1 / 19

Automated Refinement Checking of Concurrent Systems

This paper presents an automated algorithm for checking trace refinement in concurrent systems specified with CSP (Communicating Sequential Processes) that may involve infinite state spaces. The proposed framework automates the comparison of specifications and implementations through various techniques, including inference algorithms and automated theorem proving. The approach aims to handle complex design methodologies, leveraging formal semantics and modeling languages. Results illustrate the effectiveness of the method in verifying system correctness within bounds of complexity.

javier
Télécharger la présentation

Automated Refinement Checking of Concurrent Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Automated Refinement Checking of Concurrent Systems Sudipta Kundu, Sorin Lerner, Rajesh Gupta Department of Computer Science and Engineering, University of California, San Diego

  2. …. x = a * b; c = a < b; if (c) then a = b – x; else a = b + x; a = a + x; b = b * x; …. • C/C++, SystemC < 100 – 10K lines > Functionally Equivalent Data path Functionally Equivalent S0 Controller S1 !f f • Verilog, VHDL < 1K – 100K lines > S3 S2 S4 Hardware Design Methodology Algorithmic Description Functionally Equivalent High Level Synthesis Behavior Description RTL Description

  3. The Model • Properties of interest: • Concurrency • Visible events • Model both the specification and implementation • Formal semantics • Various modeling languages • Process Algebra [CSP, CCS] • Petri Nets • SpecC/SystemC

  4. (Trace) Refinement Checker Checker The Problem CSP Program (Specification) Transformed CSP Program (Implementation) Refinements

  5. Previous Work Previous work in Refinement Checking of CSP programs • Inspired by translation validation [Necula 00] [Pnueli 98] State Space Relational Approach [Josephs 88] Interactive Theorem Provers [Dutertre 97] [Tej 97] [Isobe 05] Infinite Our Approach FDR Model Checker [FDR 05, Roscoe 95] Finite Level of Automation Semi Automatic Fully Automatic Manual

  6. Outline • Motivation and Problem definition • Algorithms • Checking Algorithm • Inference Algorithm • Experiments and Results • Conclusion

  7. Implementation: right left mid send recv ack An Example of Refinement Specification: right left Link v1 v1 4*v1 v1 v1 4*v1 2*v1 2*v1

  8. | | True left?a left?x mid?u w:=a*4 a == x y:=x*2 z:=u*2 right!w mid!y right!z w == z Link ack?_ ack!1 Send Recv Specification Implementation CFGs for the Example Simulation Relation • A relation R that matches a given program state in the implementation with the corresponding state in the specification. • The simulation relation is a set of entries of the form (p1, p2, Ф). p1 – program point in Specification p2 – program point in Implementation Ф– formula that relates the data • Split state space in two parts: • control flow state, which is finite. => explored by traversing the CFG • dataflow state, which may be infinite. => explored using Automated Theorem Prover (ATP)

  9. | | left?a left?x mid?u w:=a*4 y:=x*2 z:=u*2 right!w mid!y right!z Link ack?_ ack!1 Send Recv Specification Implementation Checking Algorithm C1: True C2: a == x ATP[C1 => WP(C2)] C3: w == z ATP[(C3) => WP(C2)] ATP[(C2) => WP(C3)]

  10. Outline • Motivation and Problem definition • Algorithms • Checking Algorithm • Inference Algorithm • Experiments and Results • Conclusion

  11. Inference Algorithm • It works in two steps. • Forward pass: collect local condition for externally visible events to be matched. • Backward pass: propagate local conditions backward, using weakest preconditions. • May not terminate • Loops - iterate to a fixed point • In practice it can find the required simulation relation.

  12. | | left?a C1 left?x mid?u w:=a*4 C2 y:=x*2 z:=u*2 right!w mid!y right!z C3: w == z Link ack?_ ack!1 Send Recv Specification Implementation Inference Algorithm: Forward Pass

  13. | | left?a left?x mid?u w:=a*4 y:=x*2 z:=u*2 right!w mid!y right!z Link ack?_ ack!1 Send Recv Specification Implementation Inference Algorithm: Backward Pass C1: True ATP[C2 -> WP(C3)] C2: a == x C2: True ATP[C1 -> WP(C2)] ATP[C3 -> WP(C2)] C3: w == z

  14. Outline • Motivation and Problem definition • Algorithms • Checking Algorithm • Inference Algorithm • Experiments and Results • Conclusion

  15. CSP Specification CSP Implementation Front End Parser A R C C o S Implementation (CFG) Specification (CFG) Simulation Relation Inference Engine Checking Engine Automated Theorem Prover (Simplify) Partial Order Reduction Engine Prototype Implementation - ARCCoS

  16. Results from ARCCoS

  17. Outline • Motivation and Problem definition • Algorithms • Checking Algorithm • Inference Algorithm • Experiments and Results • Conclusion

  18. Conclusion and Future Directions • We have presented an automated algorithm for checking trace refinement of CSP programs that has infinite state spaces. • Checking Algorithm • Inference Algorithm • The work presented here is only the first step in a broader research plan whose goal is to check the refinement of SystemC.

  19. Thank You

More Related