A Forward-Backward Abstraction Refinement Algorithm

Abstraction refinement-based model checking has become a standard approach for efficiently verifying safety properties of hardware/software systems. Abstraction refinement algorithms can be guided by counterexamples generated from abstract transition systems or by fixpoints computed in abstract domains. Cousot, Ganty and Raskin recently put forward a new fixpoint-guided abstraction refinement algorithmthat is based on standard abstract interpretation and improves the state-of-the-art, also for counterexample-driven methods. This work presents a new fixpoint-guided abstraction refinement algorithm that enhances the Cousot-Ganty-Raskin's procedure. Our algorithm is based on three main ideas: (1) within each abstraction refinement step, we perform multiple forward-backward abstract state space traversals; (2) our abstraction is a disjunctive abstract domain that is used both as an overapproximation and an underapproximation; (3) we maintain and iteratively refine an overapproximation M of the set of states that belong to some minimal (i.e. shortest) counterexample to the given safety property so that each abstract state space traversal is limited to the states in M.

[1]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[2]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[3]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[4]  Stephan Merz,et al.  Model Checking , 2000 .

[5]  Patrick Cousot,et al.  Fixpoint-Guided Abstraction Refinements , 2007, SAS.

[6]  Francesco Ranzato,et al.  An Abstract Interpretation-Based Refinement Algorithm for Strong Preservation , 2005, TACAS.

[7]  Patrick Cousot,et al.  Refining Model Checking by Abstract Interpretation , 2004, Automated Software Engineering.

[8]  Helmut Veith,et al.  Progress on the State Explosion Problem in Model Checking , 2001, Informatics.

[9]  Sriram K. Rajamani,et al.  Counterexample Driven Refinement for Abstract Interpretation , 2006, TACAS.

[10]  Jetty Kleijn,et al.  Petri Nets and Other Models of Concurrency - ICATPN 2007, 28th International Conference on Applications and Theory of Petri Nets and Other Models of Concurrency, ICATPN 2007, Siedlce, Poland, June 25-29, 2007, Proceedings , 2007, ICATPN.

[11]  Pierre Ganty,et al.  From Many Places to Few: Automatic Abstraction Refinement for Petri Nets , 2008, Fundam. Informaticae.

[12]  Harald Ganzinger,et al.  Programs as Data Objects , 1986, Lecture Notes in Computer Science.

[13]  Alex Groce,et al.  Modular verification of software components in C , 2003, 25th International Conference on Software Engineering, 2003. Proceedings..

[14]  Philippe Schnoebelen,et al.  Well-structured transition systems everywhere! , 2001, Theor. Comput. Sci..

[15]  Patrick Cousot,et al.  Abstract Interpretation and Application to Logic Programs , 1992, J. Log. Program..

[16]  P. Cousot Thesis: These d'Etat es sciences mathematiques: Methodes iteratives de construction et d'approximation de points fixes d'operateurs monotones sur un treillis, analyse semantique de programmes (in French) , 1978 .

[17]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[18]  Patrick Cousot,et al.  Méthodes itératives de construction et d'approximation de points fixes d'opérateurs monotones sur un treillis, analyse sémantique des programmes , 1978 .

[19]  Thomas A. Henzinger,et al.  Abstract Counterexample-Based Refinement for Powerset Domains , 2006, Program Analysis and Compilation.

[20]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[21]  Reinhard Wilhelm Informatics - 10 Years Back. 10 Years Ahead , 2001, Informatics - 10 Years Back. 10 Years Ahead..

[22]  J. Raskin,et al.  The Fixpoint checking problem: an abstraction refinement perspective , 2007 .

[23]  Thomas Reps,et al.  Program Analysis and Compilation, Theory and Practice, Essays Dedicated to Reinhard Wilhelm on the Occasion of His 60th Birthday , 2007, Program Analysis and Compilation.

[24]  Patrick Cousot,et al.  Systematic design of program analysis frameworks , 1979, POPL.

[25]  Pierre Ganty,et al.  A Complete Abstract Interpretation Framework for Coverability Properties of Wsts , 2006 .

[26]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[27]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[28]  Damien Massé,et al.  Combining Forward and Backward Analyses of Temporal Properties , 2001, PADO.