Automatic Synthesis of Assumptions for Compositional Model Checking

Finkbeiner, Bernd; Schewe, Sven; Brill, Matthias

doi:10.1007/11888116_12

Cited by 6 publications

(4 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Given two Promela processes M, N and a property automaton P, our tool RESY [15,12] performs a graph-theoretic analysis of the product of N and P to identify states in M that can safely be merged. For timed systems, a graph-theoretical analysis alone is, of course, not sound, because one location may be safe and another unsafe, even if both have a (discrete) path to an error location.…”

Section: Introductionmentioning

confidence: 99%

Synthesising certificates in networks of timed automata

2010

View full text Add to dashboard Cite

The authors present an automatic method for the synthesis of certificates for components in embedded real-time systems. A certificate is a small homomorphic abstraction that can transparently replace the component during model checking: if the verification with the certificate succeeds, then the component is guaranteed to be correct; if the verification with the certificate fails, then the component itself must be erroneous. The authors give a direct construction, based on a forward and backward reachability analysis of the timed system, and an iterative refinement process, which produces a series of successively smaller certificates. In their experiments, model checking the certificate is several orders of magnitude faster than model checking the original system.

show abstract

Section: Introductionmentioning

confidence: 99%

Synthesising certificates in networks of timed automata

2010

View full text Add to dashboard Cite

show abstract

“…Given two Promela processes M, N and a property automaton P, our tool RESY [13,12] performs a graphtheoretic analysis of the product of N and P to identify states in M that can safely be merged. For timed systems, a graph-theoretical analysis alone is, of course, not sound, because one location may be safe and another unsafe, even if both have a (discrete) path to an error location.…”

Section: Introductionmentioning

confidence: 99%

Synthesizing Certificates in Networks of Timed Automata

Finkbeiner

Peter

Schewe

2008

2008 Real-Time Systems Symposium

Self Cite

View full text Add to dashboard Cite

We present an automatic method for the synthesis of certificates for components in embedded real-time systems. A certificate is a small homomorphic abstraction that can transparently replace the component during model checking: if the verification with the certificate succeeds, then the component is guaranteed to be correct; if the verification with the certificate fails, then the component itself must be erroneous. We give a direct construction, based on a forward and backward reachability analysis of the timed system, and an iterative refinement process, which produces a series of successively smaller certificates. In our experiments, model checking the certificate is several orders of magnitude faster than model checking the original system.

show abstract

“…RESY implements the requirement synthesis algorithm presented in [4]. Given a system M E, which consists of a process M and its environment E, RESY computes an equivalence relation on the states of M , collapsing two states if E can either force the occurrence of an error from both states or from nei-⋆…”

Section: Requirement Synthesismentioning

confidence: 99%

“…Requirement automata represent the assumptions an environment makes on the behavior of a component. Typical applications include program documentation [1], where the synthesized requirements help the user to understand the interaction of the program components; program certification [2], where the synthesized requirements simplify the re-verification of the system (possibly by a different user and a different tool); and compositional model checking [3], where the requirement is synthesized and used during the same model checking run, in order to avoid the construction of the full product state space.RESY implements the requirement synthesis algorithm presented in [4]. Given a system M E, which consists of a process M and its environment E, RESY computes an equivalence relation on the states of M , collapsing two states if E can either force the occurrence of an error from both states or from nei-⋆…”

mentioning

confidence: 99%

RESY: Requirement Synthesis for Compositional Model Checking

Finkbeiner

Peter

Schewe

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Abstract. The requirement synthesis tool RESY automatically computes environment assumptions for compositional model checking. Given a process M in a multi-process PROMELA program, an abstraction refinement loop computes a coarse equivalence relation on the states of the environment, collapsing two states if the environment of M can either force the occurrence of an error from both states or from neither state. RESY supports three different operation modes: assumption generation, compositional model checking, and front-end to the model checker SPIN. In assumption generation mode, RESY minimizes the size of the assumption; small assumptions are useful for program documentation and as certificates for re-verification. In compositional model checking mode, RESY terminates as soon as the property is proven or disproven, independently of the size of the assumption. In front-end mode, RESY terminates when the size of the assumption falls below a specified threshold, and calls SPIN with the simplified verification problem. Requirement SynthesisRESY is a tool for the automatic synthesis of requirement automata for safety properties. Requirement automata represent the assumptions an environment makes on the behavior of a component. Typical applications include program documentation [1], where the synthesized requirements help the user to understand the interaction of the program components; program certification [2], where the synthesized requirements simplify the re-verification of the system (possibly by a different user and a different tool); and compositional model checking [3], where the requirement is synthesized and used during the same model checking run, in order to avoid the construction of the full product state space.RESY implements the requirement synthesis algorithm presented in [4]. Given a system M E, which consists of a process M and its environment E, RESY computes an equivalence relation on the states of M , collapsing two states if E can either force the occurrence of an error from both states or from nei-⋆

show abstract

Automatic Synthesis of Assumptions for Compositional Model Checking

Cited by 6 publications

References 20 publications

Synthesising certificates in networks of timed automata

Synthesising certificates in networks of timed automata

Synthesizing Certificates in Networks of Timed Automata

RESY: Requirement Synthesis for Compositional Model Checking

Contact Info

Product

Resources

About