Skip to main content
SpringerLink
Log in

From Partial to Global Assume-Guarantee Contracts: Compositional Realizability Analysis in FRET

  • Conference paper
  • First Online:
Formal Methods (FM 2021)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 13047))

Included in the following conference series:

Abstract

Realizability checking refers to the formal procedure that aims to determine whether an implementation exists, always complying to a set of requirements, regardless of the stimuli provided by the system’s environment. Such a check is essential to ensure that the specification does not allow behavior that can force the system to violate safety constraints. In this paper, we present an approach that decomposes realizability checking into smaller, more tractable problems. More specifically, our approach automatically partitions specifications into sets of non-interfering requirements. We prove that checking whether a specification is realizable reduces to checking that each partition is realizable. We have integrated realizability checking and implemented our decomposition approach within the open-source Formal Requirements Elicitation Tool (FRET). A FRET user may check the realizability of a specification monolithically or compositionally. We evaluate our approach by comparing monolithic and compositional checking and showcase the strengths of our decomposition approach on a variety of industrial-level case studies.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 89.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 119.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    CoCoSpec [9] is a contract-based extension of the Lustre synchronous language.

  2. 2.

    Note that output and internal variables are considered state variables.

  3. 3.

    Datasets are available upon request. Please email the authors.

  4. 4.

    We discuss requirements in the original contract notation to make it easy to relate to Gacek et al. [20].

  5. 5.

    For brevity, we omit challenges for which our work did not yield new information. Additional analysis results can be found in a supplementary technical report [33].

  6. 6.

    We have shortened the element names in the requirement to reduce the overall size.

  7. 7.

    SYNTCOMP 2020 benchmarks: https://github.com/SYNTCOMP/benchmarks.

  8. 8.

    The authors provided us with their resulting subspecifications.

References

  1. Consortia for improving medicine within innovation and technology. https://cimit.org/home

  2. Generic infusion pump research project. https://rtg.cis.upenn.edu/gip/

  3. Backes, J., Cofer, D., Miller, S., Whalen, M.W.: Requirements analysis of a quad-redundant flight control system. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 82–96. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17524-9_7

    Chapter  Google Scholar 

  4. Benveniste, A., et al.: Contracts for system design (2018)

    Google Scholar 

  5. Bloem, R., et al.: RATSY – a new requirements analysis tool with synthesis. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 425–429. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14295-6_37

    Chapter  Google Scholar 

  6. Bloem, R., Jobstmann, B., Piterman, N., Pnueli, A., Sa’ar, Y.: Synthesis of reactive (1) designs. J. Comput. Syst. Sci. 78(3), 911–938 (2012)

    Article  MathSciNet  Google Scholar 

  7. Burch, J.R., Clarke, E.M., Long, D.E.: Representing circuits more efficiently in symbolic model checking. In: Proceedings of the 28th ACM/IEEE Design Automation Conference, pp. 403–407. Association for Computing Machinery, New York (1991). https://doi.org/10.1145/127601.127702

  8. Chakraborty, S., Fried, D., Tabajara, L.M., Vardi, M.Y.: Functional synthesis via input-output separation. In: 2018 Formal Methods in Computer Aided Design (FMCAD), pp. 1–9. IEEE (2018)

    Google Scholar 

  9. Champion, A., Gurfinkel, A., Kahsai, T., Tinelli, C.: CoCoSpec: a mode-aware contract language for reactive systems. In: De Nicola, R., Kühn, E. (eds.) SEFM 2016. LNCS, vol. 9763, pp. 347–366. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41591-8_24

    Chapter  Google Scholar 

  10. Champion, A., Mebsout, A., Sticksel, C., Tinelli, C.: The Kind 2 model checker. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016, Part II. LNCS, vol. 9780, pp. 510–517. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6_29

    Chapter  Google Scholar 

  11. Cimatti, A., Roveri, M., Schuppan, V., Tchaltsev, A.: Diagnostic information for realizability. In: Logozzo, F., Peled, D.A., Zuck, L.D. (eds.) VMCAI 2008. LNCS, vol. 4905, pp. 52–67. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78163-9_9

    Chapter  Google Scholar 

  12. Cofer, D., Gacek, A., Miller, S., Whalen, M.W., LaValley, B., Sha, L.: Compositional verification of architectural models. In: Goodloe, A.E., Person, S. (eds.) NFM 2012. LNCS, vol. 7226, pp. 126–140. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28891-3_13

