1 / 6

Construction of Abstract State Graphs in PVS for Infinite State Programs

This paper presents a method for constructing abstract state graphs using the PVS theorem prover, leveraging abstract interpretation. It introduces a weaker abstract transition relation to automatically derive these graphs from infinite state programs. The notion of monomials is utilized to define abstract states concerning specific state predicates. The constructed abstract state graphs serve as global control flow representations and enable verification of invariants and temporal logic properties. Implemented as a tool, this approach demonstrated efficacy in verifying the correctness of a bounded retransmission protocol.

kobe
Télécharger la présentation

Construction of Abstract State Graphs in PVS for Infinite State Programs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Construction of Abstract State Graphs with PVS Susanne Graf and Hassen Saidi VERIMAG

  2. Summary of the Paper • Method based on abstract interpretation • a weaker abstract transition relation • automatically construct an abstract state graph • input: infinite state program • Monomials: particular set of abstract states • defined w.r.t. a set of state predicates 1... k • Successor states: computed by using PVS • upper approximation of the successor states • Construct abstract state graph • verify invariants • LTL prop. by MC

  3. Summary of the Paper (2) • Abstract State Graph: • represents a relatively precise global control flow graph of the system • can be used to generate stronger structural invariants • assumes that control depends on data • Implemented the method in a tool: • interfaced with PVS, ALDÉBARAN • Verified bounded retransmission protocol: • protocol developed by Philips • used the tool to prove correctness almost automatically

  4. Parallel Systems: Syntax Basic intuition: parallel composition of processes by interleaving and synchronization by shared variables (unity) Process: process P is vars x1:T1, ..., xn:Tn→ global, what P uses init init_pred(x1, ..., xn) → implicit pc (control var) update □ g1(x) → ass1(x) - 1 □ gn(x) → assn(x) - n Parallel composition (P1 || P2): is a process P s.t. P_init = P1_init  P2_init P_vars = P1_vars  P2_vars P_upd = P1_upd  P2_upd Type - might be infinite (PVS type)

  5. Transition Graph for P Given is P (vars, init, update) Define the transition graph SP = (QP, RP, IP) QP = T1 x ... x Tn RP = U i where i(q) = IP = {q | init(q) = true} RP : QP→ P(QP) ≡ RP QP x QP  if gi(q) = false assi(q) otherwise P i=1

  6. Predicate Transformers Definition: R  Q x Q and   P(Q) {  } g → ass {  } strongest postcondition: post[R]() = q . R(q,q')  (q) weakest precondition: pre[R]() = q' . R(q,q')  (q') R(q, q1)  (q1)  ... R(q, qn)  (qn) property:  = post[R]()   = pre[R]() precondition postcondition set of guarded assignments  pre[i]() = gi(x)  [assi(x) / x] no quantifiers ass(q)

More Related