Results 1  10
of
29
Slicing Software for Model Construction
 Higherorder and Symbolic Computation
, 1999
"... Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very cos ..."
Abstract

Cited by 105 (18 self)
 Add to MetaCart
(Show Context)
Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very costly, thus it is necessary to reduce the size of the transition system as much as possible. In fact, it is often the case that much of a program's source code is irrelevant for verifying a given correctness property. In this paper, we apply program slicing techniques to remove automatically such irrelevant code and thus reduce the size of the corresponding transition system models. We give a simple extension of the classical slicing definition, and prove its safety with respect to model checking of linear temporal logic (LTL) formulae. We discuss how this slicing strategy fits into a general methodology for deriving effective software models using abstractionbased program specializati...
Equational abstractions
 of LNCS
, 2003
"... Abstract. Abstraction reduces the problem of whether an infinite state system satisfies version. The most common abstractions are quotients of the original system. We present a simple method of defining quotient abstractions by means of equations collapsing the set of states. Our method yields the m ..."
Abstract

Cited by 41 (14 self)
 Add to MetaCart
(Show Context)
Abstract. Abstraction reduces the problem of whether an infinite state system satisfies version. The most common abstractions are quotients of the original system. We present a simple method of defining quotient abstractions by means of equations collapsing the set of states. Our method yields the minimal quotient system together with a set of proof obligations that guarantee its executability and can be discharged with tools such as those in the Maude formal environment.
A gamebased framework for CTL counterexamples and 3valued abstractionrefinement
 In Computer Aided Verification (CAV), LNCS 2725
, 2003
"... Abstract. This work exploits and extends the gamebased framework of CTL model checking for counterexample and incremental abstractionrefinement. We define a gamebased CTL model checking for abstract models over the 3valued semantics, which can be used for verification as well as refutation. The ..."
Abstract

Cited by 27 (6 self)
 Add to MetaCart
(Show Context)
Abstract. This work exploits and extends the gamebased framework of CTL model checking for counterexample and incremental abstractionrefinement. We define a gamebased CTL model checking for abstract models over the 3valued semantics, which can be used for verification as well as refutation. The model checking may end with an indefinite result, in which case we suggest a new notion of refinement, which eliminates indefinite results of the model checking. This provides an iterative abstractionrefinement framework. It is enhanced by an incremental algorithm, where refinement is applied only where indefinite results exist and definite results from prior iterations are used within the model checking algorithm. We also define the notion of annotated counterexamples, which are sufficient and minimal counterexamples for full CTL. We present an algorithm that uses the game board of the model checking game to derive an annotated counterexample in case the examined system model refutes the checked formula. 1
asowski. 20 years of modal and mixed specifications
 Bull. Eur. Assoc. Theor. Comput. Sci. EATCS
"... Twenty years ago, modal and mixed specifications were proposed as abstract models of system behavior. In this paper, we explain the nature and utility of such specifications, relate them to other formalisms, showcase some of their established applications, and mention some existing tool support. We ..."
Abstract

Cited by 27 (5 self)
 Add to MetaCart
Twenty years ago, modal and mixed specifications were proposed as abstract models of system behavior. In this paper, we explain the nature and utility of such specifications, relate them to other formalisms, showcase some of their established applications, and mention some existing tool support. We also present some recent complexity results for decision problems underlying such applications and list some remaining open problems. 1
The STSLIB Project: Towards a Formal Component Model Based
 on STS. Formal Aspect of Component Software Workshop
, 2007
"... We present the current state of our STSLib project. This project aims at defining an environment to formally specify and execute software components. One important feature is that our components are equipped with a protocol description, namely a Symbolic Transition System. These descriptions glue to ..."
Abstract

Cited by 12 (3 self)
 Add to MetaCart
(Show Context)
We present the current state of our STSLib project. This project aims at defining an environment to formally specify and execute software components. One important feature is that our components are equipped with a protocol description, namely a Symbolic Transition System. These descriptions glue together a protocol with guards and input/output notations and a data type part. These sophisticated protocols are wellsuited to the design of concurrent and communicating systems but verification remains a difficult challenge. We expect to narrow the gap between the design level and the programming level by providing a runtime support for STS. We give in this paper the main objectives of the STSLib project and overview its current state. We address the formal description of a component model, a specific approach to verify these systems and a survey of the operational level to execute them. These features are illustrated on a cash point case study.
Improved Model Checking of Hierarchical Systems
, 2009
"... We present a unified gamebased approach for branchingtime model checking of hierarchical systems. Such systems are exponentially more succinct than standard statetransition graphs, as repeated subsystems are described only once. Early work on model checking of hierarchical systems shows that one ..."
Abstract

Cited by 11 (7 self)
 Add to MetaCart
(Show Context)
We present a unified gamebased approach for branchingtime model checking of hierarchical systems. Such systems are exponentially more succinct than standard statetransition graphs, as repeated subsystems are described only once. Early work on model checking of hierarchical systems shows that one can do better than a naive algorithm that “flattens ” the system and removes the hierarchy. Given a hierarchical system S and a branchingtime specification ψ for it, we reduce the modelchecking problem (does S satisfy ψ?) to the problem of solving a hierarchical game obtained by taking the product of S with an alternating tree automaton Aψ for ψ. Our approach leads to clean, uniform, and improved modelchecking algorithms for a variety of branchingtime temporal logics. In particular, by improving the algorithm for solving hierarchical parity games, we are able to solve the modelchecking problem for the µcalculus in Pspace and time complexity that is only polynomial in the depth of the hierarchy. Our approach also leads to an abstractionrefinement paradigm for hierarchical systems. The abstraction maintains the hierarchy, and is obtained by merging both states and subsystems into abstract states.
A Framework for Automatic Construction of Abstract Promela Models
 In Proceedingsof the 6th International SPIN Workshop(SPIN'6), volume 1680 of LNCS
, 1999
"... Abstract. One of the current trends in model checking for the verification of concurrent systems is to reduce the state space produced by the model, and one of the more promising ways to achieve this objective is to support some kind of automatic construction of more abstract models. This paper pres ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
Abstract. One of the current trends in model checking for the verification of concurrent systems is to reduce the state space produced by the model, and one of the more promising ways to achieve this objective is to support some kind of automatic construction of more abstract models. This paper presents a proposal in this direction. The main contribution of the paper is the definition of a semantics framework which allows us to relate different models of the system, each one with a particular abstraction level. Automatic sourcetosource transformation is supported by this formal basis. The method is applied to Promela models. 1
On Translation Validation for System Abstractions
 In: RV 2007
, 2007
"... Abstract. Abstraction is intensively used in the verification of large, complex or infinitestate systems. With abstractions getting more complex it is often difficult to see whether they are valid. However, for using abstraction in model checking it has to be ensured that properties are preserved. ..."
Abstract

Cited by 6 (4 self)
 Add to MetaCart
(Show Context)
Abstract. Abstraction is intensively used in the verification of large, complex or infinitestate systems. With abstractions getting more complex it is often difficult to see whether they are valid. However, for using abstraction in model checking it has to be ensured that properties are preserved. In this paper, we use a translation validation approach to verify property preservation of system abstractions. We formulate a correctness criterion based on simulation between concrete and abstract system for a property to be verified. For each distinct run of the abstraction procedure the correctness is verified in the theorem prover Isabelle/HOL. This technique is applied in the verification of adaptive embedded systems. 1
A Unifying Framework for Model Checking Labeled Kripke Structures, Modal Transition Systems, and Interval Transition Systems
 In Proceedings of the 19th International Conference on the Foundations of Software Technology & Theoretical Computer Science
, 1999
"... . We build on the established work on modal transition systems and probabilistic specifications to sketch a framework in which system description, abstraction, and finitestate model checking all have a uniform presentation across various levels of qualitative and quantitative views together with me ..."
Abstract

Cited by 5 (4 self)
 Add to MetaCart
(Show Context)
. We build on the established work on modal transition systems and probabilistic specifications to sketch a framework in which system description, abstraction, and finitestate model checking all have a uniform presentation across various levels of qualitative and quantitative views together with mediating abstraction and concretization maps. We prove safety results for abstractions within and across such views for the entire modal mucalculus and show that such abstractions allow for some compositional reasoning with respect to a uniform family of process algebras `a la CCS. 1 Introduction and Motivation Process algebras such as Milner's CCS [16] and modular guarded command languages such as McMillan's SMV [15] are important description languages for a wide range of computer systems. The operational meaning of such descriptions is typically captured by a triple M = (S; R; L), where S is a set of states, R the statetransition relation, and L contains atomic state information; the lat...