Model Checking Machine Code with the GNU Debugger

  • Eric Mercer
  • Michael Jones
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3639)


Embedded software verification is an important verification problem that requires the ability to reason about the timed semantics of concurrent behaviors at a low level of atomicity. Combining a cycle-accurate debugger with model checking algorithms provides an accurate model of software execution at the machine-code level while supporting concurrency and allowing abstractions to manage state explosion. We report on the design and implementation of such a model checker using the GNU debugger (gdb) with different processor backends. A significant feature of the resulting tool is that we can adjust the level of atomicity during the model checking run to reduce state explosion while focusing on behaviors that are likely to generate an error.


Virtual Machine Model Check Machine Instruction Machine Code State Explosion 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ball, T., Rajamani, S.: The SLAM toolkit. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 260–264. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  3. 3.
    Behrmann, G., Larsen, K.G., Pelánek, R.: To store or not to store. In: Hunt Jr., W.A., Somenzi, F. (eds.) CAV 2003. LNCS, vol. 2725, pp. 433–445. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Clarke, E., Kroening, D.: Hardware verification using ANSI-C programs as a reference. In: Proceedings of ASP-DAC 2003, Yokohama City, Japan, pp. 308–311. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  5. 5.
    Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., Laubach, S., Păsăreanu, C.S., Zheng, R., Zheng, H.: Bandera: extracting finite-state models from java source code. In: International Conference on Software Engineering, pp. 439–448 (2000)Google Scholar
  7. 7.
    Godefroid, P.: Software model checking: The VeriSoft approach. Technical report, Bell Laboratories, Lucent Technologies (2003)Google Scholar
  8. 8.
    Graf, S., Mounier, L. (eds.): Model Checking Software: 11th International SPIN Workshop. LNCS, vol. 2989. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  9. 9.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software verification with Blast. In: Ball, T., Rajamani, S.K. (eds.) SPIN 2003. LNCS, vol. 2648, pp. 235–239. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Holzmann, G.J.: State compression in Spin. In: Proceedings of the Third Spin Workshop, April 1997. Twente University, The Netherlands (1997)Google Scholar
  11. 11.
    Holzmann, G.J., Joshi, R.: Model-driven software verification. In: Graf and Mounier [8], pp. 76–91Google Scholar
  12. 12.
    Hyman, H.: Comments on a problem in concurrent programming control. Communications of the ACM 9(1), 45 (1966)CrossRefGoogle Scholar
  13. 13.
    Mehler, T., Edelkamp, S.: Directed error detection in C++ with the assembley-level model checker StEAM. In: Graf and Mounier [8], pp. 39–56Google Scholar
  14. 14.
    Nethercote, N.: Dynamic Binary Analysis and Instrumentation. PhD thesis, Computer Laboratory, University of Cambridge, United Kingdom (September 2004)Google Scholar
  15. 15.
    Penix, J., Visser, W., Pasaranu, C., Engstrom, E., Larson, A., Weininger, N.: Verifying time partitioning in the DEOS scheduling kernel. In: 22nd International Conference on Software Engineering (ICSE 2000), Limerick, Ireland, pp. 488–497. ACM, New York (2000)Google Scholar
  16. 16.
    Regehr, J., Reid, A., Webb, K.: Eliminating stack overflow by abstract interpretation. In: Alur, R., Lee, I. (eds.) EMSOFT 2003. LNCS, vol. 2855, pp. 306–322. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Robby, Dwyer, M.B., Hatcliff, J.: Bogor: An extensible and highly-modular model checking framework. ACM SIGSOFT Software Engineering Notes 28(5), 267–276 (2003)CrossRefGoogle Scholar
  18. 18.
    Robby, Dwyer, M.B., Hatcliff, J., Iosif, R.: Space-reduction strategies for model checking dynamic software. Electronic Notes in Theorical Computer Science 89(3) (2003)Google Scholar
  19. 19.
    Rungta, N., Mercer, E.G.: A context-sensitive structural heuristic for guided search model checking (2005),
  20. 20.
    Visser, W., Havelund, K., Brat, G., Park, S., Lerda, F.: Model checking programs. Automated Software Engineering Journal 10(2) (April 2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Eric Mercer
    • 1
  • Michael Jones
    • 1
  1. 1.Department of Computer ScienceBrigham Young UniversityProvoUSA

Personalised recommendations