Bug Hunting with False Negatives Revisited

Safe data abstractions are widely used for verification purposes. Positive verification results can be transferred from the abstract to the concrete system. When a property is violated in the abstract system, one still has to check whether a concrete violation scenario exists. However, even when the violation scenario is not reproducible in the concrete system (a false negative), it may still contain information on possible sources of bugs. Here, we propose a bug hunting framework based on abstract violation scenarios. We first extract a violation pattern from one abstract violation scenario. The violation pattern represents multiple abstract violation scenarios, increasing the chance that a corresponding concrete violation exists. Then, we look for a concrete violation that corresponds to the violation pattern by using constraint solving techniques. Finally, we define the class of counterexamples that we can handle and argue correctness of the proposed framework. Our method combines two formal techniques, model checking and constraint solving. Through an analysis of contracting and precise abstractions, we are able to integrate overapproximation by abstraction with concrete counterexample generation.

[1]  J. F. Groote The Syntax and Semantics of timed μ CRL , 1997 .

[2]  Corina S. Pasareanu,et al.  Concrete Model Checking with Abstract Matching and Refinement , 2005, CAV.

[3]  Jan Friso Groote,et al.  The Syntax and Semantics of μCRL , 1995 .

[4]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[5]  Dennis Dams,et al.  Abstract interpretation and partition refinement for model checking , 1996 .

[6]  Orna Grumberg,et al.  Abstract interpretation of reactive systems , 1997, TOPL.

[7]  George S. Avrunin,et al.  Patterns in property specifications for finite-state verification , 1999, Proceedings of the 1999 International Conference on Software Engineering (IEEE Cat. No.99CB37002).

[8]  David L. Dill,et al.  Counter-Example Based Predicate Discovery in Predicate Abstraction , 2002, FMCAD.

[9]  Matthew B. Dwyer,et al.  Finding Feasible Counter-examples when Model Checking Abstracted Java Programs , 2001, TACAS.

[10]  Thierry Jéron,et al.  An Approach to Symbolic Test Generation , 2000, IFM.

[11]  Ofer Strichman,et al.  Proof-guided underapproximation-widening for multi-process systems , 2005, POPL '05.

[12]  Nicolas Halbwachs,et al.  Counter-example generation in symbolic abstract model-checking , 2004, International Journal on Software Tools for Technology Transfer.

[13]  Yassine Lakhnech,et al.  Incremental Verification by Abstraction , 2001, TACAS.

[14]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[15]  Helmut Veith,et al.  Counterexample-guided abstraction refinement for symbolic model checking , 2003, JACM.

[16]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[17]  Natalia Ioustinova,et al.  Towards automatic generation of parameterized test cases from abstractions , 2006 .

[18]  Amir Pnueli,et al.  Control and data abstraction: the cornerstones of practical formal verification , 2000, International Journal on Software Tools for Technology Transfer.

[19]  Jaco van de Pol,et al.  Modal Abstractions in µCRL , 2004, AMAST.

[20]  Dennis Dams,et al.  The bounded retransmission protocol revisited , 1997, INFINITY.

[21]  Dimitra Giannakopoulou,et al.  Model checking for concurrent software architectures , 1999 .

[22]  Joseph Sifakis,et al.  Property preserving abstractions for the verification of concurrent systems , 1995, Formal Methods Syst. Des..

[23]  Peter J. Stuckey,et al.  Programming with Constraints: An Introduction , 1998 .

[24]  Joël Ouaknine,et al.  State/Event Software Verification for Branching-Time Specifications , 2005, IFM.

[25]  Jan Friso Groote,et al.  µCRL: A Toolset for Analysing Algebraic Specifications , 2001, CAV.