Zing: Exploiting Program Structure for Model Checking Concurrent Software

  • Tony Andrews
  • Shaz Qadeer
  • Sriram K. Rajamani
  • Jakob Rehof
  • Yichen Xie
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3170)


Model checking is a technique for finding bugs in systems by systematically exploring their state spaces. We wish to extract sound models from concurrent programs automatically and check the behaviors of these models systematically. The zing project is an effort to build a flexible infrastructure to represent and model check abstractions of large concurrent software.

To support automatic extraction of models from programs written in common programming languages, zing’s modeling language supports three facilities present in modern programming languages: (1) procedure calls with a call-stack, (2) objects with dynamic allocation, and (3) processes with dynamic creation, using both shared memory and message passing for communication. We believe that these three facilities capture the essence of model checking modern concurrent software.

Building a scalable model-checker for such an expressive modeling language is a huge challenge. zing’s modular architecture provides a clear separation between the expressive semantics of the modeling language, and a simple view of zing programs as labeled transition systems. This separation has allowed us to decouple the design of efficient model checking algorithms from the complexity of supporting rich constructs in the modeling language.

zing’s model checking algorithms have been designed to exploit existing structural abstractions in concurrent programs such as processes and procedure calls. We present two such novel techniques in the paper: (1) compositional checking of zing models for message-passing programs using a conformance theory inspired by work in the process algebra community, and (2) a new summarization algorithm, which enables zing to reuse work at procedure boundaries by extending interprocedural data-flow analysis algorithms from the compiler community to analyze concurrent programs.


Model Check Modeling Language Procedure Call Label Transition System Concurrent Program 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zing Language Specification,
  2. 2.
    Andrews, T., Qadeer, S., Rajamani, S.K., Rehof, J., Xie, Y.: Zing: A model checker for concurrent software. Technical report, Microsoft Research (2004)Google Scholar
  3. 3.
    Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for Boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  4. 4.
    Ball, T., Rajamani, S.K.: The SLAM project: Debugging system software via static analysis. In: POPL 2002: Principles of Programming Languages, January 2002, pp. 1–3. ACM, New York (2002)Google Scholar
  5. 5.
    Brookes, S.D., Hoare, C.A.R., Roscoe, A.W.: A theory of communicating sequential processes. Journal of the ACM 31(3), 560–599 (1984)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Dwyer, M., Hatcliff, J., Joehanes, R., Laubach, S., Pasareanu, C., Robby, W.V., Zheng, H.: Tool-supported program abstraction for finite-state verification. In: ICSE 2001: International Conference on Software Engineering, pp. 177–187. ACM, New York (2001)CrossRefGoogle Scholar
  7. 7.
    Fournet, C., Hoare, C.A.R., Rajamani, S.K., Rehof, J.: Stuck-free conformance theory for CCS. Technical Report MSR-TR-2004-09, Microsoft Research (2004)Google Scholar
  8. 8.
    Fournet, C., Hoare, S.T., Rajamani, S.K., Rehof, J.: Stuck-free conformance. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, pp. 242–254. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Hoare, C.A.R.: Communicating Sequential Processes. Prentice-Hall, Englewood Cliffs (1985)zbMATHGoogle Scholar
  10. 10.
    Holzmann, G.: The model checker SPIN. IEEE Transactions on Software Engineering 23(5), 279–295 (1997)CrossRefGoogle Scholar
  11. 11.
    Holzmann, G.J.: Logic verification of ANSI-C code with Spin. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN 2000. LNCS, vol. 1885, pp. 131–147. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  12. 12.
    Iosif, R., Sisto, R.: dSPIN: A dynamic extension of SPIN. In: Dams, D.R., Gerth, R., Leue, S., Massink, M. (eds.) SPIN 1999. LNCS, vol. 1680, pp. 261–276. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Lipton, R.J.: Reduction: A method of proving properties of parallel programs. Communications of the ACM 18(12), 717–721 (1975)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  15. 15.
    Qadeer, S., Rajamani, S.K., Rehof, J.: Summarizing procedures in concurrent programs. In: POPL 2004: ACM Principles of Programming Languages, pp. 245–255. ACM, New York (2004)Google Scholar
  16. 16.
    Rajamani, S.K., Rehof, J.: Conformance checking for models of asynchronous message passing software. In: Brinksma, E., Larsen, K.G. (eds.) CAV 2002. LNCS, vol. 2404, pp. 166–179. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Ramalingam, G.: Context sensitive synchronization sensitive analysis is undecidable. ACM Trans. on Programming Languages and Systems 22, 416–430 (2000)CrossRefGoogle Scholar
  18. 18.
    Robby, M.D., Hatcliff, J.: Bogor: An extensible and highly-modular model checking framework. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 267–276. Springer, Heidelberg (2003)Google Scholar
  19. 19.
    Roscoe, A.W.: The Theory and Practice of Concurrency. Prentice Hall, Englewood Cliffs (1998)Google Scholar
  20. 20.
    Stoller, S.D.: Model-checking multi-threaded distributed Java programs. International Journal on Software Tools for Technology Transfer 4(1), 71–91 (2002)CrossRefGoogle Scholar
  21. 21.
    Visser, W., Havelund, K., Brat, G., Park, S.: Model checking programs. In: ICASE 2000: Automated Software Engineering, pp. 3–12 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Tony Andrews
    • 1
  • Shaz Qadeer
    • 1
  • Sriram K. Rajamani
    • 1
  • Jakob Rehof
    • 1
  • Yichen Xie
    • 2
  1. 1.Microsoft ResearchUSA
  2. 2.Stanford UniversityUSA

Personalised recommendations