This preview shows pages 1–8. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full DocumentThis preview has intentionally blurred sections. Sign up to view the full version.
View Full Document
Unformatted text preview: CS 267: Automated Verification Lecture 17: Predicate Abstraction, Counter Example Guided Abstraction Refinement, Abstract Interpretation Instructor: Tevfik Bultan Model Checking Programs Using Abstraction Program model checking tools generally rely on automated abstraction techniques to reduce the state space of the system such as: Abstract interpretation Predicate abstraction If the abstraction is conservative then, if there is no error in the abstracted program we can conclude that there is no error in the original program In general the problem is to construct a finite state model from the program such that the errors or absence of errors can be demonstrated on the finite state model Model extraction problem Model Checking Programs via Abstraction Bandera A tool for extracting finite state models from programs Uses various abstract domains to map the state space of the program to a finite set of states via abstraction SLAM project at Microsoft Research Symbolic model checking for C programs Can handle unbounded recursion but does not handle concurrency Uses predicate abstraction, counterexample guided abstraction refinement and BDDs Abstraction (A simplified view) Abstraction is an effective tool in verification Given a transition system, we want to generate an abstract transition system which is easier to analyze However, we want to make sure that If a property holds in the abstract transition system, it also holds in the original ( concrete ) transition system Abstraction (A simplified view) How do we generate an abstract transition system? Merge states in the concrete transition system (based on some criteria) This reduces the number of states, so it should be easier to do verification Do not eliminate transitions This will make sure that the paths in the abstract transition system subsume the paths in the concrete transition system Abstraction (A simplified view) For every path in the concrete transition system, there is an equivalent path in the abstract transition system If no path in the abstract transition system violate a property, then no path in the concrete system can violate the property Using this reasoning we can verify ACTL, LTL and ACTL* properties in the abstract transition system If the property holds on the abstract transition system, we are sure that the property holds in the concrete transition system If the property does not hold in the abstract transition system, then we are not sure if the property holds or not in the concrete transition system Abstraction (A simplified view) If the property does not hold in the abstract transition system, what can we do?...
View Full
Document
 Fall '09
 bultan

Click to edit the document details