Balarin, F., Sangiovanni-Vincentelli, A.L.: An iterative approach to language containment. In: CAV 93: International Conference on Computer-Aided Verification. (1993) 29--40  Home/Search   Document Not in Database   Summary   Related Articles   Check

....into a concrete one, there is a proof that the concrete system does not satisfy the property. Otherwise, the abstract system is not detailed enough and needs to be refined. Using counter examples to refine abstract systems has been investigated by a number of other researchers e.g. Kur94,BSV93,CGJ 00] Closest to our work is Clarke et al. s techniques [CGJ 00] The main differences are, however, that we focus on infinite state systems and that our algorithms for analyzing counterexamples work backwards while their algorithms are forward. This difference can lead to completely ....

F. Balarin and A. Sangivanni-Vincentelli. An iterative approach to language containment. In 5th Workshop on Computer-Aided Verification (CAV93). LNCS 697, Springer Verlag, June 1993.

....t , t . U1 refers to making T i from T i with generic BDDs supersetting techniques explained in [13] These methods produce a new set that is close to the original set in terms of on set minterm count, where the new BDDs should be much smaller in size. U2 refers to the Block Tearing Method [1, 9, 7], where T i is the tautology. All t variables are not appeared during PRE computation. Definition 2.2 (Lower bound Transition Relation) T i s x t i (4) L1) T i BddSubsetting T i , C t C t . L2) T i 1, C t t RC t , t . The L1 method is same as U1 but the complement of the given ....

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In C. Courcoubetis, editor, Fifth Conference on Computer Aided Verification (CAV '93). Springer-Verlag, Berlin, 1993. LNCS 697.

....above process of model checking by abstraction, offering algorithmic support to iterative abstraction refinement. This consists of three basic steps: abstract the design s model, analyze the counterexample, refine the abstraction (see Figure 1) Starting with Balarin and Sangiovanni Vincentelli [2], researchers described several ways in which these steps can be automated [11, 25, 31, 28, 10, 30, 17, 38] see Related Work) In this paper, we describe a completely automated prototype framework for iterative abstraction refinement that is integrated into a formal verification environment ....

....property being checked. In doing so, they create an overapproximation, as the abstract model might introduce spurious behaviors that were not present in the concrete one. A significant effort has been invested in automating the whole process, resulting in various iterative refinement frameworks [25, 2, 26, 31, 32, 28, 22, 10, 17, 38, 35]. We now discuss some of these works. An early such framework is the localization reduction of Kurshan [25] defined in the context of regular language containment, and implemented in COSPAN [19] This reduction keeps the nodes (both latches and intermediate nodes) that are topologically close ....

[Article contains additional citation context not shown here]

F. Balarin and A.L. Sangiovanni-Vincentelli. An iterative approach to language containment. In CAV'93, LNCS, pages 29--40. Springer-Verlag, 1993.

....upon the reduction technique by starting from a small portion of the dependency closure. When model checking fails to produce a satisfactory answer, they extend the abstract model by adding more variables from the closure. This process is repeated until a de nite yes no answer is produced [1, 9, 10, 11]. While the rst drawback has been addressed by these algorithms, the second drawback remains unresolved. In this paper, w e presentalazy model checking approach that simultaneously solves the tw o problems by closely tying the abstraction of a model to each pre image computation in the model ....

F. Balarin and A. Sangiovanni-Vincentelli. An iterative approach to language containment. In Proc. of the 5th Workshop on CAV, pages 193-195, 1999.

....annotate the parse tree of the system description with abstract models for each statement. Depending on the property of interest, we adapt these abstract models, which are finally composed as abstract model for the system. Closely related to our idea are those of Balarin, Sangiovanni Vincentelli [BSV93] and Kurshan [Kur94, p.170] They also try to find an abstract model by refining a general abstraction. They do the abstraction process wise, where each abstract model of a process has as many states as its concrete counterpart (but possibly more transitions, however yielding a smaller BDD ....

