Towards Concolic Testing for Hybrid Systems

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9995)

Abstract

Hybrid systems exhibit both continuous and discrete behavior. Analyzing hybrid systems is known to be hard. Inspired by the idea of concolic testing (of programs), we investigate whether we can combine random sampling and symbolic execution in order to effectively verify hybrid systems. We identify a sufficient condition under which such a combination is more effective than random sampling. Furthermore, we analyze different strategies of combining random sampling and symbolic execution and propose an algorithm which allows us to dynamically switch between them so as to reduce the overall cost. Our method has been implemented as a web-based checker named HyChecker. HyChecker has been evaluated with benchmark hybrid systems and a water treatment system in order to test its effectiveness.

Notes

Acknowledgement

The project is supported by the NRF project IGDSi1305012 in SUTD and by the National Natural Science Foundation of China under grant no. 61532019, 61202069 and 61272160.

References

  1. 1.
  2. 2.
  3. 3.
    Abramowitz, M.: Handbook of Mathematical Functions, With Formulas, Graphs, and Mathematical Tables. Dover Publications, New York (1974). IncorporatedMATHGoogle Scholar
  4. 4.
    Aziz, M.A., Wassal, A.G., Darwish, N.M.: A machine learning technique for hardness estimation of QFBV SMT problems. In: 10th International Workshop on Satisfiability Modulo Theories (SMT), pp. 57–66 (2012)Google Scholar
  5. 5.
    Barbot, B., Haddad, S., Picaronny, C.: Coupling and importance sampling for statistical model checking. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 331–346. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28756-5_23 CrossRefGoogle Scholar
  6. 6.
    Barbot, B., Haddad, S., Picaronny, C., et al.: Importance sampling for model checking of continuous time markov chains. In: SIMUL, pp. 30–35 (2012)Google Scholar
  7. 7.
    Böhme, M., Paul, S.: On the efficiency of automated testing. In: 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE-22), pp. 632–642 (2014)Google Scholar
  8. 8.
    Cadar, C., Dunbar, D., Engler, D.R.: KLEE: unassisted and automatic generation of high-coverage tests for complex systems programs. In: 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 209–224 (2008)Google Scholar
  9. 9.
    Chistikov, D., Dimitrova, R., Majumdar, R.: Approximate counting in SMT and value estimation for probabilistic programs. In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 320–334. Springer, Heidelberg (2015). doi:10.1007/978-3-662-46681-0_26 Google Scholar
  10. 10.
    Fehnker, A., Ivančić, F.: Benchmarks for hybrid systems verification. In: Alur, R., Pappas, G.J. (eds.) HSCC 2004. LNCS, vol. 2993, pp. 326–341. Springer, Heidelberg (2004). doi:10.1007/978-3-540-24743-2_22 CrossRefGoogle Scholar
  11. 11.
    Filieri, A., Frias, M.F., Păsăreanu, C.S., Visser, W.: Model counting for complex data structures. In: Fischer, B., Geldenhuys, J. (eds.) SPIN 2015. LNCS, vol. 9232, pp. 222–241. Springer, Heidelberg (2015). doi:10.1007/978-3-319-23404-5_15 CrossRefGoogle Scholar
  12. 12.
    Filieri, A., Pasareanu, C.S., Visser, W., Geldenhuys, J.: Statistical symbolic execution with informed sampling. In: 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE-22), pp. 437–448 (2014)Google Scholar
  13. 13.
    Gao, S., Kong, S., Chen, W., Clarke, E.: Delta-complete analysis for bounded reachability of hybrid systems. arXiv preprint arXiv:1404.7171 (2014)
  14. 14.
    Gao, S., Kong, S., Clarke, E.M.: dReal: an SMT solver for nonlinear theories over the reals. In: Bonacina, M.P. (ed.) CADE 2013. LNCS (LNAI), vol. 7898, pp. 208–214. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38574-2_14 CrossRefGoogle Scholar
  15. 15.
    Godefroid, P., Klarlund, N., Sen, K.: Dart: directed automated random testing. SIGPLAN Not. 40(6), 213–223 (2005)CrossRefGoogle Scholar
  16. 16.
    Gordon, J., Serway, R., McGrew, R.: Physics for Scientists and Engineers, vol. 2. Cengage Learning, Boston (2007)Google Scholar
  17. 17.
    Gyori, B.M., Liu, B., Paul, S., Ramanathan, R., Thiagarajan, P.S.: Approximate probabilistic verification of hybrid systems. In: Abate, A., Šafránek, D. (eds.) HSB 2015. LNCS (LNBI), vol. 9271, pp. 96–116. Springer, Heidelberg (2015). doi:10.1007/978-3-319-26916-0_6 CrossRefGoogle Scholar
  18. 18.
