On the Distribution of Property Violations in Formal Models: An Initial Study

Model-checking techniques are successfully used in the verification of both hardware and software systems of industrial relevance. Unfortunately, the capability of current techniques is still limited and the effort required for verification can be prohibitive (if verification is possible at all). As a complement, fast, but incomplete, search tools may provide practical benefits not attainable with full verification tools, for example, reduced need for manual abstraction and fast detection of property violations during model development. In this report we investigate the performance of a simple random search technique. We conducted an experiment on a production-sized formal model of the mode-logic of a flight guidance system. Our results indicate that random search quickly finds the vast majority of property violations in our case-example. In addition, the times to detect various property violations follow an acutely right-skewed distribution and are highly biased toward the easy side. We hypothesize that the observations reported here are related to the phase transition phenomenon seen in Boolean satisfiability and other NP-complete problems. If so, these observations could be revealing some of the fundamental aspects of software (model) faults and have implications on how software engineering activities, such as analysis, testing, and reliability modeling, should be performed

[1]  Stephan Merz,et al.  Model Checking , 2000 .

[2]  John Franco,et al.  Probabilistic analysis of the Davis Putnam procedure for solving the satisfiability problem , 1983, Discret. Appl. Math..

[3]  Tim Menzies,et al.  On the advantages of approximate vs. complete verification: bigger models, faster, less memory, usually accurate , 2003, 28th Annual NASA Goddard Software Engineering Workshop, 2003. Proceedings..

[4]  C. H. West,et al.  Protocol Validation in Complex Systems , 1989, SIGCOMM.

[5]  William G. Griswold,et al.  Proceedings of the 27th international conference on Software engineering , 2005, ICSE 2005.

[6]  Christos H. Papadimitriou,et al.  On the Random Walk Method for Protocol Testing , 1994, CAV.

[7]  Bev Littlewood Stochastic reliability growth: A model with applications to computer software faults and hardware design faults , 1981, SIGMETRICS Perform. Evaluation Rev..

[8]  Toby Walsh,et al.  Towards an Understanding of Hill-Climbing Procedures for SAT , 1993, AAAI.

[9]  Mats Per Erik Heimdahl,et al.  An integrated development environment for prototyping safety critical systems , 1999, Proceedings Tenth IEEE International Workshop on Rapid System Prototyping. Shortening the Path from Specification to Prototype (Cat. No.PR00246).

[10]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[11]  Eleonora Bilotta,et al.  Searching for complex CA rules with GAs , 2003, Complex..

[12]  Tsutomu Ishida,et al.  Metrics and Models in Software Quality Engineering , 1995 .

[13]  Michael W. Whalen,et al.  A formal semantics for RSML- e , 2000 .

[14]  Christopher G. Langton,et al.  Computation at the edge of chaos: Phase transitions and emergent computation , 1990 .

[15]  Lionel C. Briand,et al.  Is mutation an appropriate tool for testing experiments? , 2005, ICSE.

[16]  Brian Hayes,et al.  On the Threshold , 2003, American Scientist.

[17]  Hector J. Levesque,et al.  A New Method for Solving Hard Satisfiability Problems , 1992, AAAI.

[18]  Elaine J. Weyuker,et al.  Analyzing Partition Testing Strategies , 1991, IEEE Trans. Software Eng..

[19]  Jian Shen,et al.  On Combining Formal and Informal Verification , 1997, CAV.

[20]  Hector J. Levesque,et al.  Hard and Easy Distributions of SAT Problems , 1992, AAAI.

[21]  Tim Menzies,et al.  Lurch: a Lightweight Alternative to Model Checking , 2003, SEKE.

[22]  Robert K. Brayton,et al.  Probabilistic state space search , 1999, 1999 IEEE/ACM International Conference on Computer-Aided Design. Digest of Technical Papers (Cat. No.99CH37051).

[23]  Bojan Cukic,et al.  Saturation effects in testing of formal models , 2002, 13th International Symposium on Software Reliability Engineering, 2002. Proceedings..

[24]  Peter C. Cheeseman,et al.  Where the Really Hard Problems Are , 1991, IJCAI.

[25]  Yashwant K. Malaiya,et al.  Predictability of software-reliability models , 1992 .

[26]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[27]  Simeon C. Ntafos,et al.  An Evaluation of Random Testing , 1984, IEEE Transactions on Software Engineering.

[28]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[29]  Mats Per Erik Heimdahl,et al.  Proving the shalls , 2003, International Journal on Software Tools for Technology Transfer.

[30]  Richard G. Hamlet,et al.  Partition Testing Does Not Inspire Confidence , 1990, IEEE Trans. Software Eng..

[31]  R. Taylor,et al.  Partition testing does not inspire confidence , 1988, [1988] Proceedings. Second Workshop on Software Testing, Verification, and Analysis.

[32]  Fausto Giunchiglia,et al.  NUSMV: a new symbolic model checker , 2000, International Journal on Software Tools for Technology Transfer.