Results 1  10
of
15
Counterexampleguided Abstraction Refinement
, 2000
"... We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techn ..."
Abstract

Cited by 602 (60 self)
 Add to MetaCart
We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techniques which analyze such counterexamples and refine the abstract model correspondingly.
Efficient Decision Procedures for Model Checking of Linear Time Logic Properties
 Eleventh Conference on Computer Aided Verification (CAV'99
, 1999
"... . We propose an algorithm for LTL model checking based on the classification of the automata and on guided symbolic search. Like most current methods for LTL model checking, our algorithm starts with a tableau construction and uses a model checker for CTL with fairness constraints to prove the exist ..."
Abstract

Cited by 40 (14 self)
 Add to MetaCart
. We propose an algorithm for LTL model checking based on the classification of the automata and on guided symbolic search. Like most current methods for LTL model checking, our algorithm starts with a tableau construction and uses a model checker for CTL with fairness constraints to prove the existence of fair paths. However, we classify the tableaux according to their structure, and use efficient decision procedures for each class. Guided search applies hints to constrain the transition relation during fixpoint computations. Each fixpoint is thus translated into a sequence of fixpoints that are often much easier to compute than the original one. Our preliminary experimental results suggest that the new algorithm for LTL is quite efficient. In fact, for properties that can be expressed in both CTL and LTL, the algorithm is competitive with the CTL model checking algorithm. 1 Introduction Successful application of model checking requires strategies to bridge the gap betwee...
Automatic Abstraction Techniques for Propositional µcalculus Model Checking
 Ninth Conference on Computer Aided Verification (CAV'97
, 1997
"... ion Techniques for Propositional ¯calculus Model Checking ? Abelardo Pardo and Gary D. Hachtel University of Colorado ECEN Campus Box 425, Boulder, CO, 80309, USA fabel,hachtelg@vlsi.colorado.edu Abstract. An abstraction/refinement paradigm for the full propositional ¯calculus is presented. No ..."
Abstract

Cited by 28 (7 self)
 Add to MetaCart
ion Techniques for Propositional ¯calculus Model Checking ? Abelardo Pardo and Gary D. Hachtel University of Colorado ECEN Campus Box 425, Boulder, CO, 80309, USA fabel,hachtelg@vlsi.colorado.edu Abstract. An abstraction/refinement paradigm for the full propositional ¯calculus is presented. No distinction is made between universal or existential fragments. Necessary conditions for conservative verification are provided, along with a fully automatic symbolic model checking abstraction algorithm. The algorithm begins with conservative verification of an initial abstraction. If the conclusion is negative, it derives a "goal set" of states which require further resolution. It then successively refines, with respect to this goal set, the approximations made in the subformulas, until the given formula is verified or computational resources are exhausted. 1 Introduction The success of formal verification in detecting incorrect designs has been proven over the last decade. However, limi...
MultipleCounterexample Guided Iterative Abstraction Refinement: An Industrial Evaluation
, 2003
"... In this paper, we describe a completely automated framework for iterative abstraction refinement that is fully integrated into a formalverification environment. This environment consists of three basic software tools: Forecast, a BDDbased model checker, Thunder, a SATbased bounded model checke ..."
Abstract

Cited by 24 (0 self)
 Add to MetaCart
In this paper, we describe a completely automated framework for iterative abstraction refinement that is fully integrated into a formalverification environment. This environment consists of three basic software tools: Forecast, a BDDbased model checker, Thunder, a SATbased bounded model checker, and MCE, a technology for multiplecounterexample analysis. In our framework, the initial abstraction is chosen relative to the property under verification. The abstraction is model checked by Forecast; in case of failure, a counterexample is returned. Our framework includes an abstract counterexample analyzer module that applies techniques for bounded model checking to check whether the abstract counterexample holds in the concrete model. If it does, it is extended to a concrete counterexample. This important capability is provided as a separate tool that also addresses one of the major problems of verification by manual abstraction.
Incremental CTL Model Checking Using BDD Subsetting
, 1998
"... An automatic abstraction/refinement algorithm for symbolic CTL model checking is presented. Conservative model checking is thus done for the full CTL language  no restriction is made to the universal or existential fragments. The algorithm begins with conservative verification of an initial abstra ..."
Abstract

Cited by 21 (2 self)
 Add to MetaCart
An automatic abstraction/refinement algorithm for symbolic CTL model checking is presented. Conservative model checking is thus done for the full CTL language  no restriction is made to the universal or existential fragments. The algorithm begins with conservative verification of an initial abstraction. If the conclusion is negative, it derives a "goal set" of states which require further resolution. It then successively refines, with respect to this goal set, the approximations made in the subformulas, until the given formula is verified or computational resources are exhausted. This method applies uniformly to the abstractions based in overapproximation as well as underapproximations of the model. Both the refinement and the abstraction procedures are based in BDDsubsetting. Note that refinement procedures which are based on error traces, are limited to overapproximation on the universal fragment (or for language containment), whereas the goal set method is applicable to all consistent...
Improving ariadne’s bundle by following multiple threads in abstraction refinement
 In Proceedings of ICCAD
, 2003
"... We propose an abstraction refinement method for invariant checking, counter examples of shortest length in the current abstraction. The algorithm is focused on an improved Ariadne’s Bundle 1 of SORs (Synchronous Onion Rings) of the abstract model; the transitions through these SORs contain all short ..."
Abstract

Cited by 11 (3 self)
 Add to MetaCart
We propose an abstraction refinement method for invariant checking, counter examples of shortest length in the current abstraction. The algorithm is focused on an improved Ariadne’s Bundle 1 of SORs (Synchronous Onion Rings) of the abstract model; the transitions through these SORs contain all shortest ACEs (Abstract Counter Examples) and no other ACEs. The SORs are exploited in two distinct ways to provide global guidance to the abstraction refinement process: (1) Refinement variable selection is based on the entirety of transitions connecting the SORs, and (2) a SATbased concretization test is formulated to test all ACEs in the SORs at once. We call this test multithread concretization. The scalability of our refinement algorithm is ensured in the sense that all the analysis and computation required in our refinement algorithm are conducted on the abstract model. The abstraction efficiency of a given abstraction refinement algorithm measures how much of the concrete model is required to make the decision. We include experimental comparisons of our new method with recently published techniques [6, 4]. The results show that our scalable method, based on global guidance from the entire bundle of shortest ACEs, outperforms these other methods in terms of both run time and abstraction efficiency. 1.
Iterative Abstractionbased CTL Model Checking
, 2000
"... A paradigm for automatic approximation/refinement in conservative CTL model checking is presented. The approximations are used to verify a given formula conservatively by computing upper and lower bounds to the set of satisfying states at each subformula. These approximations attempt to perform con ..."
Abstract

Cited by 10 (2 self)
 Add to MetaCart
A paradigm for automatic approximation/refinement in conservative CTL model checking is presented. The approximations are used to verify a given formula conservatively by computing upper and lower bounds to the set of satisfying states at each subformula. These approximations attempt to perform conservative verification with the least possible number of BDD variables and BDD nodes. We present new forms of operational graphs to avoid limitations associated with previously used operational graphs. Three new techniques for efficient automatic refinement of approximate system are presented. These methods make it easier to find the locality. We also present a new type of don't cares (Approximate Satisfying Don't Cares) that can make model checking more efficient in time and space. On average, an order of magnitude speedup was achieved.
Automatic Abstraction in Model Checking
, 2000
"... As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale become ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale becomes extremely difficult. Formal verification methodologies can potentially catch subtle design errors. However, many stateoftheart formal verification tools suffer from the state explosion problem. This thesis explores abstraction techniques to avoid the state explosion problem. In our methodology, atomic formulas extracted from an SMVlike concurrent program are used to construct abstraction functions. The initial abstract structure is built by using existential abstraction techniques. When the model checker disproves a universal property on the abstract structure, it generates a counterexample. However, this abstract counterexample might be spurious because abstraction is not complete. We provide a new symbolic algorithm to determine whether an abstract counterexample is spurious. When a counterexample is identified to be spurious, the algorithm will compute the shortest prefix of the abstract counterexample that does not correspond to an actual trace in the concrete model. The last abstract state in this prefix is split into less abstract states so that the spurious counterexample is eliminated. Thus, a more refined abstraction function is obtained. It is usually desirable to obtain the coarsest refinement which eliminates the counterexample because this corresponds to the smallest abstract model that avoids the spurious counterexample. We prove, however, that finding the coarsest refinement is NPhard. Because of this, we use a polynomialtime algorithm which gives a su...
Detecting Malicious Logic Through Structural Checking
"... Abstract—Hardware is just as susceptible as software to “hacker attacks”, through inclusion of malicious logic; and the consequences of such an attack could be disastrous! The impact of software viruses has been felt, at one time or another, by the entire computerized world, through loss of producti ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
Abstract—Hardware is just as susceptible as software to “hacker attacks”, through inclusion of malicious logic; and the consequences of such an attack could be disastrous! The impact of software viruses has been felt, at one time or another, by the entire computerized world, through loss of productivity, loss of system resources or data, or mere inconvenience. However, the nature of malicious logic and defending against it is fundamentally different from its software counterpart. Malicious logic has the added dimension of not being removable once encapsulated in the system. This paper will identify hardware vulnerabilities and will outline an automated method, called Structural Checking, to detect and prevent malicious logic from becoming incorporated into an ASIC, which could cause catastrophic system failure, security breaches, or other dire consequences. I.
Approximations for Fixpoint Computations in Symbolic Model Checking
"... . We review the techniques for over and underapproximation used in symbolic model checking and their applications to the efficient computation of fixpoints. 1 Introduction Model checking has emerged as one of the most effective approaches to the formal verification of complex reactive systems. M ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
. We review the techniques for over and underapproximation used in symbolic model checking and their applications to the efficient computation of fixpoints. 1 Introduction Model checking has emerged as one of the most effective approaches to the formal verification of complex reactive systems. Model checking is based on the exploration of the state space of the system to be verified. The use of Binary Decision Diagrams (BDDs [4]) has led to Symbolic Model Checking, and has been quite effective at addressing the socalled state explosion problem [5]. However, it is often the case that state explosion translates into BDD explosion. Besides abstraction [12] and compositional reasoning techniques [15], approximation techniques may be very effective in controlling the size of BDDs. This paper reviews existing techniques for computing approximations, and their application to model checking. Due to space limitations, rather than presenting an exhaustive survey, we concentrate on represent...