Zing: Exploiting Program Structure for Model Checking Concurrent Software
Model checking is a technique for finding bugs in systems by systematically exploring their state spaces. We wish to extract sound models from concurrent programs automatically and check the behaviors of these models systematically. The zing project is an effort to build a flexible infrastructure to represent and model check abstractions of large concurrent software.
To support automatic extraction of models from programs written in common programming languages, zing’s modeling language supports three facilities present in modern programming languages: (1) procedure calls with a call-stack, (2) objects with dynamic allocation, and (3) processes with dynamic creation, using both shared memory and message passing for communication. We believe that these three facilities capture the essence of model checking modern concurrent software.
Building a scalable model-checker for such an expressive modeling language is a huge challenge. zing’s modular architecture provides a clear separation between the expressive semantics of the modeling language, and a simple view of zing programs as labeled transition systems. This separation has allowed us to decouple the design of efficient model checking algorithms from the complexity of supporting rich constructs in the modeling language.
zing’s model checking algorithms have been designed to exploit existing structural abstractions in concurrent programs such as processes and procedure calls. We present two such novel techniques in the paper: (1) compositional checking of zing models for message-passing programs using a conformance theory inspired by work in the process algebra community, and (2) a new summarization algorithm, which enables zing to reuse work at procedure boundaries by extending interprocedural data-flow analysis algorithms from the compiler community to analyze concurrent programs.
KeywordsModel Check Modeling Language Procedure Call Label Transition System Concurrent Program
Unable to display preview. Download preview PDF.
- 1.Zing Language Specification, http://research.microsoft.com/zing
- 2.Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: A model checker for concurrent software. Technical report, Microsoft Research (2004)Google Scholar
- 4.Ball, T., Rajamani, S.K.: The SLAM project: Debugging system software via static analysis. In: POPL 2002: Principles of Programming Languages, January 2002, pp. 1–3. ACM, New York (2002)Google Scholar
- 7.Fournet, C., Hoare, C.A.R., Rajamani, S.K., Rehof, J.: Stuck-free conformance theory for CCS. Technical Report MSR-TR-2004-09, Microsoft Research (2004)Google Scholar
- 15.Qadeer, S., Rajamani, S.K., Rehof, J.: Summarizing procedures in concurrent programs. In: POPL 2004: ACM Principles of Programming Languages, pp. 245–255. ACM, New York (2004)Google Scholar
- 18.Robby, M.D., Hatcliff, J.: Bogor: An extensible and highly-modular model checking framework. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 267–276. Springer, Heidelberg (2003)Google Scholar
- 19.Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice Hall, Englewood Cliffs (1998)Google Scholar
- 21.Visser, W., Havelund, K., Brat, G., Park, S.: Model checking programs. In: ICASE 2000: Automated Software Engineering, pp. 3–12 (2000)Google Scholar