{"title":"什么时候我们需要(不需要)复杂的假设-担保规则?","authors":"Antti Siirtola, S. Tripakis, Keijo Heljanko","doi":"10.1145/3012280","DOIUrl":null,"url":null,"abstract":"Assume-guarantee (AG) reasoning is a compositional verification method where a verification task involving many processes is broken into multiple verification tasks involving fewer and/or simpler processes. Unfortunately, AG verification rules, and especially circular rules are often complex and hence hard to reason about. This raises the question whether complex rules are really necessary, especially in view of formalisms that already enable compositional reasoning via simple rules based on precongruence. This paper investigates this question for two formalisms: (1) labelled transition systems (LTS) with parallel composition and weak simulation, and (2) interface automata (IA) with composition and alternating simulation ><;OI. In (1), not all AG rules are sound and the precongruence rule cannot replace all sound ones, but we can provide a generic and sound AG rule that complements the precongruence rule. We show that in (2) all AG rules are sound and can be replaced by a simple rule where all premisses are of the form Pi><;OI Qt. Moreover, we show that proofs in the LTS AG rule can be converted into proofs in the simple IA rule. This suggests that circular reasoning is a built-in feature of the IA formalism, and provided system components can be modelled as IA, complex assume-guarantee rules are not needed.","PeriodicalId":162527,"journal":{"name":"2015 15th International Conference on Application of Concurrency to System Design","volume":"36 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-06-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"When Do We (Not) Need Complex Assume-Guarantee Rules?\",\"authors\":\"Antti Siirtola, S. Tripakis, Keijo Heljanko\",\"doi\":\"10.1145/3012280\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Assume-guarantee (AG) reasoning is a compositional verification method where a verification task involving many processes is broken into multiple verification tasks involving fewer and/or simpler processes. Unfortunately, AG verification rules, and especially circular rules are often complex and hence hard to reason about. This raises the question whether complex rules are really necessary, especially in view of formalisms that already enable compositional reasoning via simple rules based on precongruence. This paper investigates this question for two formalisms: (1) labelled transition systems (LTS) with parallel composition and weak simulation, and (2) interface automata (IA) with composition and alternating simulation ><;OI. In (1), not all AG rules are sound and the precongruence rule cannot replace all sound ones, but we can provide a generic and sound AG rule that complements the precongruence rule. We show that in (2) all AG rules are sound and can be replaced by a simple rule where all premisses are of the form Pi><;OI Qt. Moreover, we show that proofs in the LTS AG rule can be converted into proofs in the simple IA rule. This suggests that circular reasoning is a built-in feature of the IA formalism, and provided system components can be modelled as IA, complex assume-guarantee rules are not needed.\",\"PeriodicalId\":162527,\"journal\":{\"name\":\"2015 15th International Conference on Application of Concurrency to System Design\",\"volume\":\"36 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-06-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 15th International Conference on Application of Concurrency to System Design\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3012280\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 15th International Conference on Application of Concurrency to System Design","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3012280","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
When Do We (Not) Need Complex Assume-Guarantee Rules?
Assume-guarantee (AG) reasoning is a compositional verification method where a verification task involving many processes is broken into multiple verification tasks involving fewer and/or simpler processes. Unfortunately, AG verification rules, and especially circular rules are often complex and hence hard to reason about. This raises the question whether complex rules are really necessary, especially in view of formalisms that already enable compositional reasoning via simple rules based on precongruence. This paper investigates this question for two formalisms: (1) labelled transition systems (LTS) with parallel composition and weak simulation, and (2) interface automata (IA) with composition and alternating simulation ><;OI. In (1), not all AG rules are sound and the precongruence rule cannot replace all sound ones, but we can provide a generic and sound AG rule that complements the precongruence rule. We show that in (2) all AG rules are sound and can be replaced by a simple rule where all premisses are of the form Pi><;OI Qt. Moreover, we show that proofs in the LTS AG rule can be converted into proofs in the simple IA rule. This suggests that circular reasoning is a built-in feature of the IA formalism, and provided system components can be modelled as IA, complex assume-guarantee rules are not needed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
