Abstract
Glass box software model checking incorporates novel techniques to identify similarities in the state space of a model checker and safely prune large numbers of redundant states without explicitly checking them. It is significantly more efficient than other software model checking approaches for checking certain kinds of programs and program properties.
This paper presents Pipal, a system for modular glass box software model checking. Extending glass box software model checking to perform modular checking is important to further improve its scalability. It is nontrivial because unlike traditional software model checkers such as Java PathFinder (JPF) and CMC, a glass box software model checker does not check every state separately---instead, it checks a large set of states together in each step. We present a solution and demonstrate Pipal's effectiveness on a variety of programs.
- }}T. Ball, R. Majumdar, T. Millstein, and S. K. Rajamani. Automatic predicate abstraction of C programs. In Programming Language Design and Implementation (PLDI), June 2001. Google Scholar
Digital Library
- }}Y. Bertot and P. Casteran. Interactive Theorem Proving and Program Development. Springer Verlag, 2004. Google Scholar
Digital Library
- }}C. Boyapati, S. Khurshid, and D. Marinov. Korat: Automated testing based on Java predicates. In International Symposium on Software Testing and Analysis (ISSTA), July 2002. Google Scholar
Digital Library
- }}S. Chaki, E. Clarke, A. Groce, S. Jha, and H. Veith. Modular verification of software components in C. In International Conference on Software Engineering (ICSE), June 2003. Google Scholar
Digital Library
- }}E. M. Clarke, O. Grumberg, and D. A. Peled. Model Checking. MIT Press, 1999. Google Scholar
Digital Library
- }}E. M. Clarke, E. A. Emerson, and J. Sifakis. Model checking: Algorithmic verification and debugging. Communications of the ACM (CACM) 52(11), 2009. Google Scholar
Digital Library
- }}J. Corbett, M. Dwyer, J. Hatcliff, C. Pasareanu, Robby, S. Laubach, and H. Zheng. Bandera: Extracting finite-state models from Java source code. In International Conference on Software Engineering (ICSE), June 2000. Google Scholar
Digital Library
- }}P. Darga and C. Boyapati. Efficient software model checking of data structure properties. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 2006. Google Scholar
Digital Library
- }}C. DeMartini, R. Iosif, and R. Sisto. A deadlock detection tool for concurrent Java programs. Software-Practice and Experience (SPE) 29(7), June 1999. Google Scholar
Digital Library
- }}X. Deng, J. Lee, and Robby. Bogor/Kiasan: A k-bounded symbolic execution for checking strong heap properties of open systems. In Automated Software Engineering (ASE), September 2006. Google Scholar
Digital Library
- }}G. Dennis, F. Chang, and D. Jackson. Modular verification of code with SAT. International Symposium on Software Testing and Analysis, 2006. Google Scholar
Digital Library
- }}J. Dolby, M. Vaziri, and F. Tip. Finding bugs efficiently with a SAT solver. In European Software Engineering Conference and Foundations of Software Engineering (ESEC/FSE), September 2007. Google Scholar
Digital Library
- }}M. Dwyer, J. Hatcliff, M. Hoosier, and Robby. Building your own software model checker using the Bogor extensible model checking framework. In Computer Aided Verification (CAV), January 2005. Google Scholar
Digital Library
- }}N. Een and A. Biere. Effective preprocessing in SAT through variable and clause elimination. In Theory and Applications of Satisfiability Testing (SAT), June 2005. Google Scholar
Digital Library
- }}C. Flanagan and P. Godefroid. Dynamic partial-order reduction for model checking software. In Principles of Programming Languages (POPL), January 2005. Google Scholar
Digital Library
- }}P. Godefroid. Model checking for programming languages using VeriSoft. In Principles of Programming Languages (POPL), January 1997. Google Scholar
Digital Library
- }}P. Godefroid, N. Klarlund, and K. Sen. DART: Directed automated random testing. In Programming Language Design and Implementation (PLDI), June 2005. Google Scholar
Digital Library
- }}J. Gosling, B. Joy, G. Steele, and G. Bracha. The Java Language Specification, Third Edition. Addison-Wesley, 2005. Google Scholar
Digital Library
- }}S. Graf and H. Saidi. Construction of abstract state graphs with PVS. In Computer Aided Verification (CAV), June 1997. Google Scholar
Digital Library
- }}W. Grieskamp, N. Tillmann, and W. Shulte. XRT-Exploring runtime for .NET: Architecture and applications. In Workshop on Software Model Checking (SoftMC), July 2005.Google Scholar
- }}T. A. Henzinger, R. Jhala, and R. Majumdar. Lazy abstraction. In Principles of Programming Languages (POPL), January 2002. Google Scholar
Digital Library
- }}G. Holzmann. The model checker SPIN. Transactions on Software Engineering (TSE) 23(5), May 1997. Google Scholar
Digital Library
- }}A. Igarashi, B. Pierce, and P. Wadler. Featherweight Java: A minimal core calculus for Java and GJ. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 1999. Google Scholar
Digital Library
- }}R. Iosif. Symmetry reduction criteria for software model checking. In SPIN workshop on Model Checking of Software (SPIN), April 2002. Google Scholar
Digital Library
- }}C. N. Ip and D. Dill. Better verification through symmetry. In Computer Hardware Description Languages, April 1993. Google Scholar
Digital Library
- }}D. Jackson. Software Abstractions: Logic, Language, and Analysis. MIT Press, 2006. Google Scholar
Digital Library
- }}D. Jackson and C. Damon. Elements of style: Analyzing a software design feature with a counterexample detector. IEEE Transactions on Software Engineering (TSE) 22(7), July 1996. Google Scholar
Digital Library
- }}P. Joshi, M. Naik, C.-S. Park, and K. Sen. An extensible active testing framework for concurrent programs. Computer Aided Verification (CAV), 2009. Google Scholar
Digital Library
- }}M. Kaufmann, P. Manolios, and J. S. Moore. Computer-Aided Reasoning: An Approach. Kluwer Academic Publishers, 2000. Google Scholar
Digital Library
- }}S. Khurshid and D. Marinov. TestEra: Specification-based testing of Java programs using SAT. In Automated Software Engineering (ASE), November 2001. Google Scholar
Digital Library
- }}S. Khurshid, C. S. Pasareanu, and W. Visser. Generalized symbolic execution for model checking and testing. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2003. Google Scholar
Digital Library
- }}S. Khurshid, D. Marinov, and D. Jackson. An analyzable annotation language. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), November 2002. Google Scholar
Digital Library
- }}J. C. King. Symbolic execution and program testing. In Communications of the ACM (CACM) 19(7), August 1976. Google Scholar
Digital Library
- }}B. Liskov and J. Guttag. Abstraction and Specification in Program Development. MIT Press, 1986. Google Scholar
Digital Library
- }}D. Marinov, A. Andoni, D. Daniliuc, S. Khurshid, and M. Rinard. An evaluation of exhaustive testing for data structures. Technical Report TR-921, MIT Laboratory for Computer Science, September 2003.Google Scholar
- }}K. McMillan. Symbolic Model Checking. Kluwer Academic Publishers, 1993. Google Scholar
Digital Library
- }}M. Musuvathi and D. Dill. An incremental heap canonicalization algorithm. In SPIN workshop on Model Checking of Software (SPIN), August 2005. Google Scholar
Digital Library
- }}M. Musuvathi, S. Qadeer, T. Ball, G. Basler, P. A. Nainar, and I. Neamtiu. Finding and reproducing heisenbugs in concurrent programs. Operating System Design and Implementation (OSDI), 2008. Google Scholar
Digital Library
- }}M. Musuvathi, D. Y. W. Park, A. Chou, D. R. Engler, and D. Dill. CMC: A pragmatic approach to model checking real code. In Operating System Design and Implementation (OSDI), December 2002. Google Scholar
Digital Library
- }}T. Nipkow, L. C. Paulson, and M. Wenzel. Isabelle/HOL: A Proof Assistant for Higher-Order Logic. Springer Verlag, 2002. Google Scholar
Digital Library
- }}N. Nystrom, M. R. Clarkson, and A. C. Myers. Polyglot: An extensible compiler framework for Java. In Compiler Construction (CC), April 2003. Google Scholar
Digital Library
- }}J. Offutt and R. Untch. Mutation 2000: Uniting the orthogonal. In Mutation 2000: Mutation Testing in the Twentieth and the Twenty First Centuries, October 2000.Google Scholar
- }}M. Roberson, M. Harries, P. T. Darga, and C. Boyapati. Efficient software model checking of soundness of type systems. In Object-Oriented Programming, Systems, Languages, and Applications (OOPSLA), October 2008. Google Scholar
Digital Library
- }}K. Sen, D. Marinov, and G. Agha. CUTE: A concolic unit testing engine for C. In European Software Engineering Conference and Foundations of Software Engineering (ESEC/FSE), September 2005. Google Scholar
Digital Library
- }}D. Shao, S. Khurshid, and D. Perry. Whispec: White-box testing of libraries using declarative specifications. Library-Centric Software Design (LCSD), 2007. Google Scholar
Digital Library
- }}M. Vaziri and D. Jackson. Checking properties of heap-manipulating procedures using a constraint solver. In Tools and Algorithms for Construction and Analysis of Systems (TACAS), April 2003. Google Scholar
Digital Library
- }}W. Visser, C. S. Pasareanu, and S. Khurshid. Test input generation with Java PathFinder. In International Symposium on Software Testing and Analysis (ISSTA), July 2004. Google Scholar
Digital Library
- }}W. Visser, K. Havelund, G. Brat, and S. Park. Model checking programs. In Automated Software Engineering (ASE), September 2000. Google Scholar
Digital Library
Index Terms
Efficient modular glass box software model checking
Recommendations
Efficient modular glass box software model checking
OOPSLA '10: Proceedings of the ACM international conference on Object oriented programming systems languages and applicationsGlass box software model checking incorporates novel techniques to identify similarities in the state space of a model checker and safely prune large numbers of redundant states without explicitly checking them. It is significantly more efficient than ...
Efficient software model checking of data structure properties
Proceedings of the 2006 OOPSLA ConferenceThis paper presents novel language and analysis techniques that significantly speed up software model checking of data structure properties. Consider checking a red-black tree implementation. Traditional software model checkers systematically generate ...







Comments