Comparing Abstract Semantics for Model Checking

2000

Abstract. Model-checking offers a potential for push-button verification. Abstraction is often used to combat the state-space explosion problem and focus the analysis on relevant properties. However, in many such cases, it is difficult to interpret the results of verification on an abstract system with respect to a concrete one. In this paper we present an abstract model-checking approach that guarantees that the True and False answers are sound with respect to the original system.

Lecture Notes in Computer Science, 1995

This paper investigates the use of abstract-interpretationinspired techniques for improving the performance of procedures for determining when systems satisfy formulas in branching-time temporal logic. A framework for abstracting system descriptions is developed, and a particular method for generating abstract systems from given abstractions on system states is de ned and shown to be both safe and optimal, in the sense that concrete systems satisfy all the temporal formulas enjoyed by their abstracted counterparts. One may then use a model checker on an abstracted (and hence smaller) system in order to infer properties of a concrete system.

Electronic Notes in …, 2002

Abstraction methods have become one of the most interesting topics in the automatic verification of software systems because they can reduce the state space to be explored and allow model checking of more complex systems. Nevertheless, there is a lack of tools actually supporting this technique. One direction for abstracting a system is to transform its formal description (its model) into a simpler version specified in the same language, thus skipping the construction of a specific (model checking) tool for the abstract model. The abstraction of the model should be followed by the abstraction of the temporal formulas to be checked. This paper presents αSpin, a tool for the integration of several abstraction approaches (for models and formulas) into the well known model checker Spin. In particular, αSpin integrates two dual approaches, the classic abstraction method, based on underapproximating properties, and an alternative approach, proposed by the authors, where abstraction provides an over-approximation of the formulas. 2

Formal Aspects of Computing, 2004

Semantics of description languages for complex systems are a central issue for implementing verification methods such as abstract model checking. This technique is employed to verify systems by inspecting only a small state space that represents its potential behaviors. This paper presents a generalized operational semantics of the modelling language promela that provides the theoretical basis to introduce this promising method in the model checker spin. The generalization consists of identifying language aspects affected by the abstraction. Using these aspects as parameters, it is possible to obtain and relate different interpretations of the language. The new semantics provides a framework to reason about how to construct the tool αspin as an extension of spin.

1991

Abstract A model-checking method for linear-time temporal logic that avoids the state explosion due to the modeling of concurrency by interleaving is presented. The method relies on the concept of the Mazurkiewicz trace as a semantic basis and uses automata-theoretic techniques, including automata that operate on words of ordinality higher than ω. In particular, automata operating on words of length ω× n, n∈ ω are defined.

International Journal on …, 2004

Abstraction methods have become one of the most interesting topics in the automatic verification of software systems because they can reduce the state space to be explored and allow model checking of more complex systems. Nevertheless, there is a lack of tools actually supporting this technique. One direction for abstracting a system is to transform its formal description (its model) into a simpler version specified in the same language, thus skipping the construction of a specific (model checking) tool for the abstract model. The abstraction of the model should be followed by the abstraction of the temporal formulas to be checked. This paper presents αspin, a tool for the integration of abstraction (for models and formulas) into the well-known model checker spin. We present the theoretical results supporting the implementation together with a case study.

2006

Abstract. This paper describes a framework, based on Abstract Interpretation, for creating abstractions for model-checking. Specifically, we study how to abstract models of µ-calculus and systematically derive abstractions that are constructive, sound, and precise, and apply them to abstracting Kripke structures. The overall approach is based on the use of bilattices to represent partial and inconsistent information.

2006

Model checking suffers from the state explosion problem, due to the exponential increase in the size of a finite state model as the number of system components grows. Directed model checking aims at reducing this problem through heuristic-based search strategies. The model of the system is built while checking the formula and this construction is guided by some heuristic function. In this line, we have defined a structure-based heuristic function operating on processes described in the Calculus of Communicating Systems (CCS), which accounts for the structure of the formula to be verified, expressed in the selective Hennessy-Milner logic. We have implemented a tool to evaluate the method and verified a sample of well known CCS processes with respect to some formulae, the results of which are reported and commented.

HAL (Le Centre pour la Communication Scientifique Directe), 2008

interpretation is a general methodology for building static analyses of programs. It was introduced by P. and R. Cousot in [3]. We present, in this paper, an application of a generic abstract interpretation to domain of model-checking. Dynamic checking are usually easier to use, because the concept are established and wide well know. But they are usually limited to systems whose states space is finite. In an other part, certain faults cannot be detected dynamically, even by keeping track of the history of the states space.Indeed, the classical problem of finding the right test cases is far from trivial and limit the abilities of dynamic checkers further. Static checking have the advantage that they work on a more abstract level than dynamic checker and can verify system properties for all inputs. Problem, it is hard to guarantee that a violation of a modeled property corresponds to a fault in the concrete system. We propose an approach, in which we generate counter-examples dynamically using the abstract interpretation techniques.

Static Analysis, 2002

A crucial problem in abstract model checking is to find a tradeoff between constructing the "best" (the smallest) abstract model, approximating a given model, and preserving as much interesting properties over the original model as possible. In this paper, we present a method for dealing with this problem based on the definition of a new abstract satisfiability relation. This new relation allows us to analyze temporal properties with different degrees of precision, by means of a refinement process. The method subsumes the classic way of abstracting properties and the dual proposal of the authors. As a consequence, maintaining the same abstract model, we directly obtain the preservation of universal properties (as in the classic method) and the refutation of existential properties (as in the dual method). We also show the utility of this method by proving that the very important notions of completeness and precision in abstract model checking may be analyzed by using the new relation. In particular, we exploit the power of model checking to simultaneously refine both the model and the properties. 1