#### DMCA

## Learning component interfaces with may and must abstractions

Venue: | Computer Aided Verification, 22nd International Conference, CAV 2010 |

Citations: | 6 - 0 self |

### Citations

3886 |
Communication and Concurrency
- Milner
- 1989
(Show Context)
Citation Context ...ven in e.g. [24]. Note that the set of may transitions is a super-set of the must transitions. We also note from the above definitions it follows that the may and must abstractions define simulations =-=[21]-=- between SmustC and SC , and between SC and S may C , respectively. Since simulation implies trace inclusion, we have the following characterization of under- and overapproximations (that we will use ... |

2289 |
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
- Cousot, Cousot
- 1977
(Show Context)
Citation Context ...), f, (q′, s′))|(q, f, q′) ∈ δ and (s, f, s′) ∈ δC}. Abstraction. We build may and must abstractions of software components using predicate abstraction – a special instance of abstract interpretation =-=[7]-=- that maps a potentially infinite state transition system into a finite state transition system via a finite set of predicates Preds = {p1, . . . , pn} over the program variables. We require Perr ⊆ Pr... |

835 | Counterexample-guided abstraction refinement
- Clarke, Grumberg, et al.
- 2000
(Show Context)
Citation Context ... predicates that are guaranteed to eliminate these may transitions, and returns the newly discovered predicates. We note that unlike standard approaches to counterexample-based abstraction refinement =-=[6]-=-, we do not refine solely based on “spurious” counterexamples. The counterexamples obtained from failed safety checks may be feasible, but they may still lead to refinement since they contain non-must... |

663 |
Learning regular sets from queries and counterexamples
- Angluin
- 1987
(Show Context)
Citation Context ... an interface that is safe with respect to the may abstraction and permissive with respective to the must abstraction is safe and permissive with respect to C itself. We use the L* learning algorithm =-=[4]-=- to generate safe and permissive interfaces for C, by iteratively checking may and must abstractions of C. These abstractions are gradually refined during the learning process, based on counterexample... |

409 | Flow-sensitive type qualifiers
- Foster, Terauchi, et al.
- 2002
(Show Context)
Citation Context ...nent provides and requires at a purely syntactic level. However, the need has been identified for interfaces that document richer aspects of component behavior. For example in this work, as in others =-=[1, 5, 8, 11, 12, 16]-=-, interfaces describe correct sequences of invocations to public methods of a component. Richer interfaces can serve as a documentation aid to application programmers, but can also be used by verifica... |

358 | Mining specifications
- Ammons, Bodík, et al.
- 2002
(Show Context)
Citation Context ...eneration is novel. Other approaches generate interfaces by using static analysis [27], or a combination of static and dynamic analyses [28], or by extracting information from sample execution traces =-=[3]-=-. All these techniques generate approximate interfaces, as opposed to our work that aims at producing precise interfaces that provide correctness guarantees. Interface generation is related to assume-... |

297 | ESP: path-sensitive program verification in polynomial time
- Das, Lerner, et al.
- 2002
(Show Context)
Citation Context ...nent provides and requires at a purely syntactic level. However, the need has been identified for interfaces that document richer aspects of component behavior. For example in this work, as in others =-=[1, 5, 8, 11, 12, 16]-=-, interfaces describe correct sequences of invocations to public methods of a component. Richer interfaces can serve as a documentation aid to application programmers, but can also be used by verifica... |

268 | K.L.: Abstractions from proofs
- Henzinger, Jhala, et al.
- 2004
(Show Context)
Citation Context ... tool [24]. ARMC already had support for may abstractions; we extended it with support for must abstractions. Furthermore, ARMC provides abstraction refinement algorithms based on Craig interpolation =-=[17]-=-. We have integrated these algorithms in our approach, as an alternative to refinement based on weakest preconditions. We note that the algorithms presented previously use the explicit composition of ... |

206 |
Specification and design of (parallel) programs
- Jones
- 1983
(Show Context)
Citation Context ...es generate approximate interfaces, as opposed to our work that aims at producing precise interfaces that provide correctness guarantees. Interface generation is related to assume-guarantee reasoning =-=[2, 10, 18, 23]-=-, since component interfaces can be used as assumptions in this context. Shoham et al. [26] describe a compositional framework for modal transition systems, based on techniques taken from the 3-valued... |

191 | Inference of Finite Automata using Homing Sequences
- Rivest, Schapire
- 1993
(Show Context)
Citation Context ...τ → s′ ⇒ φ(s′)), and it characterizes the largest set of states whose successors by transition τ satisfy φ. The L∗ Algorithm. L* was developed by Angluin [4] and later improved by Rivest and Schapire =-=[25]-=-. L* learns an unknown regular language U over alphabet Σ and produces a minimal deterministic finite state automaton (DFA) that accepts it. L* interacts with a Minimally Adequate Teacher that answers... |

183 | MOCHA: Modularity in model checking - Alur, Henzinger, et al. - 1998 |

166 | Automatic extraction of object-oriented component interfaces
- Whaley, Martin, et al.
(Show Context)
Citation Context ... knowledge, the use of may and must abstractions for interface generation is novel. Other approaches generate interfaces by using static analysis [27], or a combination of static and dynamic analyses =-=[28]-=-, or by extracting information from sample execution traces [3]. All these techniques generate approximate interfaces, as opposed to our work that aims at producing precise interfaces that provide cor... |

137 | Synthesis of interface specifications for java classes
- Alur, Cern´y, et al.
(Show Context)
Citation Context ...nent provides and requires at a purely syntactic level. However, the need has been identified for interfaces that document richer aspects of component behavior. For example in this work, as in others =-=[1, 5, 8, 11, 12, 16]-=-, interfaces describe correct sequences of invocations to public methods of a component. Richer interfaces can serve as a documentation aid to application programmers, but can also be used by verifica... |

117 | Timed Interfaces
- Alfaro, Henzinger, et al.
- 2002
(Show Context)
Citation Context |

79 | ARMC: The logical choice for software model checking with abstraction refinement
- Podelski, Rybalchenko
- 2007
(Show Context)
Citation Context ...−→may), respectively. We sometimes write SmustC or S may C when Preds is clear from the context. Algorithms for computing may and must abstractions with the help of a theorem prover are given in e.g. =-=[24]-=-. Note that the set of may transitions is a super-set of the must transitions. We also note from the above definitions it follows that the may and must abstractions define simulations [21] between Smu... |

76 | Abstraction-based model checking using modal transition systems - Godefroid, Huth, et al. - 2001 |

73 |
Syntactic program transformations for automatic abstraction
- Namjoshi, Kurshan
- 2000
(Show Context)
Citation Context ...ng termination argument: Theorem 3. If Alg computes an abstraction such that LE(Cmust) = LE(Cmay) = LE(C), then the Alg terminates. Furthermore, from previous work on automatic abstraction refinement =-=[22, 19]-=-, we know that if the component C has a finite bisimulation quotient [20], then the refinement based on weakest precondition calculations is guaranteed to converge to that finite quotient. Theorem 4 (... |

66 |
transition from global to modular temporal reasoning about programs
- In
- 1985
(Show Context)
Citation Context ...es generate approximate interfaces, as opposed to our work that aims at producing precise interfaces that provide correctness guarantees. Interface generation is related to assume-guarantee reasoning =-=[2, 10, 18, 23]-=-, since component interfaces can be used as assumptions in this context. Shoham et al. [26] describe a compositional framework for modal transition systems, based on techniques taken from the 3-valued... |

61 |
Online minimization of transition systems, in
- Lee, Yannakakis
- 1992
(Show Context)
Citation Context ...ng termination argument: Theorem 3. If Alg computes an abstraction such that LE(Cmust) = LE(Cmay) = LE(C), then the Alg terminates. Furthermore, from previous work on automatic abstraction refinement =-=[22, 19]-=-, we know that if the component C has a finite bisimulation quotient [20], then the refinement based on weakest precondition calculations is guaranteed to converge to that finite quotient. Theorem 4 (... |

57 | Compositional maymust program analysis: unleashing the power of alternation
- Godefroid, Nori, et al.
- 2010
(Show Context)
Citation Context ...tion systems, based on techniques taken from the 3-valued game-based model checking for abstract models [9, 14]. Those approaches do not use explicit interfaces (or assumptions). Finally, recent work =-=[15]-=- uses may and must information in the form of procedure summaries in a compositional framework that performs program analysis. 2 Example void rel(){ a = NULL; return;} void relx(){ a = NULL; x = 0; re... |

47 | Thread-modular verification for shared-memory programs
- Flanagan, Freund, et al.
- 2002
(Show Context)
Citation Context ...es generate approximate interfaces, as opposed to our work that aims at producing precise interfaces that provide correctness guarantees. Interface generation is related to assume-guarantee reasoning =-=[2, 10, 18, 23]-=-, since component interfaces can be used as assumptions in this context. Shoham et al. [26] describe a compositional framework for modal transition systems, based on techniques taken from the 3-valued... |

33 | Three-valued abstractions of games: Uncertainty, but with precision
- Alfaro, Godefroid, et al.
- 2004
(Show Context)
Citation Context ...umptions in this context. Shoham et al. [26] describe a compositional framework for modal transition systems, based on techniques taken from the 3-valued game-based model checking for abstract models =-=[9, 14]-=-. Those approaches do not use explicit interfaces (or assumptions). Finally, recent work [15] uses may and must information in the form of procedure summaries in a compositional framework that perform... |

28 |
Online minimization of transition systems (extended abstract
- Lee, Yannakakis
- 1992
(Show Context)
Citation Context ...LE(Cmust) = LE(Cmay) = LE(C), then the Alg terminates. Furthermore, from previous work on automatic abstraction refinement [22, 19], we know that if the component C has a finite bisimulation quotient =-=[20]-=-, then the refinement based on weakest precondition calculations is guaranteed to converge to that finite quotient. Theorem 4 (Bisimulation Completeness [22, 19]). If the component C has a finite bisi... |

26 |
Adapting side effects analysis for modular program model checking
- Tkachuk, Dwyer
- 2003
(Show Context)
Citation Context ... may and must transitions. However, to the best of our knowledge, the use of may and must abstractions for interface generation is novel. Other approaches generate interfaces by using static analysis =-=[27]-=-, or a combination of static and dynamic analyses [28], or by extracting information from sample execution traces [3]. All these techniques generate approximate interfaces, as opposed to our work that... |

11 | Algorithms for Interface Synthesis
- Beyer, Henzinger, et al.
- 2007
(Show Context)
Citation Context |

10 | Interface Generation and compositional Verification in Java PathFinder
- Giannakopoulou, Pasareanu
- 2009
(Show Context)
Citation Context |

4 | Compositional verification and 3-valued abstractions join forces
- Shoham, Grumberg
(Show Context)
Citation Context ...hat provide correctness guarantees. Interface generation is related to assume-guarantee reasoning [2, 10, 18, 23], since component interfaces can be used as assumptions in this context. Shoham et al. =-=[26]-=- describe a compositional framework for modal transition systems, based on techniques taken from the 3-valued game-based model checking for abstract models [9, 14]. Those approaches do not use explici... |

1 |
A game-based framework for ctl counterexamples and 3-valued abstraction-refinement
- Godefroid, Huth, et al.
- 2003
(Show Context)
Citation Context ...umptions in this context. Shoham et al. [26] describe a compositional framework for modal transition systems, based on techniques taken from the 3-valued game-based model checking for abstract models =-=[9, 14]-=-. Those approaches do not use explicit interfaces (or assumptions). Finally, recent work [15] uses may and must information in the form of procedure summaries in a compositional framework that perform... |