4 research outputs found
Test Input Generation for Red-Black Trees using Abstraction
We consider the problem of test input generation for code that manipulates complex data structures. Test inputs are sequences of method calls from the data structure interface. We describe test input generation techniques that rely on state matching to avoid generation of redundant tests. Exhaustive techniques use explicit state model checking to explore all the possible test sequences up to predefined input sizes. Lossy techniques rely on abstraction mappings to compute and store abstract versions of the concrete states; they explore under-approximations of all the possible test sequences. We have implemented the techniques on top of the Java PathFinder model checker and we evaluate them using a Java implementation of red-black trees
Predicate Abstraction with Under-approximation Refinement
We propose an abstraction-based model checking method which relies on
refinement of an under-approximation of the feasible behaviors of the system
under analysis. The method preserves errors to safety properties, since all
analyzed behaviors are feasible by definition. The method does not require an
abstract transition relation to be generated, but instead executes the concrete
transitions while storing abstract versions of the concrete states, as
specified by a set of abstraction predicates. For each explored transition the
method checks, with the help of a theorem prover, whether there is any loss of
precision introduced by abstraction. The results of these checks are used to
decide termination or to refine the abstraction by generating new abstraction
predicates. If the (possibly infinite) concrete system under analysis has a
finite bisimulation quotient, then the method is guaranteed to eventually
explore an equivalent finite bisimilar structure. We illustrate the application
of the approach for checking concurrent programs.Comment: 22 pages, 3 figures, accepted for publication in Logical Methods in
Computer Science journal (special issue CAV 2005
ABSTRACT Test Input Generation for Red-Black Trees using Abstraction
We consider the problem of test input generation for code that manipulates complex data structures. Test inputs are sequences of method calls from the data structure interface. We describe test input generation techniques that rely on state matching to avoid generation of redundant tests. Exhaustive techniques use explicit state model checking to explore all the possible test sequences up to predefined input sizes. Lossy techniques rely on abstraction mappings to compute and store abstract versions of the concrete states; they explore under-approximations of all the possible test sequences. We have implemented the techniques on top of the Java PathFinder model checker and we evaluate them using a Java implementation of red-black trees
Model-Checking symbolique pour la vérification de systèmes et son application aux tables de décision et aux systèmes d'éditions collaboratives distribuées
Résumé
Dans le cycle de vie de tout système logiciel, une phase cruciale de formalisation et de
validation au moyen de vérification et/ou de test induit une identification d'erreurs probables
infiltrées durant sa conception. Cette détection d'erreurs et leur correction sont
avantageuses dans les premières phases de développement du système afin d'éviter tout
retour aux travaux ardus d'analyse de spécifications et de modélisation du système
précédant sa réalisation. Par conséquent, cette étape mise en oeuvre à travers des
méthodes et des outils formels dans les phases amont de la conception contribue à
augmenter la confiance des concepteurs et utilisateurs vis-à-vis de la fonctionnalité du
système.
L'objectif de cette maîtrise s'insère dans le cadre d'une recherche qui vise à exploiter une
technique formelle spécifique d'analyse de programmes et de spécifications: l'exécution
symbolique combinée au model-checking. Cette technique représente une approche
émergente à laquelle les chercheurs ont porté une attention particulière ces dernières
années.
D'une part, l'exécution symbolique permet d'explorer les chemins d'exécution possibles d'un
programme modélisant un système avec des variables d'entrée non initialisées, en d'autres
termes en manipulant des variables abstraites ou "symboliques". Ces chemins caractérisent
ainsi le comportement du programme de manière abstraite. D'autre part, le model-checking
permet d'explorer systématiquement ces différents chemins d'exécution à l'aide d'une
énumération exhaustive des états accessibles afin de générer ultérieurement des contreexemples
en cas de violation de propriétés du système.
De ce fait, l'exécution symbolique combinée au model-checking englobe les points forts de
ces deux techniques octroyant aux concepteurs du système une compréhension accrue des
situations d'erreur dans les contre-exemples ainsi générés.----------Abstract
Verification is one crucial activity in any software life cycle. Its major role is to ensure an
identification of potential design and implementation flaws integrated in the software system
during its development process. Such an identification leads to eventual corrections in the
early steps of the development cycle, thus avoiding tedious work otherwise required in the
system requirements' reanalysis as well as in its remodelling preceding its deployment. As a
consequence, the verification step is rigorously put into practice through formal methods
and tools. Given such a formalisation contributes to give another level of insurance to both
the system's designers and users.
This thesis is related to a research which aims at applying one specific formal method in
program and requirements analysis: symbolic execution intertwined with model checking.
This technique has known a major development in the past few years, thus raising interest
among researchers in the field.
On one hand, symbolic execution explores all possible execution paths of a program
modelling a system using uninitialised input variables. As its name implies, this specific
execution deals with abstract or "symbolic" variables. Hence, those visited paths
characterise the abstract program behaviour. On another hand, model checking ensures a
systematic exploration of those different execution paths through an exhaustive visit of all
reachable states. This approach is necessary for subsequent generation of counterexamples
in case of property violations within the system.
Therefore, symbolic execution along with model checking is a resulting approach enforced
with advantages of both techniques. This yields a higher degree of interpreting the retrieved
flaws provided through generated counterexamples, for even the most sophisticated
systems