Efficient generation of counterexamples and witnesses in symbolic model checking
DAC '95 Proceedings of the 32nd annual ACM/IEEE Design Automation Conference
Using model checking to generate tests from requirements specifications
ESEC/FSE-7 Proceedings of the 7th European software engineering conference held jointly with the 7th ACM SIGSOFT international symposium on Foundations of software engineering
A Specification-Based Coverage Metric to Evaluate Test Sets
HASE '99 The 4th IEEE International Symposium on High-Assurance Systems Engineering
Tree-Like Counterexamples in Model Checking
LICS '02 Proceedings of the 17th Annual IEEE Symposium on Logic in Computer Science
Test Generation for Intelligent Networks Using Model Checking
TACAS '97 Proceedings of the Third International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic
Logic of Programs, Workshop
Decision procedures and expressiveness in the temporal logic of branching time
STOC '82 Proceedings of the fourteenth annual ACM symposium on Theory of computing
Using Model Checking to Generate Tests from Specifications
ICFEM '98 Proceedings of the Second IEEE International Conference on Formal Engineering Methods
Evaluation of Three Specification-Based Testing Criteria
ICECCS '00 Proceedings of the 6th IEEE International Conference on Complex Computer Systems
Using a Model Checker to Test Safety Properties
ICECCS '01 Proceedings of the Seventh International Conference on Engineering of Complex Computer Systems
Using Model Checking to Analyze Network Vulnerabilities
SP '00 Proceedings of the 2000 IEEE Symposium on Security and Privacy
Issues in using model checkers for test case generation
Journal of Systems and Software
Graded CTL model checking for test generation
Proceedings of the 2011 Symposium on Theory of Modeling & Simulation: DEVS Integrative M&S Symposium
| Hi-index | 0.00 |
Counterexamples produced by model checkers are frequently exploited for the purpose of testing. Counterexamples and test cases are generally treated as essentially the same thing, while in fact they can differ significantly. For example, it might take more than one test case to "cover" a given counterexample, because not all property violations can be illustrated with linear counterexamples. This paper presents a formal relationship between counterexamples and test cases in the context of the Computation Tree Logic (CTL), the logic of the popular model checker SMV. Given a test requirement as a CTL formula, we define what it means for a set of test cases to cover a counterexample associated with that requirement. This result can not only be used in the generation of a test set that satisfies a given test coverage criterion, but also in the determination of whether an extant test set satisfies the criterion. Our results can guide the production of counterexamples in model checkers explicitly intended to support testing.