Junyan Qian,Baowen Xu

2006-01-01

WSEAS TRANSACTIONS ON COMPUTERS

Abstract:Model checking has been interest in applying model checking to software. However, the major problem of software model checking is the state space explosion problem. For model checking software, abstraction is a key issue. We present a methodology for automatically constructing an abstraction of C programs based on finite state machine. Firstly eliminate unneeded variables using program slicing technique and restrict C program to a simple intermediate form before constructing an abstract model of program. And then automatically extract a finite model from C source code using predicate abstraction and theorem proving. Finally, in order to reduce time complexities, we partition the set of candidate predicates into subsets, and construct abstract model independently.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.15388/informatica.2007.178

2007-01-01

Informatica

Abstract:Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The approach eliminates unneeded variables using program slicing technique, and then automatically extracts an initial abstract model from C source code using predicate abstraction and theorem proving. In order to reduce time complexities, we partition the set of candidate predicates into subsets, and construct abstract model independently. On the basis of a counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Our methods can be extended to verifying concurrency C programs by parallel composition.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Jingyi Wang,Jun Sun,Qixia Yuan,Jun Pang

DOI: https://doi.org/10.1007/978-3-662-54494-5_1

2017-01-01

Abstract:Many automated system analysis techniques e.g., model checking, model-based testing rely on first obtaining a model of the system under analysis. System modeling is often done manually, which is often considered as a hindrance to adopt model-based system analysis and development techniques. To overcome this problem, researchers have proposed to automatically \"learn\" models based on sample system executions and shown that the learned models can be useful sometimes. There are however many questions to be answered. For instance, how much shall we generalize from the observed samples and how fast would learning converge? Or, would the analysis result based on the learned model be more accurate than the estimation we could have obtained by sampling many system executions within the same amount of time? In this work, we investigate existing algorithms for learning probabilistic models for model checking, propose an evolution-based approach for better controlling the degree of generalization and conduct an empirical study in order to answer the questions. One of our findings is that the effectiveness of learning may sometimes be limited.

Jingyi Wang,Jun Sun,Qixia Yuan,Jun Pang

DOI: https://doi.org/10.1007/s10009-018-0492-7

2018-01-01

International Journal on Software Tools for Technology Transfer

Abstract:Many automated system analysis techniques (e.g., model checking, model-based testing) rely on first obtaining a model of the system under analysis. System modeling is often done manually, which is often considered as a hindrance to adopt model-based system analysis and development techniques. To overcome this problem, researchers have proposed to automatically “learn” models based on sample system executions and shown that the learned models can be useful sometimes. There are however many questions to be answered. For instance, how much shall we generalize from the observed samples and how fast would learning converge? Or, would the analysis result based on the learned model be more accurate than the estimation we could have obtained by sampling many system executions within the same amount of time? Moreover, how well does learning scale to real-world applications? If the answer is negative, what are the potential methods to improve the efficiency of learning? In this work, we first investigate existing algorithms for learning probabilistic models for model checking and propose an evolution-based approach for better controlling the degree of generalization. Then, we present existing approaches to learn abstract models to improve the efficiency of learning for scalability reasons. Lastly, we conduct an empirical study in order to answer the above questions. Our findings include that the effectiveness of learning may sometimes be limited and it is worth investigating how abstraction should be done properly in order to learn abstract models.

Li,XiaoYu Song,Ming Gu,XiangYu Luo

DOI: https://doi.org/10.1007/s11432-010-4150-2

2010-01-01

Abstract:The paper presents a new approach to computing the abstract state and a maximum weight heuristic method for finding the shortest counter-example in verification of imperative programs. The strategy is incorporated in a verification system based on the counterexample-guided abstraction refinement method. The proposed method slashes both the size of the abstract state space and the number of invokes of a decision procedure. A number of benchmarks are employed to evaluate the effectiveness of the approach.

Ting Wang,Songzheng Song,Jun Sun,Yang Liu,Jin Song Dong,Xinyu Wang,Shanping Li

DOI: https://doi.org/10.1007/978-3-642-34281-3_26

2012-01-01

Abstract:Refinement checking plays an important role in system verification. It establishes properties of an implementation by showing a refinement relationship between the implementation and a specification. Recently, it has been shown that anti-chain based approaches increase the efficiency of trace refinement checking significantly. In this work, we study the problem of adopting anti-chain for stable failures refinement checking, failures-divergence refinement checking and probabilistic refine checking (i.e., a probabilistic implementation against a non-probabilistic specification). We show that the first two problems can be significantly improved, because the state space of the product model may be reduced dramatically. Though applying anti-chain for probabilistic refinement checking is more complicated, we manage to show improvements in some cases. We have integrated these techniques into the PAT model checking framework. Experiments are conducted to demonstrate the efficiency of our approach.

Jingyi Wang,Jun Sun,Shengchao Qin,Cyrille Jegourel

DOI: https://doi.org/10.1109/tse.2018.2886898

IF: 7.4

2018-01-01

IEEE Transactions on Software Engineering

Abstract:Precisely modeling complex systems like cyber-physical systems is challenging, which often renders model-based system verification techniques like model checking infeasible. To overcome this challenge, we propose a method called LAR to automatically ‘verify’ such complex systems through a combination of learning, abstraction and refinement from a set of system log traces. We assume that log traces and sampling frequency are adequate to capture ‘enough’ behaviour of the system. Given a safety property and the concrete system log traces as input, LAR automatically learns and refines system models, and produces two kinds of outputs. One is a counterexample with a bounded probability of being spurious. The other is a probabilistic model based on which the given property is ‘verified’. The model can be viewed as a proof obligation, i.e., the property is verified if the model is correct. It can also be used for subsequent system analysis activities like runtime monitoring or model-based testing. Our method has been implemented as a self-contained software toolkit. The evaluation on multiple benchmark systems as well as a real-world water treatment system shows promising results.

Fei He,Xiaoyu Song,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1093/comjnl/bxm085

2007-01-01

The Computer Journal

Abstract:Model checking has been considered as a promising approach to establish the correctness of systems. Counterexample-guided abstraction refinement is a key strategy for model checking in verification of large-scale systems. State separation problem poses the main hurdle during the refinement. We present two fast heuristics to solve this problem. We prove the effectiveness of our heuristics by both theoretical analysis and experimental results. Experimental results show the promising performance of our approach.

YANG Jun,GE Hai-tong,ZHENG Fei-jun,YAN Xiao-lang

DOI: https://doi.org/10.3321/j.issn:1008-9497.2006.04.012

2006-01-01

Abstract:Being a formal verification method,model checking is used frequently in hardware and software design.Firstey the Kripke structure which is used to describe the behavior of a system and the CTL logic which is used to describe the property of a system were introduced.Then two model checking algorithms were introduced: one is the labeling algorithm,the other is the algorithm based on fixpoint.In the end,the symbolic model checking which can reduce the possibility of memory explosion was introduced.

何恺铎,顾明,宋晓宇,李力,李江

DOI: https://doi.org/10.3969/j.issn.1002-137x.2009.01.068

2009-01-01

Computer Science

Abstract:Model checking on software reliability is always considered meaningful.This paper studied theory and metho-dology on source code verification,utilizing predicate abstraction and counterexample-guided abstraction refinement.Detailed verification framework and its implementation of the self-designed Jchecker,a source-oriented software model checker,were also introduced.

Zhenyu Chen,Conghua Zhou,Decheng Ding

DOI: https://doi.org/10.1109/HLDVT.2005.1568832

2005-01-01

Abstract:Model checking has emerged as a promising and powerful approach to analyze Petri nets automatically, but a main challenge is the state explosion problem. To obtain an efficient state space, we implement a series of formalisms based on Petri nets to achieve automatically predicate abstraction and refinement via new predicate discovery. However, the complicated predicates would slow down the abstraction refinement process. Novel Feature of our approach is minimizing the support of predicates, via diagnosing the failure reasons of transitions and projecting places on predicates to eliminate the dumb variables. In addition, a demonstrative example shows that our techniques could work efficiently on Petri nets.

Fei He,Xiaoyu Song,William N. N. Hung,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/tc.2009.105

2010-01-01

Abstract:Model checking for large-scale systems is extremely difficult due to the state explosion problem. Creating useful abstractions for model checking task is a challenging problem, often involving many iterations of refinement. In this paper we consider techniques for model checking in the counter example-guided abstraction refinement. The state separation problem is one popular approach in counterexample-guided abstraction refinement, and it poses the main hurdle during the refinement process. To achieve effective minimization of the separation set, we present a novel probabilistic learning approach based on the sample learning technique, evolutionary algorithm, and effective heuristics. We integrate it with the abstraction refinement framework in the VIS model checker. We include experimental results on model checking to compare our new approach to recently published techniques. The benchmark results show that our approach has overall speedup of more than 56 percent against previous techniques. Our work is the first successful integration of evolutionary algorithm and abstraction refinement for model checking.

Shahbaz Ali,Hailong Sun,Yongwang Zhao

DOI: https://doi.org/10.1007/978-3-030-41418-4_18

2020-01-01

Abstract:In the current technological era, the correct functionality and quality of software systems are of prime concern and require practical approaches to improve their reliability. Besides classical testing, formal verification techniques can be employed to enhance the reliability of software systems. In this connection, we propose an approach that combines the strengths of two effective techniques, i.e., Model learning and Model checking for the formal analysis of Java libraries. To evaluate the performance of the proposed approach, we consider the implementation of “Java.util” package as a case study. First, we apply model learning to infer behavior models of Java package and then use model checking to verify that the obtained models satisfy basic properties (safety, functional, and liveness) specified in LTL/CTL languages. Our results of the formal analysis reveal that the learned models of Java package satisfy all the selected properties specified in temporal logic. Moreover, the proposed approach is generic and very promising to analyze any software library/package considered as a black-box.

Kaninda Musumbu

DOI: https://doi.org/10.48550/arXiv.0902.1871

2009-02-11

Abstract:interpretation is a general methodology for building static analyses of programs. It was introduced by P. and R. Cousot in \cite{cc}. We present, in this paper, an application of a generic abstract interpretation to domain of model-checking. Dynamic checking are usually easier to use, because the concept are establishe d and wide well know. But they are usually limited to systems whose states space is finite. In an other part, certain faults cannot be detected dynamically, even by keeping track of the history of the states <a class="link-external link-http" href="http://space.Indeed" rel="external noopener nofollow">this http URL</a>, the classical problem of finding the right test cases is far from trivial and limit the abilities of dynamic checkers further. Static checking have the advantage that they work on a more abstract level than dynamic checker and can verify system properties for all inputs. Problem, it is hard to guarantee that a violation of a modeled property corresponds to a fault in the concrete system. We propose an approach, in which we generate counter-examples dynamically using the abstract interpretation techniques.

Data Structures and Algorithms,Symbolic Computation

Lu Chen,Jian Jiao,Jiping Fan,Fuchun Ren

DOI: https://doi.org/10.1109/rams.2016.7447978

2016-01-01

Abstract:Fault propagation identification is an indispensable task in complex system safety analysis. With the growing of system scale and complexity, it is hard for the traditional safety analysis techniques, which depend mainly on analysts' personal skills and experiences, to keep completeness and timeliness; moreover, some failure modes may be neglected and failure effects misjudged during the analysis. Formal science provides a new way to solve this problem, where formal verification method such as model checking can automatically validate whether the system design satisfies the given safety requirements, which can reduce an analysts' repetitive work and design cost, and improve the efficiency and quality of safety analysis. However, there is lack of a deliberate and reasonable way to build system models because of the diversity and flexibility of languages used for model checking, which results in that it is difficult to specify and model system quickly and accurately, and leads to some deviation in model checking. In this paper, a system modeling and safety property specifying approach using symbolic language SMV is proposed, including guidance on the mapping relationships between the formal language elements and system functions, architecture and failure modes; moreover, how to define system specifications and safety requirements using temporal logic formulas is discussed as well. Finally, a case study about airborne system safety analysis is provided, in which the counter-examples that do not meet system specifications can be identified automatically using model checker NuSMV to find out fault events and their propagation that can result in accidents.

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1109/icsict.2006.306623

2006-01-01

Abstract:ANSI-C algorithm abstraction refinement for RTL circuits is investigated, with the goal of reducing the complexity of bounded model checking. This new method abstracts an ANSI-C algorithm from a verified RTL circuit, and then optimizes the algorithm for the ANSI-C bounded model checker CBMC. When a spurious counterexample is generated, this method refines the ANSI-C algorithm in more details. Equivalence checking between ANSI-C algorithms and RTL circuits, and that between the ANSI-C algorithms and their optimized versions are needed. Comparisons with other methods show that this new method is efficient

Li Li,Xiaoyu Song,Ming Gu,Jianmin Wang

DOI: https://doi.org/10.1109/COMPSAC.2008.7

2008-01-01

Abstract:Program verification is an important task in software engineering. Abstraction plays a critical role in verifying infinite state systems by model checking. We present a novel method to automatically compute the abstract reachable state space of programs. An effective heuristic strategy is employed to find an abstract counter example, thus reducing the proof time for using theorem proving systems. In comparison with the previous work, the proposed approach demonstrates its effectiveness in predicate abstraction.

Mo Xia,Guiming Luo,Mian Sun

DOI: https://doi.org/10.1145/2591062.2591149

2014-01-01

Abstract:Model checking is a common formal verification technique, but it is only applicable to white box systems. In order to allow users without much formal verification expertise to use model checking easily, this paper proposes a modular approach for software modeling and model checking. Efficiency, correctness, and reusability are our main concerns. A hierarchical model is constructed for a system by modules, and it is translated into the specific model checking codes. The M^3C tool is implemented to support our approach, and it is successfully applied to actual industrial cases, as well as to some cases in the literature.

KP Jevitha,Bharat Jayaraman,M Sethumadhavan

2024-06-18

Abstract:Finite-state models are ubiquitous in the study of concurrent systems, especially controllers and servers that operate in a repetitive cycle. In this paper, we show how to extract finite state models from a run of a multi-threaded Java program and carry out runtime verification of correctness properties. These properties include data-oriented and control-oriented properties; the former express correctness conditions over the data fields of objects, while the latter are concerned with the correct flow of control among the modules of larger software. As the extracted models can become very large for long runs, the focus of this paper is on constructing reduced models with user-defined abstraction functions that map a larger domain space to a smaller one. The abstraction functions should be chosen so that the resulting model is property preserving, i.e., proving a property on the abstract model carries over to the concrete model. The main contribution of this paper is in showing how runtime verification can be made efficient through online property checking on property-preserving abstract models. The property specification language resembles a propositional linear temporal logic augmented with simple datatypes and operators. Classic concurrency examples and larger case studies (Multi-rotor Drone Controller, OAuth Protocol) are presented in order to demonstrate the usefulness of our proposed techniques, which are incorporated in an Eclipse plug-in for runtime visualization and verification of Java programs.

Software Engineering