Advertisement

Heuristics for model checking Java programs

  • Alex Groce
  • Willem Visser
Special section on the algorithmics of software model checking

Abstract

Model checking of software programs has two goals – the verification of correct software and the discovery of errors in faulty software. Some techniques for dealing with the most crucial problem in model checking, the state space explosion problem, concentrate on the first of these goals. In this paper we present an array of heuristic model checking techniques for combating the state space explosion when searching for errors. Previous work on this topic has mostly focused on property-specific heuristics closely related to particular kinds of errors. We present structural heuristics that attempt to explore the structure (branching structure, thread interdependency structure, abstraction structure) of a program in a manner intended to expose errors efficiently. Experimental results show the utility of this class of heuristics. In contrast to these very general heuristics, we also present very lightweight techniques for introducing program-specific heuristic guidance.

Keywords

Model checking Heuristic search Coverage metrics Testing 

References

  1. 1.
    Ammann P, Black P (2000) Test generation and recognition with formal methods. In: Proceedings of the 1st international workshop on automated program analysis, testing, and verication, Limerick, Ireland, June 2000, pp 64–67Google Scholar
  2. 2.
    Ammann P, Black P, Majurski W (1998) Using model checking to generate tests from specifications. In: Proceedings of the 2nd IEEE international conference on formal engineering methods, Brisbane, Australia, December 1998, pp 46–54Google Scholar
  3. 3.
    Ball T, Rajamani SK (2001) Automatically Validating Temporal Safety Properties of Interfaces. In: Proceedings of the 8th international SPIN workshop on model checking of software, Toronto, May 2001, pp 103–122Google Scholar
  4. 4.
    Beizer B (1990) Software testing techniques, 2nd edn. Van Nostrand Reinhold, New YorkGoogle Scholar
  5. 5.
    Bloem R, Ravi K, Somenzi F (2000) Symbolic guided search for CTL model checking. In: Proceedings of the conference on design automation (DAC), Los Angeles, June 2000, pp 29–34Google Scholar
  6. 6.
    Chaki S, Clarke E, Groce A, Jha S, Veith H (2003) Modular Verification of Software Components in C. In: Proceedings of the 25th international conference on software engineering, Portland, OR, May 2003, pp 385–395Google Scholar
  7. 7.
    Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2000) Counterexample-guided abstraction refinement. In: Proceedings of the 12th conference on computer aided verification, Chicago, July 2000, pp 154–169Google Scholar
  8. 8.
    Clarke EM, Grumberg O, Long DE (1994) Model checking and abstraction. ACM Trans Programm Lang Sys 16(5):1512–1542CrossRefGoogle Scholar
  9. 9.
    Clarke EM, Grumberg O, Peled D (2000) Model checking. MIT Press, Cambridge, MAGoogle Scholar
  10. 10.
    Cobleigh JM, Clarke LA, Osterweil LJ (2001) The right algorithm at the right time: comparing data flow analysis algorithms for finite state verification. In: Proceedings of the 23rd international conference on software engineering, Toronto, May 2001, pp 37–46Google Scholar
  11. 11.
    Corbett JC, Dwyer M, Hatcliff J, Păsăreanu C, Robby, Laubach S, Zheng H (2000) Bandera: extracting finite-state models from Java source code. In: Proceedings of the 22nd international conference on software engineering, Limerick, Ireland, June 2000, pp 439–448Google Scholar
  12. 12.
    Dwyer M, Hatcliff J, Joehanes R, Laubach S, Păsăreanu CS, Robby, Visser W, Zheng H (2001) Tool-supported Program Abstraction for Finite-state Verification. In: Proceedings of the 23rd international conference on software engineering, Toronto, May 2001, pp 177–187Google Scholar
  13. 13.
    Edelkamp S, Mehler T (2003) Byte code distance heuristics and trail direction for model checking Java programs. In: Proceedings of the workshop on model checking and artificial intelligence (MoChArt), Acapulco, Mexico, August 2003Google Scholar
  14. 14.
    Edelkamp S, Reffel F (1998) OBDDs in heuristic search. In: Proceedings of the 22nd annual German conference on advances in artificial intelligence (KI-98), Berlin, Germany, September 1998, pp 81–92Google Scholar
  15. 15.
    Edelkamp S, Lafuente AL, Leue S (2001a) Directed explicit model checking with HSF-Spin. In: Proceedings of the 8th international SPIN workshop on model checking of software, Toronto, May 2001, pp 57–79Google Scholar
