Counter-example generation in symbolic abstract model-checking

  • Gordon Pace
  • Nicolas Halbwachs
  • Pascal Raymond
Special section on formal methods for industrial critical systems


The boundaries of model-checking have been extended through the use of abstraction. These techniques are conservative, in the following sense: when the verification succeeds, the verified property is guaranteed to hold; but when it fails, it may result either from the non satisfaction of the property, or from a too rough abstraction. In case of failure, it is, in general, undecidable whether an abstract trace corresponding to a counter-example has any concrete counterparts. For debugging purposes, one usually desires to go further than giving a “yes/no” answer (actually, a “yes/don’t know” answer!), and look for such concrete counter-examples. We propose a solution in which we apply standard test-pattern generation technology to search for concrete instances of abstract traces.


Model-checking Abstraction Concrete counterexample Test pattern generation 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Bensalem S, Caspi P, Dumas C, Parent-Vigouroux C (1999) A methodology for proving control programs with Lustre and PVS. In: Dependable Computing for Critical Applications, DCCA-7, San Jose. IEEE Computer Society, January Google Scholar
  2. 2.
    Burch JR, Clarke EM, McMillan KL, Dill DL, Hwang J (1990) Symbolic model checking: 1020 states and beyond. In: Fifth IEEE Symposium on Logic in Computer Science, Philadelphia Google Scholar
  3. 3.
    Ball T, Rajamani SK (2000) Checking temporal properties of software with boolean programs. In: Workshop on Advances in Verification (with CAV 2000) Google Scholar
  4. 4.
    Chauhan P, Clarke EM, Kukula J, Sapra S, Veith H, Wang D (2002) Automated abstraction refinement for model checking large state spaces using SAT based conflict analysis. In: Formal Methods in Computer Aided Design (FMCAD), November Google Scholar
  5. 5.
    Clarke E, Grumberg O, Jha S, Lu Y, Veith H (2003) Counterexample-guided abstraction refinement. JACM, 50(5), September. Preliminary version in CAV’2000, LNCS, vol 1855, Springer-Verlag Google Scholar
  6. 6.
    Clarke EM, Gupta A, Kukula J, Strichman O (2002) SAT based abstraction-refinement using ILP and machine learning techniques. In: CAV’02, July Google Scholar
  7. 7.
    Clarke EM, Grumberg O, Long DE (1994) Model checking and abstraction. ACM TOPLAS 16(5) Google Scholar
  8. 8.
    Coudert O, Madre JC, Berthet C (1990) Verifying temporal properties of sequential machines without building their state diagrams. In: Kurshan R (ed) International Workshop on Computer Aided Verification, Rutgers (NJ), June Google Scholar
  9. 9.
    Graf S, Loiseaux C (1993) A tool for symbolic program verification and abstraction. In: Fifth Conference on Computer-Aided Verification, CAV’93, Elounda (Greece), July. LNCS, vol 697, Springer Verlag Google Scholar
  10. 10.
    Halbwachs N, Caspi P, Raymond P, Pilaud D (1991) The synchronous dataflow programming language Lustre . Proceedings of the IEEE 79(9):1305–1320, September CrossRefGoogle Scholar
  11. 11.
    Halbwachs N, Lagnier F, Ratel C (1992) Programming and verifying real-time systems by means of the synchronous data-flow programming language Lustre . IEEE Transactions on Software Engineering, Special Issue on the Specification and Analysis of Real-Time Systems, September Google Scholar
  12. 12.
    Halbwachs N, Raymond P (1999) Validation of synchronous reactive systems: from formal verification to automatic testing. In: ASIAN’99, Asian Computing Science Conference, Phuket (Thailand), December Google Scholar
  13. 13.
    Jahier E, Jeannet B, Gaucher F, Maraninchi F (2003) Automatic state reaching for debugging reactive programs. In: AADEBUG’2003 – Fifth International Workshop on Automated Debugging, Ghent, September Google Scholar
  14. 14.
    Lakhnech Y, Bensalem S, Berezin S, Owre S (2001) Incremental verification by abstraction. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS. Springer-Verlag Google Scholar
  15. 15.
    Păsăreanu CS, Dwyer MB, Visser W (2001) Finding feasible counter-examples when model checking Java programs. In: Tools and Algorithms for the Construction and Analysis of Systems (TACAS), LNCS, vol 2031. Springer-Verlag Google Scholar
  16. 16.
    Pace G, Halbwachs N, Raymond P (2001) Counter-example generation in symbolic abstract model-checking. In: 6th International Workshop on Formal Methods for Industrial Critical Systems, FMICS’2001, Paris, July. Inria Google Scholar
  17. 17.
    Raymond P, Weber D, Nicollin X, Halbwachs N (1998) Automatic testing of reactive systems. In: 19th IEEE Real-Time Systems Symposium, Madrid, Spain, December Google Scholar
  18. 18.
    Saraswat VA (1990) The paradigm of concurrent constraint programming. In: Warren P, Szerdei DHD (eds) Proceedings of the 7th International Conference on Logic Programming (ICLP ’90), pp 777–778, Jerusalem, June. MIT PressGoogle Scholar

Copyright information

© Springer-Verlag 2004

Authors and Affiliations

  • Gordon Pace
    • 1
  • Nicolas Halbwachs
    • 1
  • Pascal Raymond
    • 1
  1. 1.VérimagGrenobleFrance

Personalised recommendations