Dams, D. (1996) Abstract interpretation and partition refinement for model checking, Ph.D. thesis, Technische Universiteit Eindhoven, The Netherlands.  Home/Search   Document Not in Database   Summary   Related Articles   Check

.... Sigma Theta Sigma A such that is R simulated by A and A is R simulated by ) Dams noted that the bisimulation criterion between and A can be weakened so that is related to two transition relations, may and must , such that is R simulated by may and must is R simulated by [13]; the resulting abstract system is a mixed transition system: Definition 47 [13,14] A (Kripke) mixed transition system is a tuple, X = h Sigma A ; must ; may ; IA i, where ffl Sigma A is a set of states and IA : Sigma A P(AtomProp) is an interpretation mapping, as before; ffl must ....

.... by ) Dams noted that the bisimulation criterion between and A can be weakened so that is related to two transition relations, may and must , such that is R simulated by may and must is R simulated by [13] the resulting abstract system is a mixed transition system: Definition 47 [13,14]: A (Kripke) mixed transition system is a tuple, X = h Sigma A ; must ; may ; IA i, where ffl Sigma A is a set of states and IA : Sigma A P(AtomProp) is an interpretation mapping, as before; ffl must Sigma A Theta Sigma A and may Sigma A Theta Sigma A are transition ....

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

....the pair of associated image functions (post[ae] wp[ae] as the corresponding Galois connection, and the other way round, each Galois connection can be put into the form (post[ae] wp[ae] as long as the abstract lattice is constructed from a partition of the set of concrete states. Also [DGG93,Dam96] discuss in great detail the relationship between abstract interpretation and the verification by abstraction approach. Both frameworks allow to deal with overas well as under approximation of the fixed points. In the framework of simulation a combined framework has been introduced in ....

....to an abstraction relation ff. Thus, consider a syntactic transition ) where ae is of the form [ i i . Let the abstraction relation ff be given by a predicate on C[A, where A are the variables defining the abstract domain. The basic idea underlying the methods of [CGL94,GL93b,DGG93,Dam96] for computing abstractions of finite state systems is based on abstract interpretation of individual operators or individual transition relations: the abstract transition relation is completely determined by abstract versions of the primitive operators or of individual transition relations. If ....

D. Dams. Abstract interpretation and partition refinement for model checking. Phd thesis, Technical University of Eindhoven, July 1996.

....to show by using the translation techniques of our paper that these simple extensions do not increase expressiveness over the definition of KMTS considered in Section 2. Extended transition systems [Mil81] can be viewed as a particular class of MTSs [HJS01,BG99] Mixed transition systems [Dam96] are MTSs where the constraint Gamma is removed; eliminating this constraint makes it possible to specify inconsistent models, i.e. models that cannot be refined by any complete systems [HJS02] and hence increases expressiveness compared to the modeling formalisms considered in this ....

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

.... the only boolean expressions referring to integers that we allow are equality tests, for example [x = 10] The approach above is based on existing approaches from modal logic theory, e.g. filtration [78] Similar techniques are also applied in model checking under the name partition refinement [47]. Partition refinement can only be applied to a finite state space. Therefore, as far as we know, partition refinement is never applied to data abstraction, since data may induce an infinite state space. 10.2.3 Real time Activity diagrams can contain simple real time constructs of the form when ....

D.R. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Eindhoven University of Technology, 1996.

.... fulfill this requirement, conservatively extend conventional model checking frameworks, and support consistency and assertion checking through the instrumented re use of conventional, two valued model checkers, as pioneered in [5] Such three valued approaches already exist for Kripke structures [12, 4, 5], labeled transition systems [30, 29, 23, 18] and models of first order logic [24] with relational closure [32] A three valued structure explicitly specifies and distinguishes mandatory (denoted a for assertion) from merely possible (denoted c for consistency) state and behavior. As a ....

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

....model in practice that did not satisfy this constraint. We postpone relaxing this constraint to future work. The approach above is based on existing approaches from modal logic theory, e.g. filtration [15] Similar techniques are also applied in model checking under the name partition refinement [8]. Partition refinement can only be applied to a finite state space. Therefore, as far as we know, partition refinement is never applied to data abstraction, since data may induce an infinite state space. Real time. Activity graphs can contain simple real time constructs of the form when and after ....

