117 research outputs found
Generalized Strong Preservation by Abstract Interpretation
Standard abstract model checking relies on abstract Kripke structures which
approximate concrete models by gluing together indistinguishable states, namely
by a partition of the concrete state space. Strong preservation for a
specification language L encodes the equivalence of concrete and abstract model
checking of formulas in L. We show how abstract interpretation can be used to
design abstract models that are more general than abstract Kripke structures.
Accordingly, strong preservation is generalized to abstract
interpretation-based models and precisely related to the concept of
completeness in abstract interpretation. The problem of minimally refining an
abstract model in order to make it strongly preserving for some language L can
be formulated as a minimal domain refinement in abstract interpretation in
order to get completeness w.r.t. the logical/temporal operators of L. It turns
out that this refined strongly preserving abstract model always exists and can
be characterized as a greatest fixed point. As a consequence, some well-known
behavioural equivalences, like bisimulation, simulation and stuttering, and
their corresponding partition refinement algorithms can be elegantly
characterized in abstract interpretation as completeness properties and
refinements
Enhancing Test Coverage by Back-tracing Model-checker Counterexamples
AbstractThe automatic detection of unreachable coverage goals and generation of tests for "corner-case" scenarios is crucial to make testing and simulation based verification more effective. In this paper we address the problem of coverability analysis and test case generation in modular and component based systems. We propose a technique that, given an uncovered branch in a component, either establishes that the branch cannot be covered or produces a test case at the system level which covers the branch. The technique is based on the use of counterexamples returned by model checkers, and exploits compositionality to cope with large state spaces typical of real applications
Generalizing the Paige-Tarjan Algorithm by Abstract Interpretation
The Paige and Tarjan algorithm (PT) for computing the coarsest refinement of
a state partition which is a bisimulation on some Kripke structure is well
known. It is also well known in model checking that bisimulation is equivalent
to strong preservation of CTL, or, equivalently, of Hennessy-Milner logic.
Drawing on these observations, we analyze the basic steps of the PT algorithm
from an abstract interpretation perspective, which allows us to reason on
strong preservation in the context of generic inductively defined (temporal)
languages and of possibly non-partitioning abstract models specified by
abstract interpretation. This leads us to design a generalized Paige-Tarjan
algorithm, called GPT, for computing the minimal refinement of an abstract
interpretation-based model that strongly preserves some given language. It
turns out that PT is a straight instance of GPT on the domain of state
partitions for the case of strong preservation of Hennessy-Milner logic. We
provide a number of examples showing that GPT is of general use. We first show
how a well-known efficient algorithm for computing stuttering equivalence can
be viewed as a simple instance of GPT. We then instantiate GPT in order to
design a new efficient algorithm for computing simulation equivalence that is
competitive with the best available algorithms. Finally, we show how GPT allows
to compute new strongly preserving abstract models by providing an efficient
algorithm that computes the coarsest refinement of a given partition that
strongly preserves the language generated by the reachability operator.Comment: Keywords: Abstract interpretation, abstract model checking, strong
preservation, Paige-Tarjan algorithm, refinement algorith
Finite-State Abstractions for Probabilistic Computation Tree Logic
Probabilistic Computation Tree Logic (PCTL) is the established temporal
logic for probabilistic verification of discrete-time Markov chains. Probabilistic
model checking is a technique that verifies or refutes whether a property
specified in this logic holds in a Markov chain. But Markov chains are often
infinite or too large for this technique to apply. A standard solution to
this problem is to convert the Markov chain to an abstract model and to
model check that abstract model. The problem this thesis therefore studies
is whether or when such finite abstractions of Markov chains for model
checking PCTL exist.
This thesis makes the following contributions. We identify a sizeable fragment
of PCTL for which 3-valued Markov chains can serve as finite abstractions;
this fragment is maximal for those abstractions and subsumes many
practically relevant specifications including, e.g., reachability. We also develop
game-theoretic foundations for the semantics of PCTL over Markov
chains by capturing the standard PCTL semantics via a two-player games.
