Advertisement

Generation of All Counter-Examples for Push-Down Systems

  • Samik Basu
  • Diptikalyan Saha
  • Yow-Jian Lin
  • Scott A. Smolka
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2767)

Abstract.

We present a new, on-the-fly algorithm that given a push-down model representing a sequential program with (recursive) procedure calls and an extended finite-state automaton representing (the negation of) a safety property, produces a succinct, symbolic representation of all counter-examples; i.e., traces of system behaviors that violate the property. The class of what we call minimum-recursion loop-free counter-examples can then be generated from this representation on an as-needed basis and presented to the user. Our algorithm is also applicable, without modification, to finite-state system models. Simultaneous consideration of multiple counter-examples can minimize the number of model-checking runs needed to recognize common root causes of property violations. We illustrate the use of our techniques via application to a Java-Tar utility and an FTP-server program, and discuss a prototype tool implementation which offers several abstraction techniques for easy-viewing of generated counter-examples.

Keywords

Control Location Model Check Regular Expression Transition Rule Recursive Call 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

  1. 1.
    Alur, R., Dang, T., Ivančić, F.: Counter-example guided predicate abstraction of hybrid systems. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems (2003)Google Scholar
  2. 2.
    Ball, T., Naik, M., Rajamani, S.K.: From symptom to cause: Localizing errors in counterexample traces. In: Symposium on Principles of Programming Languages (2003)Google Scholar
  3. 3.
    Basu, S., Kumar, K.N., Pokorny, R.L., Ramakrishnan, C.R.: Resource-constrained model checking for recursive programs. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems (2002)Google Scholar
  4. 4.
    Bouajjani, A., Esparza, J., Maler, O.: Reachability analysis of pushdown automata: Application to model checking. Concurrency Theory (1997)Google Scholar
  5. 5.
    Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Transactions on Programming Languages and Systems 8(2) (1986)Google Scholar
  6. 6.
    Clarke, E.M., Grumberg, O., Jha, S., Lu, Y., Veith, H.: Counterexample-guided abstraction refinement. In: 12th International Conference Computer Aided Verification (2000)Google Scholar
  7. 7.
    Das, S., Dill, D.L.: Counter-example based predicate discovery in predicate abstraction. In: 4th International Conference on Formal Methods in Computer-Aided Design (2002)Google Scholar
  8. 8.
    Esparza, J., Hansel, D., Rossmanith, P., Schwoon, S.: Efficient algorithms for model checking pushdown systems. In: 12th International Conference Computer Aided Verification, pp. 232–247. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  9. 9.
    Esparza, J., Schwoon, S.: A BDD-based model checker for recursive programs. In: 13th International Conference Computer Aided Verification, pp. 324–336. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Finkel, A., Willems, B., Wolper, P.: A direct symbolic approach to model checking pushdown systems. In: 2nd International Workshop on Verification of Infinite State System, vol. 9. Elsevier Science, Amsterdam (1997)Google Scholar
  11. 11.
    Glusman, M., Kamhi, G., Mador-Haim, S., Fraer, R., Vardi, M.Y.: Multiple-counterexample guided iterative abstraction refinement: An industrial evaluation. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems (2003)Google Scholar
  12. 12.
    Groce, A., Peled, D., Yannakakis, M.: Adaptive model checking. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems (2002)Google Scholar
  13. 13.
    Groce, A., Visser, W.: What went wrong: Explaining counterexamples. In: SPINWorkshop (2003)Google Scholar
  14. 14.
    Lewis, H.R., Papadimitriou, C.H.: Elements of the Theory of Computation. Prentice Hall Inc., Englewood Cliffs (1998)Google Scholar
  15. 15.
    Namjoshi, K.: Certifying model checkers. In: 13th International Conference Computer Aided Verification (2001)Google Scholar
  16. 16.
    Pace, G., Halbwachs, N., Raymond, P.: Counter-example generation in symbolic abstract model-checking. In: 6th International Workshop on Formal Methods for Industrial Critical Systems, Paris, Inria (2001)Google Scholar
  17. 17.
    Pasareanu, C.S., Dwyer, M.B., Visser, W.: Finding feasible counter-examples when model checking abstracted Java programs. In: International Conference on Tools and Algorithms for the Construction and Analysis of Systems (2001)Google Scholar
  18. 18.
    Queille, J.P., Sifakis, J.: Specification and verification of concurrent systems in Cesar. In: Dezani-Ciancaglini, M., Montanari, U. (eds.) Programming 1982. LNCS, vol. 137. Springer, Heidelberg (1982)CrossRefGoogle Scholar
  19. 19.
    Sai̋di, H.: Model checking guided abstraction and analysis. In: Static Analysis Symposium (2000) Google Scholar
  20. 20.
    Sander, G.: Graph layout through the VCG tool. In: Tamassia, R., Tollis, I.G. (eds.) GD 1994. LNCS, vol. 894, pp. 194–205. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  21. 21.
    Sekar, R., Ramakrishnan, C.R., Ramakrishnan, I.V., Smolka, S.A.: Model-carrying code: A new paradigm for mobile-code security. In: New Security Paradigms Workshop, Cloudcroft, New Mexico (2001)Google Scholar
  22. 22.
    XSB. The XSB logic programming system, Available from http://xsb.sourceforge.net

Copyright information

© IFIP International Federation for Information Processing 2003

Authors and Affiliations

  • Samik Basu
    • 1
  • Diptikalyan Saha
    • 1
  • Yow-Jian Lin
    • 1
  • Scott A. Smolka
    • 1
  1. 1.Department of Computer ScienceSUNY at Stony BrookStony BrookUSA

Personalised recommendations