Top

Software and Systems Modeling

Published in:

26-07-2023 | Special Section Paper

Counterexample classification

Authors: Cole Vick, Eunsuk Kang, Stavros Tripakis

Published in: Software and Systems Modeling | Issue 2/2024

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

In model checking, when a model fails to satisfy the desired specification, a typical model checker provides a counterexample that illustrates how the violation occurs. In general, there exist many diverse counterexamples that exhibit distinct violating behaviors, which the user may wish to examine before deciding how to repair the model. Unfortunately, (1) the number of counterexamples may be too large to enumerate one by one, and (2) many of these counterexamples are redundant, in that they describe the same type of violating behavior. In this paper, we propose a technique called counterexample classification. The goal of classification is to cover the space of all counterexamples into a finite set of counterexample classes, each of which describes a distinct type of violating behavior for the given specification. These classes are then presented as a summary of possible violating behaviors in the system, freeing the user from manually having to inspect or analyze numerous counterexamples to extract the same information. We have implemented a prototype of our technique on top of an existing formal modeling and verification tool, the Alloy Analyzer, and evaluated the effectiveness of the technique on case studies involving the well-known Needham–Schroeder and TCP protocols with promising results.

previous article Fairness, assumptions, and guarantees for extended bounded response LTL+P synthesis

next article Analyzing the impact of human errors on interactive service robotic scenarios via formal verification

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

The traces in this section have labels, i.e., Message s on their transitions. We do this to make it clear how messages are sent and how different messages affect the state. Our formal definition will not include labels as they may be encoded directly into the state.

As an example where this happens, recall in the increment-decrement example from Sect. 3.3 how the single predicate lessThanOne could not classify all violating behavior.

The high-level algorithm shown is simplified as it only deals with unary predicates, but this technique can be extended to n-ary predicates. Our implementation is able to generate facts for predicates with an arbitrary number of arguments.

Our tool allows users to toggle checking for redundancy as a user may want to inspect all generated classes, even if some may be redundant.

Note that the newest trace constraint is never redundant because of the \({\textsf{block}}\) procedure.

The Alloy models and code for our tool can be found at https://github.com/cvick32/CounterexampleClassificiation.

Times were measured using the Java built-in System.nano Time().

Ball, T., Naik, M., Rajamani, S.K.: From symptom to cause: localizing errors in counterexample traces. In: Proceedings of the 30th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, POPL’03, pp. 97–105. Association for Computing Machinery, New York, NY, USA, January 2003

Barrett, C., Fontaine, P., Tinelli, C.: The satisfiability modulo theories library (SMT-LIB). www.SMT-LIB.org (2016)

Beer, I., Ben-David, S., Chockler, H., Orni, A., Trefler, R.: Explaining counterexamples using causality. In: A Bouajjani, A., Maler, O. (eds.) Computer Aided Verification, Lecture Notes in Computer Science, pp. 94–108. Springer: Berlin (2009)

Chechik, M., Gurfinkel, A.: A framework for counterexample generation and exploration. In: FASE, pp. 220–236 (2005)

Christiansen, H., Dahl, V.: Hyprolog: a new logic programming language with assumptions and abduction. In: ICLP, pp. 159–173 (2005)

Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, POPL ’77, pp. 238–252. Association for Computing Machinery, New York, NY, USA, January 1977

de Moura, L., Bjørner, N.: Z3: an efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) Tools and Algorithms for the Construction and Analysis of Systems. Lecture Notes in Computer Science, pp. 337–340. Springer, Berlin (2008)

Denning, D.E., Sacco, G.M.: Timestamps in key distribution protocols. Commun. ACM 24(8), 533–536 (1981)CrossRef

Dominguez, A., Day, N., Cheriton: generating multiple diverse counterexamples for an EFSM (2013)

10.

Gomes, C.P., Sabharwal, A., Selman, B.: Chapter 25. Model counting. In: Biere, A., Heule, M., Van Maaren, H., Walsh, T. (eds.) Frontiers in Artificial Intelligence and Applications. IOS Press, Amsterdam (2021)

11.

Groce, A., Visser, W.: What went wrong: explaining counterexamples. In: Ball, T., Rajamani, S.K. (eds.) Model Checking Software. Lecture Notes in Computer Science, pp. 121–136. Springer, Berlin (2003)CrossRef

12.

Jackson, D.: Alloy: a lightweight object modelling notation. ACM Trans. Softw. Eng. Methodol. (TOSEM) 11(2), 256–290 (2002)MathSciNetCrossRef

13.

Jhala, R., Podelski, A., Rybalchenko, A.: Predicate abstraction for program verification. In: Clarke, E.M., Henzinger, T.A., Veith, H., Bloem, R. (eds.) Handbook of Model Checking, pp. 447–491. Springer, Cham (2018)CrossRef

14.

Josephson, S.G., Josephson, J.R.: Abductive Inference: Computation, Philosophy, and Technology. Cambridge University Press, Cambridge (1994)CrossRef

15.

Kakas, A.C., Kowalski, R.A., Toni, F.: Abductive logic programming. J. Log. Comput. 2(6), 719–770 (1992)MathSciNetCrossRef

16.

Kakas, A.C., Van Nuffelen, B., Denecker, M.: A-system: problem solving through abduction. In: IJCAI, pp. 591–596 (2001)

17.

Kashyap, S., Garg, V.K.: Producing short counter examples using “Crucial Events”. In: Gupta, A., Malik, S. (eds.) Computer Aided Verification. Lecture Notes in Computer Science, pp. 491–503. Springer, Berlin, Heidelberg (2008)

18.

Lowe, G.: An attack on the Needham-Schroeder public-key authentication protocol. Inf. Process. Lett. 56(3), 131–133 (1995)CrossRef

19.

Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)CrossRef

20.

Postel, J.: Transmission Control Protocol. RFC 793, September 1981. Available at: https://www.rfc-editor.org/info/rfc793

21.

Shen, S., Qin, Y., Li, S.: Minimizing counterexample with unit core extraction and incremental sat. In: VMCAI, pp. 298–312 (2005)

22.

Shlyakhter, I., Seater, R., Jackson, D., Sridharan, M., Taghdiri, M.: Debugging over constrained declarative models using unsatisfiable cores. In: ASE, pp. 94–105 (2003)

23.

Solar-Lezama, A., Tancau, L., Bodik, R., Saraswat, V., Seshia, S.: Combinatorial sketching for finite programs. In: Proceedings of the 12th International Conference on Architectural Support for Programming Languages and Operating System (ASPLOS), p. 12 (2006)

24.

Song, M., Günther, C.W., van der Aalst, W.M.P.: Trace clustering in process mining. In: Ardagna, D., Mecella, M., Yang, J. (eds.) Business Process Management Workshops. Lecture Notes in Business Information Processing, pp. 109–120. Springer, Berlin (2009)

25.

Sülflow, A., Fey, G., Bloem, R., Drechsler, R.: Using unsatisfiable cores to debug multiple design errors. In: ACM Great Lakes Symposium on VLSI, pp. 77–82 (2008)

26.

Torlak, E., Chang, F.S.-H., Jackson, D.: Finding minimal unsatisfiable cores of declarative specifications. In: Cuellar, J., Maibaum, T., Sere, K. (eds.) FM 2008: Formal Methods. Lecture Notes in Computer Science, pp. 326–341. Springer, Berlin, Heidelberg (2008)

27.

Vick, C., Kang, E., Tripakis, S.: Counterexample classification. In: Calinescu, R., Păsăreanu, C.S. (eds.) Software Engineering and Formal Methods, pp. 312–331. Springer, Cham (2021)CrossRef

28.

von Hippel, M., Vick, C., Tripakis, S., Nita-Rotaru, C.: Automated attacker synthesis for distributed protocols. In: Casimiro, A., Ortmeier, F., Bitsch, F., Ferreira, P. (eds.) Computer Safety, Reliability, and Security, pp. 133–149. Springer, Cham (2020)

29.

Zeller, A.: The debugging book. CISPA Helmholtz Center for Information Security (2021). Retrieved 2021-03-12 18:02:07+01:00

Title: Counterexample classification
Authors: Cole Vick
Eunsuk Kang
Stavros Tripakis
Publication date: 26-07-2023
Publisher: Springer Berlin Heidelberg
Published in: Software and Systems Modeling / Issue 2/2024
Print ISSN: 1619-1366
Electronic ISSN: 1619-1374
DOI: https://doi.org/10.1007/s10270-023-01118-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Other articles of this Issue 2/2024

Guest editorial for the special section on SEFM 2020 and 2021

A lightweight approach to nontermination inference using Constrained Horn Clauses

Model-based code generation works: But how far does it go?—on the role of the generator

Circular systems engineering

Quantitative modelling and analysis of BDI agents

Correction: A framework for embedded software portability and verification: from formal models to low-level code

Premium Partner