Induction in CEGAR for Detecting Counterexamples

Induction has been studied in model checking for proving the validity of safety properties, i.e., showing the absence of counterexamples. To our knowledge, induction has not been used to refute safety properties. Existing algorithms including bounded model checking, predicate abstraction, and interpolation are not efficient in detecting long counterexamples. In this paper, we propose the use of induction inside the counterexample guided abstraction and refinement (CEGAR) loop to prove the existence of counterexamples. We target bugs whose counterexamples are long and yet can be captured by regular patterns. We identify the pattern algorithmically by analyzing the sequence of spurious counterexamples generated in the CEGAR loop, and perform the induction proof automatically. The new method has little additional overhead to CEGAR and this overhead is insensitive to the actual length of the concrete counterexample.

[1]  Daniel Kroening,et al.  Counterexamples with Loops for Predicate Abstraction , 2006, CAV.

[2]  Chao Wang,et al.  Using Statically Computed Invariants Inside the Predicate Abstraction and Refinement Loop , 2006, CAV.

[3]  Kenneth L. McMillan,et al.  Interpolation and SAT-Based Model Checking , 2003, CAV.

[4]  Orna Kupferman,et al.  Leaping Loops in the Presence of Abstraction , 2007, CAV.

[5]  Chao Wang,et al.  Hybrid CEGAR: combining variable hiding and predicate abstraction , 2007, ICCAD 2007.

[6]  Koushik Sen DART: Directed Automated Random Testing , 2009, Haifa Verification Conference.

[7]  Bing Li,et al.  Improving Ariadne's Bundle by following multiple threads in abstraction refinement , 2003, ICCAD-2003. International Conference on Computer Aided Design (IEEE Cat. No.03CH37486).

[8]  Orna Kupferman,et al.  Model Checking of Safety Properties , 1999, CAV.

[9]  Chao Wang,et al.  Using Counterexamples for Improving the Precision of Reachability Computation with Polyhedra , 2007, CAV.

[10]  Michael I. Jordan,et al.  Statistical debugging: simultaneous identification of multiple bugs , 2006, ICML.

[11]  Mary Sheeran,et al.  Checking Safety Properties Using Induction and a SAT-Solver , 2000, FMCAD.

[12]  Chao Wang,et al.  Mixed symbolic representations for model checking software programs , 2006, Fourth ACM and IEEE International Conference on Formal Methods and Models for Co-Design, 2006. MEMOCODE '06. Proceedings..

[13]  Fabio Somenzi,et al.  Guiding simulation with increasingly refined abstract traces , 2006, 2006 43rd ACM/IEEE Design Automation Conference.

[14]  Jiang Long,et al.  Smart simulation using collaborative formal and simulation engines , 2000, IEEE/ACM International Conference on Computer Aided Design. ICCAD - 2000. IEEE/ACM Digest of Technical Papers (Cat. No.00CH37140).

[15]  Somesh Jha,et al.  Buffer overrun detection using linear programming and static analysis , 2003, CCS '03.

[16]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[17]  Todd Millstein,et al.  Automatic predicate abstraction of C programs , 2001, PLDI '01.

[18]  Chao Wang,et al.  Abstraction and BDDs Complement SAT-Based BMC in DiVer , 2003, CAV.

[19]  Chao Wang,et al.  Model checking C programs using F-Soft , 2005, 2005 International Conference on Computer Design.

[20]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[21]  Harald Ruess,et al.  Bounded Model Checking and Induction: From Refutation to Verification (Extended Abstract, Category A) , 2003, CAV.

[22]  Per Bjesse,et al.  Using counter example guided abstraction refinement to find complex bugs , 2004, Proceedings Design, Automation and Test in Europe Conference and Exhibition.

[23]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[24]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .

[25]  Andreas Podelski,et al.  ACSAR: Software Model Checking with Transfinite Refinement , 2007, SPIN.

[26]  Zijiang Yang,et al.  F-Soft: Software Verification Platform , 2005, CAV.