Abstraction and Refinement in Model Checking

  • Orna Grumberg
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4111)


In this paper we survey abstraction and refinement in model checking. We restrict the discussion to existential abstraction which over-approximates the behaviors of the concrete model. The logics preserved under this abstraction are the universal fragments of branching-time temporal logics as well as linear-time temporal logics. For simplicity of presentation, we also restrict the discussion to abstraction functions, rather then abstraction relations. Thus, every concrete state is represented by exactly one abstract state. An abstract state then represents a set of concrete states, which is disjoint from the sets represented by other abstract states.


Model Check Abstract State Abstract Model Atomic Proposition Concrete Model 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ball, T., Rajamani, S.: Checking temporal properties of software with boolean programs. In: Proceedings of the Workshop on Advances in Verification (WAVE) (July 2000)Google Scholar
  2. 2.
    Beer, I., Ben-David, S., Eisner, C., Landver, A.: RuleBase: an industry-oriented formal verification tool. In: Proceedings of the 33rd Design Automation Conference (DAC 1996), pp. 655–660. IEEE Computer Society Press, Los Alamitos (1996)CrossRefGoogle Scholar
  3. 3.
    Beyer, D., Henzinger, T.A., Jhala, R., Majumdar, R.: Checking memory safety with blast. In: Cerioli, M. (ed.) FASE 2005. LNCS, vol. 3442, pp. 2–18. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Biere, A., Cimatti, A., Clarke, E.M., Fujita, M., Zhu, Y.: Symbolic model checking using SAT procedures instead of BDDs. In: Proceedings of the 36rd Design Automation Conference (DAC 1999). IEEE Computer Society Press, Los Alamitos (1999)Google Scholar
  5. 5.
    Biere, A., Cimatti, A., Clarke, E.M., Zhu, Y.: Symbolic model checking without bdds. In: Cleaveland, W.R. (ed.) TACAS 1999. LNCS, vol. 1579, p. 193. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  6. 6.
    Browne, M.C., Clarke, E.M., Grumberg, O.: Characterizing finite kripke structures in propositional temporal logic. Theor. Comp. Science 59(1–2) (July 1988)Google Scholar
  7. 7.
    Bryant, R.E.: Graph-based algorithms for boolean function manipulation. IEEE Transaction on Computers 35(8), 677–691 (1986)MATHCrossRefGoogle Scholar
  8. 8.
    Burch, J.R., Clarke, E.M., McMillan, K.L.: Symbolic model checking: 1020 states and beyond. Information and Computation 98, 142–170 (1992)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Chaki, S., Clarke, E., Groce, A., Jha, S., Veith, H.: Modular verification of software components in C. In: International Conference on Software Engineering (ICSE), pp. 385–395 (2003)Google Scholar
  10. 10.
    Chauhan, P., Clarke, E.M., Kukula, J., Sapra, S., Veith, H., Wang, D.: Automated abstraction refinement for model checking large state spaces using SAT based conflict analysis. In: Aagaard, M.D., O’Leary, J.W. (eds.) FMCAD 2002. LNCS, vol. 2517. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  11. 11.
    Chauhan, P., Clarke, E.M., Kroening, D.: Using SAT based image computation for reachability analysis. Technical Report CMU-CS-03-151, Carnegie Mellon University, School of Computer Science (2003)Google Scholar
  12. 12.
    Cimatti, A., Clarke, E., Giunchiglia, F., Roveri, M.: NuSMV: a new symbolic model checker. Software Tools for Technology Transfer (1998)Google Scholar
  13. 13.
    Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Publishers, Cambridge (1999)Google Scholar
  14. 14.
    Clarke, E.M., Emerson, E.A.: Synthesis of synchronization skeletons for branching time temporal logic. In: Kozen, D. (ed.) Logic of Programs 1981. LNCS, vol. 131. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  15. 15.
    Clarke, E.M., Grumberg, O., Long, D.E.: Model checking and abstractio. In: Proceedings of the Nineteenth Annual ACM Symposium on Principles of Programming Languages. Association for Computing Machinery (January 1992)Google Scholar
  16. 16.
    Clarke, E., Kroening, D.: Hardware verification using ANSI-C programs as a reference. In: Proceedings of ASP-DAC 2003, pp. 308–311. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  17. 17.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. J. ACM 50(5), 752–794 (2003)MathSciNetGoogle Scholar
  18. 18.
    Clarke, E.M., Gupta, A., Kukula, J., Strichman, O.: SAT based abstraction-refinement using ILP and machine leraning techniques. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 137–150. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  19. 19.
    Clarke, E.M., Jha, S., Lu, Y., Veith, H.: Tree-like counterexamples in model checking. In: Seventeenth Annual IEEE Symposium on Logic In Computer Science (LICS), Copenhagen, Denmark (July 2002)Google Scholar
  20. 20.
    Copty, F., Fix, L., Fraer, R., Giunchiglia, E., Kamhi, G., Tacchella, A., Vardi, M.Y.: Benefits of bounded model checking at an industrial setting. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, p. 436. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Pasareanu, C.S.: Bandera: extracting finite-state models from java source code. In: International Conference on Software Engineering, pp. 439–448 (2000)Google Scholar
  22. 22.
    Dams, D., Gerth, R., Grumberg, O.: Abstract interpretation of reactive systems. ACM Transactions on Programming Languages and System (TOPLAS) 19(2) (1997)Google Scholar
  23. 23.
    Dams, D., Namjoshi, K.S.: The existence of finite abstractions for branching time model checking. In: Logic in Computer Science (LICS), pp. 335–344 (2004)Google Scholar
  24. 24.
    Eisner, C., Fisman, D., Havlicek, J., Lustig, Y., McIsaac, A., Van Campenhout, D.: Reasoning with temporal logic on truncated paths. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 27–39. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Emerson, E.A., Halpern, J.Y.: “Sometimes” and “Not Never” revisited: On branching time versus linear time. J. ACM 33(1), 151–178 (1986)MATHMathSciNetGoogle Scholar
  26. 26.
    Fraer, R., Kamhi, G., Barukh, Z., Vardi, M.Y., Fix, L.: Prioritized traversal: Efficient reachability analysis for verification and falsification. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  27. 27.
    Goldberg, E., Novikov, Y.: Berkmin: A fast and robust SAT-solver. In: DATE (2002)Google Scholar
  28. 28.
    Graf, S., Saidi, H.: Construction of abstract state graphs with PVS. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 72–83. Springer, Heidelberg (1997)Google Scholar
  29. 29.
    Grumberg, O., Long, D.E.: Model checking and modular verification. ACM Trans. on Programming Languages and Systems 16(3), 843–871 (1994)CrossRefGoogle Scholar
  30. 30.
    Grumberg, O., Schuster, A., Yadgar, A.: Reachability using a memory-efficient all-solutions sat solver. In: Hu, A.J., Martin, A.K. (eds.) FMCAD 2004. LNCS, vol. 3312. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  31. 31.
    Har’El, Z., Kurshan, R.P.: Software for analytical development of communications protocols. AT&T Technical Journal 69(1), 45–59 (1990)Google Scholar
  32. 32.
    Havelund, K., Pressburger, T.: Model checking JAVA programs using JAVA PathFinder. International Journal on Software Tools for Technology Transfer 2(4), 366–381 (2000)MATHCrossRefGoogle Scholar
  33. 33.
    Holzmann, G.: Design and Validation of Computer Protocols. Prentice-Hall, Englewood Cliffs (1991)Google Scholar
  34. 34.
    Holzmann, G.: Logic verification of ansi-c code with SPIN. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 131–147. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  35. 35.
    Kozen, D.: Results on the propositional μ-calculus. TCS 27 (1983)Google Scholar
  36. 36.
    Kurshan, R.P.: Computer-Aided Verification of coordinating processes - the automata theoretic approach. Princeton University Press, Princeton (1994)Google Scholar
  37. 37.
    Loiseaux, C., Graf, S., Sifakis, J., Bouajjani, A., Bensalem, S.: Property preserving abstractions for the verification of concurrent systems. Formal Methods in System Design 6, 11–45 (1995)MATHCrossRefGoogle Scholar
  38. 38.
    Long, D.E.: Model Checking, Abstraction, and Compositional Reasoning. PhD thesis, Carnegie Mellon University (1993)Google Scholar
  39. 39.
    Marques-Silva, J.P., Sakallah, K.A.: GRASP: A search algorithm for propositional satisfiability. IEEE Transactions on Computers 48(5), 506–521 (1999)CrossRefMathSciNetGoogle Scholar
  40. 40.
    McMillan, K.: Applications of craig interpolation to model checking. In: Halbwachs, N., Zuck, L.D. (eds.) TACAS 2005. LNCS, vol. 3440, pp. 1–12. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  41. 41.
    McMillan, K.L.: Symbolic Model Checking: An Approach to the State Explosion Problem. PhD thesis, Carnegie Mellon University (1992)Google Scholar
  42. 42.
    McMillan, K.L.: Symbolic Model Checking. Kluwer Academic Publishers, Dordrecht (1993)MATHGoogle Scholar
  43. 43.
    McMillan, K.L.: Interpolation and SAT-based model checking. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 1–13. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  44. 44.
    McMillan, K.L.: Applying SAT methods in unbounded symbolic model checking. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, p. 250. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  45. 45.
    Milner, R.: An algebraic definition of simulation between programs. In: Proc. 2nd Int. Joint Conf. on Artificial Intelligence, pp. 481–489. BCS (1971)Google Scholar
  46. 46.
    Milner, R.: An algebraic definition of simulation between programs. In: Proceedings of the Second Internation Joint Conference on Artificial Intelligence, pp. 481–489 (September 1971)Google Scholar
  47. 47.
    Moskewicz, M.W., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: engineering an efficient SAT solver. In: 39th Design Aotomation Conference (DAC 2001) (2001)Google Scholar
  48. 48.
    Park, D.: Concurrency and automata on infinite sequences. In: Deussen, P. (ed.) GI-TCS 1981. LNCS, vol. 104, pp. 167–183. Springer, Heidelberg (1981)CrossRefGoogle Scholar
  49. 49.
    Pnueli, A.: The Temporal Semantics of Concurrent Programs. Theoretical Computer Science 13, 45–60 (1981)MATHCrossRefMathSciNetGoogle Scholar
  50. 50.
    Saidi, H., Shankar, N.: Abstract and model check while you prove. In: Halbwachs, N., Peled, D.A. (eds.) CAV 1999. LNCS, vol. 1633, pp. 443–454. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  51. 51.
    Sheeran, M., Singh, S., Staalmarck, G.: Checking safety properties using induction and a sat-solver. In: Johnson, S.D., Hunt Jr., W.A. (eds.) FMCAD 2000. LNCS, vol. 1954, pp. 108–125. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  52. 52.
    Sheeran, M., Staalmarck, G.: A tutorial on stalmarck’s proof procedure for propositional logic. Formal Methods in System Design 16(1) (January 2000)Google Scholar
  53. 53.
    Shoham, S., Grumberg, O.: A game-based framework for CTL counterexamples and 3-valued abstraction-refinemnet. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 275–287. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Orna Grumberg
    • 1
  1. 1.Computer Science DepartmentTechnionHaifaIsrael

Personalised recommendations