Counting Bugs in Behavioural Models using Counterexample Analysis

Designing and developing distributed software has always been a tedious and error-prone task, and the ever increasing software complexity is making matters even worse. Model checking automatically verifies that a model, e.g., a Labelled Transition System (LTS), obtained from higher-level specification languages satisfies a given temporal property. When the model violates the property, the model checker returns a counterexample, but this counterexample does not precisely identify the source of the bug. In this work, we propose some techniques for simplifying the debugging of these models. These techniques first extract from the whole behavioural model the part which does not satisfy the given property. In that model, we then detect specific states (called faulty states) where a choice is possible between executing a correct behaviour or falling into an erroneous part of the model. By using this model, we propose in this paper some techniques to count the number of bugs in the original specification. The core idea of the approach is to change the specification for some specific actions that may cause the property violation, and compare the model before and after modification to detect whether this potential bug is one real bug or not. Beyond introducing in details the solution, this paper also presents tool support and experiments.