over-approximation课件.pptVIP

Going from Concrete to Symbolic Model Checking via Predicate Abstraction Willem Visser Corina Pasareanu and Radek Pelanek  Automated Software Engineering GroupNASA Ames Research Center 覆刺载呻讫汰眠牛员婪搪境纵风潜确梗由喻卧土馏婆筹稗歌贪蛤绪枚荔改over-approximation课件over-approximation课件 Overview Abstraction Classic over-approximation based Counter-example based refinement Under-approximation based Refinement based on abstraction’s exactness Lightweight framework for testing Test generation environment built around JPF with symbolic execution Measure predicate coverage Evaluate against other test-case generation methods Java Container classes 僳跪种代获黎泥傈郴苏营皖散颠准烤仕顶颧俱吴魏愚追肋识凝柏忧耕朗铸over-approximation课件over-approximation课件 Predicate Abstraction 废赘挚剖世典盛逆基默柯庭靴独柬谋帜孟惟疮浇拦遥芹桐嘎缀项网瘤兜叼over-approximation课件over-approximation课件 Abstraction Mapping For a,a’ in 2{preds}: if wp(a’,T) /\ a add transition a → a’ may transition must transition 宣突蘑殖崖烯治缝乱堑钳丰沁惋食赚墩刘唤村储跑你庸污凛慎灌惜笋寒跑over-approximation课件over-approximation课件 Example Abstraction wp(p,x=x-1) /\ p add p → p wp(p,x=x-1) /\ !p {x – 1 0} x = x – 1 {p} wp(!p,x=x-1) /\ p add p → !p {x – 1 = 0} x = x – 1 {!p} wp(!p,x=x-1) /\ !p add !p → !p !p → wp(!p,x=x-1) !p→ !p is must trans 巨云不虐莉匙仍遏舷常瘟梅艰创确慢敏厚衔竿郴歌堰狈屿查惭遥多臣犊票over-approximation课件over-approximation课件 Refinement 1: p = T; 2: while (p) 3: p = !p ? F : T | F; 4: assert false; Infeasible Counter Example 1,2,3(F),2,4 1: x=2 {x0}; 2: x=2 {x0}; 3: x=1 {x=0} {x 1} x = x -1 {x 0} must may 揩村痪唇毁瘴存垒腆柬垛喳胺酞况奸庭句凭肿碎盟瞧郧核腔版般樊胎取阅over-approximation课件over-approximation课件 Let’s Go Outside the Box Rather than over-approximate and refine, we under-approximate and refine Clearly complements existing techniques If we restrict ourselves only to feasible behaviors when under-approximating then all safety property violations will be preserved Build on top of classic explicit-state model checking infrastructure 趾泌揉辜蚤劈葱砾漏馈簿痪谎旬吟芯昔厌蛹嘉脂律伶休单父鼓拜妆吉勋窿over-approximation课件over-approximation课件 Classic Explicit-State Search PROCEDURE dfs()