Abstract
We propose a new Statistical Model Checking (SMC) method toidentify bugs in variability-intensive systems (VIS). Thestate-space of such systems is exponential in the number ofvariants, which makes the verification problem harder than forclassical systems. To reduce verification time, we propose tocombine SMC with featured transition systems (FTS)—amodel that represents jointly the state spaces of all variants. Ournew methods allow the sampling of executions from one or more(potentially all) variants. We investigate their utility in twocomplementary use cases. The first case considers the problem offinding all variants that violate a given property expressed inLinear-Time Logic (LTL) within a given simulation budget. To achievethis, we perform random walks in the featured transition systemseeking accepting lassos. We show that our method allows us to findbugs much faster (up to 16 times according to our experiments) thanexhaustive methods. As any simulation-based approach, however, therisk of Type-1 error exists. We provide a lower bound and an upperbound for the number of simulations to perform to achieve thedesired level of confidence. Our empirical study involving 59properties over three case studies reveals that our method managesto discover all variants violating 41 of the properties.This indicates that SMC can act as a coarse-grainedanalysis method to quickly identify the set of buggy variants.The second case complements the first one. In case thecoarse-grained analysis reveals that no variant can guarantee tosatisfy an intended property in all their executions, one shouldidentify the variant that minimizes the probability of violatingthis property. Thus, we propose a fine-grained SMC method thatquickly identifies promising variants and accurately estimates theirviolation probability. We evaluate different selection strategiesand reveal that a genetic algorithm combined with elitist selectionyields the best results.
Highlights
We consider the problem of bug detection in Variability Intensive Systems (VIS)
The first case considers the problem of finding all variants that violate a given property expressed in Linear-Time Logic (LTL) within a given simulation budget
The behaviour of the system is often represented as a transition system (S, AP, L) where S is a set of states, ⊆ S × S is the transition relation, AP is a set of atomic propositions1 and L : S → 2AP labels any state with the atomic propositions that the system satisfies when in such a state
Summary
We consider the problem of bug detection in Variability Intensive Systems (VIS). Vardi and Wolper have presented an automata-based approach for checking that a system—modelled as a transition system ts—satisfies an LTL formula φ [VW86]. Their approach consists of, first, transforming φ into a Buchi automaton B¬ φ whose language is exactly the set of executions that violate φ, that is, those that visit infinitely often a so-called accepting state. Such execution σ takes the form of a lasso, i.e. σ q0 . We name accepting any such lasso whose cycle contains an accepting state
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