....of these issues can easily be embedded in our framework. On the property side, we can not handle the next operator, which is caused by the nature of abstracting calculation steps. For the same reason, we cannot handle bounded liveness properties. The works of Balarin, Sangiovanni Vincentelli [BSV93] and Kurshan [Kur94, p. 170] also provide iterative algorithms to refine an abstract model to be able to verify a particular property. In contrast to their works, we do not have a problem in finding the processes influencing the required property. Since our generic abstraction has got only one ....

Felice Balarin and Alberto L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Courcoubetis, editor, Proceedings of Computer Aided Verification (CAV '93), volume 697 of Lecture Notes in Computer Science, pages 29--40. Springer, 1993.

....be able to do so. The predicate abstraction methods described so far have relied on user provided predicates to produce the abstract system. Counter example guided re nement is a generally useful technique. It has been used in by Kurshan et al. 2] for checking timed automata, Balarin et al. [3] for language containment and Clarke et al. [7] in the context of veri cation using abstraction for di erent variables in a version of the SMV model checker. Counter example guided re nement has even been used with predicate abstraction by Lakhnech et al. 12] Invariant generation techniques ....

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In 5th International Conference on Computer-Aided Veri cation, pages 29-40. Springer-Verlag, 1993.

....the counterexample. The heuristic for selecting these variables also uses information from the variable dependency graph. Note that the localization reduction either leaves a variable unchanged or replaces it by a nondeterministic assignment. A similar approach has been described by Balarin in [2, 15]. In our approach, the abstraction functions exploit logical relationships among variables appearing in atomic formulas that occur in the control structure of the program. Moreover, the way we use abstraction functions makes it possible to distinguish many degrees of abstraction for each variable. ....

....has recently been proposed by Lind Nielson and Andersen [17] Their model checker uses upper and lower approximations in order to handle all of CTL. Their approximation techniques enable them to avoid rechecking the entire model after each refinement step while guaranteeing completeness. As in [2, 14] the variable dependency graph is used both to obtain the initial abstraction and in the refinement process. Variable abstraction is also performed in a similar manner. Therefore, our abstraction refinement methodology relates to their technique in essentially the same way as it relates to the ....

[Article contains additional citation context not shown here]

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Computer-Aided Verification, volume 697 of LNCS, pages 29--40, 1993.

....the counterexample. They add this set of predicates as a new constraint to the abstract model. Previous work on abstraction by making variables invisible (this technique was used under di erent names in the past) include the localization reduction of Kurshan [8] and many others (see, for example [1, 9]) The localization reduction follows the typical abstraction re nement iterative process. It starts by making all but the property variables invisible. When a spurious counterexample is identi ed, it re nes the system by making more variables visible. The variables made visible are selected ....

....7, which proves the viability of our methods comparing to a state of the art model checker (Cadence SMV ) We discuss conclusions and future work in section 8. 2 Abstraction in Model Checking We start with a brief description of the use of abstraction in model checking (for more details refer to [1]) Consider a program with a set of variables V = fx 1 ; xn g, where each variable x i ranges over a non empty domain D x i . Each state s of the program assigns values to the variables in V . The set of all possible states for the program is S = D x1 D xn . The program is ....

F. Balarin and A. Sangiovanni-Vinventelli. An iterative approach to language containment. (CAV'94).

....of this counterexample in the next verification iteration. The details are described in Section 2. Note that the localization technique either leaves a variable unchanged or replaces it by a non deterministic abstraction. A similar approach is described by Balarin and Sangiovanni Vincentelli [2]. Another refinement technique has been proposed by LindNelson and Andersen [14] They use under and over approximation in order to handle all CTL. Their approximation techniques enable them to avoid rechecking the entire model after each refinement step while guaranteeing completeness. There are ....

F. Balarin and A. Sangiovanni-Vincentelli. An iterative approach to language containment. In Computer Aided Verification, pages 29--40, 1993.

....using BDDs in [3] This method relies on formulating inductive steps as finite state devices and does not provide a single specification language. The work in [5] is closer in spirit to our method in that languages of finite strings are used although not as part of a logical framework. In [1], another approach is given based on iterating abstractions. The parameterized Dining Philosopher s problem is solved in [4] by a finite state induction principle. A tool for M2L on finite, binary trees has been developed at the University of Kiel [6] Apparently, this tool has not been used for ....

F. Balarin and A.L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Computer Aided Verification, CAV '93, LNCS 697, pages 29--40, 1993.

....using BDDs in [8] This method relies on formulating inductive steps as finite state devices and does not provide a single specification language. The work in [14] is closer in spirit to our method in that languages of finite strings are used although not as part of a logical framework. In [2], another approach is given based on iterating abstractions. The parameterized Dining Philosopher s problem is solved in [11] by a finite state induction principle. A tool for M2L on finite, binary trees has been developed at the University of Kiel [15] Apparently, this tool has only been used ....

F. Balarin and A.L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Computer Aided Verification, CAV '93, LNCS 697, pages 29--40, 1993.

....reduction ( Pel96, GW94] is a method that is also applied on the fly, but has a di#erent aim that our method: The scheduling of components that lead to no other states than those that have been reached be other schedulings are suppressed. Another approach is that of iterative language containment [Kur94, BSV93], where model checking is attempted with a subset of components that is increased if a false negative is produced. Here the di#culty lies in finding an approximatly minimal, suitable subset of components. The approach closest to ours is reported in [BGP97] where widening is used in order to ....

Balarin, F. and Sangiovanni-Vincentelli, A. L. An iterative approach to language containment. In: Proc. 5th Intl. Conf. on Computer Aided Verification. 1993, LNCS 697, pp. 29--40.

....of symbolic model checking is restricted to designs that contain a couple of hundred sequential cells (flops or latches) To verify real world designs, the user must obtain from the RTL design an abstract model that is within the capacity of the symbolic model checker. Abstraction refinement [2][6] 7] 10] 12] is a strategy that automates this process. Starting from a simple abstract model of the design, abstraction refinement incrementally refines the abstract model by including more and more details from the original design until the underlying formal verification engine verifies or ....

....models are subsets of the L processes. Refinement is based on adding L processes to invalidate the error trace, which is guided by the dependency graph among L processes. However, the description of the algorithm in [10] does not provide enough detail to implement a practical tool. Balarin et al. [2] reported a similar iterative algorithm for checking language emptiness of networks of communicating automata. The abstract models are subsets of the communicating automata. Refinement is based on adding some extra communicating automata to the abstract model. The choice is based on the degree of ....

F. Balarin, and A. Sangiovanni-Vincentelli. An Iterative approach to language containment. In Proceedings of CAV, pp. 29-40, July 1993.

....the counterexample. The heuristic for selecting these variables also uses information from the variable dependency graph. Note that the localization reduction either leaves a variable unchanged or replaces it by a nondeterministic assignment. A similar approach has been described by Balarin in [5]. In this thesis, we propose a new counterexample guided refinement technique using existential abstraction. In our approach, the abstraction functions exploit logical relationships among variables appearing in atomic formulas that occur in the control structure of the program. Moreover, the way ....

....has recently been proposed by Lind Nielson and Andersen [72, 73] Their model checker uses upper and lower approximations in order to handle all of CTL. Their approximation techniques enable them to avoid rechecking the entire model after each refinement step while guaranteeing completeness. As in [5, 68], the variable dependency graph is used to obtain the initial abstraction as well as in the refinement process. Variable abstraction is also performed in a similar manner. Therefore, our abstraction refinement methodology relates to their technique in essentially the same way as it relates to the ....

[Article contains additional citation context not shown here]

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Computer-Aided Verification, volume 697 of LNCS, pages 29--40, 1993.

....nondeterministic assignments. If the counterexample is found to be spurious, additional variables are added to eliminate the counterexample. The heuristic for selecting these variables also uses information from the variable dependency graph. A similar approach has been described by Balarin in [2, 22]. 4.2 Model Checking the Abstract Model We use standard symbolic model checking procedures to determine whether c M satisfies the specification . If it does, then by Theorem 2 we can conclude that the original Kripke structure also satisfies . Otherwise, assume that the model checker produces ....

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Computer-Aided Verification, volume 697 of LNCS, pages 29--40, 1993.

....quotient space is unnecessary large. In general, conservative abstractions that rely on the weak preservation property, stating that a F implies F, yield much smaller abstract models. Such models can be used in the abstraction refinement schema shown in Algorithm 1 (e.g. BS93,DGG93,Kur94,GS97,CGJ 00] Here, Algorithm 1 Schema of the abstraction refinement approach construct an initial abstract model 0 ; i : 0; REPEAT Model Check( i F) IF i F THEN i 1 : Refinement( i ,F) FI; i : i 1; UNTIL i 1 F or i ....

....or disprove the property F in the next iteration increase in a reasonable measure while on the other hand the resulting new abstract model i 1 should be reasonable small. The first goal can be achieved by specification dependent refinement steps such as counterexample guided strategies [BS93,Kur94,CGJ 00] where the current abstract model i is refined according to an error trace that the model checker has returned for i or by strategies, that work with under and or overapproximations for the satisfaction relation of the concrete model, e.g. DGG93,LA99,LPJ ....

[Article contains additional citation context not shown here]

F. Balarin, A. Sangiovanni-Vincentelli. An iterative approach to language containment. Proc. CAV'93, LNCS 697, pages 29-40, 1993.

....infeasibility of complete systematic verification, it is natural to ask how best to use systematic methods in conjunction with simu 1 Certain designs containing thousands of latches have been verified. Typically, they are extremely simple consisting, for example, of iterated arrays of processors [1]. 2 lation to find bugs in designs. In this thesis we provide such an approach, which is based on augmenting simulation with two symbolic techniques, namely combinational ATPG and BDDs. We stress that the approach is not complete, i.e. not guaranteed to find a counter example, if the design ....

Felice Balarin and A. L. Sangiovanni-Vincentelli. An Iterative Approach to Language Containment. In Proc. of the Computer Aided Verification Conf., June 1993.

....i j i 2 I R g. U1 refers to making T i from T i with generic BDDs supersetting techniques explained in [12] These methods produce a new set that is close to the original set in terms of minterm count, where the new BDDs should be much smaller in size. U2 refers to the Block Tearing Method [1, 8, 7], where T i is the tautology. All t R variables are not appeared during PRE computation. Definition 2.2 (Lower bound Transition Relation) T Gamma (s; x; t) Y i2I A T i (s; x; t i ) Delta Y i2I R T Gamma i (s; x; t i ) 4) L1) T Gamma i = BddSubsetting(T i ) C (t) ....

....results in a new state transition graph (4) in Figure 2. The approximate system should be refined because no conservative answer can be derived from above results. First, let us apply Latch Affinity Scheduling method. With this method, oe 0 = 0:5 and oe 1 = 1:0. Based on this factor, counter[1] is selected to refine the approximate system. The refined system s state transition graph (2) is changed from (4) in Figure 2. There is no reason to further refine because State 10 does not have preimage now and the formula f is verified true by positive conservatism. Now, Edge Traversal ....

[Article contains additional citation context not shown here]

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In C. Courcoubetis, editor, Fifth Conference on Computer Aided Verification (CAV '93). Springer-Verlag, Berlin, 1993. LNCS 697.

No context found.

Balarin, F., Sangiovanni-Vincentelli, A.L.: An iterative approach to language containment. In: CAV 93: International Conference on Computer-Aided Verification. (1993) 29--40

No context found.

BALARIN,F .,AND SANGIOVANNI-VINCENTELLI, A. L. 1993. An iterative approach to language containment. In Computer-Aided Verification (CAV).

No context found.

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Computer-Aided Verification, 1993.

No context found.

Felice Balarin and Alberto L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Proceedings of CAV'93, pages 29--40, 1993.

No context found.

F. Balarin and A. Sangiovanni-Vincentelli. An iterative approach to language containment. In Lecture Notes in Computer Science, volume 697, pages 29--40. Springer, Berlin, 1993.

No context found.

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In 5th International Conference on Computer-Aided Verification, pages 29--40. Springer-Verlag, 1993.

No context found.

F. Balarin and A. L. Sangiovanni-Vincentelli. An iterative approach to language containment. In Proceedings of Computer Aided Veri cation. Fifth International Workshop, CAV '93, pages 29-40, July 1993.

First 50 documents

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC