Results 1 
5 of
5
Counterexampleguided Abstraction Refinement
, 2000
"... We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symb ..."
Abstract

Cited by 806 (67 self)
 Add to MetaCart
(Show Context)
We present an automatic iterative abstractionrefinement methodology in which the initial abstract model is generated by an automatic analysis of the control structures in the program to be verified. Abstract models may admit erroneous (or "spurious") counterexamples. We devise new symbolic techniques which analyze such counterexamples and refine the abstract model correspondingly.
TreeLike Counterexamples in Model Checking
 In Proceedings of the 17 th Annual IEEE Symposium on Logic in Computer Science (LICS’02
, 2002
"... Counterexamples for specification violations provide engineers with important debugging information. Although counterexamples are considered one of the main advantages of model checking, stateof the art model checkers are restricted to relatively simple counterexamples, and surprisingly little rese ..."
Abstract

Cited by 57 (5 self)
 Add to MetaCart
(Show Context)
Counterexamples for specification violations provide engineers with important debugging information. Although counterexamples are considered one of the main advantages of model checking, stateof the art model checkers are restricted to relatively simple counterexamples, and surprisingly little research effort has been put into counterexamples. In this paper, we introduce a new general framework for counterexamples. The paper has three main contributions: (i) We determine the general form of ACTL counterexamples. To this end, we investigate the notion of counterexample and show that a large class of temporal logics beyond ACTL admits counterexamples with a simple treelike transition relation. We show that the existence of treelike counterexamples is related to a universal fragment of extended branching time logic based on ! regular temporal operators. (ii) We present new symbolic algorithms to generate treelike counterexamples for ACTL specifications. (iii) Based on treelike counterexamples we extend the abstraction refinement methodology developed recently by Clarke et al. (CAV'2000) to full ACTL. This demonstrates the conceptual simplicity and elegance of treelike counterexamples.
Efficient Detection of Vacuity in Temporal Model Checking
 Formal Methods in System Design
, 2001
"... Abstract. The ability to generate a counterexample is an important feature of model checking tools, because a counterexample provides information to the user in the case that the formula being checked is found to be nonvalid. In this paper, we turn our attention to providing similar feedback to t ..."
Abstract

Cited by 31 (5 self)
 Add to MetaCart
(Show Context)
Abstract. The ability to generate a counterexample is an important feature of model checking tools, because a counterexample provides information to the user in the case that the formula being checked is found to be nonvalid. In this paper, we turn our attention to providing similar feedback to the user in the case that the formula is found to be valid, because valid formulas can hide real problems in the model. For instance, propositional logic formulas containing implications can suffer from antecedent failure, in which the formula is trivially valid because the precondition of the implication is not satisfiable. We call this vacuity, and extend the definition to cover other kinds of trivial validity. For nonvacuously valid formulas, we define an interesting witness as a nontrivial example of the validity of the formula. We formalize the notions of vacuity and interesting witness, and show how to detect vacuity and generate interesting witnesses in temporal model checking. Finally, we provide a practical solution for a useful subset of ACTL formulas.
Enhancing Model Checking in Verification by AI Techniques
 Artificial Intelligence
, 1999
"... Model checking is a fruitful application of computational logic with high relevance to the verification of concurrent systems. While model checking is capable of automatically testing that a concurrent system satisfies its formal specification, it can not precisely locate an error and suggest a r ..."
Abstract

Cited by 27 (2 self)
 Add to MetaCart
(Show Context)
Model checking is a fruitful application of computational logic with high relevance to the verification of concurrent systems. While model checking is capable of automatically testing that a concurrent system satisfies its formal specification, it can not precisely locate an error and suggest a repair, i.e., a suitable correction, to the system. In this paper, we tackle this problem by using principles from AI. In particular, we introduce the abstract concept of a system repair problem, and exemplify this concept on repair of concurrent programs and protocols. For the development of our framework, we formally extend the concept of counterexample, which has been proposed in model checking previously, and provide examples which demonstrate the need for such an extension. Moreover, we investigate into optimization issues for the problem of finding a repair, and present techniques which gain in some cases a considerable reduction of the search space for a repair.
Counterexamples revisited: Principles, algorithms, applications
 In Verification: Theory and Practice, volume 2772 of LNCS
, 2003
"... Abstract. Algorithmic counterexample generation is a central feature of model checking which sets the method apart from other approaches such as theorem proving. The practical value of counterexamples to the verification engineer is evident, and for many years, counterexample generation algorithms ..."
Abstract

Cited by 17 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Algorithmic counterexample generation is a central feature of model checking which sets the method apart from other approaches such as theorem proving. The practical value of counterexamples to the verification engineer is evident, and for many years, counterexample generation algorithms have been employed in model checking systems, even though they had not been subject to an adequate fundamental investigation. Recent advances in model checking technology such as counterexampleguided abstraction refinement have put strong emphasis on counterexamples, and have lead to renewed interest both in fundamental and pragmatic aspects of counterexample generation. In this paper, we survey several key contributions to the subject including symbolic algorithms, results about the graphtheoretic structure of counterexamples, and applications to automated abstraction as well as software verification. Irrefutability is not a virtue of a theory (as people often think) but a vice.