Results 1  10
of
18
Property preserving abstractions for the verification of concurrent systems
 FORMAL METHODS IN SYSTEM DESIGN, VOL 6, ISS
, 1995
"... We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a ..."
Abstract

Cited by 147 (6 self)
 Add to MetaCart
(Show Context)
We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function mapping sets of states of a system S into sets of states of a system S'. We give results on the preservation of properties expressed in sublanguages of the branching timecalculus when two systems S and S' are related via h � isimulations. They can be used to verify a property for a system by verifying the same property on a simpler system which is an abstraction of it. We show also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed verification method. This is a revised version of the papers [2] and [16] � the results are fully developed in [27].
Initial Algebra and Final Coalgebra Semantics for Concurrency
, 1994
"... The aim of this paper is to relate initial algebra semantics and final coalgebra semantics. It is shown how these two approaches to the semantics of programming languages are each others dual, and some conditions are given under which they coincide. More precisely, it is shown how to derive initial ..."
Abstract

Cited by 56 (9 self)
 Add to MetaCart
(Show Context)
The aim of this paper is to relate initial algebra semantics and final coalgebra semantics. It is shown how these two approaches to the semantics of programming languages are each others dual, and some conditions are given under which they coincide. More precisely, it is shown how to derive initial semantics from final semantics, using the initiality and finality to ensure their equality. Moreover, many facts about congruences (on algebras) and (generalized) bisimulations (on coalgebras) are shown to be dual as well.
A Tool for Symbolic Program Verification and Abstraction
 In Conference on Computer Aided Verification CAV 93, Heraklion Crete. LNCS 697
, 1993
"... We give the description of a verification tool taking boolean programs of guarded commands as input; internal representation of programs are sets of Binary Decision Diagrams (BDD) (one for each guarded command). It allows to construct an abstract program of the same form obtained using an abstractio ..."
Abstract

Cited by 37 (5 self)
 Add to MetaCart
(Show Context)
We give the description of a verification tool taking boolean programs of guarded commands as input; internal representation of programs are sets of Binary Decision Diagrams (BDD) (one for each guarded command). It allows to construct an abstract program of the same form obtained using an abstraction relation given by a boolean expression on "concrete" and "abstract" variables. The tool allows the verification of CTL formulas on programs. We illustrate its possibilities on an example. 1 Introduction In the domain of program verification an obvious idea is to verify some abstract program instead of the complete specification (called concrete program) depending on the properties to be verified. The motivation is to make the representation of the program model smaller and this for two reasons: one is to make the verification faster; the other is that in most practical cases the model of the concrete program is too large to be verified, whereas an abstraction of it may be sufficiently sma...
A practical technique for process abstraction
 4th Int. Conf. on Concurrency Theory (CONCUR'93), Lecture Notes in Computer Science 715
, 1993
"... Abstract. With algebraic laws a process can be simpli¯ed before verifying its equivalence with another process. Also needed are laws to allow a process to be simpli¯ed before verifying that it satis¯es a temporal logic formula. Most previous work on this problem is based on propertypreserving ma ..."
Abstract

Cited by 24 (1 self)
 Add to MetaCart
(Show Context)
Abstract. With algebraic laws a process can be simpli¯ed before verifying its equivalence with another process. Also needed are laws to allow a process to be simpli¯ed before verifying that it satis¯es a temporal logic formula. Most previous work on this problem is based on propertypreserving mappings between transition systems. The results presented here allow direct simpli¯cation of process terms for some important classes of temporal properties. 1
The power of the future perfect in program logics
 Information and Control
, 1985
"... The expressiveness of branching time tense (temporal) logics whose eventually operators are relativised to general paths into the future is investigated. These logics are interpreted in models obtained by generalising the usual notion of transition system to allow infinite transitions. It is shown t ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
The expressiveness of branching time tense (temporal) logics whose eventually operators are relativised to general paths into the future is investigated. These logics are interpreted in models obtained by generalising the usual notion of transition system to allow infinite transitions. It is shown that the presence of formulae expressing the future perfect enables one to prove that the expressiveness of the logic can be charaeterised by a notion of bisimulation on the generalised transition systems. The future perfect is obtained by adding a past tense operator to the language. Finally the power of various tense languages from the literature are
Limiting State Explosion with FilterBased Refinement
 International Workshop on Verification, Model Checking and Abstract Interpretation
, 1997
"... We introduce filters, an abstractinterpretation variant, to incrementally refine a naively generated state space and help validate path properties of the space via model checking. Filters can be represented equivalently as (i) statetransitionbased abstract interpretations, (ii) "property aut ..."
Abstract

