Compositional verification for component-based systems and application (original) (raw)
Related papers
D-Finder: A Tool for Compositional Deadlock Detection and Verification
Computer Aided Verification, 2009
D-Finder tool implements a compositional method for the verification of component-based systems described in BIP language encompassing multi-party interaction. For deadlock detection, D-Finder applies proof strategies to eliminate potential deadlocks by computing increasingly stronger invariants.
Incremental component-based construction and verification using invariants
2010
We study a methodology for checking incrementally deadlock-freedom of component-based systems. A system is obtained as the composition of atomic components by using interactions. Each interaction expresses strong synchronization (rendezvous) between actions of the components. We improve the heuristic verification method applied by the D-Finder tool to BIP components. The method consists in computing symbolically global invariants for composite components by solving a set of boolean behavioral constraints. The new incremental verification method allows the computation of these global invariants by using a decomposition of the constraints based on the structure of a composite component. We formalize the construction process of a composite component from a set of atomic components. We provide results relating invariants of constituent components used in the construction process, to global invariants. In particular, we show how the boolean behavioral constraints of the composed components are related to those of the product system. Experimental results by using the D-Finder tool for checking deadlock-freedom show significant gains in performance with respect to the global verification technique.
An Abstract Framework for Deadlock Prevention in BIP
Lecture Notes in Computer Science, 2013
We present a sound but incomplete criterion for checking deadlock freedom of finite state systems expressed in BIP: a componentbased framework for the construction of complex distributed systems. Since deciding deadlock-freedom for finite-state concurrent systems is PSPACE-complete, our criterion gives up completeness in return for tractability of evaluation. Our criterion can be evaluated by modelchecking subsystems of the overall large system. The size of these subsystems depends only on the local topology of direct interaction between components, and not on the number of components in the overall system. We present two experiments, in which our method compares favorably with existing approaches. For example, in verifying deadlock freedom of dining philosphers, our method shows linear increase in computation time with the number of philosophers, whereas other methods (even those that use abstraction) show super-linear increase, due to state-explosion.
Verifying Invariants of Component-Based Systems through Refinement
Lecture Notes in Computer Science, 2004
In areas like manufacturing, communications, transportation or aerospace, the increasing size and complexity of reactive systems make their verification difficult to handle. Compositional reasoning is a way to master this problem. In this paper, we propose an approach based on a constraint synchronized product to specify and to verify such systems. This approach supports a compositional refinement for both labelled transition systems and their composition. In this framework, we show how to verify local and global invariance properties during a refinement verification. Thus, these properties are preserved through refinement. The different aspects of our work are illustrated on the example of a communication protocol between an integrated chip card and a reader interface device.
Concurrent software verification with states, events, and deadlocks
Formal Aspects of Computing, 2005
We present a framework for model checking concurrent software systems which incorporates both states and events. Contrary to other state/event approaches, our work also integrates two powerful verification techniques, counterexample-guided abstraction refinement and compositional reasoning. Our specification language is a state/event extension of linear temporal logic, and allows us to express many properties of software in a concise and intuitive manner. We show how standard automata-theoretic LTL model checking algorithms can be ported to our framework at no extra cost, enabling us to directly benefit from the large body of research on efficient LTL verification.
An Approach to Modelling and Verification of Component Based Systems
Lecture Notes in Computer Science, 2007
We build on a framework for modelling and investigating componentbased systems that strictly separates the description of behavior of components from the way they interact. We discuss various properties of system behavior as liveness, local progress, local and global deadlock, and robustness. We present a criterion that ensures liveness and can be tested in polynomial time.
A methodology is described to build up specification language environments for concurrent systems, combining static and dynamic tools to support checks on specification properties. To reduce the complexity of the proving procedure, static tools do not prove correctness totally, but only in a reasonable set of cases. The excluded cases are managed by dynamic tools, which in turn work on a simplified situation with respect to a dynamic environment. Moreover, particular characteristics of the specification language, the ability to structure communication patterns and modularity, can be exploited to improve efficiency of the static tools. Amon 9 static properties, deadlock freeness is checked for the language using the methodology. Different approximations of such a property are defined in such a way that a progressive refinement of the static correctness can be obtained. For each subproperty, a tool that proves it is described. The dynamic deadlock checker is also sketched only for the parts influenced by the proposed methodology. concurrent systems, specification language, verification, deadlock One of the principal advantages of disposing of a specification language is in the simplicity of the correctness proofs compared with the proofs carrried out on the corresponding concurrent system or program. In fact a specification language has, in general, a clearer and simpler semantics than an application language. On the other hand, a specification language cannot be too simple, if it has to exploit sufficient expressive power to model actual situations. Consequently, it is necessary to develop a programming environment of the specification language, viewing that language as any programming language, even if it is more abstract. This work deals with the construction of a set of tools, built around a specification language for concurrent applications. The static tools that verify deadlock freeness are described in detail as a complete example.
Automated, compositional and iterative deadlock detection
Proceedings. Second ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2004. MEMOCODE '04., 2004
We present an algorithm to detect deadlocks in concurrent message-passing programs. Even though deadlock is inherently non-compositional and its absence is not preserved by standard abstractions, our framework employs both abstraction and compositional reasoning to alleviate the state space explosion problem. We iteratively construct increasingly more precise abstractions on the basis of spurious counterexamples to either detect a deadlock or prove that no deadlock exists. Our approach is inspired by the counterexample-guided abstraction refinement paradigm. However, our notion of abstraction as well as our schemes for verification and abstraction refinement differ in key respects from existing abstraction refinement frameworks. Our algorithm is also compositional in that abstraction, counterexample validation, and refinement are all carried out component-wise and do not require the construction of the complete state space of the concrete system under consideration. Finally, our approach is completely automated and provides diagnostic feedback in case a deadlock is detected. We have implemented our technique in the MAGIC verification tool and present encouraging results (up to 20 times speed-up in time and 4 times less memory consumption) with concurrent message-passing C programs. We also report a bug in the real-time operating system MicroC/OS version 2.70. 0-7803-8509-8
Component-Based Construction of Deadlock-Free Systems
Lecture Notes in Computer Science, 2003
We propose a framework for building deadlock-free systems from deadlock-free components. The framework is based on a methodology for the layered construction of systems by superposing three layers. A layer of components, an interaction model and a restriction layer. The interaction model specifies the possible interactions between components. The restriction layer restricts the behavior of the two lower layers by a global constraint. Layered structuring allows separating three orthogonal aspects in system construction. Apart from its methodological interest it makes technically possible the definition of a unique and powerful associative composition operator. We study sufficient deadlock-freedom conditions for systems built from deadlock-free components and given interaction model and restriction. We also provide a sufficient condition for individual deadlock-freedom of the components of such systems.