research-article

Breaking up is hard to do: An evaluation of automated assume-guarantee reasoning

Authors:

Jamieson M. Cobleigh,

George S. Avrunin,

Lori A. ClarkeAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 17, Issue 2

Article No.: 7, Pages 1 - 52

https://doi.org/10.1145/1348250.1348253

Published: 05 May 2008 Publication History

Abstract

Finite-state verification techniques are often hampered by the state-explosion problem. One proposed approach for addressing this problem is assume-guarantee reasoning, where a system under analysis is partitioned into subsystems and these subsystems are analyzed individually. By composing the results of these analyses, it can be determined whether or not the system satisfies a property. Because each subsystem is smaller than the whole system, analyzing each subsystem individually may reduce the overall cost of verification. Often the behavior of a subsystem is dependent on the subsystems with which it interacts, and thus it is usually necessary to provide assumptions about the environment in which a subsystem executes. Because developing assumptions has been a difficult manual task, the evaluation of assume-guarantee reasoning has been limited. Using recent advances for automatically generating assumptions, we undertook a study to determine if assume-guarantee reasoning provides an advantage over monolithic verification. In this study, we considered all two-way decompositions for a set of systems and properties, using two different verifiers, FLAVERS and LTSA. By increasing the number of repeated tasks in these systems, we evaluated the decompositions as they were scaled. We found that in only a few cases can assume-guarantee reasoning verify properties on larger systems than monolithic verification can, and in these cases the systems that can be analyzed are only a few sizes larger. Although these results are discouraging, they provide insight about research directions that should be pursued and highlight the importance of experimental evaluation in this area.

References

[1]

Abadi, M. and Lamport, L. 1995. Conjoining specifications. ACM Trans. Prog. Lang. Syst. 17, 3, 507--534.

Digital Library

[2]

Agrawal, R., Imielinski, T., and Swami, A. N. 1993. Mining association rules between sets of items in large database. In Proceedings of the ACM SIGMOD International Conference on Management of Data. 207--216.

Digital Library

[3]

Alur, R., Henzinger, T. A., Mang, F. Y. C., Qadeer, S., Rajamani, S. K., and Tasiran, S. 1998. MOCHA: Modularity in model checking. In Proceedings of the 10th International Conference on Computer-Aided Verification. A. J. Hu and M. Y. Vardi, Eds. Lecture Notes in Computer Science, vol. 1427. 521--525.

Digital Library

[4]

Alur, R., Madhusudan, P., and Nam, W. 2005. Symbolic compositional verification by learning assumptions. In Proceedings of the 17th International Conference on Computer-Aided Verification. K. Etessami and S. K. Rajamani, Eds. Lecture Notes in Computer Science, vol. 3576. 548--562.

Digital Library

[5]

Andrews, T., Qadeer, S., Rajamani, S. K., and Xie, Y. 2004. Zing: Exploiting program structure for model checking concurrent software. In Proceedings of the 15th International Conference on Concurrency Theory. P. Gardner and N. Yoshida, Eds. Lecture Notes in Computer Science, vol. 3170. 1--15.

[6]

Angluin, D. 1987. Learning regular sets from queries and counterexamples. Inform. Computa. 75, 2, 87--106.

Digital Library

[7]

Avrunin, G. S., Corbett, J. C., and Dwyer, M. B. 2000. Benchmarking finite-state verifiers. Int. J. Softw. Tools Tech. Trans. 2, 4, 317--320.

[8]

Avrunin, G. S., Corbett, J. C., Dwyer, M. B., Păsăreanu, C. S., and Siegel, S. F. 1999. Comparing finite-state verification techniques for concurrent software. Tech Rep. 99-69, Department of Computer Science, University of Massachusetts.

Digital Library

[9]

Barringer, H., Giannakopoulou, D., and Păsăreanu, C. S. 2003. Proof rules for automated compositional verification through learning. In Proceedings of the 2nd Workshop on Specification and Verification of Component-Based Systems. 14--21.

[10]

Berry, G. and Boudol, G. 1992. The chemical abstract machine. Theor. Comput. Sci. 96, 1, 217--248.

Digital Library

[11]

Brat, G., Denney, E., Giannakopoulou, D., Frank, J., and Jónsson, A. 2006. Verification of autonomous systems for space applications. In Proceedings of the IEEE Aerospace Conference.

[12]

Chaki, S., Clarke, E., Giannakopoulou, D., and Păsăreanu, C. S. 2004. Abstraction and assume-guarantee reasoning for automated software verification. Tech. Rep. 05.02, Research Institute for Advanced Computer Science.

[13]

Chaki, S., Clarke, E. M., Sinha, N., and Thati, P. 2005. Automated assume-guarantee reasoning for simulation conformance. In Proceedings of the 17th International Conference on Computer-Aided Verification. K. Etessami and S. K. Rajamani, Eds. Lecture Notes in Computer Science, vol. 3576. 534--547.

Digital Library

[14]

Chaki, S. and Strichman, O. 2007. Optimized L&ast;-based assume-guarantee reasoning. In Proceedings of the 13th International Conference on Tools and Algorithms for the Construction and Analysis of Sytems. O. Grumberg and M. Huth, Eds. Lecture Notes in Computer Science, vol. 4424. 276--291.

Digital Library

[15]

Chatley, R., Eisenbach, S., and Magee, J. 2004. MagicBeans: a platform for deploying plugin components. In Proceedings of the 2nd International Working Conference on Component Development. W. Emmerich and A. L. Wolf, Eds. Lecture Notes in Computer Science, vol. 3083. 97--112.

[16]

Cheung, S.-C. and Kramer, J. 1996. Context constraints for compositional reachability analysis. ACM Trans. Softw. Engin. Method. 5, 4, 334--377.

Digital Library

[17]

Cimatti, A., Clarke, E. M., Giunchiglia, E., Giunchiglia, F., Pistore, M., Roveri, M., Sebastiani, R., and Tacchella, A. 2002. NuSMV 2: An opensource tool for symbolic model checking. In Proceedings of the 14th International Conference on Computer-Aided Verification. E. Brinksma and K. G. Larsen, Eds. Lecture Notes in Computer Science, vol. 2404. 359--364.

Digital Library

[18]

Clarke, E. M., Grumberg, O., Jha, S., Lu, Y., and Veith, H. 2000. Counterexample-guided abstraction refinement. In Proceedings of the 12th International Conference on Computer-Aided Verification. E. A. Emerson and A. P. Sistla, Eds. Lecture Notes in Computer Science, vol. 1855. 154--169.

Digital Library

[19]

Cobleigh, J. M. 2007. Automating and evaluating assume-guarantee reasoning. Ph.D. thesis, University of Massachusetts, Amherst.

Digital Library

[20]

Cobleigh, J. M., Giannakopoulou, D., and Păsăreanu, C. S. 2003. Learning assumptions for compositional verification. In Proceedings of the 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems. H. Garavel and J. Hatcliff, Eds. Lecture Notes in Computer Science, vol. 2619. 331--346.

Digital Library

[21]

Corbett, J. C. and Avrunin, G. S. 1995. Using integer programming to verify general safety and liveness properties. Form. Meth. Syst. Des. 6, 1, 97--123.

Digital Library

[22]

de la Riva, C. and Tuya, J. 2004. Modular model checking of software specifications with simultaneous environment generation. In Proceedings of the 2nd International Conference on Automated Technology for Verification and Analysis. F. Wang, Ed. Lecture Notes in Computer Science, vol. 3299. 369--383.

[23]

de la Riva, C., Tuya, J., and de Diego, J. R. 2001. Modular model checking of SA/RT models using association rules. In Proceedings of the 1st International Workshop on Model-Based Requirements Engineering. 61--68.

[24]

Dwyer, M. B., Clarke, L. A., Cobleigh, J. M., and Naumovich, G. 2004. Flow analysis for verifying properties of concurrent software systems. ACM Trans. Softw. Engin. Method. 13, 4, 359--430.

Digital Library

[25]

Flanagan, C., Freund, S. N., Qadeer, S., and Seshia, S. A. 2005. Modular verification of multithreaded programs. Theor. Comput. Sci. 338, 1--3, 153--183.

Digital Library

[26]

Flanagan, C. and Qadeer, S. 2003. Thread-modular model checking. In Proceedings of the 10th SPIN Workshop. T. Ball and S. K. Rajamani, Eds. Lecture Notes in Computer Science, vol. 2648. 213--224.

Digital Library

[27]

Fournet, C., Hoare, T., Rajamani, S. K., and Rehof, J. 2004. Stuck-free conformance. In Proceedings of the 16th International Conference on Computer-Aided Verification. R. Alur and D. Peled, Eds. Lecture Notes in Computer Science, vol. 3114. 242--254.

[28]

Gheorghiu, M., Giannakopoulou, D., and Păsăreanu., C. S. 2007. Refining interface alphabets for compositional verification. In Proceedings of the 13th International Conference on Tools and Algorithms for the Construction and Analysis of Systems. O. Grumberg and M. Huth, Eds. Lecture Notes in Computer Science, vol. 4424. 292--307.

Digital Library

[29]

Giannakopoulou, D., Kramer, J., and Cheung, S.-C. 1999. Behaviour analysis of distributed systems using the Tracta approach. Automat. Softw. Engin. 6, 1, 7--35.

Digital Library

[30]

Giannakopoulou, D. and Păsăreanu, C. S. 2005. Learning-based assume-guarantee verification. In Proceedings of the 12th SPIN Workshop. P. Godefroid, Ed. Lecture Notes in Computer Science, vol. 3639. 282--287.

Digital Library

[31]

Giannakopoulou, D., Păsăreanu, C. S., and Barringer, H. 2002. Assumption generation for software component verification. In Proceedings of the 17th IEEE International Conference on Automated Software Engineering. 3--12.

Digital Library

[32]

Groce, A., Peled, D., and Yannakakis, M. 2002. Adaptive model checking. In Proceedings of the 8th International Conference on Tools and Algorithms for the Construction and Analysis of Systems. J.-P. Katoen and P. Stevens, Eds. Lecture Notes in Computer Science, vol. 2280. 357--370.

Digital Library

[33]

Grumberg, O. and Long, D. E. 1994. Model checking and modular verification. ACM Trans. Program. Lang. Syst. 16, 3, 843--871.

Digital Library

[34]

Harel, D., Lachover, H., Naamad, A., Pnueli, A., Politi, M., Sherman, R., Shtul-Trauring, A., and Trakhtenbrot, M. 1990. STATEMATE: A working environment for the development of complex reactive systems. IEEE Trans. Softw. Engin. 16, 4, 403--414.

Digital Library

[35]

Helmbold, D. and Luckham, D. 1985. Debugging Ada tasking programs. IEEE Softw. 2, 2, 47--57.

Digital Library

[36]

Henzinger, T. A., Jhala, R., Majumdar, R., and Qadeer, S. 2003. Thread-modular abstraction refinement. In Proceedings of the 15th International Conference on Computer-Aided Verification. W. A. Hunt, Jr. and F. Somenzi, Eds. Lecture Notes in Computer Science, vol. 2725. 262--274.

[37]

Henzinger, T. A., Jhala, R., Majumdar, R., and Sutre, G. 2002. Lazy abstraction. In Proceedings of the 29th ACM Symposium on Principles of Programming Languages. 58--70.

Digital Library

[38]

Henzinger, T. A., Qadeer, S., and Rajamani, S. K. 1998. You assume, we guarantee: Methodology and case studies. In Proceedings of the 10th International Conference on Computer-Aided Verification. A. J. Hu and M. Y. Vardi, Eds. Lecture Notes in Computer Science, vol. 1427. 440--451.

Digital Library

[39]

Hoare, C. A. R. 1969. An axiomatic basis for computer programming. Commu. ACM 12, 10, 576--580.

Digital Library

[40]

Inverardi, P., Wolf, A. L., and Yankelevich, D. 2000. Static checking of system behaviors using derived component assumptions. ACM Trans. Softw. Engin. Method. 9, 3, 239--272.

Digital Library

[41]

Jeffords, R. D. and Heitmeyer, C. L. 2003. A strategy for efficiently verifying requirements. In Proceedings of the 9th European Software Engineering Conference and the 11th ACM SIGSOFT Symposium on the Foundations of Software Engineering. 28--37.

Digital Library

[42]

Jones, C. B. 1983. Specification and design of (parallel) programs. In Proceedings of the IFIP 9th World Congress, R. Mason, Ed. IFIP: North Holland, 321--332.

[43]

Keller, R. K., Cameron, M., Taylor, R. N., and Troup, D. B. 1991. User interface development and software environments: The Chiron-1 system. In Proceedings of the 13th International Conference on Software Engineering. 208--218.

Digital Library

[44]

Magee, J. and Kramer, J. 1999. Concurrency: State Models & Java Programs. John Wiley & Sons.

Digital Library

[45]

McMillan, K. L. 1993. Symbolic Model Checking. Kluwer Academic Publishers.

Digital Library

[46]

McMillan, K. L. 1998. Verification of an implementation of Tomasulo's algorithm by compositional model checking. In Proceedings of the 10th International Conference on Computer-Aided Verification. A. J. Hu and M. Y. Vardi. Eds. Lecture Notes in Computer Science, vol. 1427. 110--121.

Digital Library

[47]

Milner, R. 1989. Communication and Concurrency. Prentice-Hall.

Digital Library

[48]

Naumovich, G. and Avrunin, G. S. 1998. A conservative data flow algorithm for detecting all pairs of statements that may happen in parallel. In Proceedings of the 6th ACM SIGSOFT Symposium on the Foundations of Software Engineering. 24--34.

Digital Library

[49]

Olender, K. M. and Osterweil, L. J. 1992. Interprocedural static analysis of sequencing constraints. ACM Trans. Softw. Engin. Method. 1, 1, 21--52.

Digital Library

[50]

Păsăreanu, C. S., Dwyer, M. B., and Huth, M. 1999. Assume-guarantee model checking of software: A comparative case study. In Theoretical and Practical Aspects of SPIN Model Checking. D. Dams, R. Gerth, S. Leue, and M. Massink, Eds. Lecture Notes in Computer Science, vol. 1680. 168--183.

Digital Library

[51]

Patil, S. S. 1971. Limitations and capabilities of Dijktra's semaphore primitives for coordination among processes. Computational Structures Group Memo 57, Project MAC.

[52]

Peterson, G. L. 1981. Myths about the mutual exclusion problem. Inform. Process. Lett. 12, 3 (June), 115--116.

[53]

Pnueli, A. 1984. In transition from global to modular temporal reasoning about programs. In Logics and Models of Concurrent Systems, K. R. Apt, Ed. NATO ASI, vol. 13. Springer-Verlag, 123--144.

Digital Library

[54]

Rivest, R. L. and Schapire, R. E. 1993. Inference of finite automata using homing sequences. Inform. Computa. 103, 2, 299--347.

Digital Library

[55]

Shurek, G. and Grumberg, O. 1990. The modular framework of computer-aided verification. In Proceedings of the 2nd International Workshop on Computer-Aided Verification. E. M. Clarke and R. P. Kurshan, Eds. Lecture Notes in Computer Science, vol. 531. 214--223.

Digital Library

[56]

Siegel, S. F. and Avrunin, G. S. 2002. Improving the precision of INCA by eliminating solutions with spurious cycles. IEEE Trans. Softw. Engin. 28, 2, 115--128.

Digital Library

[57]

Taylor, R. N., Belz, F. C., Clarke, L. A., Osterweil, L. J., Selby, R. W., Wileden, J. C., Wolf, A. L., and Young, M. 1988. Foundations for the Arcadia environment architecture. In Proceedings of the ACM SIGSOFT/SIGPLAN Software Engineering Symposium on Practical Software Development Environments. 1--13.

Digital Library

[58]

Tkachuk, O., Dwyer, M. B., and Păsăreanu, C. 2003. Automated environment generation for software model checking. In Proceedings of the 18th IEEE International Conference on Automated Software Engineering. 116--129.

[59]

Yeh, W. J. and Young, M. 1991. Compositional reachability analysis using process algebra. In Proceedings of the 1991 Symposium on Testing, Analysis, and Verification. 49--59.

Digital Library

Cited By

Witharana HChatterjee DMishra P(2024)Verifying Memory Confidentiality and Integrity of Intel TDX Trusted Execution Environments2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545349(44-54)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545349
Nejati FGhani AYap NJafaar A(2021)Handling State Space Explosion in Component-Based Software Verification: A ReviewIEEE Access10.1109/ACCESS.2021.30817429(77526-77544)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3081742
Yang CLiang PAvgeriou PAli SGarousi V(2019)Integrating Agile Practices into Architectural Assumption ManagementProceedings of the 23rd International Conference on Evaluation and Assessment in Software Engineering10.1145/3319008.3319027(156-165)Online publication date: 15-Apr-2019
https://dl.acm.org/doi/10.1145/3319008.3319027
Show More Cited By

Index Terms

Breaking up is hard to do: An evaluation of automated assume-guarantee reasoning
1. Software and its engineering
  1. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Model checking
2. Theory of computation
  1. Logic
    1. Verification by model checking

Recommendations

Breaking up is hard to do: an investigation of decomposition for assume-guarantee reasoning
ISSTA '06: Proceedings of the 2006 international symposium on Software testing and analysis

Finite-state verification techniques are often hampered by the stateexplosion problem. One proposed approach for addressing this problem is assume-guarantee reasoning. Using recent advances in assume-guarantee reasoning that automatically generate ...
Symbolic assume-guarantee reasoning through BDD learning
ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Both symbolic model checking and assume-guarantee reasoning aim to circumvent the state explosion problem. Symbolic model checking explores many states simultaneously and reports numerous erroneous traces. Automated assume-guarantee reasoning, on the ...
Automatic symbolic compositional verification by learning assumptions

Compositional reasoning aims to improve scalability of verification tools by reducing the original verification task into subproblems. The simplification is typically based on assume-guarantee reasoning principles, and requires user guidance to identify ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 17, Issue 2

April 2008

207 pages

ISSN:1049-331X

EISSN:1557-7392

DOI:10.1145/1348250

Issue’s Table of Contents

Copyright © 2008 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 05 May 2008

Accepted: 01 October 2007

Revised: 01 August 2007

Received: 01 April 2007

Published in TOSEM Volume 17, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tag

Assume-guarantee reasoning

Qualifiers

Research-article
Research
Refereed

Funding Sources

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

53
Total Citations
View Citations
771
Total Downloads

Downloads (Last 12 months)20
Downloads (Last 6 weeks)2

Reflects downloads up to 07 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Witharana HChatterjee DMishra P(2024)Verifying Memory Confidentiality and Integrity of Intel TDX Trusted Execution Environments2024 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)10.1109/HOST55342.2024.10545349(44-54)Online publication date: 6-May-2024
https://doi.org/10.1109/HOST55342.2024.10545349
Nejati FGhani AYap NJafaar A(2021)Handling State Space Explosion in Component-Based Software Verification: A ReviewIEEE Access10.1109/ACCESS.2021.30817429(77526-77544)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3081742
Yang CLiang PAvgeriou PAli SGarousi V(2019)Integrating Agile Practices into Architectural Assumption ManagementProceedings of the 23rd International Conference on Evaluation and Assessment in Software Engineering10.1145/3319008.3319027(156-165)Online publication date: 15-Apr-2019
https://dl.acm.org/doi/10.1145/3319008.3319027
Han XTang TLv J(2019)A hierarchical verification approach to verify complex safety control systems based on STAMPScience of Computer Programming10.1016/j.scico.2018.11.006172(117-134)Online publication date: Mar-2019
https://doi.org/10.1016/j.scico.2018.11.006
Abbasi RGhassemi FKhosravi R(2019)Verification of asynchronous systems with an unspecified componentActa Informatica10.1007/s00236-018-0317-x56:2(161-203)Online publication date: 1-Mar-2019
https://dl.acm.org/doi/10.1007/s00236-018-0317-x
Yang CLiang PAvgeriou P(2018)Assumptions and their management in software developmentInformation and Software Technology10.5555/3163583.316368094:C(82-110)Online publication date: 1-Feb-2018
https://dl.acm.org/doi/10.5555/3163583.3163680
Kim DChoi Y(2018)A two-step approach for pattern-based API-call constraint checkingScience of Computer Programming10.1016/j.scico.2018.04.001163(19-41)Online publication date: Oct-2018
https://doi.org/10.1016/j.scico.2018.04.001
Stachtiari EMavridou AKatsaros PBliudze SSifakis J(2018)Early validation of system requirements and design through correctness-by-constructionJournal of Systems and Software10.1016/j.jss.2018.07.053145(52-78)Online publication date: Nov-2018
https://doi.org/10.1016/j.jss.2018.07.053
Broy M(2018)Theory and methodology of assumption/commitment based system interface specification and architectural contractsFormal Methods in System Design10.1007/s10703-017-0304-952:1(33-87)Online publication date: 1-Feb-2018
https://dl.acm.org/doi/10.1007/s10703-017-0304-9
Westman JNyberg M(2018)Conditions of contracts for separating responsibilities in heterogeneous systemsFormal Methods in System Design10.1007/s10703-017-0294-752:2(147-192)Online publication date: 1-Apr-2018
https://dl.acm.org/doi/10.1007/s10703-017-0294-7
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents