# Abstract Model - Explore the Science & Experts | ideXlab

## Abstract Model

The Experts below are selected from a list of 1350756 Experts worldwide ranked by ideXlab platform

### Pascal Raymond – One of the best experts on this subject based on the ideXlab platform.

• ##### Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004
Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal Raymond
Abstract:

The boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a “yes/no” answer (actually, a “yes/don’t know” answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces.

• ##### Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004
Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal Raymond
Abstract:

International audienceThe boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a ldquoyes/nordquo answer (actually, a ldquoyes/donrsquot knowrdquo answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces

### Ernesto Pimentel – One of the best experts on this subject based on the ideXlab platform.

• ##### A generalized semantics of PROMELA for Abstract Model checking
Formal Aspects of Computing, 2004
Co-Authors: María Del Mar Gallardo, Pedro Merino, Ernesto Pimentel
Abstract:

Semantics of description languages for complex systems are a central issue for implementing verification methods such as Abstract Model checking. This technique is employed to verify systems by inspecting only a small state space that represents its potential behaviors. This paper presents a generalized operational semantics of the Modelling language promela that provides the theoretical basis to introduce this promising method in the Model checker SPIN. The generalization consists of identifying language aspects affected by the Abstraction. Using these aspects as parameters, it is possible to obtain and relate different interpretations of the language. The new semantics provides a framework to reason about how to construct the tool αspin as an extension of spin.

• ##### źSPIN: A tool for Abstract Model checking
International Journal on Software Tools for Technology Transfer, 2004
Co-Authors: María Del Mar Gallardo, Pedro Merino, Jesús Martínez, Ernesto Pimentel
Abstract:

Abstraction methods have become one of the most interesting topics in the automatic verification of software systems because they can reduce the state space to be explored and allow Model checking of more complex systems. Nevertheless, there is a lack of tools actually supporting this technique. One direction for Abstracting a system is to transform its formal description (its Model) into a simpler version specified in the same language, thus skipping the construction of a specific (Model checking) tool for the Abstract Model. The Abstraction of the Model should be followed by the Abstraction of the temporal formulas to be checked. This paper presents źspin, a tool for the integration of Abstraction (for Models and formulas) into the well-known Model checker spin. We present the theoretical results supporting the implementation together with a case study.

• ##### SAS – Refinement of LTL Formulas for Abstract Model Checking
Static Analysis, 2002
Co-Authors: María-del-mar Gallardo, Pedro Merino, Ernesto Pimentel
Abstract:

A crucial problem in Abstract Model checking is to find a tradeoff between constructing the “best” (the smallest) Abstract Model, approximating a given Model, and preserving as much interesting properties over the original Model as possible. In this paper, we present a method for dealing with this problem based on the definition of a new Abstract satisfiability relation. This new relation allows us to analyze temporal properties with different degrees of precision, by means of a refinement process. The method subsumes the classic way of Abstracting properties and the dual proposal of the authors. As a consequence, maintaining the same Abstract Model, we directly obtain the preservation of universal properties (as in the classic method) and the refutation of existential properties (as in the dual method). We also show the utility of this method by proving that the very important notions of completeness and precision in Abstract Model checking may be analyzed by using the new relation. In particular, we exploit the power of Model checking to simultaneously refine both the Model and the properties.

### Gordon Pace – One of the best experts on this subject based on the ideXlab platform.

• ##### Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004
Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal Raymond
Abstract:

The boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a “yes/no” answer (actually, a “yes/don’t know” answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces.

• ##### Counter-example generation in symbolic Abstract Model-checking
International Journal on Software Tools for Technology Transfer, 2004
Co-Authors: Gordon Pace, Nicolas Halbwachs, Pascal Raymond
Abstract:

International audienceThe boundaries of Model-checking have been extended through the use of Abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough Abstraction. In case of failure, it is, in general, undecidable whether an Abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a ldquoyes/nordquo answer (actually, a ldquoyes/donrsquot knowrdquo answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of Abstract traces

### Roberto Giacobazzi – One of the best experts on this subject based on the ideXlab platform.

• ##### Code obfuscation against Abstraction refinement attacks
Formal Aspects of Computing, 2018
Co-Authors: Roberto Bruni, Roberto Giacobazzi, Roberta Gori
Abstract:

Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of Model deformation inducing an effective code obfuscation against attacks performed by Abstract Model checking. This means complicating the Model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack.We transform the program Model in order to make the removal of spurious counterexamples by Abstraction refinement maximally inefficient. Because our approach is intended to defeat the fundamental Abstraction refinement strategy, we are independent from the specific attack carried out by Abstract Model checking. A measure of the quality of the obfuscation obtained by Model deformation is given together with a corresponding best obfuscation strategy for Abstract Model checking based on partition refinement.

• ##### code obfuscation against Abstract Model checking attacks
Verification Model Checking and Abstract Interpretation, 2018
Co-Authors: Roberto Bruni, Roberto Giacobazzi, Roberta Gori
Abstract:

Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of Model deformation inducing an effective code obfuscation against attacks performed by Abstract Model checking. This means complicating the Model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack. We transform the program Model in order to make the removal of spurious counterexamples by Abstraction refinement maximally inefficient. A measure of the quality of the obfuscation obtained by Model deformation is given together with a corresponding best obfuscation strategy for Abstract Model checking based on partition refinement.

• ##### VMCAI – Code Obfuscation Against Abstract Model Checking Attacks
Lecture Notes in Computer Science, 2017
Co-Authors: Roberto Bruni, Roberto Giacobazzi, Roberta Gori
Abstract:

Code protection technologies require anti reverse engineering transformations to obfuscate programs in such a way that tools and methods for program analysis become ineffective. We introduce the concept of Model deformation inducing an effective code obfuscation against attacks performed by Abstract Model checking. This means complicating the Model in such a way a high number of spurious traces are generated in any formal verification of the property to disclose about the system under attack. We transform the program Model in order to make the removal of spurious counterexamples by Abstraction refinement maximally inefficient. A measure of the quality of the obfuscation obtained by Model deformation is given together with a corresponding best obfuscation strategy for Abstract Model checking based on partition refinement.

### Francesco Tapparo – One of the best experts on this subject based on the ideXlab platform.

• ##### generalized strong preservation by Abstract interpretation
Journal of Logic and Computation, 2006
Co-Authors: Francesco Ranzato, Francesco Tapparo
Abstract:

Standard Abstract Model checking relies on Abstract Kripke structures which approximate concrete Models by gluing together indistinguishable states, namely by a partition of the concrete state space. Strong preservation for a specification language L amounts to the equivalence of concrete and Abstract Model checking of formulas in L . We show how Abstract interpretation can be used to design generic Abstract Models that allow to view standard Abstract Kripke structures as particular instances. Accordingly, strong preservation is generalized to Abstract interpretation-based Models and precisely related to the concept of completeness in Abstract interpretation. The problem of minimally refining an Abstract Model in order to make it strongly preserving for some language L can be formulated as a minimal domain refinement in Abstract interpretation in order to get completeness w.r.t. the logical/temporal operators of L . It turns out that this refined strongly preserving Abstract Model always exists and can be characterized as a greatest fixed point. As a consequence, some well-known behavioural equivalences, like bisimulation, simulation and stuttering, and their corresponding partition refinement algorithms can be elegantly characterized in Abstract interpretation as completeness properties and refinements.

• ##### strong preservation of temporal fixpoint based operators by Abstract interpretation
Verification Model Checking and Abstract Interpretation, 2006
Co-Authors: Francesco Ranzato, Francesco Tapparo
Abstract:

Standard Abstract Model checking relies on Abstract Kripke structures which approximate the concrete Model by gluing together indistinguishable states. Strong preservation for a specification language $\mathcal{L}$ encodes the equivalence of concrete and Abstract Model checking of formulas in $\mathcal{L}$. Abstract interpretation allows to design Abstract Models which are more general than Abstract Kripke structures. In this paper we show how Abstract interpretation-based Models can be exploited in order to specify a general strongly preserving Abstract Model checking framework. This is shown in particular for specification languages including standard temporal operators which admit a characterization as least/greatest fixpoints, as e.g. standard “Finally”, “Globally”, “Until” and “Release” modalities.

• ##### generalized strong preservation by Abstract interpretation
arXiv: Logic in Computer Science, 2004
Co-Authors: Francesco Ranzato, Francesco Tapparo
Abstract:

Standard Abstract Model checking relies on Abstract Kripke structures which approximate concrete Models by gluing together indistinguishable states, namely by a partition of the concrete state space. Strong preservation for a specification language L encodes the equivalence of concrete and Abstract Model checking of formulas in L. We show how Abstract interpretation can be used to design Abstract Models that are more general than Abstract Kripke structures. Accordingly, strong preservation is generalized to Abstract interpretation-based Models and precisely related to the concept of completeness in Abstract interpretation. The problem of minimally refining an Abstract Model in order to make it strongly preserving for some language L can be formulated as a minimal domain refinement in Abstract interpretation in order to get completeness w.r.t. the logical/temporal operators of L. It turns out that this refined strongly preserving Abstract Model always exists and can be characterized as a greatest fixed point. As a consequence, some well-known behavioural equivalences, like bisimulation, simulation and stuttering, and their corresponding partition refinement algorithms can be elegantly characterized in Abstract interpretation as completeness properties and refinements.