The Experts below are selected from a list of 1350756 Experts worldwide ranked by ideXlab platform
Pascal Raymond - One of the best experts on this subject based on the ideXlab platform.
-
Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal RaymondAbstract:The boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a “yes/no” answer (actually, a “yes/don’t know” answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces.
-
Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal RaymondAbstract:International audienceThe boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a ldquoyes/nordquo answer (actually, a ldquoyes/donrsquot knowrdquo answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces
Ernesto Pimentel - One of the best experts on this subject based on the ideXlab platform.
-
A generalized semantics of PROMELA for Abstract Model checking
Formal Aspects of Computing, 2004Co-Authors: María Del Mar Gallardo, Pedro Merino, Ernesto PimentelAbstract:Semantics of description languages for complex systems are a central issue for implementing verification methods such as Abstract Model checking. This technique is employed to verify systems by inspecting only a small state space that represents its potential behaviors. This paper presents a generalized operational semantics of the Modelling language promela that provides the theoretical basis to introduce this promising method in the Model checker SPIN. The generalization consists of identifying language aspects affected by the Abstraction. Using these aspects as parameters, it is possible to obtain and relate different interpretations of the language. The new semantics provides a framework to reason about how to construct the tool αspin as an extension of spin.
-
źSPIN: A tool for Abstract Model checking
International Journal on Software Tools for Technology Transfer, 2004Co-Authors: María Del Mar Gallardo, Pedro Merino, Jesús Martínez, Ernesto PimentelAbstract:Abstraction methods have become one of the most interesting topics in the automatic verification of software systems because they can reduce the state space to be explored and allow Model checking of more complex systems. Nevertheless, there is a lack of tools actually supporting this technique. One direction for Abstracting a system is to transform its formal description (its Model) into a simpler version specified in the same language, thus skipping the construction of a specific (Model checking) tool for the Abstract Model. The Abstraction of the Model should be followed by the Abstraction of the temporal formulas to be checked. This paper presents źspin, a tool for the integration of Abstraction (for Models and formulas) into the well-known Model checker spin. We present the theoretical results supporting the implementation together with a case study.
-
SAS - Refinement of LTL Formulas for Abstract Model Checking
Static Analysis, 2002Co-Authors: María-del-mar Gallardo, Pedro Merino, Ernesto PimentelAbstract:A crucial problem in Abstract Model checking is to find a tradeoff between constructing the "best" (the smallest) Abstract Model, approximating a given Model, and preserving as much interesting properties over the original Model as possible. In this paper, we present a method for dealing with this problem based on the definition of a new Abstract satisfiability relation. This new relation allows us to analyze temporal properties with different degrees of precision, by means of a refinement process. The method subsumes the classic way of Abstracting properties and the dual proposal of the authors. As a consequence, maintaining the same Abstract Model, we directly obtain the preservation of universal properties (as in the classic method) and the refutation of existential properties (as in the dual method). We also show the utility of this method by proving that the very important notions of completeness and precision in Abstract Model checking may be analyzed by using the new relation. In particular, we exploit the power of Model checking to simultaneously refine both the Model and the properties.
-
ACSD - Abstract Model checking and refinement of temporal logic in /spl alpha/SPIN
Third International Conference on Application of Concurrency to System Design 2003. Proceedings., 1Co-Authors: M. Del Mar Gallardo, Pedro Merino, Joaquín Martínez, Ernesto PimentelAbstract:We give an overview of the features offered by the tool /spl alpha/SPIN in order to perform Abstract Model checking of LTL formulas. Shortly, these features are: construction of over-approximated PROMELA Models, checking satisfaction of universal formulas, checking refutation of existential formulas, and on-the-fly refinement of the Model by means of a refinement of the temporal formula to be verified.
Gordon Pace - One of the best experts on this subject based on the ideXlab platform.
-
Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal RaymondAbstract:The boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a “yes/no” answer (actually, a “yes/don’t know” answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces.
-
Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal RaymondAbstract:International audienceThe boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a ldquoyes/nordquo answer (actually, a ldquoyes/donrsquot knowrdquo answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces
Roberto Giacobazzi - One of the best experts on this subject based on the ideXlab platform.
-
Code obfuscation against Abstraction refinement attacks
Formal Aspects of Computing, 2018Co-Authors: Roberto Bruni, Roberto Giacobazzi, Roberta GoriAbstract:Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of Model deformation inducing an effective code obfuscation against attacks performed by Abstract Model checking. This means complicating the Model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack.We transform the program Model in order to make the removal of spurious counterexamples by Abstraction refinement maximally inefficient. Because our approach is intended to defeat the fundamental Abstraction refinement strategy, we are independent from the specific attack carried out by Abstract Model checking. A measure of the quality of the obfuscation obtained by Model deformation is given together with a corresponding best obfuscation strategy for Abstract Model checking based on partition refinement.
-
code obfuscation against Abstract Model checking attacks
Verification Model Checking and Abstract Interpretation, 2018Co-Authors: Roberto Bruni, Roberto Giacobazzi, Roberta GoriAbstract:Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of Model deformation inducing an effective code obfuscation against attacks performed by Abstract Model checking. This means complicating the Model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack. We transform the program Model in order to make the removal of spurious counterexamples by Abstraction refinement maximally inefficient. A measure of the quality of the obfuscation obtained by Model deformation is given together with a corresponding best obfuscation strategy for Abstract Model checking based on partition refinement.
-
VMCAI - Code Obfuscation Against Abstract Model Checking Attacks
Lecture Notes in Computer Science, 2017Co-Authors: Roberto Bruni, Roberto Giacobazzi, Roberta GoriAbstract:Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of Model deformation inducing an effective code obfuscation against attacks performed by Abstract Model checking. This means complicating the Model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack. We transform the program Model in order to make the removal of spurious counterexamples by Abstraction refinement maximally inefficient. A measure of the quality of the obfuscation obtained by Model deformation is given together with a corresponding best obfuscation strategy for Abstract Model checking based on partition refinement.
-
Refining and Compressing Abstract Model Checking
Electronic Notes in Theoretical Computer Science, 2001Co-Authors: Agostino Dovier, Roberto Giacobazzi, Elisa QuintarelliAbstract:Abstract For verifying systems involving a wide number or even an infinite number of states, standard Model checking needs approximating techniques to be tractable. Abstract interpretation offers an appropriate framework to approximate Models of reactive systems in order to obtain simpler Models, where properties of interest can be effectively checked. In this work we study the impact of domain refinements in Abstract interpretation based Model checking. We consider the universal fragment of the branching time temporal logic CTL ∗ and we characterize the structure of temporal formulae that are verified in new Abstract Models obtained by refining an Abstract domain by means of reduced product and disjunctive completion, or by simplifying the domain by their inverse operations of complementation and least disjunctive bases.
-
APPIA-GULP-PRODE - Refining and Compressing Abstract Model Checking.
2001Co-Authors: Agostino Dovier, Roberto Giacobazzi, Elisa QuintarelliAbstract:Abstract For verifying systems involving a wide number or even an infinite number of states, standard Model checking needs approximating techniques to be tractable. Abstract interpretation offers an appropriate framework to approximate Models of reactive systems in order to obtain simpler Models, where properties of interest can be effectively checked. In this work we study the impact of domain refinements in Abstract interpretation based Model checking. We consider the universal fragment of the branching time temporal logic CTL ∗ and we characterize the structure of temporal formulae that are verified in new Abstract Models obtained by refining an Abstract domain by means of reduced product and disjunctive completion, or by simplifying the domain by their inverse operations of complementation and least disjunctive bases.
Francesco Tapparo - One of the best experts on this subject based on the ideXlab platform.
-
generalized strong preservation by Abstract interpretation
Journal of Logic and Computation, 2006Co-Authors: Francesco Ranzato, Francesco TapparoAbstract:Standard Abstract Model checking relies on Abstract Kripke structures which approximate concrete Models by gluing together indistinguishable states, namely by a partition of the concrete state space. Strong preservation for a specification language L amounts to the equivalence of concrete and Abstract Model checking of formulas in L . We show how Abstract interpretation can be used to design generic Abstract Models that allow to view standard Abstract Kripke structures as particular instances. Accordingly, strong preservation is generalized to Abstract interpretation-based Models and precisely related to the concept of completeness in Abstract interpretation. The problem of minimally refining an Abstract Model in order to make it strongly preserving for some language L can be formulated as a minimal domain refinement in Abstract interpretation in order to get completeness w.r.t. the logical/temporal operators of L . It turns out that this refined strongly preserving Abstract Model always exists and can be characterized as a greatest fixed point. As a consequence, some well-known behavioural equivalences, like bisimulation, simulation and stuttering, and their corresponding partition refinement algorithms can be elegantly characterized in Abstract interpretation as completeness properties and refinements.
-
strong preservation of temporal fixpoint based operators by Abstract interpretation
Verification Model Checking and Abstract Interpretation, 2006Co-Authors: Francesco Ranzato, Francesco TapparoAbstract:Standard Abstract Model checking relies on Abstract Kripke structures which approximate the concrete Model by gluing together indistinguishable states. Strong preservation for a specification language $\mathcal{L}$ encodes the equivalence of concrete and Abstract Model checking of formulas in $\mathcal{L}$. Abstract interpretation allows to design Abstract Models which are more general than Abstract Kripke structures. In this paper we show how Abstract interpretation-based Models can be exploited in order to specify a general strongly preserving Abstract Model checking framework. This is shown in particular for specification languages including standard temporal operators which admit a characterization as least/greatest fixpoints, as e.g. standard “Finally”, “Globally”, “Until” and “Release” modalities.
-
generalized strong preservation by Abstract interpretation
arXiv: Logic in Computer Science, 2004Co-Authors: Francesco Ranzato, Francesco TapparoAbstract:Standard Abstract Model checking relies on Abstract Kripke structures which approximate concrete Models by gluing together indistinguishable states, namely by a partition of the concrete state space. Strong preservation for a specification language L encodes the equivalence of concrete and Abstract Model checking of formulas in L. We show how Abstract interpretation can be used to design Abstract Models that are more general than Abstract Kripke structures. Accordingly, strong preservation is generalized to Abstract interpretation-based Models and precisely related to the concept of completeness in Abstract interpretation. The problem of minimally refining an Abstract Model in order to make it strongly preserving for some language L can be formulated as a minimal domain refinement in Abstract interpretation in order to get completeness w.r.t. the logical/temporal operators of L. It turns out that this refined strongly preserving Abstract Model always exists and can be characterized as a greatest fixed point. As a consequence, some well-known behavioural equivalences, like bisimulation, simulation and stuttering, and their corresponding partition refinement algorithms can be elegantly characterized in Abstract interpretation as completeness properties and refinements.
-
SAS - Making Abstract Model Checking Strongly Preserving
Static Analysis, 2002Co-Authors: Francesco Ranzato, Francesco TapparoAbstract:Usually, Abstract Model checking is not strongly preserving: it mayw ell exist a temporal specification which is not valid on the Abstract Model but which is instead satisfied bythe concrete Model. Starting from the standard notion of bisimulation, we introduce a notion of completeness for Abstract Models: completeness together with a so-called partitioning propertyfor Abstract Models implies strong preservation for the past µ-calculus. Within a rigorous Abstract interpretation framework, we show that the least refinement of a given Abstract Model, for a suitable ordering on Abstract Models, which is complete and partitioning always exists, and it can be constructively characterized as a greatest fixpoint. This provides a systematic methodologyfor minimally refining an Abstract Model checking in order to get strong preservation.