Refinement-based Reasoning of Optimized Reactive Systems [PDF]

Abstract: We show that the correctness of a large class of optimized reactive systems can be effectively analyzed using refinement. Reasoning about reactive systems using refinement involves showing that any (infinite) behavior of a low-level, concrete implementation system is a behavior of the high-level abstract specification system. Existing notions of refinement do directly account for the differences in the unobservable behaviors (stuttering) of a concrete implementation and its abstract specification. However, they do not directly account for the differences in the observable behaviors of an optimized implementation and its abstract specification. Towards this we introduce two new notions of correctness, skipping simulation and reconciling simulation and develop a theory of refinement based on it. We study their algebraic properties and present several sound and complete proof-methods that can be used to effectively reason about them. The proof-methods reduce global reasoning about infinite computations of reactive systems to local reasoning about states and their successors and therefore are amenable to mechanical reasoning using existing verification tools.

Experimental Artifacts

1. Superword level parallelism compiler transformation [http://ccs.neu.edu/home/jmitesh/dissertation/scalar-vector]

   A directory containing ACL2s model of the scalar and vector machine for superword level parallelism transformation.

   It also contains the proof script for correctness of the transformation based on SKS. Details of installing ACL2s and certifying are in the README file in the directory.

2. Stack Machine [http://ccs.neu.edu/home/jmitesh/dissertation/stack-machine]

   This directory contains AIGs used for the comparing running time of model-checkers of IO equivalence and SKS for a JVM-inspired stack machines (STK and BSTK).

   It also contains an executable to generate models for stack machines and correctness condition based on IO equivalence and SKS. More details on the usage are provided in the README file in the directory.

3. Memory Controller [http://ccs.neu.edu/home/jmitesh/dissertation/memory-controller]

   This directory contains AIGs used for the comparing running time of model-checkers of IO equivalence and SKS for optimized memory controller.

   It also contains an executable to generate models for memory controller and correctness condition based on IO equivalence and SKS. More details on the usage are provided in the README file in the directory.

4. Event Processing System [http://www.ccs.neu.edu/home/jmitesh/dissertation/eps] This directory contains the ACL2s model of AEPS, the abstract event processing system, PEPS, the optimized event processing system, and ACL2s proof script. The [eps-semantics.lisp] contains the definitions formalizing the model and the top-level theorems to prove that PEPS is a skipping refinement of AEPS. The actual proof are in [eps-thms.lisp].

Model-checkers used in case studies 2 and 3

1. blimc (ats1 version)
   run command: ./blimc <bound> <aig-name>
   where bound = number of instructions + 2 (in case of stack machine) and
   = number of requests + 2 (in case of memory controller)


2. IIMC (version 1.3)
   run command: ./iimc-hwmcc13 <aig-name>


3. Temporal Induction Prover (TIP)
   run command: tip <aig-name>


4. Super Prove
   run command: super_prove <aig-name>

ACL2 Sedan (ACL2s)

BAT executables [ http://www.ccs.neu.edu/home/jmitesh/dissertation/bat-executables]

This directory containing executables required to generate BAT models and corresponding AIGs using model generators provided in stack-machine and memory-controller directories. Instructions on how to use these executables are given in individual directories.