Machine-Checked Proofs for Realizability Checking Algorithms

Katis, Andreas; Gacek, Andrew; Whalen, Michael W.

doi:10.1007/978-3-319-29613-5_7

Andreas Katis¹⁵,
Andrew Gacek¹⁶ &
Michael W. Whalen¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9593))

Included in the following conference series:

VSSTE

402 Accesses
3 Citations

Abstract

Virtual integration techniques focus on building architectural models of systems that can be analyzed early in the design cycle to try to lower cost, reduce risk, and improve quality of complex embedded systems. Given appropriate architectural descriptions, assume/guarantee contracts, and compositional reasoning rules, these techniques can be used to prove important safety properties about the architecture prior to system construction. For these proofs to be meaningful, each leaf-level component contract must be realizable; i.e., it is possible to construct a component such that for any input allowed by the contract assumptions, there is some output value that the component can produce that satisfies the contract guarantees.

We have recently proposed (in [1]) a contract-based realizability checking algorithm for assume/guarantee contracts over infinite theories supported by SMT solvers such as linear integer/real arithmetic and uninterpreted functions. In that work, we used an SMT solver and an algorithm similar to k-induction to establish the realizability of a contract, and justified our approach via a hand proof. Given the central importance of realizability to our virtual integration approach, we wanted additional confidence that our approach was sound. This paper describes a complete formalization of the approach in the Coq proof and specification language. During formalization, we found several small mistakes and missing assumptions in our reasoning. Although these did not compromise the correctness of the algorithm used in the checking tools, they point to the value of machine-checked formalization. In addition, we believe this is the first machine-checked formalization for a realizability algorithm.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
The Coq file is available at https://github.com/andrewkatis/Coq/blob/master/realizability/Realizability.v.
2.
The Coq Proof Assistant is available at https://coq.inria.fr/.
3.
You can download the KIND model checker at http://kind2-mc.github.io/kind2/.

References

Gacek, A., Katis, A., Whalen, M.W., Backes, J., Cofer, D.: Towards realizability checking of contracts using theories. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 173–187. Springer, Heidelberg (2015)
Google Scholar
Whalen, M.W., Gacek, A., Cofer, D., Murugesan, A., Heimdahl, M.P., Rayadurgam, S.: Your what is my how: iteration and hierarchy in system design. IEEE Softw. 30(2), 54–60 (2013)
Article Google Scholar
Cofer, D., Gacek, A., Miller, S., Whalen, M.W., LaValley, B., Sha, L.: Compositional verification of architectural models. In: Person, S., Goodloe, A.E. (eds.) NFM 2012. LNCS, vol. 7226, pp. 126–140. Springer, Heidelberg (2012)
Chapter Google Scholar
Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL 1889), pp. 179–190 (1989)
Google Scholar
Bohy, A., Bruyère, V., Filiot, E., Jin, N., Raskin, J.-F.: Acacia+, a tool for LTL synthesis. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 652–657. Springer, Heidelberg (2012)
Chapter Google Scholar
Hamza, J., Jobstmann, B., Kuncak, V.: Synthesis for regular specifications over unbounded domains. In: Proceedings of the Conference on Formal Methods in Computer-Aided Design, pp. 101–109 (2010)
Google Scholar
Chatterjee, K., Henzinger, T.A.: Assume-guarantee synthesis. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 261–275. Springer, Heidelberg (2007)
Chapter Google Scholar
Gunter, C.A., Gunter, E.L., Jackson, M., Zave, P.: A reference model for requirements and specifications. IEEE Softw. 17(3), 37–43 (2000)
Article Google Scholar
Patcas, L.M., Lawford, M., Maibaum, T.: From system requirements to software requirements in the four-variable model. In: Automated Verification of Critical Systems (AVOCS) 2013. Citeseer (2014)
Google Scholar
Sheeran, M., Singh, S., Stålmarck, G.: Checking safety properties using induction and a SAT-solver. In: Johnson, S.D., Hunt Jr., W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 108–125. Springer, Heidelberg (2000)
Google Scholar
The Coq Development Team, The Coq Proof Assistant Reference Manual, 8th edn. INRIA (2012–2014)
Google Scholar
Coquand, T., Huet, G.: Constructions: a higher order proof system for mechanizing mathematics. In: Buchberger, B. (ed.) EUROCAL 1985. LNCS, vol. 203, pp. 151–184. Springer, Heidelberg (1985)
Google Scholar
Paulson, L.C.: The foundation of a generic theorem prover. J. Autom. Reasoning 5(3), 363–397 (1989)
Article MathSciNet MATH Google Scholar
Owre, S., Rushby, J.M., Shankar, N.: PVS: a prototype verification system. In: Kapur, D. (ed.) CADE 2011. LNCS (LNAI), vol. 607, pp. 748–752. Springer, Heidelberg (1992). http://www.csl.sri.com/papers/cade92-pvs/
Google Scholar
Gacek, A.: JKind - a Java implementation of the KIND model checker (2014). https://github.com/agacek/jkind
Halbwachs, N., Caspi, P., Raymond, P., Pilaud, D.: The synchronous data flow programming language lustre. Proc. IEEE 79(9), 1305–1320 (1991)
Article Google Scholar
de Moura, L., Bjørner, N.S.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)
Chapter Google Scholar

Download references

Acknowledgments

This work was funded by DARPA and AFRL under contract 4504789784 (Secure Mathematically-Assured Composition of Control Models), and by NASA under contract NNA13AA21C (Compositional Verification of Flight Critical Systems), and by NSF under grant CNS-1035715 (Assuring the safety, security, and reliability of medical device cyber physical systems).

Author information

Authors and Affiliations

Department of Computer Science and Engineering, University of Minnesota, 200 Union Street, Minneapolis, MN, 55455, USA
Andreas Katis & Michael W. Whalen
Rockwell Collins Advanced Technology Center, 400 Collins Road NE, Cedar Rapids, IA, 52498, USA
Andrew Gacek

Authors

Andreas Katis
View author publications
You can also search for this author in PubMed Google Scholar
Andrew Gacek
View author publications
You can also search for this author in PubMed Google Scholar
Michael W. Whalen
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Andreas Katis .

Editor information

Editors and Affiliations

Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, USA
Arie Gurfinkel
Department of Electrical Engineering and Computer Science, University of California, Berkeley, USA
Sanjit A. Seshia

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Katis, A., Gacek, A., Whalen, M.W. (2016). Machine-Checked Proofs for Realizability Checking Algorithms. In: Gurfinkel, A., Seshia, S.A. (eds) Verified Software: Theories, Tools, and Experiments. VSTTE 2015. Lecture Notes in Computer Science(), vol 9593. Springer, Cham. https://doi.org/10.1007/978-3-319-29613-5_7

Download citation

DOI: https://doi.org/10.1007/978-3-319-29613-5_7
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-29612-8
Online ISBN: 978-3-319-29613-5
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics