Counterexample Classification

by   Cole Vick, et al.

In model checking, when a given model fails to satisfy the desired specification, a typical model checker provides a counterexample that illustrates how the violation occurs. In general, there exist many diverse counterexamples that exhibit distinct violating behaviors, which the user may wish to examine before deciding how to repair the model. Unfortunately, obtaining this information is challenging in existing model checkers since (1) the number of counterexamples may be too large to enumerate one by one, and (2) many of these counterexamples are redundant, in that they describe the same type of violating behavior. In this paper, we propose a technique called counterexample classification. The goal of classification is to partition the space of all counterexamples into a finite set of counterexample classes, each of which describes a distinct type of violating behavior for the given specification. These classes are then presented as a summary of possible violating behaviors in the system, freeing the user from manually having to inspect or analyze numerous counterexamples to extract the same information. We have implemented a prototype of our technique on top of an existing formal modeling and verification tool, the Alloy Analyzer, and evaluated the effectiveness of the technique on case studies involving the well-known Needham-Schroeder protocol with promising results.


page 1

page 2

page 3

page 4


AsmetaF: A Flattener for the ASMETA Framework

Abstract State Machines (ASMs) have shown to be a suitable high-level sp...

TarTar: A Timed Automata Repair Tool

We present TarTar, an automatic repair analysis tool that, given a timed...

Extracting Formal Specifications to Strenghten Type Behaviour Testing

Testing has become an indispensable activity of software development, ye...

Counter-example Guided Learning of Bounds on Environment Behavior

There is a growing interest in building autonomous systems that interact...

Model checking and model synthesisfrom partial models: a logic-based perspective

I consider the following generic scenario: an abstract model M of some '...

Visual Analysis of Hyperproperties for Understanding Model Checking Results

Model checkers provide algorithms for proving that a mathematical model ...

A Toolchain to Design, Execute, and Monitor Robots Behaviors

In this paper, we present a toolchain to design, execute, and verify rob...