These games, finally, inspire a notion of p-automata, which accept entire
Markov chains. We show that p-automata subsume PCTL and Markov
chains; that their languages of Markov chains have pleasant closure properties;
and that the complexity of deciding acceptance matches that of probabilistic
model checking for p-automata representing PCTL formulae. In addition,
we offer a simulation between p-automata that under-approximates
language containment. These results then allow us to show that p-automata
comprise a solution to the problem studied in this thesis
Model Checking a Temporal Logic via Program Verification
openThe thesis explores the possibility of viewing Model Checking as an instance of program verification in order to allow for the reuse of the vast theory and toolset of Abstract Interpretation in the setting of Model Checking. Model Checking is a formal verification technique used to analyse the correctness of software systems, based on a representation of the system as a formal model, such as a finite-state machine or a transition system, and on a representation of the properties it must satisfy as temporal logic formulae. On the other hand, Abstract Interpretation is a program analysis method, based on the idea of extracting properties of programs by (over-)approximating their semantics over a so-called abstract domain, typically a complete lattice, whose elements represent program properties. The thesis focuses on ACTL, the universal fragment of the temporal logic CTL, which can describe properties of executions which are universally quantified. It shows how properties expressed in ACTL can be mapped into programs written in a suitable programming language, whose semantics consists of counterexamples to the validity of the formula. Then such a program is analysed by Abstract Interpretation over some abstract domain, exploiting the idea of local completeness as put forward in some recent work, combining lower- and under-approximations.The thesis explores the possibility of viewing Model Checking as an instance of program verification in order to allow for the reuse of the vast theory and toolset of Abstract Interpretation in the setting of Model Checking. Model Checking is a formal verification technique used to analyse the correctness of software systems, based on a representation of the system as a formal model, such as a finite-state machine or a transition system, and on a representation of the properties it must satisfy as temporal logic formulae. On the other hand, Abstract Interpretation is a program analysis method, based on the idea of extracting properties of programs by (over-)approximating their semantics over a so-called abstract domain, typically a complete lattice, whose elements represent program properties. The thesis focuses on ACTL, the universal fragment of the temporal logic CTL, which can describe properties of executions which are universally quantified. It shows how properties expressed in ACTL can be mapped into programs written in a suitable programming language, whose semantics consists of counterexamples to the validity of the formula. Then such a program is analysed by Abstract Interpretation over some abstract domain, exploiting the idea of local completeness as put forward in some recent work, combining lower- and under-approximations
Modular Verification of Biological Systems
Systems of interest in systems biology (such as metabolic pathways, signalling pathways and gene regulatory networks) often consist of a huge number of components interacting in different ways, thus exhibiting very complex behaviours. In biology, such behaviours are usually explored by means of simulation techniques applied to models defined on the basis of system observation and of hypotheses on its functioning.
Model checking has also been recently applied to the analysis of biological systems. This analysis technique typically relies on a state space representation whose size, unfortunately, makes the analysis often intractable for realistic models. A method for trying to avoid the state space explosion problem is to consider a decomposition of the system, and to apply a modular verification technique.
In particular, properties to be verified often concern only a small portion of the modelled system rather than the system as a whole. Hence, for each property it would be useful to be able to isolate a minimal fragment of the model that is necessary to verify such a property.
In this thesis we introduce a modular verification technique in which the system of interest is described by means of an automata-based formalism, called sync-programs, that supports modular construction. Our modular verification technique is based on results of Grumberg et al.~and on their application to the theory of concurrent systems proposed by Attie and Emerson. In particular, we adapt Attie and Emerson's approach to deal with biological systems by allowing automata to synchronise by performing transitions simultaneously.
Modular verification allows qualitative aspects of systems to be analysed with the guarantee that properties proved to hold in a suitable model fragment also hold in the whole model. The correctness of the verification technique is proved. The class of properties preserved is ACTL, the universal fragment of temporal logic CTL. The preservation holds only for positive answers and negative answers are not necessarily preserved.
In order to verify properties we use the NuSMV model checker, which is a well-established and efficient instrument. We provide a formal translation of sync-programs to simpler automata, which can be given as input to NuSMV. We prove the correspondence of the verification problems.
We show the application of our verification technique in some biological case studies. We compare the time required to verify the property on the whole model with the time needed to verify the same property by only considering those modules which are involved in the behaviour of the system related to the property.
In order to handle modelling and verification of more realistic biological scenarios, we propose also a dynamic version of our formalism. It allows entities to be created dynamically, in particular by other already running entities, as it often happens in biological systems. Moreover, multiple copies of the same entities can be present at the same time in a system. We show a correspondence of our model with Petri Nets. This has a consequence that tools developed for Petri Nets could be used also for dynamic sync-programs. Modular verification allows properties expressed as DACTL- formulae (dynamic version of ACTL-) to be verified on a portion of the model.
The results of analysis of the case study of the MAP kinase cascade activated by surface and internalised EGF receptors, which consists of 143 species and 80 reactions, suggest applicability and scalability of the approach.
The results raise the prospect of rendering tractable problems that are currently intractable in the verification of biological systems. In addition, we expect that the techniques developed in the thesis could be applied with profit not only to models of biological systems, but more generally to models of concurrent systems
Practical Abstraction for Model Checking of Multi-Agent Systems
Model checking of multi-agent systems (MAS) is known to be hard, both
theoretically and in practice. A smart abstraction of the state space may
significantly reduce the model, and facilitate the verification. In this paper,
we propose and study an intuitive agent-based abstraction scheme, based on the
removal of variables in the representation of a MAS. This allows to do the
reduction without generating the global model of the system. Moreover, the
process is easy to understand and control even for domain experts with little
knowledge of computer science. We formally prove the correctness of the
approach, and evaluate the gains experimentally on models of a postal voting
procedure
A state/event-based model-checking approach for the analysis of abstract system properties.
AbstractWe present the UMC framework for the formal analysis of concurrent systems specified by collections of UML state machines. The formal model of a system is given by a doubly labelled transition system, and the logic used to specify its properties is the state-based and event-based logic UCTL. UMC is an on-the-fly analysis framework which allows the user to interactively explore a UML model, to visualize abstract behavioural slices of it and to perform local model checking of UCTL formulae. An automotive scenario from the service-oriented computing (SOC) domain is used as case study to illustrate our approach
- …