Abstraction for Branching Time Properties

Effective program abstraction is needed to successfully apply model checking in practice. This paper studies the question of constructing abstractions that preserve branching time properties. The key challenge is to simultaneously preserve the existential and universal aspects of a property, without relying on bisimulation. To achieve this, our method abstracts an alternating transition system (ATS) formed by the product of a program with an alternating tree automaton for a property. The AND-OR distinction in the ATS is used to guide the abstraction, weakening the transition relation at AND states, and strengthening it at OR states. We show semantic completeness: i.e., whenever a program satisfies a property, this can be shown using a finite-state abstract ATS produced by the method. To achieve completeness, the method requires choice predicates that help resolve nondeterminism at OR states, and rank functions that help preserve progress properties. Specializing this result to predicate abstraction, we obtain exact characterizations of the types of properties provable with these methods.

[1]  Kedar S. Namjoshi,et al.  Lifting Temporal Proofs through Abstractions , 2002, VMCAI.

[2]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[3]  Yassine Lakhnech,et al.  InVeST: A Tool for the Verification of Invariants , 1998, CAV.

[4]  Kedar S. Namjoshi,et al.  Syntactic Program Transformations for Automatic Abstraction , 2000, CAV.

[5]  Thomas A. Henzinger,et al.  Alternating-time temporal logic , 1999 .

[6]  Henny B. Sipma,et al.  Deductive Model Checking , 1996, Formal Methods Syst. Des..

[7]  Klaus Havelund,et al.  Model checking programs , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[8]  Kedar S. Namjoshi,et al.  Certifying Model Checkers , 2001, CAV.

[9]  E. Allen Emerson,et al.  The Propositional Mu-Calculus is Elementary , 1984, ICALP.

[10]  Patrice Godefroid,et al.  Generalized Model Checking: Reasoning about Partial State Spaces , 2000, CONCUR.

[11]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[12]  Dexter Kozen,et al.  RESULTS ON THE PROPOSITIONAL’p-CALCULUS , 2001 .

[13]  Gerard J. Holzmann,et al.  Automating software feature verification , 2000, Bell Labs Technical Journal.

[14]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[15]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[16]  Sriram K. Rajamani,et al.  The SLAM Toolkit , 2001, CAV.

[17]  Nicolas Halbwachs,et al.  Minimal Model Generation , 1990, CAV.

[18]  Rance Cleaveland,et al.  Optimality in Abstractions of Model Checking , 1995, SAS.

[19]  E. Emerson,et al.  Tree Automata, Mu-Calculus and Determinacy (Extended Abstract) , 1991, FOCS 1991.

[20]  Radha Jagadeesan,et al.  Abstraction-Based Model Checking Using Modal Transition Systems , 2001, CONCUR.

[21]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[22]  Dennis Dams,et al.  Abstract interpretation and partition refinement for model checking , 1996 .

[23]  Andreas Podelski,et al.  Relative Completeness of Abstraction Refinement for Software Model Checking , 2002, TACAS.

[24]  Dexter Kozen,et al.  Results on the Propositional µ-Calculus , 1982, ICALP.

[25]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.

[26]  Amir Pnueli,et al.  Verification by Augmented Finitary Abstraction , 2000, Inf. Comput..

[27]  David Lee,et al.  Online minimization of transition systems (extended abstract) , 1992, STOC '92.

[28]  Henny B. Sipma,et al.  Generalized Temporal Verification Diagrams , 1995, FSTTCS.

[29]  A. Prasad Sistla,et al.  On Model-Checking for Fragments of µ-Calculus , 1993, CAV.

[30]  Amir Pnueli,et al.  Verification by Augmented Abstraction: The Automata-Theoretic View , 2001, J. Comput. Syst. Sci..

[31]  Robin Milner,et al.  An Algebraic Definition of Simulation Between Programs , 1971, IJCAI.

[32]  Zohar Manna,et al.  Abstraction-based deductive-algorithmic verification of reactive systems , 2001 .

[33]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.