    Chapter  Google Scholar 

  13. Damm, W., Hungar, H., Josko, B., Peikenkamp, T., Stierand, I.: Using contract-based component specifications for virtual integration testing and architecture design. In: 2011 Design, Automation & Test in Europe, pp. 1–6. IEEE (2011)

    Google Scholar 

  14. Ehlers, R., Raman, V.: Slugs: extensible GR(1) synthesis. In: Chaudhuri, S., Farzan, A. (eds.) CAV 2016, Part II. LNCS, vol. 9780, pp. 333–339. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-41540-6_18

    Chapter  Google Scholar 

  15. Elliott, C.: On example models and challenges ahead for the evaluation of complex cyber-physical systems with state of the art formal methods V&V, Lockheed Martin Skunk Works. In: Laboratory, A.F.R. (ed.) Safe & Secure Systems and Software Symposium (S5) (2015)

    Google Scholar 

  16. Elliott, C.: An example set of cyber-physical V&V challenges for S5, Lockheed Martin Skunk Works. In: Laboratory, A.F.R. (ed.) Safe & Secure Systems and Software Symposium (S5) (2016)

    Google Scholar 

  17. Finkbeiner, B., Geier, G., Passing, N.: Specification decomposition for reactive synthesis. In: Dutle, A., Moscato, M.M., Titolo, L., Muñoz, C.A., Perez, I. (eds.) NFM 2021. LNCS, vol. 12673, pp. 113–130. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-76384-8_8

    Chapter  Google Scholar 

  18. Firman, E., Maoz, S., Ringert, J.O.: Performance heuristics for GR (1) synthesis and related algorithms. Acta Informatica 57(1), 37–79 (2020)

    Article  MathSciNet  Google Scholar 

  19. Fisman, D., Kupferman, O., Sheinvald-Faragy, S., Vardi, M.Y.: A framework for inherent vacuity. In: Chockler, H., Hu, A.J. (eds.) HVC 2008. LNCS, vol. 5394, pp. 7–22. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01702-5_7

    Chapter  Google Scholar 

  20. Gacek, A., Katis, A., Whalen, M.W., Backes, J., Cofer, D.: Towards realizability checking of contracts using theories. In: Havelund, K., Holzmann, G., Joshi, R. (eds.) NFM 2015. LNCS, vol. 9058, pp. 173–187. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17524-9_13

    Chapter  Google Scholar 

  21. Geist, D., Beer, I.: Efficient model checking by automated ordering of transition relation partitions. In: Dill, D.L. (ed.) CAV 1994. LNCS, vol. 818, pp. 299–310. Springer, Heidelberg (1994). https://doi.org/10.1007/3-540-58179-0_63

    Chapter  Google Scholar 

  22. Giannakopoulou, D., Katis, A., Mavridou, A., Pressburger, T.: Compositional realizability checking within FRET. NASA Technical Memorandum (March 2021). https://ti.arc.nasa.gov/publications/20210013008/download/, 32 p

  23. Giannakopoulou, D., Pressburger, T., Mavridou, A., Rhein, J., Schumann, J., Shi, N.: Formal requirements elicitation with FRET. In: Joint Proceedings of REFSQ-2020 Workshops, Doctoral Symposium, Live Studies Track, and Poster Track co-located with the 26th International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2020), Pisa, Italy, March 24, 2020. CEUR Workshop Proceedings, vol. 2584. CEUR-WS.org (2020). http://ceur-ws.org/Vol-2584/PT-paper4.pdf

  24. Giannakopoulou, D., Pressburger, T., Mavridou, A., Schumann, J.: Automated formalization of structured natural language requirements. Inf. Softw. Technol. 137, 106590 (2021). https://doi.org/10.1016/j.infsof.2021.106590, https://www.sciencedirect.com/science/article/pii/S0950584921000707

  25. Hopcroft, J., Tarjan, R.: Algorithm 447: efficient algorithms for graph manipulation. Commun. ACM 16(6), 372–378 (1973)

    Article  Google Scholar 

  26. Hueschen, R.M.: Development of the transport class model (TCM) aircraft simulation from a sub-scale generic transport model (GTM) simulation (2011)

    Google Scholar 

  27. Jacobs, S., et al.: The first reactive synthesis competition (syntcomp 2014). Int. J. Softw. Tools Technol. Transf. 19(3), 367–390 (2017)

    Article  Google Scholar 

  28. John, A.K., Shah, S., Chakraborty, S., Trivedi, A., Akshay, S.: Skolem functions for factored formulas. In: 2015 Formal Methods in Computer-Aided Design (FMCAD), pp. 73–80. IEEE (2015)

    Google Scholar 

  29. Katis, A., et al.: Validity-guided synthesis of reactive systems from assume-guarantee contracts. In: Beyer, D., Huisman, M. (eds.) TACAS 2018, Part II. LNCS, vol. 10806, pp. 176–193. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89963-3_10

    Chapter  Google Scholar 

  30. Katis, A., Gacek, A., Whalen, M.W.: Towards synthesis from assume-guarantee contracts involving infinite theories: a preliminary report. In: 4th International Conference on Formal Methods in Software Engineering (FormaliSE), pp. 36–41. IEEE (2016)

    Google Scholar 

  31. Klein, U., Pnueli, A.: Revisiting synthesis of GR(1) specifications. In: Barner, S., Harris, I., Kroening, D., Raz, O. (eds.) HVC 2010. LNCS, vol. 6504, pp. 161–181. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19583-9_16

    Chapter  Google Scholar 

  32. Könighofer, R., Hofferek, G., Bloem, R.: Debugging formal specifications: a practical approach using model-based diagnosis and counterstrategies. Int. J. Softw. Tools Technol. Transf. 15(5–6), 563–583 (2013)

    Article  Google Scholar 

  33. Kooi, D., Mavridou, A.: Integrating realizability checking in FRET. NASA Technical Memorandum (June 2019). https://ntrs.nasa.gov/api/citations/20190033980/downloads/20190033980.pdf, 28 p

  34. Langenfeld, V., Dietsch, D., Westphal, B., Hoenicke, J., Post, A.: Scalable analysis of real-time requirements. In: 2019 IEEE 27th International Requirements Engineering Conference (RE), pp. 234–244 (2019). https://doi.org/10.1109/RE.2019.00033

  35. Lúcio, L., Rahman, S., Cheng, C.-H., Mavin, A.: Just formal enough? Automated analysis of EARS requirements. In: Barrett, C., Davies, M., Kahsai, T. (eds.) NFM 2017. LNCS, vol. 10227, pp. 427–434. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-57288-8_31

    Chapter  Google Scholar 

  36. Maoz, S., Ringert, J.O.: On well-separation of GR (1) specifications. In: Proceedings of the 2016 24th ACM SIGSOFT International Symposium on Foundations of Software Engineering, pp. 362–372 (2016)

    Google Scholar 

  37. Maoz, S., Ringert, J.O.: Spectra: a specification language for reactive systems. arXiv preprint arXiv:1904.06668 (2019)

  38. Maoz, S., Shalom, R.: Inherent vacuity for GR (1) specifications. In: Proceedings of the 28th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 99–110 (2020)

    Google Scholar 

  39. Maoz, S., Shalom, R.: Unrealizable cores for reactive systems specifications. In: 2021 IEEE/ACM 43rd International Conference on Software Engineering (ICSE), pp. 25–36. IEEE (2021)

    Google Scholar 

  40. Mavridou, A., Bourbouh, H., Garoche, P.L., Giannakopoulou, D., Pressburger, T., Schumann, J.: Bridging the gap between requirements and simulink model analysis. In: Joint Proceedings of REFSQ-2020 Workshops, Doctoral Symposium, Live Studies Track, and Poster Track co-located with the 26th International Conference on Requirements Engineering: Foundation for Software Quality (REFSQ 2020), Pisa, Italy, March 24, 2020. CEUR Workshop Proceedings, vol. 2584. CEUR-WS.org (2020). http://ceur-ws.org/Vol-2584/PT-paper9.pdf

  41. Mavridou, A., Bourbouh, H., Garoche, P.L., Hejase, M.: Evaluation of the FRET and CoCoSim tools on the ten Lockheed Martin cyber-physical challenge problems. Tech. rep., NASA (October 2019). 84 p

    Google Scholar 

  42. Mavridou, A., et al.: The ten Lockheed Martin cyber-physical challenges: formalized, analyzed, and explained. In: Proceedings of the 2020 28th IEEE International Requirements Engineering Conference (2020)

    Google Scholar 

  43. Mohajerani, S., Malik, R., Fabian, M.: A framework for compositional synthesis of modular nonblocking supervisors. IEEE Trans. Autom. Control 59(1), 150–162 (2013)

    Article  MathSciNet  Google Scholar 

  44. Mohajerani, S., Malik, R., Fabian, M.: Compositional synthesis of supervisors in the form of state machines and state maps. Automatica 76, 277–281 (2017)

    Article  MathSciNet  Google Scholar 

  45. Murugesan, A., Sokolsky, O., Rayadurgam, S., Whalen, M., Heimdahl, M., Lee, I.: Linking abstract analysis to concrete design: a hierarchical approach to verify medical CPS safety. In: Proceedings of ICCPS 2014 (April 2014)

    Google Scholar 

  46. Murugesan, A., Whalen, M.W., Rayadurgam, S., Heimdahl, M.P.: Compositional verification of a medical device system. In: ACM International Conference on High Integrity Language Technology (HILT) 2013. ACM (November 2013)

    Google Scholar 

  47. Nejati, S., Gaaloul, K., Menghi, C., Briand, L.C., Foster, S., Wolfe, D.: Evaluating model testing and model checking for finding requirements violations in Simulink models. In: Proceedings of the 2019 27th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of Software Engineering, pp. 1015–1025 (2019)

    Google Scholar 

  48. Pan, G., Vardi, M.Y.: Symbolic techniques in satisfiability solving. In: Giunchiglia, E., Walsh, T. (eds.) SAT 2005. Springer, Dordrecht (2005). https://doi.org/10.1007/978-1-4020-5571-3_3

  49. Piterman, N., Pnueli, A., Sa’ar, Y.: Synthesis of reactive(1) designs. In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 364–380. Springer, Heidelberg (2005). https://doi.org/10.1007/11609773_24

    Chapter  Google Scholar 

  50. Pnueli, A., Rosner, R.: On the synthesis of a reactive module. In: Proceedings of the 16th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, pp. 179–190. ACM (1989)

    Google Scholar 

  51. Post, A., Hoenicke, J., Podelski, A.: rt-inconsistency: a new property for real-time requirements. In: Giannakopoulou, D., Orejas, F. (eds.) FASE 2011. LNCS, vol. 6603, pp. 34–49. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19811-3_4

    Chapter  Google Scholar 

  52. Roth, S.: Erweiterte Konsistenzanalyse für Anforderune (Checking Extended Consistency for Requirements). Master’s thesis, Karlsruhe Institute of Technology (2011). see Section 3.2

    Google Scholar 

  53. Ryzhyk, L., Chubb, P., Kuz, I., Le Sueur, E., Heiser, G.: Automatic device driver synthesis with termite. In: Proceedings of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, pp. 73–86. ACM (2009)

    Google Scholar 

  54. Skiena, S.S.: The Algorithm Design Manual: Text, vol. 1. Springer, Heidelberg (1998). https://doi.org/10.1007/978-1-84800-070-4

    Book  MATH  Google Scholar 

  55. Stachtiari, E., Mavridou, A., Katsaros, P., Bliudze, S., Sifakis, J.: Early validation of system requirements and design through correctness-by-construction. J. Syst. Softw. 145, 52–78 (2018)

    Article  Google Scholar 

  56. Tabajara, L.M., Vardi, M.Y.: Factored Boolean functional synthesis. In: 2017 Formal Methods in Computer Aided Design (FMCAD), pp. 124–131. IEEE (2017)

    Google Scholar 

  57. Zeller, A., Hildebrandt, R.: Simplifying and isolating failure-inducing input. IEEE Trans. Softw. Eng. 28(2), 183–200 (2002)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. KBR, NASA Ames Research Center, Moffett Field, CA, USA

    Anastasia Mavridou & Andreas Katis

  2. NASA Ames Research Center, Moffett Field, CA, USA

    Dimitra Giannakopoulou & Thomas Pressburger

  3. University of California, Santa Cruz, CA, USA

    David Kooi

  4. University of Minnesota, Minneapolis, MN, USA

    Michael W. Whalen

Authors
  1. Anastasia Mavridou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andreas Katis
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dimitra Giannakopoulou
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. David Kooi
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Thomas Pressburger
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Michael W. Whalen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anastasia Mavridou .

Editor information

Editors and Affiliations

  1. University of Twente, Enschede, The Netherlands

    Marieke Huisman

  2. NASA Ames Research Center, Moffett Field, CA, USA

    Corina Păsăreanu

  3. Institute of Software, Chinese Academy of Sciences, Beijing, China

    Naijun Zhan

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Mavridou, A., Katis, A., Giannakopoulou, D., Kooi, D., Pressburger, T., Whalen, M.W. (2021). From Partial to Global Assume-Guarantee Contracts: Compositional Realizability Analysis in FRET. In: Huisman, M., Păsăreanu, C., Zhan, N. (eds) Formal Methods. FM 2021. Lecture Notes in Computer Science(), vol 13047. Springer, Cham. https://doi.org/10.1007/978-3-030-90870-6_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-90870-6_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-90869-0

  • Online ISBN: 978-3-030-90870-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation