Results 1  10
of
699
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract

Cited by 2675 (65 self)
 Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
Parametric Shape Analysis via 3Valued Logic
, 1999
"... Shape Analysis concerns the problem of determining "shape invariants"... ..."
Abstract

Cited by 579 (74 self)
 Add to MetaCart
(Show Context)
Shape Analysis concerns the problem of determining "shape invariants"...
Perspectives on Program Analysis
, 1996
"... eing analysed. On the negative side, the semantic correctness of the analysis is seldom established and therefore there is often no formal justification for the program transformations for which the information is used. The semantics based approach [1; 5] is often based on domain theory in the form ..."
Abstract

Cited by 575 (34 self)
 Add to MetaCart
(Show Context)
eing analysed. On the negative side, the semantic correctness of the analysis is seldom established and therefore there is often no formal justification for the program transformations for which the information is used. The semantics based approach [1; 5] is often based on domain theory in the form of abstract domains modelling sets of values, projections, or partial equivalence relations. The approach tends to focus more directly on discovering the extensional properties of interest: for constant propagation it might operate on sets of values with constancy corresponding to singletons, and for neededness analysis it might perform a strictness analysis and use the strictness information for neededness (or make use of the "absence" notion from projection analysis and attempt to discover the di#erence). On the positive side, this usually gives rise to provably correct analyses, although there are sometimes complications (due to deciding what information to stick onto the
Abstract interpretation of reactive systems: Abstractions preserving 8CTL , 9CTL and CTL
 Proceedings of the IFIP WG2.1/WG2.2/WG2.3 Working Conference on Programming Concepts, Methods and Calculi (PROCOMET), IFIP Transactions
, 1994
"... The advent of ever more complex reactive systems in increasingly critical areas calls for the development of automated verification techniques. Model checking is one such technique, which has proven quite successful. However, the state explosion problem remains the stumbling block in many situations ..."
Abstract

Cited by 259 (12 self)
 Add to MetaCart
(Show Context)
The advent of ever more complex reactive systems in increasingly critical areas calls for the development of automated verification techniques. Model checking is one such technique, which has proven quite successful. However, the state explosion problem remains the stumbling block in many situations. Recent experience indicates that solutions are to be found in the application of techniques for property preserving abstraction and successive approximation of models. Most such applications have so far been based on the propertypreserving characteristics of simulation relations. A major drawback of all these results is that they do not offer a satisfactory formalization of the notions of precision and optimality of abstractions. Furthermore, the use of simulation relations poses difficulties when formalizing the preservation of both existential and universal properties over the same abstract domain. The theory of Abstract Interpretation offers a framework for the definition and justification of property preserving abstractions. Furthermore, it provides a method for the effective computation of abstract models directly from the text of a program, thereby avoiding the need for intermediate storage of a fullblown model. Finally, it formalizes the notion of optimality, while allowing
The Octagon Abstract Domain
"... ... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient re ..."
Abstract

Cited by 253 (24 self)
 Add to MetaCart
... domain for static analysis by abstract interpretation. It extends a former numerical abstract domain based on DifferenceBound Matrices and allows us to represent invariants of the form (±x ± y ≤ c), where x and y are program variables and c is a real constant. We focus on giving an efficient representation based on DifferenceBound Matrices—O(n²) memory cost, where n is the number of variables—and graphbased algorithms for all common abstract operators—O(n³) time cost. This includes a normal form algorithm to test equivalence of representation and a widening operator to compute least fixpoint approximations.
Abstract interpretation frameworks
 Journal of Logic and Computation
, 1992
"... We introduce abstract interpretation frameworks which are variations on the archetypal framework using Galois connections between concrete and abstract semantics, widenings and narrowings and are obtained by relaxation of the original hypotheses. We consider various ways of establishing the correctn ..."
Abstract

Cited by 249 (24 self)
 Add to MetaCart
(Show Context)
We introduce abstract interpretation frameworks which are variations on the archetypal framework using Galois connections between concrete and abstract semantics, widenings and narrowings and are obtained by relaxation of the original hypotheses. We consider various ways of establishing the correctness of an abstract interpretation depending on how the relation between the concrete and abstract semantics is defined. We insist upon those correspondences allowing for the inducing of the approximate abstract semantics from the concrete one. Furthermore we study various notions interpretation.
Interprocedural MayAlias Analysis for Pointers: Beyond klimiting
, 1994
"... Existing methods for alias analysis of recursive pointer data structures are based on two approximation techniques: klimiting, which blurs distinction between subobjects below depth k; and storebased (or equivalently location or regionbased) approximations, which blur distinction between elements ..."
Abstract

Cited by 239 (0 self)
 Add to MetaCart
(Show Context)
Existing methods for alias analysis of recursive pointer data structures are based on two approximation techniques: klimiting, which blurs distinction between subobjects below depth k; and storebased (or equivalently location or regionbased) approximations, which blur distinction between elements of recursive data structures. Although notable progress in interprocedural alias analysis has been recently accomplished, very little progress in the precision of analysis of recursive pointer data structures has been seen since the inception of these approximation techniques by Jones and Muchnick a decade ago. As a result, optimizing, verifying and parallelizing programs with pointers has remained difficult. We present a new parametric framework for analyzing recursive pointer data structures which can express a new natural class of alias information not accessib...
Verification by abstract interpretation
 In Verification: Theory and Practice
, 2003
"... Dedicated to Zohar Manna, for his 2 6 th birthday. Abstract. Abstract interpretation theory formalizes the idea of abstraction of mathematical structures, in particular those involved in the specification of properties and proof methods of computer systems. Verification by abstract interpretation is ..."
Abstract

Cited by 212 (16 self)
 Add to MetaCart
(Show Context)
Dedicated to Zohar Manna, for his 2 6 th birthday. Abstract. Abstract interpretation theory formalizes the idea of abstraction of mathematical structures, in particular those involved in the specification of properties and proof methods of computer systems. Verification by abstract interpretation is illustrated on the particular cases of predicate abstraction, which is revisited to handle infinitary abstractions, and on the new parametric predicate abstraction. 1
A Static Analyzer for Large SafetyCritical Software
, 2003
"... We show that abstract interpretationbased static program analysis can be made e#cient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to p ..."
Abstract

Cited by 199 (43 self)
 Add to MetaCart
(Show Context)
We show that abstract interpretationbased static program analysis can be made e#cient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms. This is achieved by refinement of a general purpose static analyzer and later adaptation to particular programs of the family by the enduser through parametrization. This is applied to the proof of soundness of data manipulation operations at the machine level for periodic synchronous safety critical embedded software. The main novelties are the design principle of static analyzers by refinement and adaptation through parametrization, the symbolic manipulation of expressions to improve the precision of abstract transfer functions, ellipsoid, and decision tree abstract domains, all with sound handling of rounding errors in floating point computations, widening strategies (with thresholds, delayed) and the automatic determination of the parameters (parametrized packing).
Property preserving abstractions for the verification of concurrent systems
 FORMAL METHODS IN SYSTEM DESIGN, VOL 6, ISS
, 1995
"... We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a ..."
Abstract

Cited by 142 (6 self)
 Add to MetaCart
(Show Context)
We study property preserving transformations for reactive systems. The main idea is the use of simulations parameterized by Galois connections ( �), relating the lattices of properties of two systems. We propose and study a notion of preservation of properties expressed by formulas of a logic, by a function mapping sets of states of a system S into sets of states of a system S'. We give results on the preservation of properties expressed in sublanguages of the branching timecalculus when two systems S and S' are related via h � isimulations. They can be used to verify a property for a system by verifying the same property on a simpler system which is an abstraction of it. We show also under which conditions abstraction of concurrent systems can be computed from the abstraction of their components. This allows a compositional application of the proposed verification method. This is a revised version of the papers [2] and [16] � the results are fully developed in [27].