  16. 16.
    Edelkamp S, Lafuente AL, Leue S (2001b) Trail-directed model checking. In: Proceedings of the workshop on software model checking, Electronic notes in theoretical computer science. Elsevier, Amsterdam, 5(3)Google Scholar
  17. 17.
    Edelkamp S, Lafuente AL, Leue S (2002a) Directed explicit-state model checking in the validation of communication protocols. Int J Softw Tools Technol Transfer http://www.springerlink.com/app/home/issue.asp?wasp=6ea5d385hl2uyg5c6q9x&referrer=parent&backto=journal,1,15;linkingpublicationresults,id:101563,1Google Scholar
  18. 18.
    Edelkamp S, Lafuente AL, Leue S (2002b) Partial order reduction in directed model checking. In: Proceedings of the 9th international SPIN workshop on model checking of software, Grenoble, France, April 2002, pp 112–127Google Scholar
  19. 19.
    Engels A, Feijs L, Mauw S (1997) Test generation for intelligent networks using model checking. In: Proceedings of the conference on tools and algorithms for construction and analysis of systems, Enschede, The Netherlands, April 1997, pp 384–398Google Scholar
  20. 20.
    Fernandez JC, Jard C, Jeron T, Viho G (1996) Using on-the-fly verification techniques for the generation of test suites. In: Proceedings of the 8th conference on computer aided verification, New Brunswick, NJ, July 1996, pp 348–359Google Scholar
  21. 21.
    Friedman G, Hartman A, Nagin K, Shiran T (2002) Projected state machine coverage for software testing. In: Proceedings of the international symposium on software testing and analysis (ISSTA 2002), Rome, July 2002, pp 134–143Google Scholar
  22. 22.
    Ganai AK, Aziz A (1998) Efficient coverage directed state space search. In: Proceedings of the international workshop on logic synthesis, Lake Tahoe, CA, May 1998, pp 267–275Google Scholar
  23. 23.
    Garagantini A, Heitmeyer C (1999) Using model checking to generate tests from requirements specifications. In: Proceedings of the joint 7th European software engineering conference and 7th ACM SIGSOFT international symposium on foundations of software engineering, Toulouse, France, September 1999, pp 146–162Google Scholar
  24. 24.
    Godefroid P (1997) VeriSoft: a tool for the automatic analysis of concurrent reactive software. In: Proceedings of the 9th conference on computer aided verification, Haifa, Israel, June 1997, pp 172–186Google Scholar
  25. 25.
    Godefroid P, Khurshid S (2002) Exploring very large state spaces using genetic algorithms. In: Proceedings of the conference on tools and algorithms for construction and analysis of systems, Grenoble, France, April 2002, pp 266–280Google Scholar
  26. 26.
    Graf S, Saidi H (1997) Construction of abstract state graphs with PVS. In: Proceedings of the 9th conference on computer aided verification, Haifa, Israel, June 1997, pp 72–83Google Scholar
  27. 27.
    Groce A, Visser W (2002a) Heuristic model checking for Java programs. In: Proceedings of the 9th international SPIN workshop on model checking of software, Grenoble, France, April 2002, pp 242–245Google Scholar
  28. 28.
    Groce A, Visser W (2002b) Model checking Java programs using structural heuristics. In: Proceedings of the international symposium on software testing and analysis (ISSTA 2002), Rome, July 2002, pp 12–21Google Scholar
  29. 29.
    Hart PE, Nilsson NJ, Raphael B (1968) A formal basis for heuristic determination of minimum path cost. IEEE Trans Sys Sci Cybern 4(2):100–107CrossRefGoogle Scholar
  30. 30.
    Havelund K, Lowry M, Park S, Pecheur C, Penix J, Visser W, White J (2000) Formal analysis of the remote agent before and after flight. In: Proceedings of the 5th NASA Langley formal methods workshop, Hampton, VA, June 2000Google Scholar
  31. 31.
    Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Proceedings of the ACM SIGPLAN-SIGACT conference on principles of programming languages, Portland, OR, January 2002, pp 58–70Google Scholar
  32. 32.
    Holzmann GJ (1990) Algorithms for automated protocol verification. AT&T Tech J 69(2):32–44. Special Issue on Protocol Testing, Specification, and VerificationGoogle Scholar
  33. 33.
    Holzmann GJ, Peled D (1996) The state of SPIN. In: Proceedings of the 8th conference on computer aided verification, New Brunswick, NJ, July 1996, pp 385–389Google Scholar
  34. 34.
    Holzmann GJ, Smith MH (2000) Automating software feature verification. In: Bell Labs Tech J 5(2):72–87Google Scholar
  35. 35.
    Iosif R, Sisto R (1999) dSPIN: a dynamic extension of SPIN. In: Proceedings of the 6th international SPIN workshop on model checking of software, Toulouse, France, September 1999, pp 261–276Google Scholar
