1 / 24

Abstraction (Cont’d)

Abstraction (Cont’d). Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential Properties over- and under-approximations Abstraction for Mixed Properties 3-valued abstraction Overlapping Abstract Domains

natane
Download Presentation

Abstraction (Cont’d)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Abstraction (Cont’d) • Defining an Abstract Domain • variable elimination, data abstraction, predicate abstraction • Abstraction for Universal/Existential Properties • over- and under-approximations • Abstraction for Mixed Properties • 3-valued abstraction • Overlapping Abstract Domains • Belnap (4-valued) abstraction

  2. Recall: Defining an Abstract Domain      S γ γ γ γ γ S’ Abstraction  : S→S’ Concretization γ: S’→2S

  3. Abstract Kripke Structure • Abstract interpretation of atomic propositions • I ’(a, p) = true iff forall s in (a), I (s, p) = true • I ’(a, p) = false iff forall s in(a), I (s, p) = false • Abstract Transition Relation (2 choices) • Over-Approximation (Existential) • Make a transition from an abstract state if at least one corresponding concrete state has the transition. • Under-Approximation (Universal) • Make a transition from an abstract state if allthe corresponding concrete states have the transition.

  4. Which abstraction to use? But what about mixed properties?!

  5. 3-Valued Kleene Logic false t true ⊥ f t ⊥ f unknown Information Ordering Truth Ordering t⋀⊥ = ⊥ t⋁⊥ = t ¬t = f ¬⊥ = ⊥

  6. 3-Valued Kripke Structures t ⊥ f p = t q = f p = f q = f p = t q = ⊥ • Kripke structures extended to 3-valued logic • Propositions can be • True, False, or Unknown • Transitions • possible: ⊥ • necessary and possible: t • impossible:f ⊥ t s0 ⊥ s1 s2

  7. 3-Valued Abstraction p p q p p p q p q over-approximation t ⊥ f 3-Valued Abstraction under-approximation

  8. Example Revisited (3-Val Abstraction) I ⊥ t ⊥ ⊥ t t I ⊥ ⊥ t ⊥

  9. Model-Checking with 3 Values t ⊥ f • Usual semantics of temporal operators • BUT connectives ⋀ ⋁ ¬ are interpreted in 3-Valued Logic p s0 s1 p q s2 Examples (EX ¬p)(s0) = t (EX q)(s0) = ⊥ (EX ¬p⋀q)(s0) = f (EX p)(s) = ⋁t R(s,t) ⋀p(t)

  10. Preservation via 3-Valued Abstraction • Let φbe a temporal formula (CTL) • Let K’ be a 3-valued abstraction of K • Preservation Theorem no information Preserves truth and falsity of arbitrary properties!

  11. Abstraction (Outline) • Defining an Abstract Domain • variable elimination, data abstraction, predicate abstraction • Abstraction for Universal/Existential Properties • over- and under-approximations • Abstraction for Mixed Properties • 3-valued abstraction • Overlapping Abstract Domains • Belnap (4-valued) abstraction

  12. Example: Coarse Abstract Domain p q s0 s2 q s1 s3 a0 a1 p? q p? q a0 a0 a1 a1 Over-Approximation Under-Approximation AX (p ⋁ ¬p) is inconclusive EX (q) is true Goal: make AX conclusive as well, via domain refinement

  13. Example: Refined Abstract Domain p q p q a2 a2 a0 a0 q q a3 a3 p q s2 a2 s0 q s1 s3 a3 a0 Over-Approximation Under-Approximation EX (q) is inconclusive AX (p ⋁ ¬p) is true Partitioned domain does not work! Need an overlapping abstract domain!!!

  14. Example: Overlapping Abstract Domain p q p q a2 a2 p? q p? q a0 a0 a1 a1 q q a3 a3 p q a2 s0 s2 q s1 s3 a3 a0 a1 Over-Approximation Under-Approximation AX (p ⋁ ¬p) is true EX (q) is true

  15. Supporting Overlapping Abstract Domains • Goal • as before, want to combine over- and under-approximations to support analysis of mixed properties • Problem • 3-valued logic is no longer sufficient • need to deal with 4 types of transitions • over-, under-, both over- and under-, and neither • i.e., under-approx is no longer a subset of over-approx • Solution • use 4-valued Belnap logic

  16. Belnap Logic inconsistent ⊤ false t true ⊥ ⊤ f t ⊥ f unknown Information Ordering Truth Ordering t⋀⊥ = ⊥ t⋁⊥ = t ¬t = f ¬⊥ = ⊥

  17. Belnap Kripke Structures ⊥ ⊤ p = t q = f p = f q = f f p = t q = t p = t q = ⊥ ⊥ t ⊥ ⊤ • Kripke structures extended to Belnap logic • Propositions • True, False, or Unknown • Transitions • only under-approximation: ⊤ • only over-approximation: ⊥ • both over- and under-: t • neither:f

  18. Belnap Kripke Structures t Over-approximation p ⊥ ⊤ f p q p p p q p q? p q? Under-approximation

  19. Overview of Model Checking SW/HW artifact Correctness properties Correct? Translation Model Extraction Model of System Temporal logic Model Checker Yes/No Answer [CDEG03]

  20. Overview of MV-Model Checking SW/HW artifact Correctness properties How correct? MV-Logic Translation Model Extraction Model of System Temporal logic MV-Model Checker Model Checker Yes/No Answer MV-Logic Answer [CDEG03]

  21. Preservation via Belnap Abstraction • Let φbe a temporal formula (CTL) • Let K’ be a Belnap abstraction of K • Preservation Theorem Not possible for a sound abstraction Preserves truth and falsity of arbitrary properties!

  22. Summary Abstraction is the key to scaling up • Choose an abstract domain • Variable elimination, data abstraction, predicate abstraction, … • Choose a type of abstraction • Over-, Under-, 3Val, Belnap • Build an abstract model ($$$$$) • Model-check the property on the abstract model • If the result is conclusive, STOP • Otherwise, pick a new abstract domain, REPEAT

  23. References • [DGG97] D. Dams, R. Gerth, and O. Grumberg, “Abstract Interpretation of Reactive Systems”. In TOPLAS, No. 19, Vol. 2, pp. 253-291, 1997. • [CDEG03] M. Chechik, B. Devereux, S. Easterbrook, and A. Gurfinkel, “Multi-Valued Symbolic Model-Checking”. In TOSEM, No. 4, Vol. 12, pp. 1-38, 2003.

  24. Acknowledgements These slides are based on the tutorial “Model-Checking: From Software to Hardware” given by Marsha Chechik and Arie Gurfinkel at Formal Methods 2006.

More Related