Towards Concolic Testing for Hybrid Systems

Hybrid systems exhibit both continuous and discrete behavior. Analyzing hybrid systems is known to be hard. Inspired by the idea of concolic testing (of programs), we investigate whether we can combine random sampling and symbolic execution in order to effectively verify hybrid systems. We identify a sufficient condition under which such a combination is more effective than random sampling. Furthermore, we analyze different strategies of combining random sampling and symbolic execution and propose an algorithm which allows us to dynamically switch between them so as to reduce the overall cost. Our method has been implemented as a web-based checker named HyChecker. HyChecker has been evaluated with benchmark hybrid systems and a water treatment system in order to test its effectiveness.

[1]  Milton Abramowitz,et al.  Handbook of Mathematical Functions with Formulas, Graphs, and Mathematical Tables , 1964 .

[2]  Rupak Majumdar,et al.  Approximate Counting in SMT and Value Estimation for Probabilistic Programs , 2015, TACAS.

[3]  Thomas A. Henzinger,et al.  HYTECH: A Model Checker for Hybrid Systems , 1997, CAV.

[4]  Matthew B. Dwyer,et al.  Exact and Approximate Probabilistic Symbolic Execution , 2014 .

[5]  Serge Haddad,et al.  Importance Sampling for Model Checking of Continuous Time Markov Chains , 2012 .

[6]  Alberto Leon-Garcia,et al.  Probability and Random Processes For EE's (3rd Edition) , 2007 .

[7]  H. Lebesgue,et al.  Intégrale, Longueur, Aire , 1902 .

[8]  W. Marsden I and J , 2012 .

[9]  Corina S. Pasareanu,et al.  Statistical symbolic execution with informed sampling , 2014, Software Engineering & Management.

[10]  E. Blum,et al.  A programming language , 1899, AIEE-IRE '62 (Spring).

[11]  Gábor Orosz,et al.  Exciting traffic jams: nonlinear phenomena behind traffic jam formation on highways. , 2009, Physical review. E, Statistical, nonlinear, and soft matter physics.

[12]  Rupak Majumdar,et al.  Approximate counting in SMT and value estimation for probabilistic programs , 2014, Acta Informatica.

[13]  所 真理雄 IVERSON言語(A Programming Language) , 1973 .

[14]  Thomas A. Henzinger,et al.  The theory of hybrid automata , 1996, Proceedings 11th Annual IEEE Symposium on Logic in Computer Science.

[15]  André Platzer,et al.  Logical Analysis of Hybrid Systems - Proving Theorems for Complex Dynamics , 2010 .

[16]  Claudia Biermann,et al.  Mathematical Methods Of Statistics , 2016 .

[17]  Thomas A. Henzinger,et al.  Symbolic Model Checking for Rectangular Hybrid Systems , 2000, TACAS.

[18]  Sanjit A. Seshia,et al.  Beaver: Engineering an Efficient SMT Solver for Bit-Vector Arithmetic , 2009, CAV.

[19]  Koushik Sen,et al.  DART: directed automated random testing , 2005, PLDI '05.

[20]  Serge Haddad,et al.  Coupling and Importance Sampling for Statistical Model Checking , 2012, TACAS.

[21]  F. Lobkowicz,et al.  Physics for Scientists and Engineers, Vol. I , 1976 .

[22]  Cyrille Jégourel,et al.  Importance Splitting for Statistical Model Checking Rare Properties , 2013, CAV.

[23]  Marcelo F. Frias,et al.  Model Counting for Complex Data Structures , 2015, SPIN.

[24]  Joost-Pieter Katoen,et al.  A compositional modelling and analysis framework for stochastic hybrid systems , 2012, Formal Methods in System Design.

[25]  Ahmed Bouajjani,et al.  Computer aided verification : 21th international conference, CAV 2009, Grenoble, France, June 26-July 2, 2009 : proceedings , 2009, CAV 2009.

[26]  Edmund M. Clarke,et al.  dReal: An SMT Solver for Nonlinear Theories over the Reals , 2013, CADE.

[27]  Nevin Mahmoud Darwish,et al.  A Machine Learning Technique for Hardness Estimation of QFBV SMT Problems , 2012, SMT@IJCAR.

[28]  Wei Chen,et al.  Delta-Complete Analysis for Bounded Reachability of Hybrid Systems , 2014, ArXiv.

[29]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[30]  Koushik Sen,et al.  Concolic testing , 2007, ASE.

[31]  Kwang-Ting Cheng,et al.  An efficient sequential SAT solver with improved search strategies , 2005, Design, Automation and Test in Europe.

[32]  A. Gardner Methods of Statistics , 1941 .

[33]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[34]  P. S. Thiagarajan,et al.  Approximate Probabilistic Verification of Hybrid Systems , 2014, HSB.

[35]  Soumya Paul,et al.  On the efficiency of automated testing , 2014, SIGSOFT FSE.

[36]  Matthew B. Dwyer,et al.  Exact and approximate probabilistic symbolic execution for nondeterministic programs , 2014, ASE.

[37]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[38]  Thomas A. Henzinger,et al.  HYTECH: a model checker for hybrid systems , 1997, International Journal on Software Tools for Technology Transfer.

[39]  Norihiro Kamide,et al.  Bounded linear-time temporal logic: A proof-theoretic investigation , 2012, Ann. Pure Appl. Log..

[40]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[41]  Zhong Shao,et al.  Certified Programs and Proofs - First International Conference, CPP 2011, Kenting, Taiwan, December 7-9, 2011. Proceedings , 2011, CPP.

[42]  Rupak Majumdar,et al.  Hybrid Concolic Testing , 2007, 29th International Conference on Software Engineering (ICSE'07).

[43]  Ansgar Fehnker,et al.  Benchmarks for Hybrid Systems Verification , 2004, HSCC.

[44]  Koushik Sen,et al.  CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools , 2006, CAV.

[45]  Leonidas J. Guibas,et al.  Optimally combining sampling techniques for Monte Carlo rendering , 1995, SIGGRAPH.