Refining Model Checking by Abstract Interpretation

被引：51

作者：

Cousot P. ^{[1
,2
]}

Cousot R. ^{[1
,2
]}

机构：

[1] École Normale Supérieure, DMI, 45, rue d'Ulm, Paris cedex 05

[2] CNRS & École Polytechnique, LIX, Palaiseau cedex

来源：

Automated Software Engineering | 1999年 / 6卷 / 1期

关键词：

Abstract interpretation; Model-checking; Static analysis; Transition system; Universal safety;

D O I：

10.1023/A:1008649901864

中图分类号：

学科分类号：

摘要：

Formal methods combining abstract interpretation and model-checking have been considered for automated analysis of software. In abstract model-checking, the semantics of an infinite transition system is abstracted to get a finite approximation on which temporal-logic/μ-calculus model-checking can be directly applied. The paper proposes two improvements of abstract model-checking which can be applied to infinite abstract transition systems: - A new combination of forwards and backwards abstract fixed-point model-checking computations for universal safety. It computes a more precise result than that computed by conjunction of the forward and backward analyses alone, without needing to refine the abstraction; - When abstraction is unsound (as can happen in minimum/maximum path-length problems), it is proposed to use the partial results of a classical combination of forward and backward abstract interpretation analyses for universal safety in order to reduce, on-the-fly, the concrete state space to be searched by model-checking.

引用

页码：69 / 95

页数：26

共 44 条

[1]

Akers S., Binary decision diagrams, IEEE Trans. Comput., C-27, 6, pp. 509-516, (1978)

[2]

Bouajjani A., Fernandez J.-C., Halbwachs N., Raymond P., Ratel C., Minimal state graph generation, Sci. Comput. Prog., 18, pp. 247-269, (1992)

[3]

Bourdoncle F., Abstract Debugging of Higher-Order Imperative Languages, Proc. ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 46-55, (1993)

[4]

Bryant R., Graph-based algorithms for boolean function manipulation, IEEE Trans. Comput., C-35, 8, pp. 677-691, (1986)

[5]

Burch J., Clarke E., McMillan K., Dill D., Hwang L., Symbolic model-checking: 10<sup>20</sup> states and beyond, Inf. & Comp., 98, 2, pp. 142-170, (1992)

[6]

Campos S., Clarke E., Marrero W., Minea M., Verus: A tool for quantitative analysis of finite-state real-time systems, Proc. ACM SIGPLAN 1995 Workshop on Languages, Compilers & Tools for Real-Time Systems, pp. 75-83, (1995)

[7]

Clarke E., Emerson E., Synthesis of synchronization skeletons for branching time temporal logic, LNCS, 131, (1981)

[8]

Clarke E., Emerson E., Sistla A., Automatic verification of finite-state concurrent systems using temporal logic specifications, 10th POPL (1983) and Trans. Prog. Lang. Sys., 8, pp. 244-263, (1983)

[9]

Clarke E., Grumberg O., Long D., Model checking abstraction, 19th POPL, pp. 343-354, (1992)

[10]

Cleaveland R., Iyer P., Yankelevitch D., Optimality in abstractions of model-checking, LNCS, 983, pp. 51-63, (1995)

← 1 2 3 4 5 →