Automating Refinement Checking in Probabilistic System Design

Refinement plays a crucial role in “top-down” styles of verification, such as the refinement calculus, but for probabilistic systems proof of refinement is a particularly challenging task due to the combination of probability and nondeterminism which typically arises in partiallyspecified systems. Whilst the theory of probabilistic refinement is well-known [19] there are few tools to help with establishing refinements between programs. In this paper we describe a tool which provides partial support during refinement proofs. The tool essentially builds small models of programs using an algebraic rewriting system to extract the overall probabilistic behaviour. We use that behaviour to recast refinement-checking as a linear satisfiability problem, which can then be exported to a linear SAT solver. One of the major benefits of this approach is the ability to generate counterexamples, alerting the prover to a problem in a proposed refinement. We demonstrate the technique on a small case study based on Schneider et al.’s Tank Monitoring [28].