Results 1  10
of
42
Learningbased symbolic assumeguarantee reasoning with automatic decomposition
 In ATVA
, 2006
"... Abstract. Compositional reasoning aims to improve scalability of verification tools by reducing the original verification task into subproblems. The simplification is typically based on the assumeguarantee reasoning principles, and requires decomposing the system into components as well as identify ..."
Abstract

Cited by 13 (4 self)
 Add to MetaCart
Abstract. Compositional reasoning aims to improve scalability of verification tools by reducing the original verification task into subproblems. The simplification is typically based on the assumeguarantee reasoning principles, and requires decomposing the system into components as well as identifying adequate environment assumptions for components. One recent approach to automatic derivation of adequate assumptions is basedontheL ∗ algorithm for active learning of regular languages. In this paper, we present a fully automatic approach to compositional reasoning by automating the decomposition step using an algorithm for hypergraph partitioning for balanced clustering of variables. We also propose heuristic improvements to the assumption identification phase. We report on an implementation based on NuSMV, and experiments that study the effectiveness of automatic decomposition and the overall savings in the computational requirements of symbolic model checking. 1
Refining Interface Alphabets for Compositional Verification
 In Proc. of the 19th Int. Conf. on Tools and Algorithms for theConstruction and Analysis of Systems (TACAS'07
"... Abstract. Techniques for learning automata have been adapted to automatically infer assumptions in assumeguarantee compositional verification. Learning, in this context, produces assumptions and modifies them using counterexamples obtained by model checking components separately. In this process, t ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
Abstract. Techniques for learning automata have been adapted to automatically infer assumptions in assumeguarantee compositional verification. Learning, in this context, produces assumptions and modifies them using counterexamples obtained by model checking components separately. In this process, the interface alphabets between components, that constitute the alphabets of the assumption automata, are fixed: they include all actions through which the components communicate. This paper introduces alphabet refinement, a novel technique that extends the assumption learning process to also infer interface alphabets. The technique starts with only a subset of the interface alphabet and adds actions to it as necessary until a given property is shown to hold or to be violated in the system. Actions to be added are discovered by counterexample analysis. We show experimentally that alphabet refinement improves the current learning algorithms and makes compositional verification by learning assumptions more scalable than noncompositional verification. 1
Breaking Up is Hard to Do: An Evaluation of Automated AssumeGuarantee Reasoning
"... Finitestate verification techniques are often hampered by the stateexplosion problem. One proposed approach for addressing this problem is assumeguarantee reasoning, where a system under analysis is partitioned into subsystems and these subsystems are analyzed individually. By composing the resul ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Finitestate verification techniques are often hampered by the stateexplosion problem. One proposed approach for addressing this problem is assumeguarantee reasoning, where a system under analysis is partitioned into subsystems and these subsystems are analyzed individually. By composing the results of these analyses, it can be determined whether or not the system satisfies a property. Because each subsystem is smaller than the whole system, analyzing each subsystem individually may reduce the overall cost of verification. Often the behavior of a subsystem is dependent on the subsystems with which it interacts, and thus it is usually necessary to provide assumptions about the environment in which a subsystem executes. Because developing assumptions has been a difficult manual task, the evaluation of assumeguarantee reasoning has been limited. Using recent advances for automatically generating assumptions, we undertook a study to determine if assumeguarantee reasoning provides an advantage over monolithic verification. In this study, we considered all twoway decompositions for a set of systems and properties, using two different verifiers, FLAVERS and LTSA. By increasing the number of repeated tasks in these systems, we evaluated the decompositions as they were scaled. We found that in only a few cases can assumeguarantee reasoning verify properties on larger systems than monolithic verification can, and in these cases the systems that can be analyzed are only a few sizes larger. Although these results are discouraging, they provide insight about research directions that should be pursued and highlight the importance of experimental evaluation in this area.
Learning to divide and conquer: applying the L* algorithm to automate assumeguarantee reasoning
, 2008
"... Assumeguarantee reasoning enables a “divideandconquer ” approach to the verification of large systems that checks system components separately while using assumptions about each component’s environment. Developing appropriate assumptions used to be a difficult and manual process. Over the past fi ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
Assumeguarantee reasoning enables a “divideandconquer ” approach to the verification of large systems that checks system components separately while using assumptions about each component’s environment. Developing appropriate assumptions used to be a difficult and manual process. Over the past five years, we have developed a framework for performing assumeguarantee verification of systems in an incremental and fully automated fashion. The framework uses an offtheshelf learning algorithm to compute the assumptions. The assumptions are initially approximate and become more precise by means of counterexamples obtained by model checking components separately. The framework supports different assumeguarantee rules, both symmetric and asymmetric. Moreover, we have recently introduced alphabet refinement, which extends the assumption learning process to also infer assumption alphabets. This refinement technique starts with assumption alphabets that are a subset of the minimal interface between a component and its environment, and adds actions to it as necessary until a given property is shown to hold or to be violated in the system. We have applied the learning framework to a number of case studies that show that compositional verification by learning assumptions can be significantly more scalable than noncompositional verification. Key words: Assumeguarantee reasoning, model checking, labeled transition systems, learning, proof rules, compositional verification, safety properties. 1
Componentbased hardware/software coverification
 In MEMOCODE
, 2007
"... In componentbased hardware/software coverification, properties of an embedded system are established from properties of its hardware and software components. A major challenge in componentbased coverification is the property formulation problem: (1) what are the system properties to verify, (2) ..."
Abstract

Cited by 9 (6 self)
 Add to MetaCart
In componentbased hardware/software coverification, properties of an embedded system are established from properties of its hardware and software components. A major challenge in componentbased coverification is the property formulation problem: (1) what are the system properties to verify, (2) what are the component properties needed for verifying the system properties, and (3) what are the environment assumptions for establishing these properties. We present a patternguided approach to the property formulation problem. We develop an embedded architecture description language (EADL). A key feature of EADL is its support to specification of architectural patterns for embedded systems. Such patterns capture recurring system structures and, furthermore, templates for properties to verify on systems following these patterns and strategies for decomposing system properties into component properties. We have applies EADL in coverification of medical sensor systems, which shows that architectural patterns have major potential in facilitating componentbased coverification. 1
Automated assumption generation for compositional verification
 Form. Methods Syst. Des
"... Abstract. We describe a method for computing an exact minimal automaton to act as an intermediate assertion in assumeguarantee reasoning, using a sampling approach and a Boolean satisfiability solver. For a set of synthetic benchmarks intended to mimic common situations in hardware verification, th ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. We describe a method for computing an exact minimal automaton to act as an intermediate assertion in assumeguarantee reasoning, using a sampling approach and a Boolean satisfiability solver. For a set of synthetic benchmarks intended to mimic common situations in hardware verification, this is shown to be significantly more effective than earlier approximate methods based on Angluin’s L * algorithm. For many of these benchmarks, this method also outperforms BDDbased model checking and interpolationbased model checking. 1
Extending Automated Compositional Verification to the Full Class of OmegaRegular Languages ⋆
"... Abstract. Recent studies have suggested the applicability of learning to automated compositional verification. However, current learning algorithms fall short when it comes to learning liveness properties. We extend the automaton synthesis paradigm for the infinitary languages by presenting an algor ..."
Abstract

Cited by 9 (1 self)
 Add to MetaCart
Abstract. Recent studies have suggested the applicability of learning to automated compositional verification. However, current learning algorithms fall short when it comes to learning liveness properties. We extend the automaton synthesis paradigm for the infinitary languages by presenting an algorithm to learn an arbitrary regular set of infinite sequences (an ωregular language) over an alphabet Σ. Our main result is an algorithm to learn a nondeterministic Büchi automaton that recognizes an unknown ωregular language. This is done by learning a unique projection of it on Σ ∗ using the framework suggested by Angluin for learning regular subsets of Σ ∗. 1
Optimized l*based assumeguarantee reasoning
 In (to appear) Proc. of the 19 th Int. Conf. on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’07
, 2007
"... Abstract. In this paper, we suggest three optimizations to the L*based automated AssumeGuarantee reasoning algorithm for the compositional verification of concurrent systems. First, we use each counterexample from the model checker to supply multiple strings to L*, saving candidate queries. Second ..."
Abstract

Cited by 8 (0 self)
 Add to MetaCart
Abstract. In this paper, we suggest three optimizations to the L*based automated AssumeGuarantee reasoning algorithm for the compositional verification of concurrent systems. First, we use each counterexample from the model checker to supply multiple strings to L*, saving candidate queries. Second, we observe that in existing instances of this paradigm, the learning algorithm is coupled weakly with the teacher. Thus, the learner ignores completely the details about the internal structure of the system and specification being verified, which are available already to the teacher. We suggest an optimization that uses this information in order to avoid many unnecessary – and expensive, since they involve model checking – membership and candidate queries. Finally, and most importantly, we develop a method for minimizing the alphabet used by the assumption, which reduces the size of the assumption and the number of queries required to construct it. We present these three optimizations in the context of verifying trace containment for concurrent systems composed of finite state machines. We have implemented our approach and experimented with reallife examples. Our results exhibit an average speedup of over 12 times due to the proposed improvements. 1
Inferring network invariants automatically
 In Proc. International Joint Conference on Automated Reasoning (IJCAR ’06), volume 4130 of LNAI
, 2006
"... Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reas ..."
Abstract

Cited by 8 (1 self)
 Add to MetaCart
Abstract. Verification by network invariants is a heuristic to solve uniform verification of parameterized systems. Given a system P, a network invariant for P is a system that abstracts the composition of every number of copies of P running in parallel. If there is such a network invariant, by reasoning about it, uniform verification with respect to the family P [1] ‖ · · · ‖ P [n] can be carried out. In this paper, we propose a procedure that searches systematically for a network invariant satisfying a given safety property. The search is based on algorithms for learning finite automata due to Angluin and Biermann. We optimize the search by combining both algorithms for improving successive possible invariants. We also show how to reduce the learning problem to SAT, allowing efficient SAT solvers to be used, which turns out to yield a very competitive learning algorithm. The overall search procedure finds a minimal such invariant, if it exists. 1
Assumeguarantee reasoning for deadlock
 IN: PROC. OF FMCAD.
, 2006
"... We extend the learningbased automated assume guarantee paradigm to perform compositional deadlock detection. We define Failure Automata, a generalization of finite automata that accept regular failure sets. We develop a learning algorithm L F that constructs the minimal deterministic failure autom ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
We extend the learningbased automated assume guarantee paradigm to perform compositional deadlock detection. We define Failure Automata, a generalization of finite automata that accept regular failure sets. We develop a learning algorithm L F that constructs the minimal deterministic failure automaton accepting any unknown regular failure set using a minimally adequate teacher. We show how L F can be used for compositional regular failure language containment, and deadlock detection, using noncircular and circular assume guarantee rules. We present an implementation of our techniques and encouraging experimental results on several nontrivial benchmarks.