Abstract
This paper describes how the state space exploration ool VeriSoft can be used to analyze parallel C/C++ programs compositionally. VeriSoft is employed for two analyses: transition traceanalysis and assume/guarantee reasoning. Both analyses are compositional in the sense that the behaviour of a parallel program is determined in terms of the behaviour of its constituent processes. While both analyses have traditionally been carried out with “pencil and paper”, the paper demonstrates how VeriSoft can be used to automate them. In the context of transition trace analysis, the question whether a given program can exhibit a given trace is addressed with VeriSoft. To implement assume/guarantee reasoning, VeriSoft is used to determine whether a given program satisfies a given assume/guarantee specification. Since VeriSoft’s state space exploration is bounded and thus not complete in general, our proposed analyses are only meant to complement standard reasoning about parallel programs using traces or assume/guarantee specifications. For instance, a successful analysis does not always imply the general correctness of an assume/guarantee specification. However, it increases the confidence in the verification effort. On the other hand, an unsuccessful analysis always produces a counterexample which can be used to correct the specification or the program. VeriSoft’s optimization and visualization techniques make the analyses relatively efficient and effective.
Similar content being viewed by others
References
Abadi M., Lamport L. (1995). Conjoining specifications. ACM Trans. Program. Lang. Syst. 17(3):507–534
Andrews G.R. (2000) Foundations of Multithreaded, Parallel, and Distributed Programming. Addison-Wesley, Reading
Bensalem S., Lakhnech Y. (1999). Automatic generation of invariants. Formal Methods Syst. Des., 15(1):75–92
Brookes S.D. (1996). Full abstraction for a shared-variable parallel language. Information and Computation, 127(2):145–163
Corbett, J., Dwyer, M., Hatcliff, J., Păsăreanu, C., Robby, Laubach, S., Zheng, H.: Bandera : Extracting finite-state models from Java source code. In: 22nd International Conference on Software Engineering (ICSE ’00) (2000)
Colby, C., Godefroid, P., Jagadeesan, L.J.: Automatically closing open reactive programs. In ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI ’98), Montreal, Canada (1998)
Cobleigh, J.M., Giannakopoulou, D., Păsăreanu, C.S.: Learning assumptions for compositional verification. In: 9th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS ’03), pp. 331–346, Warsaw, Poland (2003)
Collette, P., Jones, C.B.: Enhancing the tractability of rely/guarantee specifications in the development of interfering operations. In: Proof, Language and Interaction: Essays in Honour of Robin Milner, pp. 277–307. MIT Press, Cambridge (2000)
du Bousquet, L., Ouabdesselam, F., Parissis, I., Richier, J.-L., Zuanon, N. (2000) Specification-based testing of synchronous software. In: International Workshop on Formal Methods for Industrial Critical Systems, Berlin, Germany (2000)
Dingel J. (2002) A refinement calculus for shared-variable parallel and distributed programming. Formal Asp. Comput. 14:123–197
Dingel, J.: Automatic transition trace analysis of parallel programs using VeriSoft. Technical Report 2003-467, Queen’s University, School of Computing, Kingston, Ontario, June 2003. Available at www.cs.queensu.ca/TechReports.
Dingel, J.: Computer-assisted assume/guarantee reasoning with VeriSoft. In: 25th International Conference on Software Engineering (ICSE ’03), pp. 138–148, Portland, Oregon (2003)
Ernst, M.D., Czeisler, A., Griswold, W.G., Notkin,D.: Quickly etecting relevant program invariants. In 22nd International Conference on Software Engineering (ICSE ’00), pp. 449–458, Limerick, Ireland (2000)
Godefroid P. (1996). Partial-Order Methods for the Verification of Concurrent Systems – An Approach to the State-Explosion Problem. Springer, Berlin Heidelberg New York
Godefroid, P.: Model checking for programming languages using VeriSoft. In: 24th ACM Symposium on Principles of Programming Languages, pp. 174–186, Paris (1997)
Godefroid, P.: Software model checking in practice: an industrial case study. In: International Conference on Software Engineering (ICSE ’02), Orlando (2002)
Jeffords, R., Heitmeyer, C.: Automatic generation of state invariants from requirements specifications. In 6th International Symposium on the Foundations of Software Engineering (FSE-6), Orlando, Florida (1998)
Jeffords, R., Heitmeyer, C.: An algorithm for strengthening state invariants generated from requirements specifications. In: 5th International Symposium on Requirements Engineering (RE ’01), Toronto, Canada (2001)
Jeffords, R., Heitmeyer, C.: A strategy for efficiently verifying requirements specifications using composition and invariants. In: European Software Engineering Conference/ACM SIGSOFT Symposium on the Foundations of Software Engineering (ESEC/FSE 2003), Helsinki, Finland (2003)
Jones C.B. (1983). Tentative steps towards a development method for interfering programs. ACM Trans. Program. Lang. Syst. 5(4):576–619
Jagadeesan, L.J., Porter, A., Ramming, J.C., Votta, L.: Specification-based testing of reactive software: Tools and experiments. In: 19th International Conference on Software Engineering (ICSE ’97): (1997)
Jackson D., Wing J. (1996). Lightweight formal methods. IEEE Comput. 29(4):221–22
Manna Z., Pnueli A. (1995). Temporal Verification of Reactive Systems: Safety. Springer, Berlin Heidelberg New York
Owicki S.S., Gries D. (1976). An axiomatic proof technique for parallel programs. Acta Inform 6:319–340
Păsăreanu, C.S., Dwyer, M.B., Huth, M.: Assume-guarantee model checking of software: A comparative case study. In: Theoretical and Practical Aspects of SPIN Model Checking. Springer, Berlin Heidelberg New York LNCS 1680 (1999)
Peterson G.L. (1981). Myths about the mutual exclusion problem. Inform Process Lett 12:115–116
Pnueli, A.: In transition from global to modular temporal reasoning about programs. In: Apt, K.R. (ed.) Logics and Models of Concurrent Systems, NATO ASI F13, pp. 123–144. Springer, Berlin Heidelberg New York (1985)
Raymond, P., Weber, D., Nicollin, X., Halbwachs, N.: Automatic testing of reactive systems. In: 19th IEEE Real-Time Systems Symposium (RTSS ’98) (1998)
Stirling C. (1988). A generalization of Owicki-Gries’ Hoare logic for a concurrent while language. Theoret. Comput. Sci. 89:347–359
Stølen, K.: A method for the development of totally correct shared-state parallel programs. In: 2nd International Conference on Concurrency Theory (CONCUR ’91), pp. 510–525 LNCS 789 (1991)
Stølen, K.: Assumption/commitment rules for dataflow networks - with an emphasis on completeness. In: 6th European Symposium on Programming (ESOP ’96), pp. 356–372 LNCS 1058 (1996)
Visser W., Havelund K., Brat G., Park S., Lerda F. (2003). Model checking programs. Automated Softw. Eng. J. 10(2):203–232
Zulkernine, M., Seviora, R.: Assume-guarantee supervisor for concurrent systems. In: International Parallel and Distributed Processing Symposium (IPDPS ’01), pp. 1552–1560. IEEE Computer Science Press (2001)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Dingel, J. Compositional Analysis of C/C++ Programs with VeriSoft. Acta Informatica 43, 45–71 (2006). https://doi.org/10.1007/s00236-006-0016-x
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00236-006-0016-x