Counterexample Classification

  title={Counterexample Classification},
  author={Cole Vick and Eunsuk Kang and Stavros Tripakis},
In model checking, when a given model fails to satisfy the desired specification, a typical model checker provides a counterexample that illustrates how the violation occurs. In general, there exist many diverse counterexamples that exhibit distinct violating behaviors, which the user may wish to examine before deciding how to repair the model. Unfortunately, obtaining this information is challenging in existing model checkers since (1) the number of counterexamples may be too large to… 

Figures and Tables from this paper


Generating Multiple Diverse Counterexamples for an EFSM
Model checking is a powerful technique for debugging a system description because it generates a counterexample showing a path of the system that fails a property. Instead of the traditional cycle of
Explaining Counterexamples Using Causality
This paper formally defines a set of causes for the failure of the specification on the given counterexample trace, marked as red dots and presented to the user as a visual explanation of the failure, and provides a polynomial-time algorithm that approximates it.
A framework for counterexample generation and exploration
This paper presents a framework for generating, structuring and exploring counterexamples, implemented in a tool called KEGVis and can be used for explaining the reason why the property failed or succeeded, determining whether the property was correct (“specification debugging”), and for general model exploration.
Producing Short Counterexamples Using "Crucial Events"
It is shown how crucial events can be used to produce short counterexamples, while also providing state space reduction, in a subset of CTL called CETL (Crucial Event Temporal Logic), which is an extension to the model checker SPIN.
What Went Wrong: Explaining Counterexamples
An automated method is used for finding multiple versions of an error, and analyzing these executions to produce a more succinct description of the key elements of the error.
From symptom to cause: localizing errors in counterexample traces
An algorithm is presented that exploits the existence of correct traces in order to localize the error cause in an error trace, report a single error trace per error cause, and generate multiple error traces having independent causes.
Finding Minimal Unsatisfiable Cores of Declarative Specifications
Recycling core extraction is a new coverage analysis that pinpoints an irreducible unsatisfiable core of a declarative specification.
Combinatorial sketching for finite programs
SKETCH is a language for finite programs with linguistic support for sketching and its combinatorial synthesizer is complete for the class of finite programs, guaranteed to complete any sketch in theory, and in practice has scaled to realistic programming problems.
Using unsatisfiable cores to debug multiple design errors
Unsatisfiable cores contained in a SAT instance for debugging are used to determine all suspects, and to speed-up the debugging process for debugging multiple faults.
Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints
A program denotes computations in some universe of objects. Abstract interpretation of programs consists in using that denotation to describe computations in another universe of abstract objects, so