Calculational design of a regular model checker by abstract interpretation

Patrick Cousot

doi:10.1016/j.tcs.2021.01.037

Calculational design of a regular model checker by abstract interpretation

Patrick Cousot

Computer Science

Research output: Contribution to journal › Article › peer-review

Abstract

Security monitors have been used to check for safety program properties at runtime, that is for any given execution trace. Such security monitors check a safety temporal property specified by a finite automaton or, equivalently, a regular expression. Checking this safety temporal specification for all possible execution traces, that is the program semantics, is a static analysis problem, more precisely a model checking problem, since model checking specializes in temporal properties. We show that the model checker can be formally designed by calculus, by abstract interpretation of a formal trace semantics of the programming language. The result is a structural sound and complete model checker, which proceeds by induction on the program syntax (as opposed to the more classical approach using computation steps formalized by a transition system). By Rice theorem, further hypotheses or abstractions are needed to get a realistic model checking algorithm.

Original language	English (US)
Pages (from-to)	62-84
Number of pages	23
Journal	Theoretical Computer Science
Volume	869
DOIs	https://doi.org/10.1016/j.tcs.2021.01.037
State	Published - May 12 2021

Keywords

Abstract interpretation
Calculational design
Model checking

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1016/j.tcs.2021.01.037

Cite this

@article{35f06277cf4a4f8c85383ee573a74786,

title = "Calculational design of a regular model checker by abstract interpretation",

abstract = "Security monitors have been used to check for safety program properties at runtime, that is for any given execution trace. Such security monitors check a safety temporal property specified by a finite automaton or, equivalently, a regular expression. Checking this safety temporal specification for all possible execution traces, that is the program semantics, is a static analysis problem, more precisely a model checking problem, since model checking specializes in temporal properties. We show that the model checker can be formally designed by calculus, by abstract interpretation of a formal trace semantics of the programming language. The result is a structural sound and complete model checker, which proceeds by induction on the program syntax (as opposed to the more classical approach using computation steps formalized by a transition system). By Rice theorem, further hypotheses or abstractions are needed to get a realistic model checking algorithm.",

keywords = "Abstract interpretation, Calculational design, Model checking",

author = "Patrick Cousot",

note = "Publisher Copyright: {\textcopyright} 2021 Elsevier B.V.",

year = "2021",

month = may,

day = "12",

doi = "10.1016/j.tcs.2021.01.037",

language = "English (US)",

volume = "869",

pages = "62--84",

journal = "Theoretical Computer Science",

issn = "0304-3975",

publisher = "Elsevier B.V.",

}

TY - JOUR

T1 - Calculational design of a regular model checker by abstract interpretation

AU - Cousot, Patrick

PY - 2021/5/12

Y1 - 2021/5/12

N2 - Security monitors have been used to check for safety program properties at runtime, that is for any given execution trace. Such security monitors check a safety temporal property specified by a finite automaton or, equivalently, a regular expression. Checking this safety temporal specification for all possible execution traces, that is the program semantics, is a static analysis problem, more precisely a model checking problem, since model checking specializes in temporal properties. We show that the model checker can be formally designed by calculus, by abstract interpretation of a formal trace semantics of the programming language. The result is a structural sound and complete model checker, which proceeds by induction on the program syntax (as opposed to the more classical approach using computation steps formalized by a transition system). By Rice theorem, further hypotheses or abstractions are needed to get a realistic model checking algorithm.

AB - Security monitors have been used to check for safety program properties at runtime, that is for any given execution trace. Such security monitors check a safety temporal property specified by a finite automaton or, equivalently, a regular expression. Checking this safety temporal specification for all possible execution traces, that is the program semantics, is a static analysis problem, more precisely a model checking problem, since model checking specializes in temporal properties. We show that the model checker can be formally designed by calculus, by abstract interpretation of a formal trace semantics of the programming language. The result is a structural sound and complete model checker, which proceeds by induction on the program syntax (as opposed to the more classical approach using computation steps formalized by a transition system). By Rice theorem, further hypotheses or abstractions are needed to get a realistic model checking algorithm.

KW - Abstract interpretation

KW - Calculational design

KW - Model checking

UR - http://www.scopus.com/inward/record.url?scp=85101886290&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85101886290&partnerID=8YFLogxK

U2 - 10.1016/j.tcs.2021.01.037

DO - 10.1016/j.tcs.2021.01.037

M3 - Article

AN - SCOPUS:85101886290

SN - 0304-3975

VL - 869

SP - 62

EP - 84

JO - Theoretical Computer Science

JF - Theoretical Computer Science

ER -

Calculational design of a regular model checker by abstract interpretation

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this