Verifying Distributed, Event-Based Middleware Applications Using Domain-Specific Software Model Checking

  • L. Ruhai Cai
  • Jeremy S. Bradbury
  • Juergen Dingel
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4468)


The success of distributed event-based infrastructures such as SIENA and Elvin is partially due to their ease of use. Even novice users of these infrastructures not versed in distributed programming can quickly comprehend the small and intuitive interfaces that these systems typically feature. However, if these users make incorrect assumptions about how the infrastructure services work, a mismatch between the infrastructure and its client applications occurs, which may manifest itself in erroneous client behaviour. We propose a framework for automatically model checking distributed event-based systems in order to discover mismatch between the infrastructure and its clients. Using the SIENA event service as an example, we implemented and evaluated our framework by customizing the Bandera/Bogor tool pipeline. Two realistic Java applications are implemented to test and evaluate the framework.


Model Check Chat Room Client Application Incorrect Assumption Event Service 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Bradbury, J.S., Dingel, J.: Evaluating and improving the automatic analysis of implicit invocation systems. In: Proc. of ESEC/FSE 2003, September 2003, pp. 78–87 (2003)Google Scholar
  2. 2.
    Campbell, C., Grieskamp, W., Nachmanson, L., Schulte, W., Tillmann, N., Veanes, M.: Model-based testing of object-oriented reactive systems with Spec Explorer. Technical report, Microsoft Research (2005)Google Scholar
  3. 3.
    Caporuscio, M., Inverardi, P., Pelliccione, P.: Compositional verification of middleware-based software architecture descriptions. In: Proc. of ICSE 2004, pp. 221–230 (2004)Google Scholar
  4. 4.
    Carzaniga, A.: Personal e-mail correspondance with J. Dingel (February 9, 2005)Google Scholar
  5. 5.
    Carzaniga, A., Rosenblum, D.S., Wolf, A.L.: Design and evaluation of a wide-area event notification service. ACM Trans. on Comp. Sys. 19(3), 332–383 (2001)CrossRefGoogle Scholar
  6. 6.
    Cassidy, T., Cordy, J., Dean, T., Dingel, J.: Source transformation for concurrency analysis. In: Proc. of the Int. Work. on Language Descriptions, Tools and Applications (LDTA 2005) (April 2005)Google Scholar
  7. 7.
    Corbett, J.C., Dwyer, M.B., Hatcliff, J., et al.: Bandera: extracting finite-state models from java source code. In: Proc. of ICSE ’00, pp. 439–448 (2000)Google Scholar
  8. 8.
    Dwyer, M.B., Tkachuk, R.O., Visser, W.: Analyzing interaction orderings with model checking. In: Proc. of ASE 2004, pp. 154–163 (2004)Google Scholar
  9. 9.
    Fournet, C., Hoare, C., Rajamani, S., Rehof, J.: Stuck-free conformance. In: Alur, R., Peled, D.A. (eds.) CAV 2004. LNCS, vol. 3114, Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Garlan, D., Khersonsky, S., Kim, J.: Model checking publish-subscribe systems. In: Ball, T., Rajamani, S.K. (eds.) Model Checking Software. LNCS, vol. 2648, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Haahr, M., Meier, R., Nixon, P., Cahill, V., Jul, E.: Filtering and scalability in the ECO distributed event model. In: PDSE ’00. Proc. of the Int. Symp. on Soft. Eng. for Parallel and Distributed Systems, p. 83 (2000)Google Scholar
  12. 12.
    Hatcliff, J., Deng, X., Dwyer, M.B., Jung, G., Ranganath, V.P.: Cadena: an integrated development, analysis, and verification environment for component-based systems. In: Proc. of ICSE 2003, pp. 160–173 (May 2003)Google Scholar
  13. 13.
    Heimbigner, D.: Adapting publish/subscribe middleware to achieve Gnutella-like functionality. In: Vaudenay, S., Youssef, A.M. (eds.) SAC 2001. LNCS, vol. 2259, pp. 176–181. Springer, Heidelberg (2001)Google Scholar
  14. 14.
    Inverardi, P., Muccini, H., Pelliccione, P.: Charmy: an extensible tool for architectural analysis. In: Proc. of ESEC/FSE-13, pp. 111–114 (2005)Google Scholar
  15. 15.
    Meier, R., Cahill, V.: Taxonomy of distributed event-based programming systems. The Computer Journal 48(5), 602–626 (2005)CrossRefGoogle Scholar
  16. 16.
    Robby, Dwyer, M., Hatcliff, J.: Bogor: an extensible and highly-modular software model checking framework. In: Proc. of ESEC/FSE-11, pp. 267–276, (September 2003)Google Scholar
  17. 17.
    Selic, B.: On the semantic foundations of standard uml 2. In: Bernardo, M., Corradini, F. (eds.) Formal Methods for the Design of Real-Time Systems. LNCS, vol. 3185, pp. 181–199. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  18. 18.
    Stoller, S.D., Liu, Y.A.: Transformations for model checking distributed Java programs. In: Dwyer, M.B. (ed.) Model Checking Software. LNCS, vol. 2057, Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Uchitel, S., Yankelevich, D.: Enhancing architectural mismatch detection with assumptions. In: Proc. of the Int. Conf. and Work. on the Engineering of Computer Based Systems, pp. 138–146 (April 2000)Google Scholar
  20. 20.
    Zhang, B., Ding, K., Li, J.: An XML-message based architecture description language and architectural mismatch checking. In: Proc. of Comp. Soft. and Applications Conf. (COMPSAC 2001), pp. 561–566 (October 2001)Google Scholar
  21. 21.
    Zhang, H., Bradbury, J.S., Cordy, J.R., Dingel, J.: Using source transformation to test and model check implicit-invocation systems. Special Issue on Source Code Analysis and Manipulation. Science of Computer Programming 62(3), 209–227 (2006)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© IFIP International Federation for Information Processing 2007

Authors and Affiliations

  • L. Ruhai Cai
    • 1
  • Jeremy S. Bradbury
    • 1
  • Juergen Dingel
    • 1
  1. 1.School of Computing, Queen’s University, Kingston, OntarioCanada

Personalised recommendations