Abstract

The design of complex software systems fundamentally relies on the understanding of abstract components and their interactions. Although compositional techniques are being successfully employed in practice, the use of such techniques is often rather informal and intuitive, and typically a justification for correct behaviour of the composed system exists but is not expressed explicitly. In this paper, we show what can be gained from treating such justifications as first-class citizens. The fairly general setting for this paper is a formal development of a UNITY-style temporal logic for labeled transition systems in the calculus of inductive constructions which has been conducted using the Coq proof assistant in a formally rigorous way. Our development not only subsumes the original UNITY approach to program verification and the more recent approach of New UNITY, but goes beyond it in several essential aspects, such as the generality of the program/system model, the notion of fairness, and the issue of compositionality.

The last aspect, which we feel is crucial in the foundations for software engineering, is subject of this paper. We present a general proof rule for compositional verification of liveness assertions in tightly coupled systems. It relies on a notion of compositional proofs, which in turn is closely related to classical work on interference-free proofs for parallel programs. The formulation of this new proof rule and the verification of its soundness does not only exploit the strong inductive reasoning capabilities of the calculus of inductive constructions, but it also uses the propositions-as-types interpretation and the associated proofs-as-objects interpretation in an essential way.

Keywords: UNITY; program verification; compositionality; software engineering