Bandera: extracting finite-state models from Java source code

Authors:
James C. Corbett

University of Hawai'i, Department of Information and Computer Science, Honolulu, HI

University of Hawai'i, Department of Information and Computer Science, Honolulu, HI
View Profile

,
Matthew B. Dwyer

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS
View Profile

,
John Hatcliff

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS
View Profile

,
Shawn Laubach

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS
View Profile

,
Corina S. Păsăreanu

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS
View Profile

,
Robby

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS
View Profile

,
Hongjun Zheng

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS

Kansas State University, Department of Computing and Information Sciences, Manhattan, KS
View Profile

ICSE '00: Proceedings of the 22nd international conference on Software engineeringJune 2000Pages 439–448https://doi.org/10.1145/337180.337234

Published:01 June 2000Publication History

ICSE '00: Proceedings of the 22nd international conference on Software engineering

Pages 439–448

ABSTRACT

Finite-state verification techniques, such as model checking, have shown promise as a cost-effective means for finding defects in hardware designs. To date, the application of these techniques to software has been hindered by several obstacles. Chief among these is the problem of constructing a finite-state model that approximates the executable behavior of the software system of interest. Current best-practice involves hand-construction of models which is expensive (prohibitive for all but the smallest systems), prone to errors (which can result in misleading verification results), and difficult to optimize (which is necessary to combat the exponential complexity of verification algorithms).

In this paper, we describe an integrated collection of program analysis and transformation components, called Bandera, that enables the automatic extraction of safe, compact finite-state models from program source code. Bandera takes as input Java source code and generates a program model in the input language of one of several existing verification tools; Bandera also maps verifier outputs back to the original source code. We discuss the major components of Bandera and give an overview of how it can be used to model check correctness properties of Java programs.

References

1.J. C. Corbett. Ev aluating deadlock detection methods for concurrent softw are. IEEE Transactions on Software Engineering, 22(3), Mar. 1996.]] Google ScholarDigital Library
2.J. C. Corbett. Constructing compact models of concurrent Java programs. In M. Young, editor, Pr oceedings of the 1998 International Symposium on Software Testing and Analysis (ISST A). ACM Press, March 1998.]] Google ScholarDigital Library
3.P. Cousot and R. Cousot. Abstract interpretation: A uni edlattice model for static analysis of programs by construction or appro ximation of xpoints. In Confer ence Record ofthe Fourth A nnual ACM Symposium on Principles of Programming Languages, pages 238{252, 1977.]] Google Scholar
4.C. Demartini, R. Iosif, and R. Sisto. A deadlock detection tool for concurrent Java programs. Software -Practice and Exp erience, 29(7):577{603, July 1999.]] Google ScholarDigital Library
5.D. L. Dill, A. J. Drexler, A. J. Hu, and C. H. Yang. Protocol verication as a hardware design aid. In IEEE International Conference on Computer Design, October 1992.]] Google ScholarDigital Library
6.Y. Dong and C. Ramakrishnan. An optimizing compiler for ecien t model checking. In Proceedings FORTE/PSTV'99, Nov. 1999.]] Google ScholarDigital Library
7.M. Dwyer, G. Avrunin, and J. Corbett. Patterns in propert speci cations for nite-state verication. In Pr oceedings the 21st International Conference on Software Engine ering, May 1999.]] Google ScholarDigital Library
8.J. Hatcli, J. C. Corbett, M. B. Dwyer, S. Sokolowski, and H. Zheng. A formal study of slicing for multi-threaded programs with JVM concurrency primitives. In Pr oceedings of the 6th International Static Analysis Symposium (SAS'99), Sept. 1999.]] Google ScholarDigital Library
9.J. Hatcli, M. B. Dwyer, and S. Laubach. Staging static analysis using abstraction-based program specialization. In LNCS 1490. Principles of Declarative Programming 10th International Symposium, PLILP'98, Sept. 1998.]] Google ScholarDigital Library
10.J. Hatcli, M. B. Dwyer, S. Laubach, and N. Muhammad. Specializing congurable systems for nite-state veri cation.Technical Report 98-4, Kansas State University, Department of Computing and Information Sciences, 1998.]]Google Scholar
11.J. Hatcli, M. B. Dwyer, and H. Zheng. Slicing software for model construction. Higher-order and Symbolic Computation, 2000. to appear.]] Google ScholarDigital Library
12.K. Havelund, M. Lowry, and J. Penix. Formal analysis of a space craft controller using SPIN. In Proceedings of the 4th International SPIN Workshop, Nov. 1997.]]Google Scholar
13.K. Havelund and T. Pressburger. Model checking Java programs using Java PathFinder. International Journal on Software Tools for T echnolo gy T ransfer , 1999. to appear.]]Google Scholar
14.G. J. Holzmann. The model checker SPIN. IEEE Transactions on Software Engine ering, 23(5):279{294, May 1997.]] Google ScholarDigital Library
15.G. J. Holzmann. Engineering a model checker : The Gnu i-protocol case study revisited. In Theoretical and Applied Aspects of SPIN Model Che cking (LNCS 1680), Sept. 1999.]] Google ScholarDigital Library
16.G. J. Holzmann and M. H. Smith. Softw are model checking : Extracting verication models from source code. In Pr oceedings of FORTE/PSTV'99, Nov. 1999.]] Google ScholarDigital Library
17.S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. ACM Transactions on Programming Languages and Systems, 12(1):26{60, Jan. 1990.]] Google ScholarDigital Library
18.F. Huch. V erication of Erlang programs using abstract interpretation and model checking. In Proceedings of the Fourth ACM SIGPLAN International Conference onFunctional Programming (ICFP'99), pages 261{272, Sept. 1999.]] Google ScholarDigital Library
19.D. Jac kson and C. A. Damon. Elements of style: Analyzing a software design feature with a counterexample detector. IEEE Transactions on Software Engineering, 22(7):484{495, July 1996.]] Google ScholarDigital Library
20.Z. Manna and A. Pnueli. The Temporal L ogic of Reactive and Concurr ent Systems:Specication. Springer-Verlag, 1991.]] Google ScholarDigital Library
21.K. McMillan. Symbolic Model Che cking. Klu wer Academic Publishers, 1993.]] Google ScholarDigital Library
22.S. Owre, J. M. Rushby, and N. Shankar. PVS: A prototype verication system. In Proceedings of the 1th International Conference on Automated Deduction (LNCS 607), 1992.]] Google ScholarDigital Library
23.R. V alle-Rai, L. Hendren, V. Sundaresan, P. Lam, E. Gagnon, and P. Co. Soot - a Ja va optimization framew ork. InProceedings of CASCON'99, Nov. 1999.]]Google Scholar

