Counterexample-Driven Model Checking
نویسنده
چکیده
The generation of counterexamples is frequently touted as one of the primary advantages of model checking as a verification technique. However, the generation of trace-like counterexamples is limited to a small fragment of branching-time temporal logic. When model checking does succeed in verifying a property, there is typically no independently checkable witness that can be used as evidence for the verified property. We present a definition of witnesses, and, dually, counterexamples, for computation-tree logic (CTL), and describe a model checking algorithm that is based on the generation of evidence. Our model checking algorithm is local in the sense that it explores only the reachable states. It partitions the given initial set of states into those that do, and those that do not satisfy the given property, with a corresponding witness and counterexample that is independently verifiable. We have built a model checker based on these ideas that works quite efficiently despite the overhead of generating evidence.
منابع مشابه
Towards a Model for Automated Fault Localization in VHDL Designs: Exploring Counterexample-Traces Using a Model-Based Diagnosis Approach
In this paper we discuss the exploration of a model checker’s counterexample trace using model-based debugging techniques. We show that a diagnosis model obtained from a single counterexample run in an event-driven simulation is not appropriate for localizing a failures real cause in general. Notably, modeling VHDL’s event and process semantics as originally defined hampers the integration of t...
متن کاملFormalizing Counterexample-driven Refinement with Weakest Preconditions
To check a safety property of a program, it is sufficient to check the property on an abstraction that has more behaviors than the original program. If the safety property holds of the abstraction then it also holds of the original program. However, if the property does not hold of the abstraction along some trace t (a counterexample), it may or may not hold of the original program on trace t. ...
متن کاملCedar: Counter-Example Driven Abstraction Refinement A Pattern Supporting Formal Verification of Large Systems
ion An abstraction denotes a model that has a reduced complexity (e.g., a smaller state space) compared to the original model, but preserves the properties of interest. Model Checking An exhaustive exploration of the state space of a model with the intention to refute a property. If a violation of the given property is detected, the model checker provides a counterexample (i.e., an explanation ...
متن کاملMultiple-Counterexample Guided Iterative Abstraction Refinement: An Industrial Evaluation
In this paper, we describe a completely automated framework for iterative abstraction refinement that is fully integrated into a formal-verification environment. This environment consists of three basic software tools: Forecast, a BDD-based model checker, Thunder, a SAT-based bounded model checker, and MCE, a technology for multiple-counterexample analysis. In our framework, the initial abstrac...
متن کاملGenerating Diagnoses for Probabilistic Model Checking Using Causality
One of the major advantages of model checking over other formal methods of verification is its ability to generate an error trace when the specification is falsified in the model. We call this trace a counterexample. In probabilistic model checking (PMC), counterexample generation has a quantitative aspect. The counterexample is a set of paths in which a path formula holds, and their accumulate...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003