ABSTRACT
Finite-state verification techniques, such as model checking, have shown promise as a cost-effective means for finding defects in hardware designs. To date, the application of these techniques to software has been hindered by several obstacles. Chief among these is the problem of constructing a finite-state model that approximates the executable behavior of the software system of interest. Current best-practice involves hand-construction of models which is expensive (prohibitive for all but the smallest systems), prone to errors (which can result in misleading verification results), and difficult to optimize (which is necessary to combat the exponential complexity of verification algorithms).
In this paper, we describe an integrated collection of program analysis and transformation components, called Bandera, that enables the automatic extraction of safe, compact finite-state models from program source code. Bandera takes as input Java source code and generates a program model in the input language of one of several existing verification tools; Bandera also maps verifier outputs back to the original source code. We discuss the major components of Bandera and give an overview of how it can be used to model check correctness properties of Java programs.
- 1.J. C. Corbett. Ev aluating deadlock detection methods for concurrent softw are. IEEE Transactions on Software Engineering, 22(3), Mar. 1996.]] Google ScholarDigital Library
- 2.J. C. Corbett. Constructing compact models of concurrent Java programs. In M. Young, editor, Pr oceedings of the 1998 International Symposium on Software Testing and Analysis (ISST A). ACM Press, March 1998.]] Google ScholarDigital Library
- 3.P. Cousot and R. Cousot. Abstract interpretation: A uni edlattice model for static analysis of programs by construction or appro ximation of xpoints. In Confer ence Record ofthe Fourth A nnual ACM Symposium on Principles of Programming Languages, pages 238{252, 1977.]] Google Scholar
- 4.C. Demartini, R. Iosif, and R. Sisto. A deadlock detection tool for concurrent Java programs. Software -Practice and Exp erience, 29(7):577{603, July 1999.]] Google ScholarDigital Library
- 5.D. L. Dill, A. J. Drexler, A. J. Hu, and C. H. Yang. Protocol verication as a hardware design aid. In IEEE International Conference on Computer Design, October 1992.]] Google ScholarDigital Library
- 6.Y. Dong and C. Ramakrishnan. An optimizing compiler for ecien t model checking. In Proceedings FORTE/PSTV'99, Nov. 1999.]] Google ScholarDigital Library
- 7.M. Dwyer, G. Avrunin, and J. Corbett. Patterns in propert speci cations for nite-state verication. In Pr oceedings the 21st International Conference on Software Engine ering, May 1999.]] Google ScholarDigital Library
- 8.J. Hatcli, J. C. Corbett, M. B. Dwyer, S. Sokolowski, and H. Zheng. A formal study of slicing for multi-threaded programs with JVM concurrency primitives. In Pr oceedings of the 6th International Static Analysis Symposium (SAS'99), Sept. 1999.]] Google ScholarDigital Library
- 9.J. Hatcli, M. B. Dwyer, and S. Laubach. Staging static analysis using abstraction-based program specialization. In LNCS 1490. Principles of Declarative Programming 10th International Symposium, PLILP'98, Sept. 1998.]] Google ScholarDigital Library
- 10.J. Hatcli, M. B. Dwyer, S. Laubach, and N. Muhammad. Specializing congurable systems for nite-state veri cation.Technical Report 98-4, Kansas State University, Department of Computing and Information Sciences, 1998.]]Google Scholar
- 11.J. Hatcli, M. B. Dwyer, and H. Zheng. Slicing software for model construction. Higher-order and Symbolic Computation, 2000. to appear.]] Google ScholarDigital Library
- 12.K. Havelund, M. Lowry, and J. Penix. Formal analysis of a space craft controller using SPIN. In Proceedings of the 4th International SPIN Workshop, Nov. 1997.]]Google Scholar
- 13.K. Havelund and T. Pressburger. Model checking Java programs using Java PathFinder. International Journal on Software Tools for T echnolo gy T ransfer , 1999. to appear.]]Google Scholar
- 14.G. J. Holzmann. The model checker SPIN. IEEE Transactions on Software Engine ering, 23(5):279{294, May 1997.]] Google ScholarDigital Library
- 15.G. J. Holzmann. Engineering a model checker : The Gnu i-protocol case study revisited. In Theoretical and Applied Aspects of SPIN Model Che cking (LNCS 1680), Sept. 1999.]] Google ScholarDigital Library
- 16.G. J. Holzmann and M. H. Smith. Softw are model checking : Extracting verication models from source code. In Pr oceedings of FORTE/PSTV'99, Nov. 1999.]] Google ScholarDigital Library
- 17.S. Horwitz, T. Reps, and D. Binkley. Interprocedural slicing using dependence graphs. ACM Transactions on Programming Languages and Systems, 12(1):26{60, Jan. 1990.]] Google ScholarDigital Library
- 18.F. Huch. V erication of Erlang programs using abstract interpretation and model checking. In Proceedings of the Fourth ACM SIGPLAN International Conference onFunctional Programming (ICFP'99), pages 261{272, Sept. 1999.]] Google ScholarDigital Library
- 19.D. Jac kson and C. A. Damon. Elements of style: Analyzing a software design feature with a counterexample detector. IEEE Transactions on Software Engineering, 22(7):484{495, July 1996.]] Google ScholarDigital Library
- 20.Z. Manna and A. Pnueli. The Temporal L ogic of Reactive and Concurr ent Systems:Specication. Springer-Verlag, 1991.]] Google ScholarDigital Library
- 21.K. McMillan. Symbolic Model Che cking. Klu wer Academic Publishers, 1993.]] Google ScholarDigital Library
- 22.S. Owre, J. M. Rushby, and N. Shankar. PVS: A prototype verication system. In Proceedings of the 1th International Conference on Automated Deduction (LNCS 607), 1992.]] Google ScholarDigital Library
- 23.R. V alle-Rai, L. Hendren, V. Sundaresan, P. Lam, E. Gagnon, and P. Co. Soot - a Ja va optimization framew ork. InProceedings of CASCON'99, Nov. 1999.]]Google Scholar
Index Terms
- Bandera: extracting finite-state models from Java source code
Recommendations
Finding feasible abstract counter-examples
A strength of model checking is its ability to automate the detection of subtle system errors and produce traces that exhibit those errors. Given the high-computational cost of model checking most researchers advocate the use of aggressive property-...
A semantic framework for the abstract model checking of tccp programs
Quantitative aspects of programming languages (QAPL 2004)The Timed Concurrent Constraint programming language (tccp) introduces time aspects into the Concurrent Constraint paradigm. This makes tccp especially appropriate for analyzing timing properties of concurrent systems by model checking. However, even if ...
Formal Verification for C Program
Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The ...
Comments