Results 1 
7 of
7
Counterexampleguided Abstraction Refinement
, 2000
"... We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symb ..."
Abstract

Cited by 663 (62 self)
 Add to MetaCart
(Show Context)
We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techniques which analyze such counterexamples and refine the abstract model correspondingly.
Progress on the State Explosion Problem in Model Checking
, 2000
"... Model checking is an automatic verification technique for finite state concurrent systems. In this approach to verification, temporal logic specifications are checked by an exhaustive search of the state space of the concurrent system. Since the size of the state space grows exponentially with th ..."
Abstract

Cited by 18 (1 self)
 Add to MetaCart
Model checking is an automatic verification technique for finite state concurrent systems. In this approach to verification, temporal logic specifications are checked by an exhaustive search of the state space of the concurrent system. Since the size of the state space grows exponentially with the number of processes, model checking techniques based on explicit state enumeration can only handle relatively small examples. This phenomenon is commonly called the "State Explosion Problem". Over the past ten years considerable progress has been made on this problem by (1) representing the state space symbolically using BDDs and by (2) using abstraction to reduce the size of the state space that must be searched. As a result model checking has been used successfully to find extremely subtle errors in hardware controllers and communication protocols. In spite of these successes, however, additional research is needed to handle large designs of industrial complexity. This aim of this paper is to give a succinct survey of symbolic model checking and to introduce the reader to recent advances in abstraction. 1
Counterexamples revisited: Principles, algorithms, applications
 In Verification: Theory and Practice, volume 2772 of LNCS
, 2003
"... Abstract. Algorithmic counterexample generation is a central feature of model checking which sets the method apart from other approaches such as theorem proving. The practical value of counterexamples to the verification engineer is evident, and for many years, counterexample generation algorithms ..."
Abstract

Cited by 14 (1 self)
 Add to MetaCart
(Show Context)
Abstract. Algorithmic counterexample generation is a central feature of model checking which sets the method apart from other approaches such as theorem proving. The practical value of counterexamples to the verification engineer is evident, and for many years, counterexample generation algorithms have been employed in model checking systems, even though they had not been subject to an adequate fundamental investigation. Recent advances in model checking technology such as counterexampleguided abstraction refinement have put strong emphasis on counterexamples, and have lead to renewed interest both in fundamental and pragmatic aspects of counterexample generation. In this paper, we survey several key contributions to the subject including symbolic algorithms, results about the graphtheoretic structure of counterexamples, and applications to automated abstraction as well as software verification. Irrefutability is not a virtue of a theory (as people often think) but a vice.
Compositional Verification of Secure Applet Interactions
 Fundamental Approaches to Software Engineering (FASE'02), number 2306 in LNCS
, 2002
"... Recent developments in mobile code and embedded systems have lead to an increased interest in open platforms, i.e. platforms which enable different applications to interact in a dynamic environment. However, the flexibility of open platforms presents major difficulties for the (formal) verification ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
Recent developments in mobile code and embedded systems have lead to an increased interest in open platforms, i.e. platforms which enable different applications to interact in a dynamic environment. However, the flexibility of open platforms presents major difficulties for the (formal) verification of secure interaction between the different applications. To overcome these difficulties, compositional verification techniques are required. This paper presents a compositional approach to the specification and verification of secure applet interactions. This approach involves a compositional model of the interface behavior of applet interactions, a temporal logic property specification language, and a proof system for proving correctness of property decompositions. The usability of the approach is demonstrated on a realistic smartcard case study.
Automatic Abstraction in Model Checking
, 2000
"... As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale become ..."
Abstract

Cited by 4 (0 self)
 Add to MetaCart
(Show Context)
As technology advances and demand for higher performance increases hardware designs are becoming more and more sophisticated. A typical chip design may contain over ten million switching devices. Since the systems become more and more complex, detecting design errors for systems of such scale becomes extremely difficult. Formal verification methodologies can potentially catch subtle design errors. However, many stateoftheart formal verification tools suffer from the state explosion problem. This thesis explores abstraction techniques to avoid the state explosion problem. In our methodology, atomic formulas extracted from an SMVlike concurrent program are used to construct abstraction functions. The initial abstract structure is built by using existential abstraction techniques. When the model checker disproves a universal property on the abstract structure, it generates a counterexample. However, this abstract counterexample might be spurious because abstraction is not complete. We provide a new symbolic algorithm to determine whether an abstract counterexample is spurious. When a counterexample is identified to be spurious, the algorithm will compute the shortest prefix of the abstract counterexample that does not correspond to an actual trace in the concrete model. The last abstract state in this prefix is split into less abstract states so that the spurious counterexample is eliminated. Thus, a more refined abstraction function is obtained. It is usually desirable to obtain the coarsest refinement which eliminates the counterexample because this corresponds to the smallest abstract model that avoids the spurious counterexample. We prove, however, that finding the coarsest refinement is NPhard. Because of this, we use a polynomialtime algorithm which gives a su...
ModelChecking with Insufficient Memory Resources
"... Abstract. Resource limitations is a major problem in model checking. Space and time requirements of modelchecking algorithms grow exponentially with respect to the number of variables and parallel automata of the analyzed model. We present a method that is the result of experiences from a case stud ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. Resource limitations is a major problem in model checking. Space and time requirements of modelchecking algorithms grow exponentially with respect to the number of variables and parallel automata of the analyzed model. We present a method that is the result of experiences from a case study. It has enabled us to analyze models with much bigger statespaces than what was possible without our method. The basic idea is to build partitions of the statespace of an analyzed system by iterative invocations of a modelchecker. In each iteration the partitions are extended to represent a larger part of the state space, and if needed the partitions are further partitioned. Thereby the analysis problem is divided into a set of subproblems that can be analyzed independently of each other. We present how the method, implemented as a meta algorithm ontop of the Uppaal tool, has been applied in the case study. 1