Cited by 10 (3 self)
 Add to MetaCart
(Show Context)
We introduce filters, an abstractinterpretation variant, to incrementally refine a naively generated state space and help validate path properties of the space via model checking. Filters can be represented equivalently as (i) statetransitionbased abstract interpretations, (ii) "property automata," or (iii) path formulas in a CTL* variant. We give examples of filters and show their application in the FLAVERS static analysis system. It is no accident that a compiler uses a control flow graph (cfg ) as its "abstract interpretation of choice" for a sequential program: A program's cfg possesses a manageable state space, and a variety of code improvements are enacted by conducting additional flow analyses on top of the cfg . Of course, such analyses are abstract interpretations (ai s) themselves, but what is noteworthy here is that the cfg is used as the base structure upon which another analysis is placed: one ai (the flow analysis) "filters" the other (the cfg ). Unfortunately, this ...
Selective mucalculus: New Modal Operators for Proving Properties on Reduced Transition Systems
 In Proceedings of FORTE X/PSTV XVII '97. Chapman
, 1997
"... In model checking for temporal logic, the correctness of a (concurrent) system with respect to a desired behavior is verified by checking whether a structure that models the system satisfies a formula describing the behaviour. Most existing verification techniques, and in particular those defined fo ..."
Abstract

Cited by 9 (8 self)
 Add to MetaCart
(Show Context)
In model checking for temporal logic, the correctness of a (concurrent) system with respect to a desired behavior is verified by checking whether a structure that models the system satisfies a formula describing the behaviour. Most existing verification techniques, and in particular those defined for concurrent calculi like as CCS, are based on a representation of the concurrent system by means of a labelled transition system. In this approach to verification, state explosion is one of the most serious problems. In this paper we present a new temporal logic, the selective mucalculus, with the property that only the actions occurring in a formula are relevant to check the formula itself. We prove that the selective mucalculus is as powerful as the mucalculus. We define the notion of aebisimulation between transition systems: given a set of actions ae, a transition system aebisimulates another one if they have the same behaviour with respect to the actions in ae. We prove that, if t...
Automatic Abstraction in Model Checking
, 2000
"... As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale become ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale becomes extremely difficult. Formal verification methodologies can potentially catch subtle design errors. However, many stateoftheart formal verification tools suffer from the state explosion problem. This thesis explores abstraction techniques to avoid the state explosion problem. In our methodology, atomic formulas extracted from an SMVlike concurrent program are used to construct abstraction functions. The initial abstract structure is built by using existential abstraction techniques. When the model checker disproves a universal property on the abstract structure, it generates a counterexample. However, this abstract counterexample might be spurious because abstraction is not complete. We provide a new symbolic algorithm to determine whether an abstract counterexample is spurious. When a counterexample is identified to be spurious, the algorithm will compute the shortest prefix of the abstract counterexample that does not correspond to an actual trace in the concrete model. The last abstract state in this prefix is split into less abstract states so that the spurious counterexample is eliminated. Thus, a more refined abstraction function is obtained. It is usually desirable to obtain the coarsest refinement which eliminates the counterexample because this corresponds to the smallest abstract model that avoids the spurious counterexample. We prove, however, that finding the coarsest refinement is NPhard. Because of this, we use a polynomialtime algorithm which gives a su...
Survey of Equivalences for Transition Systems
, 1993
"... This paper presents some of these equivalences, discusses their computational complexity, and describes some of their properties and uses. To make concrete the general issues to be discussed, consider the two transition systems of Figure 1. The edge from state s 0 to state s 1 labeled by a means tha ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
This paper presents some of these equivalences, discusses their computational complexity, and describes some of their properties and uses. To make concrete the general issues to be discussed, consider the two transition systems of Figure 1. The edge from state s 0 to state s 1 labeled by a means that system M can evolve from state s 0 to s 1 while performing action a. We see that M and N can produce the same set of sequences of actions, namely fffl; a; ab; acg;
State Space Reduction by Nonstandard Semantics for Deadlock Analysis
 Science of Computer Programming
, 1998
"... In recent years many techniques have been developed for automatically verifying concurrent systems and most of them are based on the representation of the concurrent system by means of a transition system. State explosion is one of the most serious problems of this approach: often the prohibitive nu ..."
Abstract

Cited by 2 (2 self)
 Add to MetaCart
(Show Context)
In recent years many techniques have been developed for automatically verifying concurrent systems and most of them are based on the representation of the concurrent system by means of a transition system. State explosion is one of the most serious problems of this approach: often the prohibitive number of states renders the verification inefficient and, in some cases, impossible. We propose a method for reducing the state space of the transition system corresponding to a CCS process that suites deadlock analysis. The reduced transition system is generated by means of a nonstandard operational semantics containing a set of rules which are, in some sense, an abstraction, preserving deadlock freeness, of the inference rules of the standard semantics. Our method does not build the standard transition system, but directly generates an abstract system with a fewer number of states, so saving memory space. We characterize a class of processes whose abstract transition system is not exponential in the number of parallel components. Keywords: process algebras, transition systems, state explosion, structural operational semantics, deadlock. 1 This work has been partially funded by Progetto Coordinato CNR ANATRA 1 1