Automated Circular Assume-Guarantee Reasoning with N-way Decomposition and Alphabet Refinement
In this work we develop an automated circular reasoning framework that is applicable to systems decomposed into multiple components. Our framework uses a family of circular assume-guarantee rules for which we give conditions for soundness and completeness. The assumptions used in the rules are initially approximate and their alphabets are automatically refined based on the counterexamples obtained from model checking the rule premises. A key feature of the framework is that the compositional rules that are used change dynamically with each iteration of the alphabet refinement, to only use assumptions that are relevant for the current alphabet, resulting in a smaller number of assumptions and smaller state spaces to analyze for each premise. Our preliminary evaluation of the proposed approach shows promising results compared to 2-way and monolithic verification.
KeywordsModel Check Label Transition System Verification Task Abstract System Circular Reasoning
We thank the reviewers for their detailed and helpful comments. This work was funded in part by the National Science Foundation (NSF Grant No. CSF-1329278) and the Binational Science Foundation (BSF Grant No. 2012259). Shoham was supported by the European Research Council under the European Union’s Seventh Framework Program (FP7/2007–2013)/ERC grant agreement no. [321174-VSSC].
- 7.Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)Google Scholar
- 9.Een, N., Sörensson, N.: The minisat. http://minisat.se
- 13.Henzinger, T.A., Liu, X., Qadeer, S., Rajamani, S.K.: Formal specification and verification of a dataflow processor array. In: ICCAD, pp. 494–499 (1999)Google Scholar
- 24.Pnueli, A.: In transition from global to modular temporal reasoning about programs. In: Logics and Models of Concurrent Systems. NATO ASI Series (1985)Google Scholar
- 25.Rushby, J.: Formal verification of mcmillan’s compositional assume-guarantee rule. CSL Technical report, SRI (2001)Google Scholar