    Hahn, E.M., Hartmanns, A., Hermanns, H., Katoen, J.: A compositional modelling and analysis framework for stochastic hybrid systems. Formal Methods Syst. Des. 43(2), 191–232 (2013)CrossRefMATHGoogle Scholar
  19. 19.
    Henzinger, T.A.: The theory of hybrid automata. In: 11th Annual IEEE Symposium on Logic in Computer Science (LICS), pp. 278–292 (1996)Google Scholar
  20. 20.
    Henzinger, T.A.: The theory of hybrid automata. In: Inan, M.K., Kurshan, R.P. (eds.) Verification of Digital and Hybrid Systems. NATO ASI Series, vol. 170, pp. 265–292. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  21. 21.
    Henzinger, T.A., Ho, P.-H., Wong-Toi, H.: HyTech: a model checker for hybrid systems. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 460–463. Springer, Heidelberg (1997). doi:10.1007/3-540-63166-6_48 CrossRefGoogle Scholar
  22. 22.
    Henzinger, T.A., Kopke, P.W., Puri, A., Varaiya, P.: What’s decidable about hybrid automata? J. Comput. Syst. Sci. 57(1), 94–124 (1998)MathSciNetCrossRefMATHGoogle Scholar
  23. 23.
    Henzinger, T.A., Majumdar, R.: Symbolic model checking for rectangular hybrid systems. In: Graf, S., Schwartzbach, M. (eds.) TACAS 2000. LNCS, vol. 1785, pp. 142–156. Springer, Heidelberg (2000). doi:10.1007/3-540-46419-0_11 CrossRefGoogle Scholar
  24. 24.
    Iverson, K.E.: A Programming Language. Wiley, New York (1962)CrossRefMATHGoogle Scholar
  25. 25.
    Jegourel, C., Legay, A., Sedwards, S.: Importance splitting for statistical model checking rare properties. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 576–591. Springer, Heidelberg (2013). doi:10.1007/978-3-642-39799-8_38 CrossRefGoogle Scholar
  26. 26.
    Jha, S., Limaye, R., Seshia, S.A.: Beaver: engineering an efficient SMT solver for bit-vector arithmetic. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 668–674. Springer, Heidelberg (2009). doi:10.1007/978-3-642-02658-4_53 CrossRefGoogle Scholar
  27. 27.
    Kamide, N.: Bounded linear-time temporal logic: a proof-theoretic investigation. Ann. Pure Appl. Logic 163(4), 439–466 (2012)MathSciNetCrossRefMATHGoogle Scholar
  28. 28.
    Kong, P., Li, Y., Chen, X., Sun, J., Sun, M., Wang, J.: Towards concolic testing for hybrid systems. In: Fitzgerald, J., et al. (eds.) FM 2016, LNCS 9995, pp. X–XY. Springer, Heidelberg (2016)Google Scholar
  29. 29.
    Lebesgue, H.: Intégrale, longueur, aire. Annali di Matematica Pura ed Applicata 7(1), 231–359 (1902)CrossRefMATHGoogle Scholar
  30. 30.
    Leon-Garcia, A.: Probability and Random Processes For EE’s, 3rd edn. Prentice-Hall Inc., Upper Saddle River (2007)Google Scholar
  31. 31.
    Lu, F., Iyer, M.K., Parthasarathy, G., Wang, L.-C., Cheng, K.-T., Chen, K.C.: An efficient sequential sat solver with improved search strategies. In: The Conference on Design, Automation and Test in Europe (DATE), 2005, pp. 1102–1107 (2005)Google Scholar
  32. 32.
    Luckow, K.S., Pasareanu, C.S., Dwyer, M.B., Filieri, A., Visser, W.: Exact and approximate probabilistic symbolic execution for nondeterministic programs. In: ACM/IEEE International Conference on Automated Software Engineering (ASE), pp. 575–586 (2014)Google Scholar
  33. 33.
    Majumdar, R., Sen, K.: Hybrid concolic testing. In: 29th International Conference on Software Engineering (ICSE 2007), pp. 416–426. IEEE (2007)Google Scholar
  34. 34.
    Orosz, G., Wilson, R.E., Szalai, R., Stépán, G.: Exciting traffic jams: nonlinear phenomena behind traffic jam formation on highways. Phys. Rev. E. 80, 046205 (2009)CrossRefGoogle Scholar
  35. 35.
    Platzer, A.: Logical Analysis of Hybrid Systems: Proving Theorems for Complex Dynamics. Springer, Heidelberg (2010). IncorporatedCrossRefMATHGoogle Scholar
  36. 36.
    Sen, K.: Concolic testing. In: 22nd IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 571–572. ACM (2007)Google Scholar
  37. 37.
    Sen, K., Agha, G.: CUTE and jCUTE: concolic unit testing and explicit path model-checking tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006). doi:10.1007/11817963_38 CrossRefGoogle Scholar
  38. 38.
  39. 39.
    Veach, E., Guibas, L.J.: Optimally combining sampling techniques for monte carlo rendering. In: 22nd Annual Conference on Computer Graphics and Interactive Techniques (SIGGRAPH), pp. 419–428 (1995)Google Scholar

Copyright information

© Springer International Publishing AG 2016

Authors and Affiliations

  1. 1.Singapore University of Technology and DesignSingaporeSingapore
  2. 2.LMAM & DI, School of Mathematical SciencesPeking UniversityBeijingChina
  3. 3.University of Illinois at Urbana-ChampaignChampaignUSA

Personalised recommendations