  36. 36.
    Jensen RM, Bryant RE, Veloso MM (2002a) An efficient BDD-based A* algorithm. In: Proceedings of the AIPS-02 workshop on planning via model checking, Toulouse, France, April 2002, pp 72–80Google Scholar
  37. 37.
    Jensen RM, Bryant RE, Veloso MM (2002b) SetA*: an efficient BDD-based heuristic search algorithm. In: Proceedings of the 18th national conference on artificial intelligence (AAAI-02), Edmonton, Alberta, Canada, July 2002, pp 668–673Google Scholar
  38. 38.
    Khurshid S, Păsăreanu CS, Visser W (2003) Generalized symbolic execution for model checking and testing. In: Proceedings of the conference on tools and algorithms for construction and analysis of systems, Warsaw, Poland, April 2003, pp 553–568Google Scholar
  39. 39.
    Korel B (1990) Automated software test data generation. IEEE Trans Softw Eng 16(8):870–879CrossRefGoogle Scholar
  40. 40.
    Lin FJ, Chu PM, Liu MT (1987) Protocol verification using reachability analysis: the state space explosion problem and relief strategies. ACM SIGCOMM Comput Commun Rev 17(5)Google Scholar
  41. 41.
    Musuvathi M, Park D, Chou A, Engler D, Dill D (2002) CMC: a pragmatic approach to model checking real code. In: Proceedings of the 5th symposium on operating system design and implementation, Boston, December 2002Google Scholar
  42. 42.
    Pageot JM, Jard C (1988) Experience in guiding simulation. In: Proceedings of the 8th workshop of protocol specification, testing, and verification, Atlantic City, NJGoogle Scholar
  43. 43.
    Păsăreanu CS, Dwyer MB, Visser W (2003) Finding feasible counter-examples when model checking abstracted Java programs. Int J Softw Tools Technol Transfer 5(1):34–48CrossRefGoogle Scholar
  44. 44.
    Penix J, Visser W, Engstrom E, Larson A, Weininger N (2000) Verification of time partitioning in the DEOS scheduler kernel. In: Proceedings of the 22nd international conference on software engineering, Limerick, Ireland, June 2000, pp 488–497Google Scholar
  45. 45.
    Pretschner A (2001) Classical search strategies for test case generation with Constraint Logic Programming. In: Proceedings of the workshop on formal approaches to testing of software, Aalborg, Denmark, August 2001, pp 47–60Google Scholar
  46. 46.
    Rayadurgam S, Heimdahl MP (2001) Coverage based test-case generation using model checkers. In: Proceedings of the 8th annual IEEE international conference and workshop on the engineering of computer based systems, Washington, DC, April 2001, pp 83–93Google Scholar
  47. 47.
    RTCA Special Committee 167 (1992) Software considerations in airborne systems and equipment certification. Technical Report DO-178B, RTCA Inc, Washington, DC, December 1992Google Scholar
  48. 48.
    Saidi H (1999) Modular and incremental analysis of concurrent software systems. In: Proceedings of the 14th IEEE international conference on automated software engineering (ASE), Cocoa Beach, FL, October 1999, pp 92–101Google Scholar
  49. 49.
    Savage S, Burrows M, Nelson G, Sobalvarro P (1997) Eraser: a dynamic data race detector for multithreaded programs. In: ACM Trans Comput Sys 15(4):391–411Google Scholar
  50. 50.
    Sun R, Sessions C (2001) Learning plans without a priori knowledge. Adapt Behav 8(3/4):225–254Google Scholar
  51. 51.
    Tracey N, Clark J, Mander K, McDermid J (1998) An automated framework for structural test-data generation. In: Proceedings of the 13th IEEE international conference on automated software engineering (ASE), Honolulu, October 1998, pp 285–288Google Scholar
  52. 52.
    Visser W, Havelund K, Brat G, Park S (2000a) Model checking programs. In: Proceedings of the 15th IEEE international conference on automated software engineering (ASE), Grenoble, France, September 2000, pp 3–11Google Scholar
  53. 53.
    Visser W, Park S, Penix J (2000b) Using predicate abstraction to reduce object-oriented programs for model checking. In: Proceedings of the 3rd ACM SIGSOFT workshop on formal methods in software practice, Portland, OR, August 2000, pp 3–12Google Scholar
  54. 54.
    Yang HC, Dill DL (1998) Validation with guided search of the state space. In: Proceedings of the conference on design automation (DAC), San Francisco, June 1998, pp 599–604Google Scholar

Copyright information

© Springer-Verlag 2004

Authors and Affiliations

  1. 1.School of Computer ScienceCarnegie Mellon UniversityPittsburghUSA
  2. 2.RIACSNASA Ames Research CenterMoffett FieldUSA

Personalised recommendations