1 / 6

Construction of Abstract State Graphs with PVS

Construction of Abstract State Graphs with PVS. Susanne Graf and Hassen Saidi VERIMAG. Summary of the Paper. Method based on abstract interpretation a weaker abstract transition relation automatically construct an abstract state graph input: infinite state program

kobe
Télécharger la présentation

Construction of Abstract State Graphs with PVS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Construction of Abstract State Graphs with PVS Susanne Graf and Hassen Saidi VERIMAG

  2. Summary of the Paper • Method based on abstract interpretation • a weaker abstract transition relation • automatically construct an abstract state graph • input: infinite state program • Monomials: particular set of abstract states • defined w.r.t. a set of state predicates 1... k • Successor states: computed by using PVS • upper approximation of the successor states • Construct abstract state graph • verify invariants • LTL prop. by MC

  3. Summary of the Paper (2) • Abstract State Graph: • represents a relatively precise global control flow graph of the system • can be used to generate stronger structural invariants • assumes that control depends on data • Implemented the method in a tool: • interfaced with PVS, ALDÉBARAN • Verified bounded retransmission protocol: • protocol developed by Philips • used the tool to prove correctness almost automatically

  4. Parallel Systems: Syntax Basic intuition: parallel composition of processes by interleaving and synchronization by shared variables (unity) Process: process P is vars x1:T1, ..., xn:Tn→ global, what P uses init init_pred(x1, ..., xn) → implicit pc (control var) update □ g1(x) → ass1(x) - 1 □ gn(x) → assn(x) - n Parallel composition (P1 || P2): is a process P s.t. P_init = P1_init  P2_init P_vars = P1_vars  P2_vars P_upd = P1_upd  P2_upd Type - might be infinite (PVS type)

  5. Transition Graph for P Given is P (vars, init, update) Define the transition graph SP = (QP, RP, IP) QP = T1 x ... x Tn RP = U i where i(q) = IP = {q | init(q) = true} RP : QP→ P(QP) ≡ RP QP x QP  if gi(q) = false assi(q) otherwise P i=1

  6. Predicate Transformers Definition: R  Q x Q and   P(Q) {  } g → ass {  } strongest postcondition: post[R]() = q . R(q,q')  (q) weakest precondition: pre[R]() = q' . R(q,q')  (q') R(q, q1)  (q1)  ... R(q, qn)  (qn) property:  = post[R]()   = pre[R]() precondition postcondition set of guarded assignments  pre[i]() = gi(x)  [assi(x) / x] no quantifiers ass(q)

More Related