We describe the design of DPF, an explicit-state model checker for database-backed web applications. DPF interposes between the program and the database layer, and precisely tracks the effects of queries made to the database. We experimentally explore several implementation choices for the model checker: stateful vs. stateless search, state storage and backtracking strategies, and dynamic partial-order reduction. In particular, we define independence relations at different granularity levels of the database (at the database, relation, record, attribute, or cell level), and show the effectiveness of dynamic partial-order reduction based on these relations.

We apply DPF to look for atomicity violations in web applications. Web applications maintain shared state in databases, and typically there are relatively few database accesses for each request. This implies concurrent interactions are limited to relatively few and well-defined points, enabling our model checker to scale. We explore the performance implications of various design choices and demonstrate the effectiveness of DPF on a set of Java benchmarks. Our model checker was able to find new concurrency bugs in two open-source web applications, including in a standard example distributed with the Spring framework.


Model Check Integrity Constraint Relation Symbol Structure Query Language Exploration Time 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Artzi, S., Kiezun, A., Dolby, J., Tip, F., Dig, D., Paradkar, A., Ernst, M.D.: Finding bugs in web applications using dynamic test generation and explicit-state model checking. IEEE Trans. Softw. Eng. 36(4), 474–494 (2010)CrossRefGoogle Scholar
  2. 2.
    Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press (2008)Google Scholar
  3. 3.
    Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley (1987)Google Scholar
  4. 4.
  5. 5.
    Emmi, M., Majumdar, R., Sen, K.: Dynamic test input generation for database applications. In: ISSTA, pp. 151–162 (2007)Google Scholar
  6. 6.
    Felmetsger, V., Cavedon, L., Kruegel, C., Vigna, G.: Toward automated detection of logic vulnerabilities in web applications. In: USENIX Security Symposium, pp. 143–160 (2010)Google Scholar
  7. 7.
    Flanagan, C., Freund, S.: Atomizer: A dynamic atomicity checker for multithreaded programs. Sci. Comput. Program. 71(2), 89–109 (2008)MathSciNetzbMATHCrossRefGoogle Scholar
  8. 8.
    Flanagan, C., Godefroid, P.: Dynamic partial-order reduction for model checking software. In: POPL, pp. 110–121 (2005)Google Scholar
  9. 9.
    Fonseca, P., Li, C., Rodrigues, R.: Finding complex concurrency bugs in large multi-threaded applications. In: EuroSys, pp. 215–228 (2011)Google Scholar
  10. 10.
    Giannakopoulou, D., Păsăreanu, C.S.: Interface Generation and Compositional Verification in JavaPathfinder. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 94–108. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Godefroid, P.: Partial-Order Methods for the Verification of Concurrent Systems. LNCS, vol. 1032. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  12. 12.
    Godefroid, P.: Model checking for programming languages using VeriSoft. In: POPL, pp. 174–186 (1997)Google Scholar
  13. 13.
    Grechanik, M., Csallner, C., Fu, C., Xie, Q.: Is data privacy always good for software testing? In: ISSRE, pp. 368–377 (2010)Google Scholar
  14. 14.
    Holzmann, G.J.: The model checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)MathSciNetCrossRefGoogle Scholar
  15. 15.
    Iosif, R.: Exploiting heap symmetries in explicit-state model checking of software. In: ASE, pp. 254–261 (2001)Google Scholar
  16. 16.
  17. 17.
    Khalek, S.A., Khurshid, S.: Systematic testing of database engines using a relational constraint solver. In: ICST, pp. 50–59 (2011)Google Scholar
  18. 18.
    Martin, M., Lam, M.S.: Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In: USENIX Security Symposium, pp. 31–43 (2008)Google Scholar
  19. 19.
    Mentis, A., Katsaros, P.: Model checking and code generation for transaction processing software. Concurr. Comput.: Pract. Exper. 24(7), 711–722 (2012)CrossRefGoogle Scholar
  20. 20.
    Musuvathi, M., Dill, D.L.: An Incremental Heap Canonicalization Algorithm. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 28–42. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  21. 21.
    Musuvathi, M., Qadeer, S.: Iterative context bounding for systematic testing of multithreaded programs. In: PLDI, pp. 446–455 (2007)Google Scholar
  22. 22.
    Paleari, R., Marrone, D., Bruschi, D., Monga, M.: On Race Vulnerabilities in Web Applications. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 126–142. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Pan, K., Wu, X., Xie, T.: Database state generation via dynamic symbolic execution for coverage criteria. In: DBTest, pp. 1–6 (2011)Google Scholar
  24. 24.
    Pan, K., Wu, X., Xie, T.: Generating program inputs for database application testing. In: ASE, pp. 73–82 (2011)Google Scholar
  25. 25.
    Petrov, B., Vechev, M., Sridharan, M., Dolby, J.: Race detection for web applications. In: PLDI, pp. 251–262 (2012)Google Scholar
  26. 26.
    Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., Anderson, T.: Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15(4), 391–411 (1997)CrossRefGoogle Scholar
  27. 27.
    Spring Framework home page,
  28. 28.
    Visser, W., Havelund, K., Brat, G., Park, S.: Model checking programs. Automated Software Engineering 10(2), 203–232 (2003)CrossRefGoogle Scholar
  29. 29.
    Wassermann, G., Yu, D., Chander, A., Dhurjati, D., Inamura, H., Su, Z.: Dynamic test input generation for web applications. In: ISSTA, pp. 249–260 (2008)Google Scholar
  30. 30.
    Yang, Y., Chen, X., Gopalakrishnan, G., Kirby, R.M.: Efficient Stateful Dynamic Partial Order Reduction. In: Havelund, K., Majumdar, R. (eds.) SPIN 2008. LNCS, vol. 5156, pp. 288–305. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  31. 31.
    Zheng, Y., Zhang, X.: Static detection of resource contention problems in server-side scripts. In: ICSE, pp. 584–594 (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Milos Gligoric
    • 1
  • Rupak Majumdar
    • 2
  1. 1.University of Illinois at Urbana-ChampaignUSA
  2. 2.Max Planck Institute for Software SystemsGermany

Personalised recommendations