Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Abstraction (Cont’d) Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential.

Published byAkira Littleford Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Abstraction (Cont’d) Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential."— Presentation transcript:

1 1 Abstraction (Cont’d) Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential Properties over- and under-approximations  Abstraction for Mixed Properties  3-valued abstraction  Overlapping Abstract Domains  Belnap (4-valued) abstraction

2 2 Recall: Defining an Abstract Domain  Abstraction  : S→S’ S S’ γγγ γγ Concretization γ : S’→2 S

3 3 Abstract Kripke Structure  Abstract interpretation of atomic propositions  I ’(a, p) = true iff forall s in  (a), I (s, p) = true  I ’(a, p) = false iff forall s in  (a), I (s, p) = false  Abstract Transition Relation (2 choices)  Over-Approximation (Existential)  Make a transition from an abstract state if at least one corresponding concrete state has the transition.  Under-Approximation (Universal)  Make a transition from an abstract state if all the corresponding concrete states have the transition.

4 4 Which abstraction to use? Property Type Expected Result Abstraction to use Universal (ACTL, LTL) TrueOver- FalseUnder- Existential (ECTL) TrueUnder- FalseOver- But what about mixed properties?!

5 5 3-Valued Kleene Logic Information Ordering ⊥ f t true false unknown t ⋀ ⊥ = ⊥ t ⋁ ⊥ = t ¬ t = f ¬ ⊥ = ⊥ Truth Ordering ⊥ f t

6 6 3-Valued Kripke Structures p = t q = f p = f q = f p = t q = ⊥ t f ⊥  Kripke structures extended to 3- valued logic  Propositions can be  True, False, or Unknown  Transitions  possible: ⊥  necessary and possible: t  impossible: f s0s0 s2s2 s1s1 ⊥ t ⊥

7 7 3-Valued Abstraction p pqpq t f ⊥ p pqpq over-approximation under-approximation p pqpq 3-Valued Abstraction

8 8 Example Revisited (3-Val Abstraction) I I ⊥ ⊥ ⊥ ⊥ ⊥ ⊥ t t t t

9 9 Model-Checking with 3 Values  Usual semantics of temporal operators  BUT connectives ⋀ ⋁ ¬ are interpreted in 3-Valued Logic t f ⊥ ( EX ¬p )(s 0 ) = t (EX q)(s 0 ) = ⊥ (EX ¬ p ⋀ q)(s 0 ) = f Examples s0s0 s2s2 s1s1 p pqpq (EX p)(s) = ⋁ t R(s,t) ⋀ p(t)

10 10 Preservation via 3-Valued Abstraction  Let φ be a temporal formula (CTL)  Let K’ be a 3-valued abstraction of K  Preservation Theorem Abstract MC Result Concrete Information True K ⊨ φ False K ⊨ ¬φ Maybe K ⊨ φ or K ⊨ ¬φ Preserves truth and falsity of arbitrary properties! no information

11 11 Abstraction (Outline) Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential Properties over- and under-approximations Abstraction for Mixed Properties 3-valued abstraction  Overlapping Abstract Domains  Belnap (4-valued) abstraction

12 12 Example: Coarse Abstract Domain s0s0 s1s1 s2s2 pqpq q s3s3 a0a0 a1a1 Over-ApproximationUnder-Approximation p? q a0a0 a1a1 p? q a0a0 a1a1 AX (p ⋁ ¬ p) is inconclusive EX (q) is true Goal: make AX conclusive as well, via domain refinement

13 13 Example: Refined Abstract Domain s0s0 s1s1 s2s2 pqpq q s3s3 a0a0 Over-ApproximationUnder-Approximation AX (p ⋁ ¬ p) is true EX (q) is inconclusive a2a2 a3a3 pqpq a0a0 a2a2 q a3a3 pqpq a0a0 a2a2 q a3a3 Partitioned domain does not work! Need an overlapping abstract domain!!!

14 14 Example: Overlapping Abstract Domain s0s0 s1s1 s2s2 pqpq q s3s3 a0a0 Over-ApproximationUnder-Approximation AX (p ⋁ ¬ p) is true EX (q) is true a2a2 a3a3 a1a1 pqpq a0a0 a2a2 q a3a3 p? q a1a1 pqpq a0a0 a2a2 q a3a3 p? q a1a1

15 15 Supporting Overlapping Abstract Domains  Goal  as before, want to combine over- and under- approximations to support analysis of mixed properties  Problem  3-valued logic is no longer sufficient  need to deal with 4 types of transitions  over-, under-, both over- and under-, and neither  i.e., under-approx is no longer a subset of over-approx  Solution  use 4-valued Belnap logic

16 16 Belnap Logic Information Ordering ⊤ ⊥ f t true false unknown inconsistent t ⋀ ⊥ = ⊥ t ⋁ ⊥ = t ¬ t = f ¬ ⊥ = ⊥ Truth Ordering ⊤⊥ f t

17 17 Belnap Kripke Structures f ⊥⊤  Kripke structures extended to Belnap logic  Propositions  True, False, or Unknown  Transitions  only under-approximation: ⊤  only over-approximation: ⊥  both over- and under-: t  neither: f p = t q = f p = f q = f p = t q = ⊥ p = t q = t t ⊥ ⊥ ⊤

18 18 Belnap Kripke Structures p p q? pqpq t f ⊥⊤ p pqpq p p q? Over-approximation Under-approximation

19 19 Overview of Model Checking Yes/No Answer Yes/No Answer SW/HW artifact SW/HW artifact Correctness properties Correctness properties Temporal logic Temporal logic Model of System Model of System Model Extraction Model Extraction Translation Model Checker Model Checker Correct? [CDEG03]

20 20 Yes/No Answer Yes/No Answer SW/HW artifact SW/HW artifact Correctness properties Correctness properties Temporal logic Temporal logic Model of System Model of System Model Extraction Model Extraction Translation Model Checker Model Checker MV-Logic Answer MV-Logic Answer MV-Model Checker MV-Model Checker How correct? [CDEG03] Overview of MV-Model Checking

21 21 Preservation via Belnap Abstraction  Let φ be a temporal formula (CTL)  Let K’ be a Belnap abstraction of K  Preservation Theorem Abstract MC Result Concrete Information True K ⊨ φ False K ⊨ ¬φ ⊥ K ⊨ φ or K ⊨ ¬φ ⊤ K ⊨ φ and K ⊨ ¬φ Preserves truth and falsity of arbitrary properties! Not possible for a sound abstraction

22 22 Summary Abstraction is the key to scaling up 1.Choose an abstract domain  Variable elimination, data abstraction, predicate abstraction, … 2.Choose a type of abstraction  Over-, Under-, 3Val, Belnap 3.Build an abstract model ($$$$$) 4.Model-check the property on the abstract model 5.If the result is conclusive, STOP 6.Otherwise, pick a new abstract domain, REPEAT

23 23 References  [DGG97] D. Dams, R. Gerth, and O. Grumberg, “Abstract Interpretation of Reactive Systems”. In TOPLAS, No. 19, Vol. 2, pp. 253-291, 1997.  [CDEG03] M. Chechik, B. Devereux, S. Easterbrook, and A. Gurfinkel, “Multi-Valued Symbolic Model-Checking”. In TOSEM, No. 4, Vol. 12, pp. 1-38, 2003.

24 24 Acknowledgements These slides are based on the tutorial “Model- Checking: From Software to Hardware” given by Marsha Chechik and Arie Gurfinkel at Formal Methods 2006.

Download ppt "1 Abstraction (Cont’d) Defining an Abstract Domain variable elimination, data abstraction, predicate abstraction Abstraction for Universal/Existential."

Similar presentations

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST

TWO STEP EQUATIONS 1. SOLVE FOR X 2. DO THE ADDITION STEP FIRST
1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,

Path-Sensitive Analysis for Linear Arithmetic and Uninterpreted Functions SAS 2004 Sumit Gulwani George Necula EECS Department University of California,
Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.

Program Analysis using Random Interpretation Sumit Gulwani UC-Berkeley March 2005.
Bellwork If you roll a die, what is the probability that you roll a 2 or an odd number? P(2 or odd) 2. Is this an example of mutually exclusive, overlapping,

Bellwork If you roll a die, what is the probability that you roll a 2 or an odd number? P(2 or odd) 2. Is this an example of mutually exclusive, overlapping,
Inference in First-Order Logic

Inference in First-Order Logic
Advanced Piloting Cruise Plot.

Advanced Piloting Cruise Plot.
Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.

Sugar 2.0 Formal Specification Language D ana F isman 1,2 Cindy Eisner 1 1 IBM Haifa Research Laboratory 1 IBM Haifa Research Laboratory 2 Weizmann Institute.
Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.

Copyright © 2003 Pearson Education, Inc. Slide 1 Computer Systems Organization & Architecture Chapters 8-12 John D. Carpinelli.
Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.

Copyright © 2011, Elsevier Inc. All rights reserved. Chapter 5 Author: Julia Richards and R. Scott Hawley.
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.

1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.

By D. Fisher Geometric Transformations. Reflection, Rotation, or Translation 1.
UNITED NATIONS Shipment Details Report – January 2006.

UNITED NATIONS Shipment Details Report – January 2006.
Business Transaction Management Software for Application Coordination 1 www.choreology.com Business Processes and Coordination.

Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.

Title Subtitle.
Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.

Multiplying binomials You will have 20 seconds to answer each of the following multiplication problems. If you get hung up, go to the next problem when.
0 - 0.

0 - 0.
DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

DIVIDING INTEGERS 1. IF THE SIGNS ARE THE SAME THE ANSWER IS POSITIVE 2. IF THE SIGNS ARE DIFFERENT THE ANSWER IS NEGATIVE.

Similar presentations

Ads by Google