Certifying deadlock-freedom for BIP models
Pages 61 - 70
Abstract
The BIP framework provides a methodology supported by a tool chain for developing software for embedded systems. The design of a BIP system follows the decomposition in behavior, interaction and priority. The first step comprises the division of desired behavior of a system into components. In a second step interactions and their priorities are added between the components. Finally, machine code is generated from the BIP model. While adding interactions it is possible to overconstrain a system resulting in potential deadlocks. The tool chain crucially depends on an automatic tool, D-Finder, which checks for deadlock-freedom.
This paper reports on guaranteeing the correctness of the verdict of D-Finder. We address the problem of formally proving deadlock-freedom of an embedded system in a way that is comprehensible for third party users and other tools. We propose the automatic generation of certificates for each BIP model declared safe by D-Finder. These certificates comprise a proof of deadlock-freedom of the BIP model which can be checked by an independent checker. We use the Coq theorem prover as certificate checker. Thus, bringing the high level of confidence of a formal proof to the deadlock analysis results.
With the help of certificates one gets a deadlock-freedom guarantee of BIP models without having to trust or even take a look at the deadlock checking tool. The proof of deadlock-freedom fundamentally relies on the computation of invariant properties of the considered BIP model which is carried out by D-Finder and serves as basis for certificate generation. Encapsulating these invariants into certificates and checking them is the most important subtask of our methodology for guaranteeing deadlock-freedom.
References
[1]
{ACH+95} R. Alur, C. Courcoubetis, N. Halbwachs, T. A. Henzinger, P. H. Ho, X. Nicollin, A. Olivero, J. Sifakis, and S. Yovine. The algorithmic analysis of hybrid systems. Theoretical Computer Science, 138(1): 3--34, 1995.
[2]
{BBSN08} S. Bensalem, M. Bozga, J. Sifakis, and T-H. Nguyen. Compositional Verification for Component-based Systems and Application. ATVA 2008 6th International Symposium on Automated Technology for Verification and Analysis, October 20--23, 2008, Seoul, South Korea.
[3]
{BBS06} A. Basu, M. Bozga, and J. Sifakis. Modeling heterogeneous real-time components in BIP. In SEFM, pages 3--12, 2006.
[4]
{BD04} Y. Bertot and P. Castéran. Interactive Theorem Proving and Program Development. Coq'Art: The Calculus of Inductive Constructions. Springer-Verlag, 2004.
[5]
{BG08} J. O. Blech and B. Grégoire. Certifying code generation with coq. In Proceedings of the 7th Workshop on Compiler Optimization meets Compiler Verification (COCV 2008), Budapest, Hungary, ENTCS. April 2008.
[6]
{BGI+09} S. Bensalem, M. Gallien, F. Ingrand, I. Kahloul, T-H. Nguyen. Toward a More Dependable Software Architecture for Autonomous Robots. IEEE Robotics and Automation Magazine. to appear
[7]
{BGL+08} A. Basu, M. Gallien, C. Lesire, T-H. Nguyen, Saddek Bensalem, Felix Ingrand and Joseph Sifakis. Incremental Component-Based Construction and Verfication of a Robotic System. ECAI 2008 The 18th European Conference on Artificial Intelligence, Patras, Greece, July 21--25, 2008.
[8]
{BP08} J. O. Blech and M. Périn. Towards certifying deadlock-freedom for BIP models. Technical Report TR-2008-1, Verimag, September 2008.
[9]
{BPH07} J. O. Blech and A. Poetzsch-Heffter. A certifying code generation phase. In Proceedings of the 6th Workshop on Compiler Optimization meets Compiler Verification (COCV 2007), Braga, Portugal, ENTCS, March 2007.
[10]
{HJM+02} T. A. Henzinger, R. Jhala, R. Majumdar, G. C. Necula, G. Sutre, and W. Weimer. Temporal-safety proofs for systems code. Proc of CAV '02, 2002. Springer-Verlag.
[11]
{Nam01{ K. S. Namjoshi. Certifying model checkers. Proc of CAV '01, 2001. Springer-Verlag.
[12]
{Nec97} G. C. Necula. Proof-carrying code. In POPL '97, pages 106--119, New York, NY, USA, 1997. ACM.
[13]
{Nec00} G. C. Necula. Translation validation for an optimizing compiler. In Proceedings of the ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pages 83--95, 2000.
[14]
{PSS98} A. Pnueli, M. Siegel, and E. Singerman. Translation validation. Lecture Notes in Computer Science, 1384: 151+, 1998.
[15]
{TC02} L. Tan and R. Cleaveland. Evidence-based model checking. Proc of CAV '02, London, UK, 2002. Springer-Verlag.
[16]
{TL08} J-B. Tristan and X. Leroy. Formal Verification of Translation Validators: A Case Study on Instruction Scheduling Optimizations. In POPL '08: Conference record of the 35th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, New York, NY, USA, 2008. ACM Press.
[17]
{The07} The Coq Development Team. The Coq Proof Assistant Reference Manual -- Version 8.1, 2007. http://coq.inria.fr.
[18]
{WAS03} D. Wu, A. W. Appel, and A. Stump. Foundational proof checkers with small witnesses. Proceedings of the 5th ACM SIGPLAN international conference on Principles and practice of declaritive programming, 2003.
[19]
{ZPFG03} L. Zuck, A. Pnueli, Y. Fang, and B. Goldberg. VOC: A methodology for the translation validation of optimizingcompilers. Journal of Universal Computer Science, 9(3): 223--247, March 2003.
Index Terms
- Certifying deadlock-freedom for BIP models
Recommendations
Certifying Model Checkers
CAV '01: Proceedings of the 13th International Conference on Computer Aided VerificationModel Checking is an algorithmic technique to determine whether a temporal property holds of a program. For linear time properties, a model checker produces a counterexample computation if the check fails. This computation acts as a "certificate" of ...
Global and Local Deadlock Freedom in BIP
We present a criterion for checking local and global deadlock freedom of finite state systems expressed in BIP: a component-based framework for constructing complex distributed systems. Our criterion is evaluated by model-checking a set of subsystems of ...
Parameterized verification of deadlock freedom in symmetric cache coherence protocols
FMCAD '11: Proceedings of the International Conference on Formal Methods in Computer-Aided DesignAn important problem in the verification of hardware protocols is that of proving deadlock freedom. We view deadlock freedom as the property that for all reachable states, there exists some path to a quiescent state, i.e. one wherein all resources of ...
Comments
Information & Contributors
Information
Published In
Copyright © 2009 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
- EDAA: European Design Automation Association
- PREDATOR European FP7 Project
- ArtistDesign European NoE
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 23 April 2009
Check for updates
Qualifiers
- Research-article
Conference
SCOPES '09
Sponsor:
- EDAA
SCOPES '09: 12th International Workshop on Software and Compilers for Embedded Systems
April 23 - 24, 2009
Nice, France
Acceptance Rates
SCOPES '09 Paper Acceptance Rate 8 of 26 submissions, 31%;
Overall Acceptance Rate 38 of 79 submissions, 48%
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 117Total Downloads
- Downloads (Last 12 months)0
- Downloads (Last 6 weeks)0
Reflects downloads up to 18 Aug 2024
Other Metrics
Citations
View Options
Get Access
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in