Modular model checking of software specifications with simultaneous environment generation

Model checking is a powerful automated formal technique that is used for verifying reactive system's properties. In practice, model checkers are limited, due to the state explosion problem (the number of states to explore grows exponentially with the number of the system's processes), Modular verification based on assume-guarantee paradigm mitigates this problem by using a "divide and conquer" technique: the system's components are checked with a set of user-supply assumptions of the environment (environment model), and then, these assumptions must be verified on the environment (guarantee or assumption discharge). Unfortunately, this approach is not automated because the user must specify the environment model (assumptions). In this work, a novel technique is shown to, automatically, generate assumptions for all the system's components. The proposed algorithm simultaneously computes the environments of all components in the system, such as the generated assumptions for a component, which can be used in order to determine the assumptions of another component with the one that communicates it. The assumptions are computed as association rules between the component's interfaces. We applied our approach to the modular verification of a steam boiler control program.