J. Lind-Nielsen and H. R. Andersen. Stepwise CTL model checking of state/event systems. In Computer Aided Verification, pages 316--327, 1999.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....to iterative abstraction refinement. This consists of three basic steps: abstract the design s model, analyze the counterexample, refine the abstraction (see Figure 1) Starting with Balarin and Sangiovanni Vincentelli [2] researchers described several ways in which these steps can be automated [11, 25, 31, 28, 10, 30, 17, 38] (see Related Work) In this paper, we describe a completely automated prototype framework for iterative abstraction refinement that is integrated into a formal verification environment consisting of three basic software tools: Forecast, a BDD based model checker [16] Thunder, a SAT based ....

....property being checked. In doing so, they create an overapproximation, as the abstract model might introduce spurious behaviors that were not present in the concrete one. A significant effort has been invested in automating the whole process, resulting in various iterative refinement frameworks [25, 2, 26, 31, 32, 28, 22, 10, 17, 38, 35]. We now discuss some of these works. An early such framework is the localization reduction of Kurshan [25] defined in the context of regular language containment, and implemented in COSPAN [19] This reduction keeps the nodes (both latches and intermediate nodes) that are topologically close ....

J. Lind-Nielsen and H.R. Andersen. Stepwise CTL model checking of state/event systems. In CAV'99, volume 1633 of LNCS, pages 316--327. Springer-Verlag, 1999.

....upon the reduction technique by starting from a small portion of the dependency closure. When model checking fails to produce a satisfactory answer, they extend the abstract model by adding more variables from the closure. This process is repeated until a de nite yes no answer is produced [1, 9, 10, 11]. While the rst drawback has been addressed by these algorithms, the second drawback remains unresolved. In this paper, w e presentalazy model checking approach that simultaneously solves the tw o problems by closely tying the abstraction of a model to each pre image computation in the model ....

J. Lind-Nielsen and H. Andersen. Stepwise CTL model checking of state/event systems. In CAV'99, 1999.

....many degrees of abstraction for each variable. Therefore, in the refinement step only very small and local changes to the abstraction functions are necessary and the abstract model remains comparatively small. Another refinement technique has recently been proposed by Lind Nielson and Andersen [17]. Their model checker uses upper and lower approximations in order to handle all of CTL. Their approximation techniques enable them to avoid rechecking the entire model after each refinement step while guaranteeing completeness. As in [2, 14] the variable dependency graph is used both to obtain ....

....Variables. In addition to the methods of Section 4.1, we completely abstract variables whose distance from the specification in the variable dependency graph is greater than a user defined constant. Note that the variable dependency graph is also used for this purpose in the localization reduction [2, 14, 17] in a similar way. However, the refinement process of the localization reduction [14] can only turn a completely abstracted variable into a completely unabstracted variable, while our method uses intermediate abstraction functions. 6 Experimental Results We have implemented our methodology in ....

J. Lind-Nielsen and H. R. Andersen. Stepwise CTL model checking of state/event systems. In Computer-Aided Verification, volume 1633 of LNCS, pages 316--327. Springer Verlag, 1999.

....the counterexample. They add this set of predicates as a new constraint to the abstract model. Previous work on abstraction by making variables invisible (this technique was used under di erent names in the past) include the localization reduction of Kurshan [8] and many others (see, for example [1, 9]) The localization reduction follows the typical abstraction re nement iterative process. It starts by making all but the property variables invisible. When a spurious counterexample is identi ed, it re nes the system by making more variables visible. The variables made visible are selected ....

J. Lind-Nielsen and H. Andersen. Stepwise CTL model checking of state/event systems. (CAV'99).

....described in Section 2. Note that the localization technique either leaves a variable unchanged or replaces it by a non deterministic abstraction. A similar approach is described by Balarin and Sangiovanni Vincentelli [2] Another refinement technique has been proposed by LindNelson and Andersen [14]. They use under and over approximation in order to handle all CTL. Their approximation techniques enable them to avoid rechecking the entire model after each refinement step while guaranteeing completeness. There are abstraction refinement techniques that do not use counterexamples to refine the ....

J. Lind-Nielsen and H. Andersen. Stepwise ctl model checking of state/event systems. In Computer Aided Verification, pages 316--327, 1999.

....the abstract model remains comparatively small. Recently, Lakhnech and his colleagues have also used counterexamples to refine abstraction for infinite systems [69] 1.3. 3 Other abstraction refinement techniques Another refinement technique has recently been proposed by Lind Nielson and Andersen [72, 73]. Their model checker uses upper and lower approximations in order to handle all of CTL. Their approximation techniques enable them to avoid rechecking the entire model after each refinement step while guaranteeing completeness. As in [5, 68] the variable dependency graph is used to obtain the ....

....variables In addition to the methods of Chapter 3.1, we completely abstract variables whose distance from the specification in the variable dependency graph is greater than a user defined constant. Note that the variable dependency graph is also used for this purpose in the localization reduction [5, 68, 72] in a similar way. However, the refinement process of the localization reduction [68] 62 can only turn a completely abstracted variable into a completely unabstracted variable, while our method uses intermediate abstraction functions. A user defined integer constant far determines which ....

J. Lind-Nielsen and H. R. Andersen. Stepwise CTL model checking of state/event systems. In Computer-Aided Verification, volume 1633 of LNCS, pages 316--327. Springer Verlag, 1999.

.... [BS93,Kur94,CGJ 00] where the current abstract model i is refined according to an error trace that the model checker has returned for i or by strategies, that work with under and or overapproximations for the satisfaction relation of the concrete model, e.g. DGG93,LA99,LPJ 96,PH97] To keep the abstract models reasonable small two general approaches can be distinguished. One approach focusses on small symbolic BDD representations of the abstract models (e.g. BS93,KDG95,LPJ 96,PH97,CJL 99] while other approachs attempt to minimize the number of ....

....borrows ideas from many other abstraction refinement algorithms. We work with under and overapproximations for the concrete satisfaction relation that we derive from the abstraction function a i . Although such sandwich techniques are used by several other authors, e.g. ASS 94,LA99,LPJ 96] we are not aware any other method that is designed for general (possibly infinite) transition systems and works with abstract models of a fixed size. In [ASS 94] Aziz et al. present a notion of formula dependent bisimulation equivalence for CTL and interacting finite state ....

[Article contains additional citation context not shown here]

J. Lind-Nielsen, H. Andersen. Stepwise CTL model checking of State/Event systems. In Proc. CAV'99, LNCS 1633, pages 316--327, 1999.

No context found.

J. Lind-Nielsen and H. R. Andersen. Stepwise CTL model checking of state/event systems. In Computer Aided Verification, pages 316--327, 1999.

....the goal set is systematically distributed for refinement to the operations which induced the approximation in the first place. This procedure requires exact image computation to propagate goal set. Another new method that uses upper and lowerapproximations at the same time was introduced in [8]. But, they did not explore all the benefits from previously computed satisfying states (explained in Section 5) and their refinement method is only based on dependency relation with structural depth. 2. Approximation The physical interpretation of the given system is a finite state machine ....

J. Lind-Nielsen and H. R. Anderson. Stepwise ctl model checking of state/event systems. In N. Halbwachs and D. Peled, editors, Eleventh Conference on Computer Aided Verification (CAV'99). Springer-Verlag, Berlin, 1999.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC