D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proceedings of CAV'93, Crete (GR), volume 697, pages 479--490. Lecture Notes in Computer Science, 1993.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....taking the pair of associated image functions (post[ae] wp[ae] as the corresponding Galois connection, and the other way round, each Galois connection can be put into the form (post[ae] wp[ae] as long as the abstract lattice is constructed from a partition of the set of concrete states. Also [DGG93,Dam96] discuss in great detail the relationship between abstract interpretation and the verification by abstraction approach. Both frameworks allow to deal with overas well as under approximation of the fixed points. In the framework of simulation a combined framework has been introduced in ....

....In the framework of simulation a combined framework has been introduced in [Lar89,LSW95] by means of modal transition systems, which have may transitions representing supersets of actual transitions and must transitions representing subsets. The property preservation results of [LGS 95] and [DGG93] lead to an increasing interest in the combination of model checking and abstraction. Indeed, given a large or infinite state system that has to be verified, one can first compute a tractable finite system that abstracts the given concrete one, then check abstract properties on the obtained ....

[Article contains additional citation context not shown here]

D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proceedings of CAV'93, Crete (GR), volume 697, pages 479--490. Lecture Notes in Computer Science, 1993.

....are omitted. They can be found in the full version available at http: www.dcs.ed.ac.uk maidl. Related Work. The problem of state space explosion has been addressed by various approaches. Abstraction aims at transforming the program into a smaller one, either by use of some abstraction relation ([DGG93, CGL94, DGG97]) or by abstracting transitions by introducing abstract propositions ( NK00, BLO98] The smaller model is afterwards used for model checking. In our approach, we do not generate a smaller model, but we apply our localization algorithm on the fly during the model checking run, which runs on the ....

Dams, D., Grumberg, O. and Gerth, R. Generation of reduced models for checking fragments of CTL. In: Proc. 5th Conf. on Computer Aided Verification. June 1993, LNCS 697, pp. 479--490.

....from other existing ones [12, 13] is that the reduction is not provided by the user (often based on an informal reasoning and proved correct case by case) but it is completely automatic and transparent to the user. In fact, the reductions are driven by the formulae to be checked. The works [4, 19] present methods for taking a given formula into account in constructing reduced transition systems: the reduction preserves the truth values of the formula only if the properties are expressed by formulae obeying some restrictions (for example avoiding some operators of the logic CTL) or ....

D. Dams, O. Grumberg, R. Gerth. Generation of Reduced Models for Checking Fragments of CTL. In Proceedings of Workshop on Computer Aided Verication (CAV'93), Lecture Notes in Computer Science 697, 1993. 479-490.

....process (N 2 ;n2 (V ) in Example 4) 6 Conclusions In this paper we have presented an approach to the problem of the reduction of the number of states of a transition system. Many abstraction criteria for system speci cations not including time constraints have been de ned, see for example [4, 6, 9, 11, 12]. For real time systems the work [17] de nes abstractions for transition systems with quantitative labels, but there, the abstraction is not driven by the property to be proved. We have introduced an abstract semantics for ASTP processes in order to formally de ne the abstract transition system. ....

D. Dams, O. Grumberg, R. Gerth. Generation of Reduced Models for Checking Fragments of CTL. In Proceedings of Workshop on Computer Aided Verication (CAV'93), Lecture Notes in Computer Science 697, 1993. 479-490.

....1, which has 6 states and 13 transitions. 5 Conclusions In this paper we have presented an approach to the problem of the reduction of the number of states of a transition system. Many abstraction criteria for system specifications not including time constraints have been defined, see for example [4, 6, 9, 11, 12]. For real time systems the work [17] define abstractions for transition systems with quantitative labels, but there the abstraction is not driven by the property to be proved. We have introduced an abstract semantics for ASTP processes in order to formally define the abstract transition system. ....

D. Dams, O. Grumberg, R. Gerth. Generation of Reduced Models for Checking Fragments of CTL. In Proceedings of Workshop on Computer Aided Verification (CAV'93), Lecture Notes in Computer Science 697, 1993. 479--490.

....Manna use abstract interpretation to automatically generate invariants for general infinite state systems [12] Later, in [31] the authors have proposed an abstract interpretation methodology for ACTL # properties. Abstraction techniques for various fragments of CTL # have been discussed in [36, 37]. These abstraction techniques have been extended to the calculus [35, 74] Abstraction techniques for infinite state systems are crucial for successful verification [2, 7, 71, 77] Graf and Sadi [54] have proposed predicate abstraction techniques to abstract an infinite state system into a ....

D. R. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of ctl. In Computer-Aided Verification, pages 479--490, 1993.

....which, however, requires significant human intervention. In [KP00] it is shown that finite state abstractions exist for programs that satisfy LTL properties; the completeness proof is non constructive in general but partly utilizes predicate abstraction. Other automatic abstraction methods [DGG93,CGL94] apply only to finite state systems. Other semi algorithms [HGD95,KMM 97,BGP97,BDG 98] directly model check infinite state systems without computing an abstract program. The algorithm in [GS92] for model checking a special type of parameterized system relies on a trace equivalent ....

D. Dams, R. Gerth, and O. Grumberg. Generation of reduced models for checking fragments of CTL. In CAV, volume 697 of LNCS, 1993.

....quotient space is unnecessary large. In general, conservative abstractions that rely on the weak preservation property, stating that a F implies F, yield much smaller abstract models. Such models can be used in the abstraction refinement schema shown in Algorithm 1 (e.g. BS93,DGG93,Kur94,GS97,CGJ 00] Here, Algorithm 1 Schema of the abstraction refinement approach construct an initial abstract model 0 ; i : 0; REPEAT Model Check( i F) IF i F THEN i 1 : Refinement( i ,F) FI; i : i 1; UNTIL i 1 F or i ....

.... strategies [BS93,Kur94,CGJ 00] where the current abstract model i is refined according to an error trace that the model checker has returned for i or by strategies, that work with under and or overapproximations for the satisfaction relation of the concrete model, e.g. DGG93,LA99,LPJ 96,PH97] To keep the abstract models reasonable small two general approaches can be distinguished. One approach focusses on small symbolic BDD representations of the abstract models (e.g. BS93,KDG95,LPJ 96,PH97,CJL 99] while other approachs attempt to minimize the number ....

[Article contains additional citation context not shown here]

D. Dams, R. Gerth, O. Grumberg. Generation of reduced models for checking fragments of CTL. In Proc. CAV'93, LNCS 697, pages 479--490, 1993.

....parts not concerned with the property to be verified. The works [3, 22, 24, 25, 26, 28, 29] deal with abstractions of transition systems preserving only properties expressible by sub languages of a general temporal logic language, for example avoiding the use of some operators. The works [1] and [10] present methods for constructing reduced transition systems, where the reduction is based on a temporal logic formula: the reduced system preserves the truth value of the formula. However, 10] refers only to formulae written in a subset of CTL logic, while the method in [1] can be applied only ....

....of a general temporal logic language, for example avoiding the use of some operators. The works [1] and [10] present methods for constructing reduced transition systems, where the reduction is based on a temporal logic formula: the reduced system preserves the truth value of the formula. However, [10] refers only to formulae written in a subset of CTL logic, while the method in [1] can be applied only to systems obtained as the composition (product) of smaller ones. In both cases, the reduced transition system is obtained by means of a non trivial algorithm. Other methodologies exist in which ....

D. Dams, O. Grumberg, R. Gerth. Generation of reduced models for checking fragments of CTL. In Proceedings of Workshop on Computer Aided Verification (CAV'93), LNCS 697, 1993. 479--490.

....systems preserving properties expressible in fragments of a general temporal logic language, for example avoiding the use of some operators. Our approach differs from these ones since our abstraction is formuladriven, i.e. the abstraction can be different for different formulae. The works [1] and [18] present methods for constructing reduced transition systems taking a given temporal logic formula into account: the reduced system preserves the truth value of the formula. However, the method in [18] refers only to formulae written in a subset of CTL logic, while the method in [1] can be applied ....

....formuladriven, i.e. the abstraction can be different for different formulae. The works [1] and [18] present methods for constructing reduced transition systems taking a given temporal logic formula into account: the reduced system preserves the truth value of the formula. However, the method in [18] refers only to formulae written in a subset of CTL logic, while the method in [1] can be applied only to systems obtained as the composition (product) of 23 smaller ones. In both cases, the reduced transition system is obtained by means of a non trivial algorithm. The works [24, 29, 34] follow ....

D. Dams, O. Grumberg, R. Gerth. Generation of Reduced Models for Checking Fragments of CTL. In Proceedings of Workshop on Computer Aided Verification (CAV'93), Lecture Notes in Computer Science 697, 1993. 479--490.

....a module M satisfies an assume guarantee pair h ; i iff whenever M is part of a system satisfying , the system also satisfies . As is shown in [43] this is not equivalent to M satisfying . We call this branching modular model checking. Furthermore, it is argued in [43] as well as in [26,51,43,27], that in the context of modular verification it is advantageous to use only universal branching temporal logic, i.e. branching temporal logic without existential path quantifiers. In a universal branching temporal logic one can state properties of all computations of a program, but one cannot ....

D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proc. 5th Conf. on Computer Aided Verification, volume 697 of Lecture Notes in Computer Science, pages 479--490. Springer-Verlag, June 1993.

....abstract interpretation to synchronous reactive systems. He does not consider approximations over control information. Moreover no means of refining approximations is given. Dams et al. propose automatic refinement of abstractions for the full model checking problem, not just reachability. In [11], their method for refining abstractions can be expensive since it relies on exact computation over related formulas. In [10] they show how a two level approach for abstractions can obviate the exact computations, although this procedure is not automatic at the outer level of abstraction. ....

D. Dams, R. Gerth, and O. Grumberg. Generation of reduced models for checking fragments of CTL. In Proc. of 5th CAV, LNCS 697, Springer-Verlag, 1993.

....clock(t 0 ) 0, so especially when Eft(t) Eft(t 0 ) 0. Theorem 19. If the above criteria are satisfied, then t ; t 0 and t 0 ; t. Proof. Follows directly from the proof of Theorem 13. 11 6 Combining abstraction with partial order reductions It has been shown in several papers [DGG93, YR98, ACD90] how to define abstract state spaces in order to preserve CTL properties. We could obviously use one of these definitions directly and combine it with our method of partial order reductions. This would be a natural approach, but for sure not the most efficient one for ACTL GammaX . The reason ....

D. Dams, R. Gerth, and O. Grumberg, Generation of reduced models for checking fragments of ctl, vol. 697, Springer Verlag, LNCS, 1993, pp. 479--491.

....sets. If the intersection is empty, which means that a signal can be emitted by only one module, our homomorphism coincide with the one of [12] and we get the same conservation result for 8CTL . Modular verification can be combined with abstraction. Unlike the abstractions considered in [16] or [9], the abstraction we have is generally not faithfull. Further, as pointed out in [12, 27] homomorphisms establish a preorder between models. A smaller model, w.r.t. the preorder, is a model where some computation paths have been pruned . Thus, some formulae may be checked as false on a bigger ....

O. Grumberg D. Dams and R. Gerth. Generation of reduced models for checking fragments of ctl. In C. Courcoubetis, editor, Computer Aided Verification, volume 697 of Lecture Notes in Computer Science, pages 479--490. Springer-Verlag, 1993.

....state explosion problem: the state space of a distributed system potentially increases exponentially in the number of its parallel components. To overcome this problem techniques have been developed in order to avoid the construction of the complete state graph (cf. BFH90, CLM89, CR94, CS90b, DGG93, Fer88, GL93, GP93, Jos87, KM89, Kru89, LSW94, LT88, LX90, Pnu90, SG89, SG90, Val93, Wal88, Win90, WL89] In this paper we present a method for the compositional minimization of finite state distributed systems, which is practically motivated by the following observation: For the verification ....

....directly, but they may explode during verification. All mentioned techniques can be accompanied by abstraction. Parallel systems may be dramatically reduced by suppressing constraints that are irrelevant for the verification of the particular property under consideration [CC77, CGL92, CR94, DGG93, LGS 92] 3 Structure of the Paper The remainder of the paper is structured as follows. Section 2 presents the basic notions, and Section 3 the reduction operators our method, the RM method, is based upon. Subsequently, Section 4 develops the RM Method for the compositional minimization of ....

D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proceedings of the International Workshop on Computer-Aided Verification (CAV'93), volume 697, pages 479--490. LNCS, 1993.

....[Vaa90] observes that in most situations partial information about the traces of processes is sufficient to prove that part of a specification is redundant and can be omitted. All mentioned techniques can be accompanied by abstraction which may dramatically reduce the complexity [CGL92, DGG93, LGS 95] 2. General Notions Our framework is based on processes (systems) as labelled transition systems extended by an undefinedness predicate on states. Processes can be structured by means of parallel composition and hiding , thus allowing a hierarchical treatment. A labelled transition ....

D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proceedings of the International Conference on ComputerAided Verification (CAV'93), volume 697 of LNCS, pages 479--490, 1993.

....ffl Reduction rules can be used to transform a Petri net into a smaller net equivalent in some particular sense. Berthelot and Roucairol [3] Berthelot [2] Colom, Martinez, and Silva [15] and Haddad [33] among others have studied net reductions. ffl Quemada [62] Dams, Grumberg, and Gerth [18], and Fernandez, Kerbrat, and Mounier [21] among many others have studied bisimulation. Here a model is abstracted into a smaller model in such a way that the smaller model and the original model simulate each other in a well defined sense. ffl Burch, Clarke, McMillan, Dill, and Hwang [11] have ....

Dams, D., Grumberg, O., and Gerth, R.: Generation of Reduced Models for Checking Fragments of CTL. In [16], pp. 479--490.

....much better reductions should be achievable. In [ASSSV94] a state equivalence is defined with respect to a given CTL formula. According to this equivalence, the size of each component finite Supported by DFG Vo 287 5 2 state machine is reduced in dependance on all other components. In [DGG93] the reduction algorithm, which works for formulae in ACTL, is based on the successive refinement of a model by splitting states with respect to formulae. In contrast to [ASSSV94] where only equivalent paths are combined, the model is maximally reduced with respect to an (ACTL ) formula in ....

....the reduction algorithm, which works for formulae in ACTL, is based on the successive refinement of a model by splitting states with respect to formulae. In contrast to [ASSSV94] where only equivalent paths are combined, the model is maximally reduced with respect to an (ACTL ) formula in [DGG93] The algorithms in both of these papers are computationally expensive since states and transitions of the model have to be inspected several times. In the case of [DGG93] for instance, the splitting subprocedure, which inspects all states of the model, is called several times, especially if ....

[Article contains additional citation context not shown here]

D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In C. Courcoubetis, editor, Computer Aided Verification, volume 697 of LNCS, pages 479 -- 490. Springer, 1993.

.... 38610 Grenoble Gi eres fgraf,saidig imag.fr contact author : Susanne Graf appeared in the Proceedings of CAV 97, LNCS 1254 Abstract: We describe in this paper a method based on abstract interpretation which, from a theoretical point of view, is similar to the splitting methods proposed in [DGG93, Dam96] but the weaker abstract transition relation we use, allows us to construct automatically abstract state graphs paying a reasonable price. We consider a particular set of abstract states: the set of the monomials on a set of state predicates 1 ; The successor of an abstract ....

....and in case of modification of the system or non satisfaction of the desired properties on the abstract system, some of them need to be modified. We describe a method based on abstract interpretation which, from a theoretical point of view, is similar to the splitting method proposed in [DGG93, Dam96] but the weaker abstract transition relation we use, allows us to construct automatically abstract state graphs paying a reasonable price. 1 Centre Equation, 2, Avenue de la Vignate, 38610 Grenoble Gi eresfgraf,saidig imag.fr We consider a particular set of abstract states: the set of ....

D. Dams, O. Grumberg, and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proceedings of CAV'93, Crete (GR), volume 697, pages 479-- 490. Lecture Notes in Computer Science, 1993.

....18] An abstraction hides some information from a state space to yield a smaller state space. Ideally, operations over the smaller state space should use less resources than over the original state space. Towards this end, abstractions are often applied as a pre processing phase to model checking [19]. To be useful in practice, however, abstractions must preserve the properties that a designer wishes to verify. The choice of a suitable abstraction technique therefore depends on the properties of interest. Bisimulation minimization [31] provides an abstraction technique that preserves the ....

Dams, D., O. Grumberg and R. Gerth. Generation of reduced models for checking fragments of CTL. In Proc. 5th Int.l Conference on Computer-Aided Verification, number 697 in Lecture Notes in Computer Science, pages 479--490. Springer-Verlag, 1993.

....processes. Attempts to solve this problem have focussed on algorithms that avoid traversing the complete state space. Either by symbolic representations of the state space using Binary Decision Diagrams [10] by collapsing symmetric or otherwise similar states [33, 24, 11, 21] or by abstraction [19, 12]. The most prominent successes on rather large systems have been reported from groups using Binary Decision Diagrams a heuristic based on compact representations and manipulations of Boolean expressions. We present in this paper a new heuristic that is based on a quotienting operator which ....

Dennis Dams, Orna Grumberg, and Rob Gerth. Generation of reduced models for checking fragments of CTL. In Courcoubetis [18].

....classes of in nite state systems, as well. Abstraction techniques are one general approach [CC77] to handle large and especially in nite systems which allows to infer properties of a concrete system by examining a more abstract and in general smaller one (see e.g. BBLS92, Lon93, CGL94, DGG93, Dam96] Both systems are connected by an abstraction relation which is called safe with respect to a given property, if it preserves satisfaction of the property. This means, whenever the property holds for the abstract system, it holds for the concrete one as well. A common source of in nity ....

D. Dams, R. Gerth, and O. Grumberg. Generation of reduced models for checking fragments of CTL. In C. Courcoubetis, editor, Computer Aided Verication 1993, volume 697 of Lecture Notes in Computer Science, pages 479-490. Springer-Verlag, 1993.

....structures that are small enough to be manageable by a model checker, yet contain enough detail to allow to establish the property. A popular approach is predicate abstraction, introduced in [13] and inspired by work on the automatic generation of invariants ( 17, 3] and on partition re nement ([9, 10]) In this method, the abstract states are represented by predicates that are formulae in some decidable logic that is supported by automated decision procedures. If in addition the state transforma3 tions performed by the program are expressed in the same logic, then the decision procedures can ....

Dennis Dams, Rob Gerth, and Orna Grumberg. Generation of reduced models for checking fragments of CTL. In Costas Courcoubetis, editor, Computer Aided Verication, number 697 in LNCS, pages 479-490, Berlin, 1993. Springer-Verlag.

No context found.

Dams, D., Grumberg, O., and Gerth, R., Generation of Reduced Models for checking fragments of CTL, CAV93, Springer LNCS no. 697, 1993.

No context found.

Dams, D., Grumberg, O., and Gerth, R., Generation of Reduced Models for checking fragments of CTL, CAV93, Springer LNCS no. 697, 1993.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC