Model generation for quantified formulas with application to test data generation

  • Christoph D. GladischEmail author
ICTSS 2010


We present a new model generation approach and technique for solving first-order logic (FOL) formulas with quantifiers in unbounded domains. Model generation is important, e.g., for test data generation based on test data constraints and for counterexample generation in formal verification. In such scenarios, quantified FOL formulas have to be solved stemming, e.g., from formal specifications. Satisfiability modulo theories (SMT) solvers are considered as the state-of-the-art techniques for generating models of FOL formulas. Handling of quantified formulas in the combination of theories is, however, sometimes a problem. Our approach addresses this problem and can solve formulas that were not solvable before using SMT solvers. We present the model generation algorithm and show how to convert a representation of a model into a test preamble for state initialization with test data. A prototype of this algorithm is implemented in the formal verification and test generation tool KeY.


Model generation Test data generation First-order logic SMT solver Formal methods 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Barrett, C., Tinelli, C.: CVC3. In: Damm, W., Hermanns, H. (eds.) Proceedings, Computer Aided Verification, 19th International Conference, CAV 2007, LNCS, vol. 4590, pp. 298–302. Springer, Berlin (2007)Google Scholar
  2. 2.
    Baumgartner P., Fuchs A., Tinelli C.: Implementing the model evolution calculus. Int. J. Artif. Intell. Tools 15(1), 21–52 (2006)CrossRefGoogle Scholar
  3. 3.
    Beckert, B., Hähnle, R., Schmitt, P.H. (eds): Verification of Object-Oriented Software: The KeY Approach, LNCS, vol. 4334. Springer, Berlin (2007)Google Scholar
  4. 4.
    Benhamou, F., Goualard, F.: Universally quantified interval constraints. In: Dechter, R. (eds.) Principles and Practice of Constraint Programming-CP 2000, 6th International Conference, Singapore, LNCS, vol. 1894, pp. 67–82. Springer, Berlin (2000)Google Scholar
  5. 5.
    Bradley, A.R., Manna, Z., Sipma, H.B.: What’s decidable about arrays? In: Emerson, E.A., Namjoshi, K.S. (eds.) Proceedings, Verification, Model Checking, and Abstract Interpretation, 7th International Conference, VMCAI 2006, Charleston, vol. 3855, pp. 427–442. Springer, Berlin (2006)Google Scholar
  6. 6.
    Csallner, C., Smaragdakis, Y.: Check ‘n’ Crash: combining static checking and testing. In: ICSE, pp. 422–431. ACM, New York (2005)Google Scholar
  7. 7.
    de Moura, L.M., Bjørner, N.: Engineering DPLL(T) + saturation. In: IJCAR, LNCS, vol. 5195, pp. 475–490. Springer, Berlin (2008)Google Scholar
  8. 8.
    de Moura, L.M., Bjørner, N.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) Tools and Algorithms for the Construction and Analysis of Systems, 14th International Conference, TACAS 2008, LNCS, vol. 4963, pp. 337–340. Springer, Berlin (2008)Google Scholar
  9. 9.
    Déharbe D., Ranise S.: Satisfiability solving for software verification. STTT 11(3), 255–260 (2009)CrossRefGoogle Scholar
  10. 10.
    Deng, X., Robby, Hatcliff, J.: Kiasan/KUnit: Automatic test case generation and analysis feedback for open object-oriented systems. In: TAICPART-MUTATION ’07: Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques—MUTATION, pp. 3–12. IEEE Computer Society, Washington, DC (2007)Google Scholar
  11. 11.
    Detlefs D., Nelson G., Saxe J.B.: Simplify: a theorem prover for program checking. J. ACM 52(3), 365–473 (2005)MathSciNetCrossRefGoogle Scholar
  12. 12.
    du Bousquet, L., Ledru, Y., Maury, O., Oriat, C., Lanet, J.-L.: Case study in jml-based software validation. In: ASE, pp. 294–297. IEEE CS (2004)Google Scholar
  13. 13.
    Dutertre, B., de Moura, L.: The Yices SMT solver. Technical report, Computer Science Laboratory, SRI International, 2006. (2010)
  14. 14.
    Dutertre, B., de Moura, L.M.: A fast linear-arithmetic solver for DPLL(T). In: Ball, T., Jones, R.B. (eds.) Proceedings, Computer Aided Verification, 18th International Conference, CAV 2006, Seattle, LNCS, vol. 4144, pp. 81–94. Springer, Berlin (2006)Google Scholar
  15. 15.
    Engel, C.: Verification based test case generation. Master’s thesis, University of Karlsruhe, Institut für Theoretische Informatik (2006)Google Scholar
  16. 16.
    Engel, C., Gladisch, C., Klebanov, V., Rümmer, P.: Integrating verification and testing of object-oriented software. In: Beckert, B., Hähnle, R. (eds.) Proceedings, Tests and Proofs, Second International Conference, TAP 2008, Prato, LNCS, vol. 4966, pp. 182–191. Springer, Berlin (2008)Google Scholar
  17. 17.
    Ge Y., Barrett C.W., Tinelli C.: Solving quantified verification conditions using satisfiability modulo theories. Ann. Math. Artif. Intell. 55(1–2), 101–122 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  18. 18.
    Ge, Y., de Moura, L.M.: Complete instantiation for quantified formulas in satisfiability modulo theories. In: Bouajjani, A., Maler, O. (eds.) Proceedings, Computer Aided Verification, 21st International Conference, CAV 2009, Grenoble, LNCS, vol. 5643, pp. 306–320. Springer, Berlin (2009)Google Scholar
  19. 19.
    Gent, I.P., Nightingale, P., Stergiou, K.: QCSP-Solve: a solver for quantified constraint satisfaction problems. In: Kaelbling, L.P., Saffiotti, A. (eds.) Proceedings of the Nineteenth International Joint Conference on Artificial Intelligence, Edinburgh (IJCAI 2005), pp. 138–143. Professional Book Center (2005)Google Scholar
  20. 20.
    Ghilardi S.: Quantifier elimination and provers integration. Electr. Notes Theor. Comput. Sci. 86(1), 22–34 (2003)CrossRefGoogle Scholar
  21. 21.
    Giese, M.: Incremental closure of free variable tableaux. In: Goré, R., Leitsch, A., Nipkow, T. (eds.) Proceedings, Automated Reasoning, First International Joint Conference, IJCAR 2001, Siena, LNCS, vol. 2083, pp. 545–560. Springer, Berlin (2001)Google Scholar
  22. 22.
    Gladisch, C.: Verification-based test case generation for full feasible branch coverage. In: Cerone, A., Gruner, S. (eds.) Proceedings, Sixth IEEE International Conference on Software Engineering and Formal Methods, SEFM 2008, Cape Town, pp. 159–168. IEEE Computer Society (2008)Google Scholar
  23. 23.
    Gladisch, C.: Could we have chosen a better loop invariant or method contract? In: Dubois, C. (eds.) Proceedings, Tests and Proofs, Third International Conference, TAP 2009, Zurich, LNCS, vol. 5668, pp. 74–89. Springer, Berlin (2009)Google Scholar
  24. 24.
    Gladisch, C.: Satisfiability solving and model generation for quantified first-order logic formulas. In: Beckert, B., Marché, C. (eds.) Conf. Post. Proc., Formal Verification of Object-Oriented Software International Conference, FoVeOOS 2010, Paris, LNCS, vol. 6528. Springer, Berlin (2010)Google Scholar
  25. 25.
    Gladisch, C.: Test data generation for programs with quantified first-order logic specifications. In: Petrenko, A., da Silva Simão A., Maldonado, J.C. (eds.) Proceedings, Testing Software and Systems—22nd IFIP WG 6.1 International Conference, ICTSS 2010, Natal, LNCS, vol. 6435, pp. 158–173. Springer, Berlin (2010)Google Scholar
  26. 26.
    Gladisch, C.: Verification-Based Software-Fault Detection. PhD thesis, Karlsruhe Institute of Technology (KIT), Karlsruhe (2011)Google Scholar
  27. 27.
    Harel D., Kozen D., Tiuryn J.: Dynamic Logic. MIT Press, London (2000)zbMATHGoogle Scholar
  28. 28.
    KeY project homepage. Accessed 8 Mar 2012
  29. 29.
    Kiniry, J.R., Morkan, A.E., Denby, B.: Soundness and completeness warnings in ESC/Java2. In: Proceedings of Fifth International Workshop Specification and Verification of Component-Based Systems, pp. 19–24 (2006)Google Scholar
  30. 30.
    Leavens, G., Cheon, Y.: Design by contract with JML, 2006. Visited December (2010)
  31. 31.
    McMinn P.: Search-based software test data generation: a survey. Softw. Test. Verif. Reliab. 14(2), 105–156 (2004)CrossRefGoogle Scholar
  32. 32.
    Moskal, M.: Satisfiability Modulo Software. PhD thesis, University of Wrocław (2009)Google Scholar
  33. 33.
    Moskal M., Lopuszanski J., Kiniry J.R.: E-matching for fun and profit. Electr. Notes Theor. Comput. Sci. 198(2), 19–35 (2008)MathSciNetCrossRefGoogle Scholar
  34. 34.
    Nieuwenhuis, R., Oliveras, A., Rodríguez-Carbonell, E., Rubio, A.: Challenges in satisfiability modulo theories. In: Baader, F. (eds.) Term Rewriting and Applications, 18th International Conference, RTA 2007, Paris, France, LNCS, vol. 4533, pp. 2–18. Springer, Berlin (2007)Google Scholar
  35. 35.
    Nieuwenhuis, R., Rubio, A.: Paramodulation-based theorem proving. In: Handbook of Automated Reasoning, pp. 371–443. Elsevier, MIT Press, London (2001)Google Scholar
  36. 36.
    Rümmer, P.: Sequential, parallel, and quantified updates of first-order structures. In: LPAR, LNCS, vol. 4246, pp. 422–436. Springer, Berlin (2006)Google Scholar
  37. 37.
    Rümmer, P., Shah, M.A.: Proving programs incorrect using a sequent calculus for Java dynamic logic. In: Gurevich, Y., Meyer, B. (eds) Proceedings, Tests and Proofs, First International Conference, TAP 2007, LNCS, vol. 4454, pp. 41–60. Springer, Berlin (2007)Google Scholar
  38. 38.
    Visser, W., Pǎsǎreanu, C., Khurshid, S.: Test input generation with Java PathFinder. In: ISSTA, pp. 97–107. ACM, New York (2004)Google Scholar
  39. 39.
    Weidenbach, C., Dimova, D., Fietzke, A., Kumar, R., Suda, M., Wischnewski, P.: Spass version 3.5. In: CADE, LNCS, vol. 5663, pp. 140–145. Springer, Berlin (2009)Google Scholar
  40. 40.
    Zhang, J., Zhang, H.: Extending finite model searching with congruence closure computation. In: Buchberger, B., Campbell, J.A. (eds.) Proceedings, Artificial Intelligence and Symbolic Computation, 7th International Conference, AISC 2004, Linz, LNCS, vol. 3249, pp. 94–102. Springer, Berlin (2004)Google Scholar

Copyright information

© Springer-Verlag 2012

Authors and Affiliations

  1. 1.Faculty of InformaticsKarlsruhe Institute of Technology (KIT)KarlsruheGermany

Personalised recommendations