Acta Informatica

, Volume 43, Issue 1, pp 45–71 | Cite as

Compositional Analysis of C/C++ Programs with VeriSoft

  • Juergen DingelEmail author
Original Article


This paper describes how the state space exploration ool VeriSoft can be used to analyze parallel C/C++ programs compositionally. VeriSoft is employed for two analyses: transition traceanalysis and assume/guarantee reasoning. Both analyses are compositional in the sense that the behaviour of a parallel program is determined in terms of the behaviour of its constituent processes. While both analyses have traditionally been carried out with “pencil and paper”, the paper demonstrates how VeriSoft can be used to automate them. In the context of transition trace analysis, the question whether a given program can exhibit a given trace is addressed with VeriSoft. To implement assume/guarantee reasoning, VeriSoft is used to determine whether a given program satisfies a given assume/guarantee specification. Since VeriSoft’s state space exploration is bounded and thus not complete in general, our proposed analyses are only meant to complement standard reasoning about parallel programs using traces or assume/guarantee specifications. For instance, a successful analysis does not always imply the general correctness of an assume/guarantee specification. However, it increases the confidence in the verification effort. On the other hand, an unsuccessful analysis always produces a counterexample which can be used to correct the specification or the program. VeriSoft’s optimization and visualization techniques make the analyses relatively efficient and effective.


