Results 1 
6 of
6
Generating CounterExamples Through Randomized Guided Search
 IN: SPIN 2007, LNCS
, 2007
"... Computational resources are increasing rapidly with the explosion of multicore processors readily available from major vendors. Model checking needs to harness these resources to help make it more effective in practical verification. Directed model checking uses heuristics in a guided search to r ..."
Abstract

Cited by 7 (3 self)
 Add to MetaCart
Computational resources are increasing rapidly with the explosion of multicore processors readily available from major vendors. Model checking needs to harness these resources to help make it more effective in practical verification. Directed model checking uses heuristics in a guided search to rank states in order of interest. Randomizing guided search makes it possible to harness computation nodes by running independent searches in parallel in a effort to discover counterexamples to correctness. Initial attempts at adding randomization to guided search have achieved very limited success. In this work, we present a new lowcost randomized guided search technique that shuffles states in the priority queue with equivalent heuristic ties. We show in an empirical study that randomized guided search, overall, decreases the number of states generated before error discovery when compared to a guided search using the same heuristic. To further evaluate the performance gains of randomized guided search using a particular heuristic, we compare it with randomized depthfirst search. Randomized depthfirst search shuffles transitions and generally improves error discovery over the default transition order implemented by the model checker. In the context of evaluating randomized guided search, a randomized depthfirst search provides a lower bound for establishing performance gains in directed model checking. In the empirical study, we show that with the correct heuristic, randomized guided search outperforms randomized depthfirst search both in effectively finding counterexamples and generating shorter counterexamples.
E.G.: A contextsensitive structural heuristic for guided search model checking
 In: 20th IEEE/ACM International Conference on Automated Software Engineering
, 2005
"... In this paper we build on the FSM distance heuristic for guided model checking by using the runtime stack to reconstruct calling context in procedural calls. We first build a more accurate static representation of the program by including a bounded level of calling context. We then use the calling ..."
Abstract

Cited by 4 (3 self)
 Add to MetaCart
(Show Context)
In this paper we build on the FSM distance heuristic for guided model checking by using the runtime stack to reconstruct calling context in procedural calls. We first build a more accurate static representation of the program by including a bounded level of calling context. We then use the calling context in the runtime stack with the more accurate control flow graph to estimate the distance to the possible error state. The heuristic is computed using both the dynamic and static construction of the program. We evaluate the new heuristic on models with concurrency errors. In these examples, experimental results show that for programs with function calls, the new heuristic better guides the search toward the error while the traditional FSM distance heuristic degenerates into a random search.
Guided model checking for programs with polymorphism
 In Proceedings of the 2009 ACM SIGPLAN workshop on Partial evaluation and program manipulation (PEPM ’09
, 2009
"... Exhaustive model checking search techniques are ineffective for error discovery in large and complex multithreaded software systems. Distance estimate heuristics guide the concrete execution of the program toward a possible error location. The estimate is a lowerbound computed on a statically gen ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Exhaustive model checking search techniques are ineffective for error discovery in large and complex multithreaded software systems. Distance estimate heuristics guide the concrete execution of the program toward a possible error location. The estimate is a lowerbound computed on a statically generated abstract model of the program that ignores all data values and only considers control flow. In this paper we describe a new distance estimate heuristic that efficiently computes a tighter lowerbound in programs with polymorphism when compared to the state of the art distance heuristic. We statically generate conservative distance estimates and refine the estimates when the targets of dynamic method invocations are resolved. In our empirical analysis the state of the art approach is computationally infeasible for large programs with polymorphism while our new distance heuristic can quickly detect the errors.
Properties of State Spaces and Their Applications
 SOFTWARE TOOLS FOR TECHNOLOGY TRANSFER
"... Explicit model checking algorithms explore the full state space of a system. State spaces are usually treated as directed graphs without any specific features. We gather a large collection of state spaces and extensively study their structural properties. Our results show that state spaces have se ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Explicit model checking algorithms explore the full state space of a system. State spaces are usually treated as directed graphs without any specific features. We gather a large collection of state spaces and extensively study their structural properties. Our results show that state spaces have several typical properties, i.e., they are not arbitrary graphs. We also demonstrate that state spaces differ significantly from random graphs and that different classes of models (application domains, academic vs industrial) have different properties. We discuss consequences of these results for model checking experiments and we point out how to exploit typical properties of state spaces in practical model checking algorithms.
Randomized Backtracking in State Space Traversal
 In SPIN 2011, LNCS
"... Abstract. While exhaustive state space traversal is not feasible in reasonable time for complex concurrent programs, many techniques for efficient detection of concurrency errors and testing of concurrent programs have been introduced in recent years, such as directed search and contextbounded mode ..."
Abstract

Cited by 1 (1 self)
 Add to MetaCart
Abstract. While exhaustive state space traversal is not feasible in reasonable time for complex concurrent programs, many techniques for efficient detection of concurrency errors and testing of concurrent programs have been introduced in recent years, such as directed search and contextbounded model checking. We propose to use depthfirst traversal with randomized backtracking, where it is possible to backtrack from a state before all outgoing transitions have been explored, and the whole process is driven by random number choices. Experiments with a prototype implementation in JPF on several Java programs show that, in most cases, fewer states must be explored to find an error with our approach than using the existing techniques. 1
Formal Verification of Concurrent Systems via Directed Model Checking Abstract
, 2006
"... Model checking suffers from the state explosion problem, due to the exponential increase in the size of a finite state model as the number of system components grows. Directed model checking aims at reducing this problem through heuristicbased search strategies. The model of the system is built whi ..."
Abstract
 Add to MetaCart
(Show Context)
Model checking suffers from the state explosion problem, due to the exponential increase in the size of a finite state model as the number of system components grows. Directed model checking aims at reducing this problem through heuristicbased search strategies. The model of the system is built while checking the formula and this construction is guided by some heuristic function. In this line, we have defined a structurebased heuristic function operating on processes described in the Calculus of Communicating Systems (CCS), which accounts for the structure of the formula to be verified, expressed in the selective HennessyMilner logic. We have implemented a tool to evaluate the method and verified a sample of well known CCS processes with respect to some formulae, the results of which are reported and commented.