Results 1  10
of
29
Counterexampleguided Abstraction Refinement
, 2000
"... We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techn ..."
Abstract

Cited by 602 (60 self)
 Add to MetaCart
We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techniques which analyze such counterexamples and refine the abstract model correspondingly.
Abstract interpretation of reactive systems: Abstractions preserving 8CTL , 9CTL and CTL
 Proceedings of the IFIP WG2.1/WG2.2/WG2.3 Working Conference on Programming Concepts, Methods and Calculi (PROCOMET), IFIP Transactions
, 1994
"... The advent of ever more complex reactive systems in increasingly critical areas calls for the development of automated verification techniques. Model checking is one such technique, which has proven quite successful. However, the state explosion problem remains the stumbling block in many situations ..."
Abstract

Cited by 249 (11 self)
 Add to MetaCart
The advent of ever more complex reactive systems in increasingly critical areas calls for the development of automated verification techniques. Model checking is one such technique, which has proven quite successful. However, the state explosion problem remains the stumbling block in many situations. Recent experience indicates that solutions are to be found in the application of techniques for property preserving abstraction and successive approximation of models. Most such applications have so far been based on the propertypreserving characteristics of simulation relations. A major drawback of all these results is that they do not offer a satisfactory formalization of the notions of precision and optimality of abstractions. Furthermore, the use of simulation relations poses difficulties when formalizing the preservation of both existential and universal properties over the same abstract domain. The theory of Abstract Interpretation offers a framework for the definition and justification of property preserving abstractions. Furthermore, it provides a method for the effective computation of abstract models directly from the text of a program, thereby avoiding the need for intermediate storage of a fullblown model. Finally, it formalizes the notion of optimality, while allowing
Computing abstractions of infinite state systems compositionally and automatically
 PROCEEDINGS OF CAV ’98
, 1998
"... We present a method for computing abstractions of infinite state systems compositionally and automatically. Given a concrete system S = S1 k \Delta \Delta \Delta k Sn of programs and given an abstraction function ff, using our method one can compute an abstract system S a = Sa 1 k \Delta \Delta \Del ..."
Abstract

Cited by 98 (5 self)
 Add to MetaCart
We present a method for computing abstractions of infinite state systems compositionally and automatically. Given a concrete system S = S1 k \Delta \Delta \Delta k Sn of programs and given an abstraction function ff, using our method one can compute an abstract system S a = Sa 1 k \Delta \Delta \Delta k S a n such that S simulates S a. A distinguishing feature of our method is that it does not produce a single abstract state graph but rather preserves the structure of the concrete system. This feature is a prerequisite to benefit from the techniques developed in the context of modelchecking for mitigating the state explosion. Moreover, our method has the advantage that the process of constructing the abstract system does not depend on whether the computation model is synchronous or asynchronous.
Utilizing Symmetry when Model Checking under Fairness Assumptions: An Automatatheoretic Approach
, 1999
"... ..."
Compositional Minimisation of Finite State Systems Using Interface Specifications
, 1996
"... We present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps that exploit g ..."
Abstract

Cited by 30 (6 self)
 Add to MetaCart
We present a method for the compositional construction of the minimal transition system that represents the semantics of a given distributed system. Our aim is to control the state explosion caused by the interleavings of actions of communicating parallel components by reduction steps that exploit global communication constraints given in terms of interface specifications. The effect of the method, which is developed for bisimulation semantics here, depends on the structure of the distributed system under consideration, and the accuracy of the interface specifications. However, its correctness is independent of the correctness of the interface specifications provided by the program designer.
FormulaDependent Equivalence for Compositional CTL Model Checking
, 1994
"... . We present a state equivalence that is defined with respect to a given CTL formula. Since it does not attempt to preserve all CTL formulas, like bisimulation does, we can expect to compute coarser equivalences. We use this equivalence to manage the size of the transition relations encountered when ..."
Abstract

Cited by 30 (4 self)
 Add to MetaCart
. We present a state equivalence that is defined with respect to a given CTL formula. Since it does not attempt to preserve all CTL formulas, like bisimulation does, we can expect to compute coarser equivalences. We use this equivalence to manage the size of the transition relations encountered when model checking a system of interacting FSMs. Specifically, the equivalence is used to reduce the size of each component FSM, so that their product will be smaller. We show how to apply the method, whether an explicit representation is used for the FSMs, or BDDs are used. Also, we show that in some cases our approach can detect if a formula passes or fails, without composing all the component machines. The method is exact and fully automatic, and handles full CTL. 1 Introduction Formal design verification is the process of verifying that a design has certain properties that the designer intended. A well known verification technique is computation tree logic (CTL) model checking. In this app...
Partial Model Checking (Extended Abstract)
 In Proceedings, Tenth Annual IEEE Symposium on Logic in Computer Science
, 1995
"... ) Henrik Reif Andersen Department of Computer Science Technical University of Denmark Building 344, DK2800 Lyngby, Denmark. Abstract A major obstacle in applying finitestate model checking to the verification of large systems is the combinatorial explosion of the state space arising when many ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
) Henrik Reif Andersen Department of Computer Science Technical University of Denmark Building 344, DK2800 Lyngby, Denmark. Abstract A major obstacle in applying finitestate model checking to the verification of large systems is the combinatorial explosion of the state space arising when many loosely coupled parallel processes are considered. The problem also known as the stateexplosion problem has been attacked from various sides. This paper presents a new approach based on partial model checking: Parts of the concurrent system are gradually removed while transforming the specification accordingly. When the intermediate specifications constructed in this manner can be kept small, the stateexplosion problem is avoided. Experimental results with a prototype implemented in Standard ML, shows that for Milner's Scheduler  an often used benchmark  this approach improves on the published results on Binary Decision Diagrams and is comparable to results obtained using generalized...
On the Complexity of Branching Modular Model Checking (Extended Abstract)
, 1995
"... In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consid ..."
Abstract

Cited by 19 (9 self)
 Add to MetaCart
In modular verification the specification of a module consists of two parts. One part describes the guaranteed behavior of the module. The other part describes the assumed behavior of the system in which the module is interacting. This is called the assumeguarantee paradigm. In this paper we consider assumeguarantee specifications in which the assumptions and the guarantees are specified by universal branching temporal formulas (i.e., all path quantifiers are universal). Verifying modules with respect to such specifications is called the branching modular modelchecking problem. We consider both ACTL and ACTL*, the universal fragments of CTL and CTL*. We develop two fundamental techniques: building max...
From Bisimulation to Simulation  Coarsest Partition Problems
 J. Automated Reasoning
, 2002
"... The notions of bisimulation and simulation are used for graph reduction and are widely employed in many areas: Modal Logic, Concurrency Theory, Set Theory, Formal Verification, etc. In particular, in the context of Formal Verification they are used to tackle the socalled stateexplosion problem. ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
The notions of bisimulation and simulation are used for graph reduction and are widely employed in many areas: Modal Logic, Concurrency Theory, Set Theory, Formal Verification, etc. In particular, in the context of Formal Verification they are used to tackle the socalled stateexplosion problem.
Verification of InfiniteState Systems by Combining Abstraction and Reachability Analysis
"... ion and Reachability Analysis ? Parosh Aziz Abdulla 1 Aurore Annichini 2 Saddek Bensalem 2 Ahmed Bouajjani 2 Peter Habermehl 3 Yassine Lakhnech 4 1 Dept. of Computer Systems, P.O. Box 325, 75105 Uppsala, Sweden. 2 Verimag, Centre Equation, 2 av. de Vignate, 38610 Gi`eres, France. 3 ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
ion and Reachability Analysis ? Parosh Aziz Abdulla 1 Aurore Annichini 2 Saddek Bensalem 2 Ahmed Bouajjani 2 Peter Habermehl 3 Yassine Lakhnech 4 1 Dept. of Computer Systems, P.O. Box 325, 75105 Uppsala, Sweden. 2 Verimag, Centre Equation, 2 av. de Vignate, 38610 Gi`eres, France. 3 Liafa  Case 7014, 2 place Jussieu, 75251 Paris Cedex 05, France. 4 Institut fur Informatik und Praktishe Mathematik, ChristianAlbrechtsUniversitat zu Kiel, Preußerstr. 19, 24105 Kiel, Germany. Abstract. We address the problem of verifying systems operating on different types of variables ranging over infinite domains. We consider in particular systems modeled by means of extended automata communicating through unbounded fifo channels. We develop a general methodology for analyzing such systems based on combining automatic generation of abstract models (not necessarily finitestate) with symbolic reachability analysis. Reachability analysis procedures allow to verify automatically prope...