Comparing Under and Over-Approximations of LTL Properties for Model Checking

The clE#(N method for abstracting temporal properties when realG ing abstract model checking is based on defining an abstract satisfiabil= y rel ation which underapproximates the standard one. As a consequence, satisfiabil# y of universal properties is directl y preserved from the abstract model to the concrete one. However, this resul t may be impractical due to the imprecision and incompl eteness with which abstract model s are usual l y constructed. Thus, in the case a model checking tool supporting abstract model checking gives a negative answer, the user must anal yze the counter-exampl es produced to decide whether the property real l y fail s or, on the contrary, the abstract model is too imprecise to obtain a definitive resulG We have devel oped analE rnative method for abstracting temporal properties based on the idea of over-approximation. In this paper, we compare these two methods with respect to the satisfiabil) y/refutation of universal# xistential properties, proving that they produce compl ementary resul ts. Final l y, we study the conditions which ensure that the method based on over-approximation al so produces definitive answers when anal yzing universal properties. 1 Introducti Checki ng [1] representso ne o the moH useful resultso f almo0 twenty yearso f research in fo rmal metho ds to increase the qualityo f so ftware and o ther related systems. Amo del checker wo rks with a high level descriptio no This research is partial l y supported by the CICYT projects TIC2001-2705-C03-02 and TIC99-1083-C02-01