research-article

On the completeness of compositional reasoning methods

Authors:

Kedar S. Namjoshi,

Richard J. TreflerAuthors Info & Claims

ACM Transactions on Computational Logic (TOCL), Volume 11, Issue 3

Article No.: 16, Pages 1 - 22

https://doi.org/10.1145/1740582.1740584

Published: 18 May 2010 Publication History

Abstract

Hardware systems and reactive software systems can be described as the composition of several concurrently active processes. Automated reasoning based on model checking algorithms can substantially increase confidence in the overall reliability of a system. Direct methods for model checking a concurrent composition, however, usually suffer from the explosion in the number of program states that arises from concurrency. Reasoning compositionally about individual processes helps mitigate this problem. A number of rules have been proposed for compositional reasoning, typically based on an assume-guarantee reasoning paradigm. Reasoning with these rules can be delicate, as some are syntactically circular in nature, in that assumptions and guarantees are mutually dependent. This is known to be a source of unsoundness. In this article, we investigate rules for compositional reasoning from the viewpoint of completeness. We show that several rules are incomplete: that is, there are properties whose validity cannot be established using (only) these rules. We derive a new, circular, reasoning rule and show it to be sound and complete. We show that the auxiliary assertions needed for completeness need be defined only on the interface of the component processes. We also show that the two main paradigms of circular and noncircular reasoning are closely related, in that a proof of one type can be transformed in a straightforward manner to one of the other type. These results give some insight into the applicability of compositional reasoning methods.

References

[1]

Abadi, M. and Lamport, L. 1995. Conjoining specifications. ACM Trans. Programm. Lang. Syst. 17, 3 (May), 507--535.

Digital Library

[2]

Alur, R. and Henzinger, T. 1996. Reactive modules. In Proceedings of IEEE LICS. 207--218.

Digital Library

[3]

Alur, R., Madhusudan, P., and Nam, V. 2005. Symbolic compositional verification by learning assumptions. In Proceedings of the 17th International Conference on Computer Aided Verification (CAV).

Digital Library

[4]

Amla, N., Emerson, E. A., Namjoshi, K. S., and Trefler, R. J. 2001. Assume-guarantee based compositional reasoning for synchronous timing diagrams. In Proceedings of the 2001 European Joint Conferences on Theory and Practice of Software, Tools and Algorithms for the Construction and Analysis of Systems.

Digital Library

[5]

Amla, N., Emerson, E. A., Namjoshi, K. S., and Trefler, R. J. 2002. Visual specifications for modular reasoning about asynchronous systems. In Proceedings of the IFIP TC6 WG 6.1 Joint International Conference on Formal Techniques for Networked and Distributed Systems.

Digital Library

[6]

Amla, N., Emerson, E. A., Namjoshi, K. S., and Trefler, R. J. 2003. Abstract patterns of compositional reasoning. In Proceedings of the 14th International Conference on Concurrency Theory (CONCUR).

[7]

Barringer, H., Giannakopoulou, D., and Păsăreanu, C. 2003. Proof rules for automated compositional verification through learning. In Proceedings of the Second Workshop on Specification and Verification of Component-Based Systems.

[8]

Blundell, C., Giannakopoulou, D., and Păsăreanu, C. 2005. Assume-guarantee testing. In Proceedings of the Workshop on Specification and Verification of Component-Based Systems.

Digital Library

[9]

Chaki, S., Clarke, E. M., Sinha, N., and Thati, P. 2005. Automated assume-guarantee reasoning for simulation conformance. In Proceedings of the Conference on Computer Aided Verification. Lecture Notes in Computer Science, vol. 3576. Springer, Berlin, Germany, 534--547.

Digital Library

[10]

Chaki, S. and Sinha, N. 2006. Assume-guarantee reasoning for deadlock. In Proceedings of the Conference on Formal Methods in Computer-Aided Design. 134--144.

Digital Library

[11]

Clarke, E., Emerson, E., and Sistla, A. 1986. Automatic verification of finite-state concurrent systems using temporal logic. ACM Trans. Program. Lang. Syst. 8, 2(Apr.), 244--263.

Digital Library

[12]

Clarke, E. and Emerson, E. A. 1981. Design and synthesis of synchronization skeletons using branching time temporal logic. In Proceedings of the Workshop on Logics of Programs.

Digital Library

[13]

Clarke, E., Long, D., and McMillan, K. 1989. Compositional model checking. In Proceedings of the IEEE LICS.

Digital Library

[14]

Cobleigh, J. M., Giannakopoulou, D., and Păsăreanu, C. S. 2003. Learning assumptions for compositional verification. In Proceedings of the European Joint Conferences on Theory and Practice of Software, Tools and Algorithms for the Construction and Analysis of Systems.

Digital Library

[15]

de Roever, W.-P., de Boer, F., Hannemann, U., Hooman, J., Lakhnech, Y., Poel, M., and Zwiers, J. 2001. Concurrency Verification: Introduction to Compositional and Noncompositional Proof Methods. Cambridge University Press, Cambridge, U.K.

Digital Library

[16]

de Roever, W.-P., Langmaack, H., and Pnueli, A., Eds. 1997. Compositionality: The Significant Difference. Lecture Notes in Computer Science, vol. 1536. Springer, Berlin, Germany.

Digital Library

[17]

Gabbay, D. M., Pnueli, A., Shelah, S., and Stavi, J. 1980. On the temporal basis of fairness. In Proceedings of POPL. 163--173.

Digital Library

[18]

Grümberg, O. and Long, D. 1994. Model checking and modular verification. ACM Trans. Program. Lang. Syst. 16, 3(May), 843--871.

Digital Library

[19]

Hoare, C. 1969. An axiomatic basis for computer programming. Commun. ACM 12, 10(Oct.), 576--580.

Digital Library

[20]

Jones, C. 1981. Development methods for computer programs including a notion of interference. Ph.D. dissertation, Oxford University, Oxford, U.K.

[21]

Josko, B. 1987. Model checking of CTL formulae under liveness assumptions. In Proceedings of ICALP 280--289.

Digital Library

[22]

Kurshan, R. 1988. Reducibility in analysis of coordination. In Discrete Event Systems: Models and Applications. Lecture Notes in Control and Information Sciences, vol. 103. Springer, Berlin, Germany, 19--39.

[23]

Lamport, L. 1977. Proving the correctness of multiprocess programs. IEEE Trans. Softw. Eng. 3, 2(Mar.), 125--143.

Digital Library

[24]

Lichtenstein, O., Pnueli, A., and Zuck, L. 1985. The glory of the past. In Proceedings of the Conference on Logics of Programs.

Digital Library

[25]

Manna, Z. and Pnueli, A. 1995. Temporal Verification of Reactive Systems: Safety. Springer-Verlag, Berlin, Germany.

Digital Library

[26]

McMillan, K. 1997. A compositional rule for hardware design refinement. In Proceedings of CAV.

Digital Library

[27]

McMillan, K. 1998. Verification of an implementation of Tomasulo's algorithm by compositional model checking. In Proceedings of CAV.

Digital Library

[28]

McMillan, K. 1999. Circular compositional reasoning about liveness. In Proceedings of the 10th IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods. Lecture Notes in Computer Science, vol. 1703. Springer, Berlin, Germany, 342--345.

Digital Library

[29]

Misra, J. and Chandy, K. 1981. Proofs of networks of processes. IEEE Trans. Softw. Eng. 7, 4 (July), 417--426.

Digital Library

[30]

Owicki, S. S. and Gries, D. 1976. Verifying properties of parallel programs: An axiomatic approach. Commun. ACM 19, 5(May), 279--285.

Digital Library

[31]

Pandya, P. 1988. Compositional verification of distributed programs. Ph.D. dissertation, University of Bombay, Mumbai, India.

[32]

Pandya, P. and Joseph, M. 1991. P-A logic—a compositional proof system for distributed programs. Distrib. Comput. 5, 1, 37--54.

Digital Library

[33]

Pnueli, A. 1977. The temporal logic of programs. In Proceedings of FOCS.

Digital Library

[34]

Pnueli, A. 1985. In transition from global to modular reasoning about programs. In Logics and Models of Concurrent Systems. NATO ASI Series. NATO, Brussels, Belgium.

Digital Library

[35]

Queille, J. and Sifakis, J. 1982. Specification and verification of concurrent systems in CESAR. In Proceedings of the 5th International Symposium on Programming.

Digital Library

[36]

Stark, E. 1985. A proof technique for rely/guarantee properties. In Proceedings of FST&TCS. 369--391.

Digital Library

[37]

Thomas, W. 1990. Automata on infinite objects. In Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics, J. van Leeuwen, ed. Elsevier, Amsterdam, The Netherlands, and MIT Press, Cambridge, MA.

Digital Library

[38]

Vardi, M. and Wolper, P. 1986. An automata-theoretic approach to automatic program verification. In Proceedings of the IEEE Symposium on Logic in Computer Science.

[39]

Zwiers, J. 1989. Compositionality, Concurrency and Partial Correctness. Springer-Verlag, Berlin, Germany.

Digital Library

[40]

Zwiers, J., de Roever, W., and van EmdeBoas, P. 1984. Compositionality and concurrent networks: Soundness and completeness of a proof system. Tech. rep. University of Nijmegen, Nijmegen, The Netherlands.

Cited By

Preoteasa VDragomir ITripakis S(2022)The refinement calculus of reactive systemsInformation and Computation10.1016/j.ic.2021.104819285:PBOnline publication date: 1-May-2022
https://dl.acm.org/doi/10.1016/j.ic.2021.104819
Majumdar RMallik KSchmuck AZufferey D(2020)Assume-Guarantee Distributed SynthesisIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2020.3012641(1-1)Online publication date: 2020
https://doi.org/10.1109/TCAD.2020.3012641
Zhang YGuo Y(2019)Runtime Monitoring of IoT Services to Guarantee PropertiesIntegrating and Streamlining Event-Driven IoT Services10.4018/978-1-5225-7622-8.ch007(223-275)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-7622-8.ch007
Show More Cited By

Index Terms

Recommendations

A refinement-based compositional reasoning framework for pipelined machine verification

We present a refinement-based compositional framework for showing that pipelined machines satisfy the same safety and liveness properties as their non-pipelined specifications. Our framework consists of a set of convenient, easily applicable, and ...
Symbolic assume-guarantee reasoning through BDD learning
ICSE 2014: Proceedings of the 36th International Conference on Software Engineering

Both symbolic model checking and assume-guarantee reasoning aim to circumvent the state explosion problem. Symbolic model checking explores many states simultaneously and reports numerous erroneous traces. Automated assume-guarantee reasoning, on the ...
Towards a compositional SPIN
SPIN'06: Proceedings of the 13th international conference on Model Checking Software

This paper discusses our initial experience with introducing automated assume-guarantee verification based on learning in the SPIN tool. We believe that compositional verification techniques such as assume-guarantee reasoning could complement the state-...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Computational Logic

ACM Transactions on Computational Logic Volume 11, Issue 3

May 2010

158 pages

ISSN:1529-3785

EISSN:1557-945X

DOI:10.1145/1740582

Issue’s Table of Contents

Copyright © 2010 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 18 May 2010

Accepted: 01 July 2008

Received: 01 May 2007

Published in TOCL Volume 11, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed

Funding Sources

National Science Foundation

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

17
Total Citations
View Citations
361
Total Downloads

Downloads (Last 12 months)9
Downloads (Last 6 weeks)1

Reflects downloads up to 02 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Preoteasa VDragomir ITripakis S(2022)The refinement calculus of reactive systemsInformation and Computation10.1016/j.ic.2021.104819285:PBOnline publication date: 1-May-2022
https://dl.acm.org/doi/10.1016/j.ic.2021.104819
Majumdar RMallik KSchmuck AZufferey D(2020)Assume-Guarantee Distributed SynthesisIEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems10.1109/TCAD.2020.3012641(1-1)Online publication date: 2020
https://doi.org/10.1109/TCAD.2020.3012641
Zhang YGuo Y(2019)Runtime Monitoring of IoT Services to Guarantee PropertiesIntegrating and Streamlining Event-Driven IoT Services10.4018/978-1-5225-7622-8.ch007(223-275)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-7622-8.ch007
Zhang YGuo Y(2019)IoT Resources and IoT ServicesIntegrating and Streamlining Event-Driven IoT Services10.4018/978-1-5225-7622-8.ch001(1-37)Online publication date: 2019
https://doi.org/10.4018/978-1-5225-7622-8.ch001
Westman JNyberg M(2018)Conditions of contracts for separating responsibilities in heterogeneous systemsFormal Methods in System Design10.1007/s10703-017-0294-752:2(147-192)Online publication date: 1-Apr-2018
https://dl.acm.org/doi/10.1007/s10703-017-0294-7
Siirtola ATripakis SHeljanko K(2017)When Do We Not Need Complex Assume-Guarantee Rules?ACM Transactions on Embedded Computing Systems10.1145/301228016:2(1-25)Online publication date: 2-Jan-2017
https://dl.acm.org/doi/10.1145/3012280
Madhukar KSchrammel PSrivas M(2017)Compositional Safety Refutation TechniquesAutomated Technology for Verification and Analysis10.1007/978-3-319-68167-2_12(164-183)Online publication date: 27-Sep-2017
https://doi.org/10.1007/978-3-319-68167-2_12
Dallal ETabuada P(2016)Decomposing controller synthesis for safety specifications2016 IEEE 55th Conference on Decision and Control (CDC)10.1109/CDC.2016.7799148(5720-5725)Online publication date: Dec-2016
https://doi.org/10.1109/CDC.2016.7799148
Tripakis S(2016)Compositional Model-Based System Design and Other Foundations for Mastering ChangeTransactions on Foundations for Mastering Change I10.1007/978-3-319-46508-1_7(113-129)Online publication date: 23-Sep-2016
https://doi.org/10.1007/978-3-319-46508-1_7
Westman JNyberg M(2015)Contracts for Specifying and Structuring Requirements on Cyber-Physical SystemsCyber-Physical Systems10.1201/b19290-19(307-341)Online publication date: 13-Oct-2015
https://doi.org/10.1201/b19290-19
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents