Expressiveness and Completeness in Abstraction

We study two notions of expressiveness, which have appeared in abstraction theory for model checking, and find them incomparable in general. In particular, we show that according to the most widely used notion, the class of Kripke Modal Transition Systems is strictly less expressive than the class of Generalised Kripke Modal Transition Systems (a generalised variant of Kripke Modal Transition Systems equipped with hypertransitions). Furthermore, we investigate the ability of an abstraction framework to prove a formula with a finite abstract model, a property known as completeness. We address the issue of completeness from a general perspective: the way it depends on certain abstraction parameters, as well as its relationship with expressiveness.

💡 Research Summary

The paper undertakes a systematic study of two central notions that have shaped abstraction theory for model checking: expressiveness and completeness. It begins by distinguishing two widely used definitions of expressiveness. The first, often called structural expressiveness, asks whether every model of one abstraction framework can be simulated or homomorphically mapped into a model of another framework. The second, logical expressiveness, asks whether the two frameworks can capture exactly the same set of formulas of a given logic (e.g., the modal μ‑calculus, CTL, LTL). Although both definitions aim at measuring the “power” of an abstraction, the authors demonstrate that they are in general incomparable: there exist frameworks that dominate each other under one definition but not under the other.

With these definitions in place, the authors focus on two concrete abstraction formalisms: Kripke Modal Transition Systems (KMTS) and Generalised KMTS (GKMTS). KMTS extend ordinary Kripke structures with two kinds of transitions—must‑transitions and may‑transitions—thereby allowing a compact representation of nondeterministic or partially specified behavior. GKMTS further enrich this picture by introducing hyper‑transitions, which can simultaneously target a set of successor states. This additional construct enables the representation of complex, concurrent choices that cannot be expressed in ordinary KMTS.

Through a series of formal embeddings and counter‑examples, the paper proves that GKMTS strictly subsumes KMTS with respect to structural expressiveness: every KMTS can be translated into a GKMTS, but the converse fails because hyper‑transitions cannot be simulated by ordinary must/may transitions without loss of information. In the logical dimension, the authors show that for expressive logics such as the modal μ‑calculus, GKMTS also strictly dominates KMTS. However, for weaker logics like CTL* the two formalisms turn out to be logically equivalent, illustrating that the two notions of expressiveness do not coincide.

The second major contribution concerns completeness, defined as the ability of an abstraction framework to prove a given specification using only a finite abstract model. The authors argue that completeness is not an intrinsic property of a framework alone; it depends critically on abstraction parameters such as the granularity of state merging, the precision of the abstraction function, and the labeling of transitions. By varying these parameters, one can increase expressive power (allowing more concrete behaviors to be captured) at the cost of losing completeness (because the abstract model may become too coarse to support a finite proof). Conversely, tightening the abstraction can restore completeness while reducing expressiveness. This trade‑off is formalized through two completeness notions: structural completeness (every concrete model is exactly simulated by some abstract model) and logical completeness (the abstract model can derive every valid formula of the target logic).

The paper culminates in a set of design guidelines for practitioners. When the verification goal is a simple safety property, a KMTS with a modest abstraction granularity may provide sufficient completeness and be computationally cheaper. For more intricate specifications, especially those involving concurrent choices or hyper‑properties, GKMTS with carefully tuned hyper‑transition abstractions become necessary, even though they may sacrifice completeness for certain logics. By explicitly linking abstraction parameters to both expressiveness and completeness, the authors provide a unified framework that helps tool developers balance the competing demands of precision, tractability, and provability in model‑checking pipelines.