Results 1  10
of
12
Symbolic compositional verification by learning assumptions
 In CAV
, 2005
"... Abstract. The verification problem for a system consisting of components can be decomposed into simpler subproblems for the components using assumeguarantee reasoning. However, such compositional reasoning requires user guidance to identify appropriate assumptions for components. In this paper, we ..."
Abstract

Cited by 69 (8 self)
 Add to MetaCart
(Show Context)
Abstract. The verification problem for a system consisting of components can be decomposed into simpler subproblems for the components using assumeguarantee reasoning. However, such compositional reasoning requires user guidance to identify appropriate assumptions for components. In this paper, we propose an automated solution for discovering assumptions based on the L \Lambda algorithm for active learning of regular languages. We present a symbolic implementation of the learning algorithm, and incorporate it in the model checker NuSMV. Our experiments demonstrate significant savings in the computational requirements of symbolic model checking.
Learning to divide and conquer: applying the L* algorithm to automate assumeguarantee reasoning
, 2008
"... Assumeguarantee reasoning enables a “divideandconquer ” approach to the verification of large systems that checks system components separately while using assumptions about each component’s environment. Developing appropriate assumptions used to be a difficult and manual process. Over the past fi ..."
Abstract

Cited by 18 (2 self)
 Add to MetaCart
(Show Context)
Assumeguarantee reasoning enables a “divideandconquer ” approach to the verification of large systems that checks system components separately while using assumptions about each component’s environment. Developing appropriate assumptions used to be a difficult and manual process. Over the past five years, we have developed a framework for performing assumeguarantee verification of systems in an incremental and fully automated fashion. The framework uses an offtheshelf learning algorithm to compute the assumptions. The assumptions are initially approximate and become more precise by means of counterexamples obtained by model checking components separately. The framework supports different assumeguarantee rules, both symmetric and asymmetric. Moreover, we have recently introduced alphabet refinement, which extends the assumption learning process to also infer assumption alphabets. This refinement technique starts with assumption alphabets that are a subset of the minimal interface between a component and its environment, and adds actions to it as necessary until a given property is shown to hold or to be violated in the system. We have applied the learning framework to a number of case studies that show that compositional verification by learning assumptions can be significantly more scalable than noncompositional verification. Key words: Assumeguarantee reasoning, model checking, labeled transition systems, learning, proof rules, compositional verification, safety properties. 1
Automated AssumeGuarantee Reasoning by Abstraction Refinement
"... Abstract. Current automated approaches for compositional model checking in the assumeguarantee style are based on learning of assumptions as deterministic automata. We propose an alternative approach based on abstraction refinement. Our new method computes the assumptions for the assumeguarantee r ..."
Abstract

Cited by 13 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Current automated approaches for compositional model checking in the assumeguarantee style are based on learning of assumptions as deterministic automata. We propose an alternative approach based on abstraction refinement. Our new method computes the assumptions for the assumeguarantee rules as conservative and not necessarily deterministic abstractions of some of the components, and refines those abstractions using counterexamples obtained from model checking them together with the other components. Our approach also exploits the alphabets of the interfaces between components and performs iterative refinement of those alphabets as well as of the abstractions. We show experimentally that our preliminary implementation of the proposed alternative achieves similar or better performance than a previous learningbased implementation. 1
Automated AssumeGuarantee Reasoning through Implicit Learning, in "Computer Aided Verification
 RoyaumeUni Edinburgh
"... Abstract. We propose a purely implicit solution to the contextual assumption generation problem in assumeguarantee reasoning. Instead of improving the L ∗ algorithm — a learning algorithm for finite automata, our algorithm computes implicit representations of contextual assumptions by the CDNF al ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We propose a purely implicit solution to the contextual assumption generation problem in assumeguarantee reasoning. Instead of improving the L ∗ algorithm — a learning algorithm for finite automata, our algorithm computes implicit representations of contextual assumptions by the CDNF algorithm — a learning algorithm for Boolean functions. We report three parametrized test cases where our solution outperforms the monolithic interpolationbased Model Checking algorithm. 1
Automated assumeguarantee reasoning for omegaregular systems and specifications
 IN: PROC. NFM’10
, 2010
"... We develop a learningbased automated AssumeGuarantee (AG) reasoning framework for verifying ωregular properties of concurrent systems. We study the applicability of noncircular (AGNC) and circular (AGC) AG proof rules in the context of systems with infinite behaviors. In particular, we show th ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We develop a learningbased automated AssumeGuarantee (AG) reasoning framework for verifying ωregular properties of concurrent systems. We study the applicability of noncircular (AGNC) and circular (AGC) AG proof rules in the context of systems with infinite behaviors. In particular, we show that AGNC is incomplete when assumptions are restricted to strictly infinite behaviors, while AGC remains complete. We present a general formalization, called LAG, of the learning based automated AG paradigm. We show how existing approaches for automated AG reasoning are special instances of LAG. We develop two learning algorithms for a class of systems, called ∞regular systems, that combine finite and infinite behaviors. We show that for ∞regular systems, both AGNC and AGC are sound and complete. Finally, we show how to instantiate LAG to do automated AG reasoning for ∞regular, and ωregular, systems using both AGNC and AGC as proof rules.
Learning to Divide and Conquer
"... Assumeguarantee reasoning is a “divideandconquer ” approach to the verification of large systems that makes use of assumptions about the environment of that system’s components. Developing appropriate assumptions used to be a difficult and manual process. Over the past five years, we have develop ..."
Abstract
 Add to MetaCart
(Show Context)
Assumeguarantee reasoning is a “divideandconquer ” approach to the verification of large systems that makes use of assumptions about the environment of that system’s components. Developing appropriate assumptions used to be a difficult and manual process. Over the past five years, we have developed a framework for performing assumeguarantee verification of systems in an incremental and fully automated fashion. The framework uses an offtheshelf learning algorithm to compute the assumptions. The assumptions are initially approximate and become more precise by means of counterexamples obtained by model checking components separately. The framework supports different assumeguarantee rules, both symmetric and nonsymmetric. Moreover, we have recently introduced alphabet refinement, which extends the assumption learning process to also infer assumption alphabets. This refinement technique starts with assumption alphabets that are a subset of the minimal interface between a component and its environment, and adds actions to it as necessary until a given property is shown to hold or to be violated in the system. We have applied the learning framework to a number of case studies that show that compositional verification by learning assumptions can be significantly more scalable than noncompositional verification. 18 19
Formal Verification of Components in Java
"... Formal verification of a hierarchical component application involves (i) checking of behavior compliance among subcomponents of each composite component, and (ii) checking of implementation of each primitive component against its behavior specification and other properties like absence of concurren ..."
Abstract
 Add to MetaCart
Formal verification of a hierarchical component application involves (i) checking of behavior compliance among subcomponents of each composite component, and (ii) checking of implementation of each primitive component against its behavior specification and other properties like absence of concurrency errors. In this thesis, we focus on verification of primitive components implemented in Java against the properties of obeying a behavior specification defined in behavior protocols (frame protocol) and absence of concurrency errors. We use the Java PathFinder model checker as a core verification tool. We propose a set of techniques that address the key issues of formal verification of reallife components in Java via model checking: support for highlevel property of obeying a behavior specification, environment modeling and construction, and state explosion. The techniques include (1) an extension to Java PathFinder that allows checking of Java code against a frame protocol, (2) automated generation of component environment from a model in the form of a behavior protocol, (3) efficient construction of the model of environment’s behavior, and (4) addressing state explosion in discovery of concurrency errors via reduction of the level of parallelism in a component environment on the basis of static analysis of Java bytecode and various heuristics. We have implemented all the techniques in the COMBAT toolset and evaluated them on two realistic component applications. Results of the experiments show that the techniques are viable.
algorithm to automate assumeguarantee reasoning
, 2008
"... conquer: applying the L algorithm to automate ..."
(Show Context)
Automated Compositional Analysis for Checking Component Substitutability
, 2007
"... Model checking is an automated technique to verify hardware and software systems formally. Most of the model checking research has focused on developing scalable techniques for verifying large systems. A number of techniques, e.g., symbolic methods, abstractions, compositional reasoning, etc. have b ..."
Abstract
 Add to MetaCart
(Show Context)
Model checking is an automated technique to verify hardware and software systems formally. Most of the model checking research has focused on developing scalable techniques for verifying large systems. A number of techniques, e.g., symbolic methods, abstractions, compositional reasoning, etc. have been proposed towards this goal. While methods based on symbolic reasoning (using binary decision diagrams or satisfiability solving) and methods based on computing abstractions automatically in a counterexampledriven manner have proved to be useful in verifying hardware and software systems, they do not directly scale to systems with large number of modules or components. The reason is that they try to verify the complete system in a monolithic manner, which inevitably leads to the statespace explosion problem, i.e., there are too many states in the system to explore exhaustively. Compositional reasoning techniques try to address this problem by following a divideandconquer approach: the task of system verification is divided into several subtasks, each