skip to main content
10.1145/1167473.1167504acmconferencesArticle/Chapter ViewAbstractPublication PagessplashConference Proceedingsconference-collections
Article

Efficient software model checking of data structure properties

Published:16 October 2006Publication History

ABSTRACT

This paper presents novel language and analysis techniques that significantly speed up software model checking of data structure properties. Consider checking a red-black tree implementation. Traditional software model checkers systematically generate all red-black tree states (within some given bounds) and check every red-black tree operation (such as insert, delete, or lookup) on every red-black tree state. Our key idea is as follows. As our checker checks a red-black tree operation o on a red-black tree state s, it uses program analysis techniques to identify other red-black tree states s'1, s'2, ..., s'k on which the operation o behaves similarly. Our analyses guarantee that if o executes correctly on s, then o will execute correctly on every s'i. Our checker therefore does not need to check o on any s'i once it checks o on s. It thus safely prunes those state transitions from its search space, while still achieving complete test coverage within the bounded domain. Our preliminary results show orders of magnitude improvement over previous approaches. We believe our techniques can make model checking significantly faster, and thus enable checking of much larger programs and complex program properties than currently possible.

References

  1. T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Programming Language Design and Implementation (PLDI), June 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  2. C. Boyapati, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In International Symposium on Software Testing and Analysis (ISSTA), July 2002. Winner of an ACM SIGSOFT distinguished paper award. Google ScholarGoogle ScholarDigital LibraryDigital Library
  3. R. E. Bryant. Symbolic boolean manipulation with ordered binary decision diagrams. ACM Computing Surveys 24(3), 1992. Google ScholarGoogle ScholarDigital LibraryDigital Library
  4. S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. In International Conference on Software Engineering (ICSE), June 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  5. J. Chang and D. J. Richardson. Structural specification-based testing: A utomated support and experimental evaluation. In Foundations of Software Engineering (FSE), September 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. E. M. Clarke, O. Grumberg, and D. A. Peled. Model Checking. MIT Press, 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera: Extracting finite-state models from Java source code. In International Conference on Software Engineering (ICSE), June 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  8. T. H. Cormen, C. E. Leiserson, and R. L. Rivest. Introduction to Algorithms. MIT Press, 1991. Google ScholarGoogle ScholarDigital LibraryDigital Library
  9. C. DeMartini, R. Iosif, and R. Sisto. A deadlock detection tool for concurrent Java programs. Software - Practice and Experience (SPE) 29(7), June 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. D. E. Denning and P. J. Denning. Certification of programs for secure information flow. In Communications of the ACM (CACM) 20(7), July 1977. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. Daisy file system. Joint CAV/ISSTA Special Event on Specification, Verification, and Testing of Concurrent Software. http://-research.microsoft.com/~qadeer/cav-issta.htm.Google ScholarGoogle Scholar
  12. M. Dwyer, J. Hatcliff, M. Hoosier, and Robby. Building your own software model checker using the Bogor extensible model checking framework. In Computer Aided Verification (CAV), January 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages (POPL), January 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Programming Language Design and Implementation (PLDI), June 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  15. P. Godefroid. Model checking for programming languages using VeriSoft. In Principles of Programming Languages (POPL), January 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. P. Godefroid. Partial-order methods for the verification of concurrent systems - An approach to the state-explosion problem. Lecture Notes in Computer Science (LNCS) 1032, Springer-Verlag, January 1996. Google ScholarGoogle ScholarDigital LibraryDigital Library
  17. P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Programming Language Design and Implementation (PLDI), June 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  18. J. Goodenough and S. Gerhart. Toward a theory of test data selection. IEEE Transactions on Software Engineering (TSE) SE-1(2), June 1975.Google ScholarGoogle Scholar
  19. S. Graf and H. Saidi. Construction of abstract state graphs with PVS. In Computer Aided Verification (CAV), June 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  20. W. Grieskamp, N. Tillmann, and W. Shulte. XRT - Exploring runtime for .NET: Architecture and applications. In Workshop on Software Model Checking (SoftMC), July 2005.Google ScholarGoogle Scholar
  21. T. A. Henzinger, R. Jhala, and R. Majumdar. Lazy abstraction. In Principles of Programming Languages (POPL), January 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. G. Holzmann. The model checker SPIN. Transactions on Software Engineering (TSE) 23(5), May 1997. Google ScholarGoogle ScholarDigital LibraryDigital Library
  23. H.-M. Horcher. Improving software tests using Z specifications. In International Conference of Z Users, September 1995. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. R. Iosif. Symmetry reduction criteria for software model checking. In SPIN workshop on Model Checking of Software (SPIN), April 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  25. C. N. Ip and D. Dill. Better verification through symmetry. In Computer Hardware Description Languages, April 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  26. D. Jackson. Alloy: A lightweight object modeling notation. Transactions on Software Engineering and Methodology (TOSEM) 11(2), April 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. S. Khurshid and D. Marinov. TestEra: Specification-based testing of Java programs using SAT. In Automated Software Engineering (ASE), November 2001.Google ScholarGoogle Scholar
  28. S. Khurshid, C. S. Pasareanu, and W. Visser. Generalized symbolic execution for model checking and testing. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. B. Korel and J. Laski. Dynamic program slicing. In Information Processing Letters (IPL) 29(3)s, October 1988. Google ScholarGoogle ScholarDigital LibraryDigital Library
  30. G. T. Leavens, A. L. Baker, and C. Ruby. Preliminary design of JML: A behavioral interface specification language for Java. Technical Report TR 98-06i, Department of Computer Science, Iowa State University, May 1998.Google ScholarGoogle Scholar
  31. J. Lind-Nielsen. BuDDy. http://-sourceforge.net-/projects-/buddy.Google ScholarGoogle Scholar
  32. B. Liskov and J. Guttag. Abstraction and Specification in Program Development. MIT Press, 1986. Google ScholarGoogle ScholarDigital LibraryDigital Library
  33. D. Marinov. Automatic testing of software with structurally complex inputs. Ph.D. thesis, Massachusetts Institute of Technology, February 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  34. K. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, 1993. Google ScholarGoogle ScholarDigital LibraryDigital Library
  35. S. McPeak and G. C. Necula. Data structure specification via local equality axioms. In Computer Aided Verification (CAV), January 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  36. A. Moeller and M. I. Schwartzbach. The pointer assertion logic engine. In Programming Language Design and Implementation (PLDI), June 2001. Google ScholarGoogle ScholarDigital LibraryDigital Library
  37. M. Musuvathi and D. Dill. An incremental heap canonicalization algorithm. In SPIN workshop on Model Checking of Software (SPIN), August 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  38. M. Musuvathi and D. R. Engler. Using model checking to find serious file system errors. In Operating System Design and Implementation (OSDI), December 2004. Winner of the best paper award.Google ScholarGoogle Scholar
  39. M. Musuvathi, D. Y. W. Park, A. Chou, D. R. Engler, and D. Dill. CMC: A pragmatic approach to model checking real code. In Operating System Design and Implementation (OSDI), December 2002. Google ScholarGoogle ScholarDigital LibraryDigital Library
  40. A. C. Myers. JFlow: Practical mostly-static information flow control. In Principles of Programming Languages (POPL), January 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  41. N. Nystrom, M. R. Clarkson, and A. C. Myers. Polyglot: An extensible compiler framework for Java. In Compiler Construction (CC), April 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  42. J. Offutt and A. Abdurazik. Generating tests from UML specification. In International Conference on the Unified Modeling Language, October 1999. Google ScholarGoogle ScholarDigital LibraryDigital Library
  43. C. Pasareanu, R. Pelanek, and W. Visser. Test input generation for red black trees using abstraction. In Automated Software Engineering (ASE), November 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  44. M. Sagiv, T. Reps, and R. Wilhelm. Solving shape-analysis problems in languages with destructive updating. Transactions on Programming Languages and Systems (TOPLAS) 20(1), January 1998. Google ScholarGoogle ScholarDigital LibraryDigital Library
  45. K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In European Software Engineering Conference and Foundations of Software Engineering (ESEC/FSE), September 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  46. D. Suwimonteerabuth, S. Schwoon, and J. Esparza. jMoped: A Java bytecode checker based on Moped. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  47. M. Vaziri and D. Jackson. Checking properties of heap-manipulating procedures using a constraint solver. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2003. Google ScholarGoogle ScholarDigital LibraryDigital Library
  48. W. Visser, K. Havelund, G. Brat, and S. Park. Model checking programs. In Automated Software Engineering (ASE), September 2000. Google ScholarGoogle ScholarDigital LibraryDigital Library
  49. W. Visser, C. S. Pasareanu, and S. Khurshid. Test input generation with Java PathFinder. In International Symposium on Software Testing and Analysis (ISSTA), July 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  50. J. Whaley. JavaBDD. http://-javabdd.sourceforge.net/.Google ScholarGoogle Scholar
  51. T. Xie, D. Marinov, and D. Notkin. Rostra: A framework for detecting redundant object-oriented unit tests. In Automated Software Engineering (ASE), September 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library
  52. T. Xie, D. Marinov, W. Schulte, and D. Notkin. Symstra: A framework for generating object-oriented unit tests using symbolic execution. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2005. Google ScholarGoogle ScholarDigital LibraryDigital Library
  53. X. Zhang and R. Gupta. Cost effective dynamic program slicing. In Programming Language Design and Implementation (PLDI), June 2004. Google ScholarGoogle ScholarDigital LibraryDigital Library

Index Terms

  1. Efficient software model checking of data structure properties

                Recommendations

                Comments

                Login options

                Check if you have access through your login credentials or your institution to get full access on this article.

                Sign in

                PDF Format

                View or Download as a PDF file.

                PDF

                eReader

                View online with eReader.

                eReader
                About Cookies On This Site

                We use cookies to ensure that we give you the best experience on our website.

                Learn more

                Got it!