages 481–489. The British Computer Society, 1971.Google Scholar - Sta85.E.W. Stark. A proof technique for rely/guarantee properties. In
*Proceedings of the 5th Conference on Foundations of Software Technology and Theoretical Computer Science*, Lecture Notes in Computer Science 206, pages 369–391. Springer-Verlag, 1985.Google Scholar