D. R. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Eindhoven University of Technology, 1996.

....In the case that R reflects properties, we expect a similar reflection result for c 2 6 C , a 2 6 A , and OE 2 L Atom : where c j= OE denotes that OE holds true for (the transition sequences that begin at) c. This notion is formalized in the next section. This is called weak preservation [12,13,31]) And, when R preserves properties, we demand the dual: 114 or, more tellingly expressed in the contrapositive, When a temporal logic possesses both weak preservation and the above preservation property, this is called strong preservation [12,13,31] The remainder of this paper is devoted ....

....section. This is called weak preservation [12,13,31] And, when R preserves properties, we demand the dual: 114 or, more tellingly expressed in the contrapositive, When a temporal logic possesses both weak preservation and the above preservation property, this is called strong preservation [12,13,31]) The remainder of this paper is devoted to understanding the forms of temporal logic that reflect and preserve propositions in the presence of simulations. 5 Temporal Logics As noted by Emerson in his excellent survey [16] temporal logic is a variant of modal logic for expressing the ....

[Article contains additional citation context not shown here]

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

....12, 31] and related research has demonstrated that a.i. can be applied to nonflowchart programs defined by denotational semantics [1, 6, 15, 20, 31, 35, 42, 51, 45, 46, 47] and structural operational semantics [13, 24, 56, 57, 58, 59, 66] Model checking is another important applications area [8, 17, 18, 63, 64]. In this paper, we survey abstract interpretation in the hierarchy of operational semantics: flowchart semantics, big step (natural) semantics, and small step semantics. We define it, explain how to do it, show how to terminate it, and apply it to data flow analysis, model checking, and ....

....and strong completeness, respectively. The strong versions of the definitions give decidability, but the price one pays is either an AbsVal set that differs little from Val or a low precision definition of L. These notions of soundness and completeness are developed by Dams in his thesis [17]. 2.9 Representations of the Collecting Semantics If the purpose for calculating an a.i. is to obtain an abstract collecting semantics for program points, then an implementation can generate the a.i. implicitly while calculating explicitly a representation of the collecting semantics. Typically, ....

[Article contains additional citation context not shown here]

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

....For more on simulation and refinement, see e.g. 33, 20, 41] Other approaches to the generation of abstract finite state systems are presented in [29, 3] As with the invariant generation methods of Sect. 4, the underlying theory is based on abstract interpretation [22] see, for instance, [24, 8, 62]. 8. Atomic bakery(N) In many applications, an unknown or large number of processes compete for access to a critical section, rather than only two. We would like to specify, and verify, such protocols for an arbitrary number of processes. An N process generalization of bakery(2) is shown in ....

D. R. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Eindhoven University of Technology, July 1996. 44

....3 Abstraction Abstraction reduces the complexity of a system being verified by considering a simpler abstract system, where some of the details of the original concrete system are hidden. There is much work on the theoretical foundations of reactive system abstraction [CGL94,DGG94,LGS 95,Dam96] usually based on the ideas of abstract interpretation [CC77] Most abstractions weakly preserve temporal properties: if a property holds for the abstract system, then a corresponding property will hold for the concrete one. However, the converse will not be true: not all properties satisfied ....

D.R. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Eindhoven University of Technology, July 1996.

.... techniques have been suggested to overcome this limitation of model checking; including symbolic methods with BDDs [BCM 92,McM93] or SAT solvers [BCC 99] partial order reduction [Pel93,God96,Val94] compositional reasoning [Lon93,GL94] and abstraction [CC77,Kur94,CGL94] LGS 95,Lon93,Dam96,DGG97] See [CGP00] for an overview. In this paper, we concentrate on abstraction in a temporal logical setting. Let be the concrete model (a transition system) that we want to verify against a temporal logical formula F. The rough idea of the (exact) abstraction approach is to replace by ....

D. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Technische Universiteit Einhoven, 1996.

....can be represented, manipulated and approximated in ways that could not be directly applied to the original system. Originally designed for deriving safety properties in static program analysis, this framework has recently been extended to include reactive systems and general temporal logic, e.g. [39, 20]. One simple but useful instance of this framework is based on Galois connections. Two functions, # : 2 #C ## #A and # : #A ## 2 #C , connect the lattice 8 of sets of concrete states and an abstract domain #A , which we assume to be a complete boolean lattice. The abstraction function # ....

....the conditions ensure that A can do everything that S does, and perhaps some more. Note that this proposition is limited to universal properties and does not consider fairness. The framework can, however, be extended to include existential properties and take fairness into account see [20, 58]. 5.1 Invariant Generation Once established, invariants can be very useful in all forms of deductive and algorithmic verification, as we will see in Section 6. Given a sound #CTL# preserving abstraction A of S, if ## A is an invariant of A, then ##(# A ) is an invariant of S. Thus, in ....

D. R. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Eindhoven Univ. of Technology, July 1996.

....we expect a similar reflection result for c 2 Sigma C , a 2 Sigma A , and OE 2 L Atom : c R a and a j= OE imply c j= OE where c j= OE denotes that OE holds true for (the transition sequences that begin at) c. This notion is formalized in the next section. This is called weak preservation [12,13,31]) 26 And, when R preserves properties, we demand the dual: c R a and c j= OE imply a j= OE or, more tellingly expressed in the contrapositive, c R a and a 6 j=OE imply c 6 j=OE When a temporal logic possesses both weak preservation and the above preservation property, this is called strong ....

.... when R preserves properties, we demand the dual: c R a and c j= OE imply a j= OE or, more tellingly expressed in the contrapositive, c R a and a 6 j=OE imply c 6 j=OE When a temporal logic possesses both weak preservation and the above preservation property, this is called strong preservation [12,13,31]) The remainder of this paper is devoted to understanding the forms of temporal logic that reflect and preserve propositions in the presence of simulations. 5 Temporal Logics As noted by Emerson in his excellent survey [16] temporal logic is a variant of modal logic for expressing the ....

[Article contains additional citation context not shown here]

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

....in the last decade . Approaches to attenuate the impact of a potential state space explosion due to the high memory complexity of a model checking procedure can be roughly classified as exploiting ffl an efficient representation of the state space [3] ffl abstract interpretation techniques [4] ffl symmetries on the state space [6] ffl quotienting of computations by an appropriate equivalence [12, 8] The latter approach is sometimes called partial order reduction for historical reasons [10] Partial order reductions are based on the observation that modelling concurrency by ....

D. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Einhoven University of Technology, Netherlands, 1996.

....non terminating algorithm that terminates for useful examples. This is the approach followed e.g. by [BW98, BGW 97, KMM 97] 1 (2) Give a semi test that yields the definite answer for useful examples (the other answer being don t know ) see e.g. BGP97, CGL92, LGS 94, Gra94, Dam96, Hal93, HPR97, HH95] One obtains a semi test by introducing abstractions that yield a conservative approximation of the original property. In most successful experiments, the abstractions (essentially to finite state systems) were more or less chosen manually, application specific. The ....

D. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD Thesis, Eindhoven University of Technology, 1996.

....too hard to perform in reasonable amounts of memory and time. Some techniques have been developed to reduce the complexity of the model checking problem: Abstraction. The model can sometimes be made more abstract by removing processes or data that do not influence the property to be checked [5]. This is done preferably in such a way that the result can be proven to hold also in the original system, but is often based on the judgement of the designer. Symbolic model checking. This is a technique in which the state space is not explored explicitly. Sets of states, rather than ....

D. R. Dams, Abstract Interpretation and Partition Refinement for Model Checking, Ph.D. thesis, Eindhoven University of Technology, P.O. Box 513, 5600MB Eindhoven, The Netherlands, july 1996.

No context found.

Dams, D. (1996) Abstract interpretation and partition refinement for model checking, Ph.D. thesis, Technische Universiteit Eindhoven, The Netherlands.

No context found.

D. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD dissertation, Eindhoven University of Thechnology, July 1996. 17

No context found.

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

No context found.

D. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Technical University of Eindhoven, 1996.

No context found.

D. Dams. Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Technical University of Eindhoven, 1996.

No context found.

Dams, D. R. (1996). Abstract Interpretation and Partition Refinement for Model Checking. PhD thesis, Eindhoven University of Technology, P.O. Box 513, 5600 MB Eindhoven, The Netherlands.

No context found.

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technische Universiteit Eindhoven, The Netherlands, 1996.

No context found.

Dams, D. R., "Abstract Interpretation and Partition Refinement for Model Checking," Ph.D. thesis, Eindhoven University of Technology, P.O. Box 513, 5600 MB Eindhoven, The Netherlands (1996).

No context found.

D. Dams. Abstract interpretation and partition refinement for model checking. PhD thesis, Technical University of Eindhoven, 1996.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC