Results 1  10
of
23
Slicing Software for Model Construction
 Higherorder and Symbolic Computation
, 1999
"... Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very cos ..."
Abstract

Cited by 88 (16 self)
 Add to MetaCart
Applying finitestate verification techniques (e.g., model checking) to software requires that program source code be translated to a finitestate transition system that safely models program behavior. Automatically checking such a transition system for a correctness property is typically very costly, thus it is necessary to reduce the size of the transition system as much as possible. In fact, it is often the case that much of a program's source code is irrelevant for verifying a given correctness property. In this paper, we apply program slicing techniques to remove automatically such irrelevant code and thus reduce the size of the corresponding transition system models. We give a simple extension of the classical slicing definition, and prove its safety with respect to model checking of linear temporal logic (LTL) formulae. We discuss how this slicing strategy fits into a general methodology for deriving effective software models using abstractionbased program specializati...
Equational abstractions
 of LNCS
, 2003
"... Abstract. Abstraction reduces the problem of whether an infinite state system satisfies version. The most common abstractions are quotients of the original system. We present a simple method of defining quotient abstractions by means of equations collapsing the set of states. Our method yields the m ..."
Abstract

Cited by 26 (12 self)
 Add to MetaCart
Abstract. Abstraction reduces the problem of whether an infinite state system satisfies version. The most common abstractions are quotients of the original system. We present a simple method of defining quotient abstractions by means of equations collapsing the set of states. Our method yields the minimal quotient system together with a set of proof obligations that guarantee its executability and can be discharged with tools such as those in the Maude formal environment.
A gamebased framework for CTL counterexamples and 3valued abstractionrefinement
 In Computer Aided Verification (CAV), LNCS 2725
, 2003
"... Abstract. This work exploits and extends the gamebased framework of CTL model checking for counterexample and incremental abstractionrefinement. We define a gamebased CTL model checking for abstract models over the 3valued semantics, which can be used for verification as well as refutation. The ..."
Abstract

Cited by 24 (6 self)
 Add to MetaCart
Abstract. This work exploits and extends the gamebased framework of CTL model checking for counterexample and incremental abstractionrefinement. We define a gamebased CTL model checking for abstract models over the 3valued semantics, which can be used for verification as well as refutation. The model checking may end with an indefinite result, in which case we suggest a new notion of refinement, which eliminates indefinite results of the model checking. This provides an iterative abstractionrefinement framework. It is enhanced by an incremental algorithm, where refinement is applied only where indefinite results exist and definite results from prior iterations are used within the model checking algorithm. We also define the notion of annotated counterexamples, which are sufficient and minimal counterexamples for full CTL. We present an algorithm that uses the game board of the model checking game to derive an annotated counterexample in case the examined system model refutes the checked formula. 1
asowski. 20 years of modal and mixed specifications
 Bull. Eur. Assoc. Theor. Comput. Sci. EATCS
"... Twenty years ago, modal and mixed specifications were proposed as abstract models of system behavior. In this paper, we explain the nature and utility of such specifications, relate them to other formalisms, showcase some of their established applications, and mention some existing tool support. We ..."
Abstract

Cited by 16 (4 self)
 Add to MetaCart
Twenty years ago, modal and mixed specifications were proposed as abstract models of system behavior. In this paper, we explain the nature and utility of such specifications, relate them to other formalisms, showcase some of their established applications, and mention some existing tool support. We also present some recent complexity results for decision problems underlying such applications and list some remaining open problems. 1
Abstraction of Communication Channels in Promela: a Case Study
 In Proc. 7th SPIN Workshop, LNCS 1885
, 2000
"... . We present a case study of how abstractions can be applied to a protocol model, written in Promela, in order to make in amenable for exhaustive statespace exploration, e.g., by SPIN. The protocol is a simple version of the FivePacket Handshake Protocol, which is used in TCP for transmission o ..."
Abstract

Cited by 11 (0 self)
 Add to MetaCart
. We present a case study of how abstractions can be applied to a protocol model, written in Promela, in order to make in amenable for exhaustive statespace exploration, e.g., by SPIN. The protocol is a simple version of the FivePacket Handshake Protocol, which is used in TCP for transmission of single messages. We present techniques for abstracting from actual values of messages, sequence numbers, and identi#ers in the protocol. Instead, an abstract model of the protocol is constructed of variables which record whether variables and parameters of messages are equal or unequal. The abstraction works because the protocol handles identi#ers and parameters of messages in a simple way. The abstracted model contains only on the order of a thousand states, and safety properties have been analyzed by SPIN. 1 Introduction When trying to analyze any reasonable communication protocol using a modelchecker, one of the biggest problems is to model it in suchaway that the modelchecker ...
A Framework for Automatic Construction of Abstract Promela Models
 In Proceedingsof the 6th International SPIN Workshop(SPIN'6), volume 1680 of LNCS
, 1999
"... Abstract. One of the current trends in model checking for the verification of concurrent systems is to reduce the state space produced by the model, and one of the more promising ways to achieve this objective is to support some kind of automatic construction of more abstract models. This paper pres ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
Abstract. One of the current trends in model checking for the verification of concurrent systems is to reduce the state space produced by the model, and one of the more promising ways to achieve this objective is to support some kind of automatic construction of more abstract models. This paper presents a proposal in this direction. The main contribution of the paper is the definition of a semantics framework which allows us to relate different models of the system, each one with a particular abstraction level. Automatic sourcetosource transformation is supported by this formal basis. The method is applied to Promela models. 1
The STSLib Project: Towards a Formal Component Model Based on STS 1
"... We present the current state of our STSLib project. This project aims at defining an environment to formally specify and execute software components. One important feature is that our components are equipped with a protocol description, namely a Symbolic Transition System. These descriptions glue to ..."
Abstract

Cited by 6 (0 self)
 Add to MetaCart
We present the current state of our STSLib project. This project aims at defining an environment to formally specify and execute software components. One important feature is that our components are equipped with a protocol description, namely a Symbolic Transition System. These descriptions glue together a protocol with guards and input/output notations and a data type part. These sophisticated protocols are wellsuited to the design of concurrent and communicating systems but verification remains a difficult challenge. We expect to narrow the gap between the design level and the programming level by providing a runtime support for STS. We give in this paper the main objectives of the STSLib project and overview the current implementation. We address here the component model description, a specific approach to verify these systems and the operational interpreter to execute them. These features are illustrated on a cash point case study.
Improved Model Checking of Hierarchical Systems
, 2009
"... We present a unified gamebased approach for branchingtime model checking of hierarchical systems. Such systems are exponentially more succinct than standard statetransition graphs, as repeated subsystems are described only once. Early work on model checking of hierarchical systems shows that one ..."
Abstract

Cited by 6 (3 self)
 Add to MetaCart
We present a unified gamebased approach for branchingtime model checking of hierarchical systems. Such systems are exponentially more succinct than standard statetransition graphs, as repeated subsystems are described only once. Early work on model checking of hierarchical systems shows that one can do better than a naive algorithm that “flattens ” the system and removes the hierarchy. Given a hierarchical system S and a branchingtime specification ψ for it, we reduce the modelchecking problem (does S satisfy ψ?) to the problem of solving a hierarchical game obtained by taking the product of S with an alternating tree automaton Aψ for ψ. Our approach leads to clean, uniform, and improved modelchecking algorithms for a variety of branchingtime temporal logics. In particular, by improving the algorithm for solving hierarchical parity games, we are able to solve the modelchecking problem for the µcalculus in Pspace and time complexity that is only polynomial in the depth of the hierarchy. Our approach also leads to an abstractionrefinement paradigm for hierarchical systems. The abstraction maintains the hierarchy, and is obtained by merging both states and subsystems into abstract states.
A Unifying Framework for Model Checking Labeled Kripke Structures, Modal Transition Systems, and Interval Transition Systems
 In Proceedings of the 19th International Conference on the Foundations of Software Technology & Theoretical Computer Science
, 1999
"... . We build on the established work on modal transition systems and probabilistic specifications to sketch a framework in which system description, abstraction, and finitestate model checking all have a uniform presentation across various levels of qualitative and quantitative views together with me ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
. We build on the established work on modal transition systems and probabilistic specifications to sketch a framework in which system description, abstraction, and finitestate model checking all have a uniform presentation across various levels of qualitative and quantitative views together with mediating abstraction and concretization maps. We prove safety results for abstractions within and across such views for the entire modal mucalculus and show that such abstractions allow for some compositional reasoning with respect to a uniform family of process algebras `a la CCS. 1 Introduction and Motivation Process algebras such as Milner's CCS [16] and modular guarded command languages such as McMillan's SMV [15] are important description languages for a wide range of computer systems. The operational meaning of such descriptions is typically captured by a triple M = (S; R; L), where S is a set of states, R the statetransition relation, and L contains atomic state information; the lat...
Comparing Under and OverApproximations of LTL Properties for Model Checking
, 2002
"... The clE#(N method for abstracting temporal properties when realG ing abstract model checking is based on defining an abstract satisfiabil= y rel ation which underapproximates the standard one. As a consequence, satisfiabil# y of universal properties is directl y preserved from the abstract model to ..."
Abstract

Cited by 3 (3 self)
 Add to MetaCart
The clE#(N method for abstracting temporal properties when realG ing abstract model checking is based on defining an abstract satisfiabil= y rel ation which underapproximates the standard one. As a consequence, satisfiabil# y of universal properties is directl y preserved from the abstract model to the concrete one. However, this resul t may be impractical due to the imprecision and incompl eteness with which abstract model s are usual l y constructed. Thus, in the case a model checking tool supporting abstract model checking gives a negative answer, the user must anal yze the counterexampl es produced to decide whether the property real l y fail s or, on the contrary, the abstract model is too imprecise to obtain a definitive resulG We have devel oped analE rnative method for abstracting temporal properties based on the idea of overapproximation. In this paper, we compare these two methods with respect to the satisfiabil) y/refutation of universal# xistential properties, proving that they produce compl ementary resul ts. Final l y, we study the conditions which ensure that the method based on overapproximation al so produces definitive answers when anal yzing universal properties. 1 Introducti Checki ng [1] representso ne o the moH useful resultso f almo0 twenty yearso f research in fo rmal metho ds to increase the qualityo f so ftware and o ther related systems. Amo del checker wo rks with a high level descriptio no This research is partial l y supported by the CICYT projects TIC20012705C0302 and TIC991083C0201.