Iterative Model Fixing with Counterexamples

Model checking is a formal technique for software verification. In the early stage of software development, it can be used to validate software models. If the result of model checking is false, producing a counterexample, the developer fixes the target model employing information obtained from the counterexample. However, as no systematic method is known, how to fix the model is highly dependent on the developer´s skill and experience. In this paper, we propose an iterative method for fixing models based on counterexamples. For this purpose, multi-valued transition systems (four-valued, to be precise) are used to allow iterative model improvement. Firstly, a MVTS model that satisfies all properties validated so far is generated. Secondly, another MVTS model is synthesized from the counterexample that avoids the paths to lead to the counterexample. Then, the two models are merged using the behavioral model merging technique. The advantage of our approach is that both safety properties and liveness properties can be treated in the same way.