Index Terms

Bandera: extracting finite-state models from Java source code
1. Software and its engineering
  1. Software notations and tools
    1. General programming languages
      1. Language types
  2. Software organization and properties
    1. Software functional properties
      1. Formal methods
        Model checking
2. Theory of computation
  1. Formal languages and automata theory
  2. Logic
    1. Verification by model checking

Recommendations

Finding feasible abstract counter-examples

A strength of model checking is its ability to automate the detection of subtle system errors and produce traces that exhibit those errors. Given the high-computational cost of model checking most researchers advocate the use of aggressive property-...
Read More
A semantic framework for the abstract model checking of tccp programs
Quantitative aspects of programming languages (QAPL 2004)

The Timed Concurrent Constraint programming language (tccp) introduces time aspects into the Concurrent Constraint paradigm. This makes tccp especially appropriate for analyzing timing properties of concurrent systems by model checking. However, even if ...
Read More
Formal Verification for C Program

Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The ...
Read More

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Published in
ICSE '00: Proceedings of the 22nd international conference on Software engineering
June 2000
843 pages
ISBN:1581132069
DOI:10.1145/337180
Chairmen:
Carlo Ghezzi
Politecnico di Milano, Milau, Italy
,
Mehdi Jazayeri
Technical Univ. of Vienna, Vienna, Austria
,
Alexander L. Wolf
Univ. of Colorado, Boulder, USA
Copyright © 2000 ACM
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]
Sponsors
In-Cooperation
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
- Published: 1 June 2000
Permissions
Request permissions about this article.
Request Permissions

Check for updates
Author Tags
abstract interpretation
model checking
model extraction
program specialization
program verification
slicing
Qualifiers
- Article
Conference

Acceptance Rates
Overall Acceptance Rate276of1,856submissions,15%

Upcoming Conference

ICSE 2025

2025 IEEE/ACM 46th International Conference on Software Engineering

April 26 - May 3, 2025

Ottawa , ON , Canada
Funding Sources
Other Metrics
View Article Metrics

Article Metrics
- 753
  Total Citations
  View Citations
- 2,643
  Total Downloads
- Downloads (Last 12 months)228
- Downloads (Last 6 weeks)22
Other Metrics
View Author Metrics
Cited By
View all

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Bandera: extracting finite-state models from Java source code

ICSE '00: Proceedings of the 22nd international conference on Software engineering

ABSTRACT

References

Cited By

Index Terms

Recommendations

Finding feasible abstract counter-examples

A semantic framework for the abstract model checking of tccp programs

Formal Verification for C Program