An Abstraction-Refinement Framework for Trigger Querying

  • Guy Avni
  • Orna Kupferman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6887)


Trigger querying is the problem of finding, given a system M and an LTL formula ϕ, the set of scenarios that trigger ϕ in M; that is, the language L of finite computations of M such that all infinite computations that have a prefix in L continue with a suffix that satisfies ϕ. For example, the trigger query M ⊧ ? ↦Ferr asks for the set of scenarios after which err aught to eventually happen. Trigger querying thus significantly extends query checking, which seeks propositional solutions, and is an extremely useful methodology for system exploration and understanding. The weakness of trigger querying lies in the fact that the size of the solution is linear in the size of the system. For trigger querying to become feasible in practice, we must offer solutions to cope with systems of big, and possibly infinite, state spaces.

In this paper we describe an abstraction-refinement framework for trigger querying. The general idea is to replace the reasoning about M by reasoning about an abstraction M A of M, and return to the user two languages, L l and L u , that under- and over-approximate L, respectively. We consider predicate abstraction, and the languages L l and L u are defined with respect to the set of predicates. The challenge in defining the approximating languages is that trigger querying does not have a clear polarity, and the definition of L l and L u has to combine the upper- and over-approximations of M. We describe an automata-theoretic approach for refining and reducing L u  ∖ L l . While refinement for model checking is lengthwise, in the sense that it is based on counterexamples, here we suggest both lengthwise and widthwise refinement, where the latter is based on cuts in an automaton for L u  ∖ L l and thus can symbolically handle batches of counterexamples. We show that our framework is robust and can be applied also for classical query checking as well as variants and extensions of trigger querying.


Model Check Abstract State Regular Expression Atomic Proposition Kripke Structure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Armoni, R., Fix, L., Flaisher, A., Gerth, R., Ginsburg, B., Kanza, T., Landver, A., Mador-Haim, S., Singerman, E., Tiemeyer, A., Vardi, M.Y., Zbar, Y.: The forSpec temporal logic: A new temporal property-specification logic. In: Katoen, J.-P., Stevens, P. (eds.) TACAS 2002. LNCS, vol. 2280, pp. 196–211. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Ball, T., Bounimova, E., Cook, B., Levin, V., Lichtenberg, J., McGarvey, C., Ondrusek, B., Rajamani, S.K., Ustuner, A.: Thorough static analysis of device drivers. In: EuroSys (2006)Google Scholar
  3. 3.
    Ball, T., Kupferman, O., Yorsh, G.: Abstraction for falsification. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 67–81. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Beer, I., Ben-David, S., Eisner, C., Fisman, D., Gringauze, A., Rodeh, Y.: The temporal logic sugar. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 363–367. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Bruns, G., Godefroid, P.: Temporal logic query checking. In: Proc. 16th LICS, pp. 409–420. IEEE Computer Society, Los Alamitos (2001)Google Scholar
  6. 6.
    Chan, W.: Temporal-logic queries. In: Emerson, E.A., Sistla, A.P. (eds.) CAV 2000. LNCS, vol. 1855, pp. 450–463. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Chatterjee, K., Doyen, L., Henzinger, T.: Quantitative languages. In: Kaminski, M., Martini, S. (eds.) CSL 2008. LNCS, vol. 5213, pp. 385–400. Springer, Heidelberg (2008)Google Scholar
  8. 8.
    Chechik, M., Gheorghiu, M., Gurfinkel, A.: Finding state solutions to temporal logic queries. In: Davies, J., Gibbons, J. (eds.) IFM 2007. LNCS, vol. 4591, pp. 273–292. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  9. 9.
    Chechik, M., Gurfinkel, A.: TLQSolver: A temporal logic query checker. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 210–214. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Chockler, H., Gurfinkel, A., Strichman, O.: Variants of LTL query checking. In: Raz, O. (ed.) HVC 2010. LNCS, vol. 6504, pp. 76–92. Springer, Heidelberg (2010)Google Scholar
  11. 11.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement for symbolic model checking. Journal of the ACM 50(5), 752–794 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Clarke, E.M., Gupta, A., Strichman, O.: Sat-based counterexample-guided abstraction refinement. IEEE Trans. on CAD of Integrated Circuits and Systems 23(7), 1113–1123 (2004)CrossRefGoogle Scholar
  13. 13.
    Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for the static analysis of programs by construction or approximation of fixpoints. In: Proc. 4th POPL, pp. 238–252. ACM, New York (1977)Google Scholar
  14. 14.
    de Alfaro, L., Roy, P.: Solving games via three-valued abstraction refinement. Inf. Comput. 208(6), 666–676 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Glusman, M., Kamhi, G., Mador-Haim, S., Fraer, R., Vardi, M.Y.: Multiple-counterexample guided iterative abstraction refinement: An industrial evaluation. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 176–191. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Godefroid, P., Jagadeesan, R.: Automatic abstraction using generalized model checking. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 137–150. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.: Compositional must program analysis: unleashing the power of alternation. In: Proc. 37th POPL, pp. 43–56 (2010)Google Scholar
  18. 18.
    Grumberg, O., Lange, M., Leucker, M., Shoham, S.: Don’t know in the μ-calculus. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 233–249. Springer, Heidelberg (2005)Google Scholar
  19. 19.
    Gurfinkel, A., Chechik, M., Devereux, B.: Temporal logic query checking: A tool for model exploration. IEEE Trans. Software Eng. 29(10), 898–914 (2003)CrossRefGoogle Scholar
  20. 20.
    Kühne, U., Große, D., Drechsler, R.: Property analysis and design understanding. In: DATE, pp. 1246–1249 (2009)Google Scholar
  21. 21.
    Kupferman, O., Lustig, Y.: What triggers a behavior? In: Proc. 7th Int. Conf. on Formal Methods in Computer-Aided Design, pp. 146–153. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  22. 22.
    Kurshan, R.P.: Computer Aided Verification of Coordinating Processes. Princeton Press, Princeton (1994)zbMATHGoogle Scholar
  23. 23.
    Larsen, K.G., Thomsen, G.B.: A modal process logic. In: Proc. 3rd LICS (1988)Google Scholar
  24. 24.
    Lo, D., Maoz, S.: Mining scenario-based triggers and effects. In: Proc. 23rd ASE, pp. 109–118 (2008)Google Scholar
  25. 25.
    Samer, M., Veith, H.: Validity of CTL queries revisited. In: Baaz, M., Makowsky, J.A. (eds.) CSL 2003. LNCS, vol. 2803, pp. 470–483. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Vijayaraghavan, S., Ramanathan, M.: A Practical Guide for SystemVerilog Assertions. Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Guy Avni
    • 1
  • Orna Kupferman
    • 1
  1. 1.School of Computer Science and EngineeringHebrew UniversityJerusalemIsrael

Personalised recommendations