Generalized Strong Preservation by Abstract Interpretation

Standard abstract model checking relies on abstract Kripke structures which approximate concrete models by gluing together indistinguishable states, namely by a partition of the concrete state space. Strong preservation for a specification language L encodes the equivalence of concrete and abstract model checking of formulas in L. We show how abstract interpretation can be used to design abstract models that are more general than abstract Kripke structures. Accordingly, strong preservation is generalized to abstract interpretation-based models and precisely related to the concept of completeness in abstract interpretation. The problem of minimally refining an abstract model in order to make it strongly preserving for some language L can be formulated as a minimal domain refinement in abstract interpretation in order to get completeness w.r.t. the logical/temporal operators of L. It turns out that this refined strongly preserving abstract model always exists and can be characterized as a greatest fixed point. As a consequence, some well-known behavioural equivalences, like bisimulation, simulation and stuttering, and their corresponding partition refinement algorithms can be elegantly characterized in abstract interpretation as completeness properties and refinements

Generalizing the Paige-Tarjan Algorithm by Abstract Interpretation

The Paige and Tarjan algorithm (PT) for computing the coarsest refinement of a state partition which is a bisimulation on some Kripke structure is well known. It is also well known in model checking that bisimulation is equivalent to strong preservation of CTL, or, equivalently, of Hennessy-Milner logic. Drawing on these observations, we analyze the basic steps of the PT algorithm from an abstract interpretation perspective, which allows us to reason on strong preservation in the context of generic inductively defined (temporal) languages and of possibly non-partitioning abstract models specified by abstract interpretation. This leads us to design a generalized Paige-Tarjan algorithm, called GPT, for computing the minimal refinement of an abstract interpretation-based model that strongly preserves some given language. It turns out that PT is a straight instance of GPT on the domain of state partitions for the case of strong preservation of Hennessy-Milner logic. We provide a number of examples showing that GPT is of general use. We first show how a well-known efficient algorithm for computing stuttering equivalence can be viewed as a simple instance of GPT. We then instantiate GPT in order to design a new efficient algorithm for computing simulation equivalence that is competitive with the best available algorithms. Finally, we show how GPT allows to compute new strongly preserving abstract models by providing an efficient algorithm that computes the coarsest refinement of a given partition that strongly preserves the language generated by the reachability operator.Comment: Keywords: Abstract interpretation, abstract model checking, strong preservation, Paige-Tarjan algorithm, refinement algorith

The Inflammatory Cytokine IL-3 Hampers Cardioprotection Mediated by Endothelial Cell-Derived Extracellular Vesicles Possibly via Their Protein Cargo

The biological relevance of extracellular vesicles (EV) released in an ischemia/reperfusion setting is still unclear. We hypothesized that the inflammatory microenvironment prevents cardioprotection mediated by endothelial cell (EC)-derived extracellular vesicles. The effects of naïve EC-derived EV (eEV) or eEV released in response to interleukin-3 (IL-3) (eEV-IL-3) were evaluated in cardiomyoblasts (H9c2) and rat hearts. In transwell assay, eEV protected the H9c2 exposed to hypoxia/reoxygenation (H/R) more efficiently than eEV-IL-3. Conversely, only eEV directly protected H9c2 cells to H/R-induced damage. Consistent with this latter observation, eEV, but not eEV-IL-3, exerted beneficial effects in the whole heart. Protein profiles of eEV and eEV-IL-3, established using label-free mass spectrometry, demonstrated that IL-3 drives changes in eEV-IL-3 protein cargo. Gene ontology analysis revealed that both eEV and eEV-IL-3 were equipped with full cardioprotective machinery, including the Nitric Oxide Signaling in the Cardiovascular System. eEV-IL-3 were also enriched in the endothelial-nitric oxide-synthase (eNOS)-antagonist caveolin-1 and proteins related to the inflammatory response. In vitro and ex vivo experiments demonstrated that a functional Mitogen-Activated Protein Kinase Kinase (MEK1/2)/eNOS/guanylyl-cyclase (GC) pathway is required for eEV-mediated cardioprotection. Consistently, eEV were found enriched in MEK1/2 and able to induce the expression of B-cell-lymphoma-2 (Bcl-2) and the phosphorylation of eNOS in vitro. We conclude that an inflammatory microenvironment containing IL-3 changes the eEV cargo and impairs eEV cardioprotective action

Strong preservation of temporal fixpoint-based operators by abstract interpretation

Standard abstract model checking relies on abstract Kripke structures which approximate the concrete model by gluing together indistinguishable states. Strong preservation for a specification language L, encodes the equivalence of concrete and abstract model checking of formulas in L. Abstract interpretation allows to design abstract models which are more general than abstract Kripke structures. In this paper we show how abstract interpretation-based models can be exploited in order to specify a general strongly preserving abstract model checking framework. This is shown in particular for specification languages including standard temporal operators which admit a characterization as least/greatest fix-points, as e.g. standard "Finally", "Globally", "Until" and "Release" modalities

Making abstract model checking strongly preserving

Usually, abstract model checking is not strongly preserving: it may well exist a temporal specification which is not valid on the abstract model but which is instead satisfied by the concrete model. Starting from the standard notion of bisimulation, we introduce a notion of completeness for abstract models: completeness together with a so-called partitioning property for abstract models implies strong preservation for the past \u3bc-calculus. Within a rigorous abstract interpretation framework, we show that the least refinement of a given abstract model, for a suitable ordering on abstract models, which is complete and partitioning always exists, and it can be constructively characterized as a greatest fixpoint. This provides a systematic methodology for minimally refining an abstract model checking in order to get strong preservation

Generalized strong preservation by abstract interpretation.

Standard abstract model checking relies on abstract Kripke structures which approximate concrete models by gluing together indistinguishable states, namely by a partition of the concrete state space. Strong preservation for a specification language L amounts to the equivalence of concrete and abstract model checking of formulas in L. We show how abstract interpretation can be used to design generic abstract models that allow to view standard abstract Kripke structures as particular instances. Accordingly, strong preservation is generalized to abstract interpretation-based models and precisely related to the concept of completeness in abstract interpretation. The problem of minimally refining an abstract model in order to make it strongly preserving for some language L can be formulated as a minimal domain refinement in abstract interpretation in order to get completeness w.r.t. the logical/temporal operators of L. It turns out that this refined strongly preserving abstract model always exists and can be characterized as a greatest fixed point. As a consequence, some well-known behavioural equivalences, like bisimulation, simulation and stuttering, and their corresponding partition refinement algorithms can be elegantly characterized in abstract interpretation as completeness properties and refinements

A new efficient simulation equivalence algorithm

It is well known that simulation equivalence is an appropriate abstraction to be used in model checking because it strongly preserves ACTL* and provides a better space reduction than bisimulation equivalence. However, computing simulation equivalence is harder than computing bisimulation equivalence. A number of algorithms for computing simulation equivalence exist. Let \Sigma denote the state space, -> the transition relation and P_sim the partition of \Sigma induced by simulation equivalence. The algorithms by Henzinger, Henzinger, Kopke and by Bloom and Paige run in O(|\Sigma||->|)-time and, as far as time-complexity is concerned, they are the best available algorithms. However, these algorithms have the drawback of a quadratic space complexity that is bounded from below by \Omega(|\Sigma|^2). The algorithm by Gentilini, Piazza, Policriti appears to be the best algorithm when both time and space complexities are taken into account. Gentilini et al.'s algorithm runs in O(|Psim|^2|->|)-time while the space complexity is in O(|P_sim|^2 + |\Sigma| log(|P_sim|)). We present here a new efficient simulation equivalence algorithm that is obtained as a modification of Henzinger et al.'s algorithm and whose correctness is based on some techniques used in recent applications of abstract interpretation to model checking. Our algorithm runs in O(|P_sim||->|)-time and O(|P_sim||\Sigma|)-space. Thus, while retaining a space complexity which is lower than quadratic, our algorithm improves the best known time bound