Model Check Compositional Analysis Parallel Program Shared Variable Mutual Exclusion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi M., Lamport L. (1995). Conjoining specifications. ACM Trans. Program. Lang. Syst. 17(3):507–534CrossRefGoogle Scholar
  2. 2.
    Andrews G.R. (2000) Foundations of Multithreaded, Parallel, and Distributed Programming. Addison-Wesley, ReadingGoogle Scholar
  3. 3.
    Bensalem S., Lakhnech Y. (1999). Automatic generation of invariants. Formal Methods Syst. Des., 15(1):75–92CrossRefGoogle Scholar
  4. 4.
    Brookes S.D. (1996). Full abstraction for a shared-variable parallel language. Information and Computation, 127(2):145–163zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Corbett, J., Dwyer, M., Hatcliff, J., Păsăreanu, C., Robby, Laubach, S., Zheng, H.: Bandera : Extracting finite-state models from Java source code. In: 22nd International Conference on Software Engineering (ICSE ’00) (2000)Google Scholar
  6. 6.
    Colby, C., Godefroid, P., Jagadeesan, L.J.: Automatically closing open reactive programs. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’98), Montreal, Canada (1998)Google Scholar
  7. 7.
    Cobleigh, J.M., Giannakopoulou, D., Păsăreanu, C.S.: Learning assumptions for compositional verification. In: 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS ’03), pp. 331–346, Warsaw, Poland (2003)Google Scholar
  8. 8.
    Collette, P., Jones, C.B.: Enhancing the tractability of rely/guarantee specifications in the development of interfering operations. In: Proof, Language and Interaction: Essays in Honour of Robin Milner, pp. 277–307. MIT Press, Cambridge (2000)Google Scholar
  9. 9.
    du Bousquet, L., Ouabdesselam, F., Parissis, I., Richier, J.-L., Zuanon, N. (2000) Specification-based testing of synchronous software. In: International Workshop on Formal Methods for Industrial Critical Systems, Berlin, Germany (2000)Google Scholar
  10. 10.
    Dingel J. (2002) A refinement calculus for shared-variable parallel and distributed programming. Formal Asp. Comput. 14:123–197zbMATHCrossRefGoogle Scholar
  11. 11.
    Dingel, J.: Automatic transition trace analysis of parallel programs using VeriSoft. Technical Report 2003-467, Queen’s University, School of Computing, Kingston, Ontario, June 2003. Available at Scholar
  12. 12.
    Dingel, J.: Computer-assisted assume/guarantee reasoning with VeriSoft. In: 25th International Conference on Software Engineering (ICSE ’03), pp. 138–148, Portland, Oregon (2003)Google Scholar
  13. 13.
    Ernst, M.D., Czeisler, A., Griswold, W.G., Notkin,D.: Quickly etecting relevant program invariants. In 22nd International Conference on Software Engineering (ICSE ’00), pp. 449–458, Limerick, Ireland (2000)Google Scholar
  14. 14.
    Godefroid P. (1996). Partial-Order Methods for the Verification of Concurrent Systems – An Approach to the State-Explosion Problem. Springer, Berlin Heidelberg New YorkGoogle Scholar
  15. 15.
    Godefroid, P.: Model checking for programming languages using VeriSoft. In: 24th ACM Symposium on Principles of Programming Languages, pp. 174–186, Paris (1997)Google Scholar
  16. 16.
    Godefroid, P.: Software model checking in practice: an industrial case study. In: International Conference on Software Engineering (ICSE ’02), Orlando (2002)Google Scholar
  17. 17.
    Jeffords, R., Heitmeyer, C.: Automatic generation of state invariants from requirements specifications. In 6th International Symposium on the Foundations of Software Engineering (FSE-6), Orlando, Florida (1998)Google Scholar
  18. 18.
    Jeffords, R., Heitmeyer, C.: An algorithm for strengthening state invariants generated from requirements specifications. In: 5th International Symposium on Requirements Engineering (RE ’01), Toronto, Canada (2001)Google Scholar
  19. 19.
    Jeffords, R., Heitmeyer, C.: A strategy for efficiently verifying requirements specifications using composition and invariants. In: European Software Engineering Conference/ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2003), Helsinki, Finland (2003)Google Scholar
  20. 20.
    Jones C.B. (1983). Tentative steps towards a development method for interfering programs. ACM Trans. Program. Lang. Syst. 5(4):576–619CrossRefGoogle Scholar
  21. 21.
    Jagadeesan, L.J., Porter, A., Ramming, J.C., Votta, L.: Specification-based testing of reactive software: Tools and experiments. In: 19th International Conference on Software Engineering (ICSE ’97): (1997)Google Scholar
  22. 22.
    Jackson D., Wing J. (1996). Lightweight formal methods. IEEE Comput. 29(4):221–22Google Scholar
  23. 23.
    Manna Z., Pnueli A. (1995). Temporal Verification of Reactive Systems: Safety. Springer, Berlin Heidelberg New YorkGoogle Scholar
  24. 24.
    Owicki S.S., Gries D. (1976). An axiomatic proof technique for parallel programs. Acta Inform 6:319–340zbMATHCrossRefMathSciNetGoogle Scholar
  25. 25.
    Păsăreanu, C.S., Dwyer, M.B., Huth, M.: Assume-guarantee model checking of software: A comparative case study. In: Theoretical and Practical Aspects of SPIN Model Checking. Springer, Berlin Heidelberg New York LNCS 1680 (1999)Google Scholar
  26. 26.
    Peterson G.L. (1981). Myths about the mutual exclusion problem. Inform Process Lett 12:115–116zbMATHCrossRefGoogle Scholar
  27. 27.
    Pnueli, A.: In transition from global to modular temporal reasoning about programs. In: Apt, K.R. (ed.) Logics and Models of Concurrent Systems, NATO ASI F13, pp. 123–144. Springer, Berlin Heidelberg New York (1985)Google Scholar
  28. 28.
    Raymond, P., Weber, D., Nicollin, X., Halbwachs, N.: Automatic testing of reactive systems. In: 19th IEEE Real-Time Systems Symposium (RTSS ’98) (1998)Google Scholar
  29. 29.
    Stirling C. (1988). A generalization of Owicki-Gries’ Hoare logic for a concurrent while language. Theoret. Comput. Sci. 89:347–359CrossRefMathSciNetGoogle Scholar
  30. 30.
    Stølen, K.: A method for the development of totally correct shared-state parallel programs. In: 2nd International Conference on Concurrency Theory (CONCUR ’91), pp. 510–525 LNCS 789 (1991)Google Scholar
  31. 31.
    Stølen, K.: Assumption/commitment rules for dataflow networks - with an emphasis on completeness. In: 6th European Symposium on Programming (ESOP ’96), pp. 356–372 LNCS 1058 (1996)Google Scholar
  32. 32.
    Visser W., Havelund K., Brat G., Park S., Lerda F. (2003). Model checking programs. Automated Softw. Eng. J. 10(2):203–232CrossRefGoogle Scholar
  33. 33.
    Zulkernine, M., Seviora, R.: Assume-guarantee supervisor for concurrent systems. In: International Parallel and Distributed Processing Symposium (IPDPS ’01), pp. 1552–1560. IEEE Computer Science Press (2001)Google Scholar

Copyright information

© Springer-Verlag 2006

Authors and Affiliations

  1. 1.School of ComputingQueen’s UniversityKingstonCanada

Personalised recommendations