Abstract
This paper describes experiences with software model checking after several years of using static analysis to find errors. We initially thought that the trade-off between the two was clear: static analysis was easy but would mainly find shallow bugs, while model checking would require more work but would be strictly better – it would find more errors, the errors would be deeper, and the approach would be more powerful. These expectations were often wrong.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Kuskin, J., Ofelt, D., Heinrich, M., Heinlein, J., Simoni, R., Gharachorloo, K., Chapin, J., Nakahira, D., Baxter, J., Horowitz, M., Gupta, A., Rosenblum, M., Hennessy, J.: The Stanford FLASH multiprocessor. In: Proceedings of the 21st International Symposium on Computer Architecture (1994)
Chou, A., Chelf, B., Engler, D., Heinrich, M.: Using meta-level compilation to check FLASH protocol code. In: Ninth International Conference on Architecture Support for Programming Languages and Operating Systems (2000)
Lie, D., Chou, A., Engler, D., Dill, D.: A simple method for extracting models from protocol code. In: Proceedings of the 28th Annual International Symposium on Computer Architecture (2001)
Perkins, C., Royer, E., Das, S.: Ad Hoc On Demand Distance Vector (AODV) Routing. IETF Draft, http://www.ietf.org/internet-drafts/draft-ietf-manet-aodv-10.txt (2002)
Musuvathi, M., Park, D., Chou, A., Engler, D.R., Dill, D.L.: CMC: A Pragmatic Approach to Model Checking Real Code. In: Proceedings of the Fifth Symposium on Operating Systems Design and Implementation (2002)
Dill, D.L., Drexler, A.J., Hu, A.J., Yang, C.H.: Protocol verification as a hardware design aid. In: IEEE International Conference on Computer Design: VLSI in Computers and Processors, pp. 522–525 (1992)
Holzmann, G.J.: The model checker SPIN. Software Engineering 23, 279–295 (1997)
Corbett, J., Dwyer, M., Hatcliff, J., Laubach, S., Pasareanu, C., Robby, Z.H.: Bandera: Extracting finite-state models from Java source code. In: ICSE 2000 (2000)
Holzmann, G., Smith, M.: Software model checking: Extracting verification models from source code. In: Proc. PSTV/FORTE 1999, Kluwer Publ., Dordrecht (1999) (invited paper)
Godefroid, P.: Model Checking for Programming Languages using VeriSoft. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages (1997)
Chandra, S., Godefroid, P., Palm, C.: Software model checking in practice: An industrial case study. In: Proceedings of International Conference on Software Engineering, ICSE (2002)
Brat, G., Havelund, K., Park, S., Visser, W.: Model checking programs. In: IEEE International Conference on Automated Software Engineering, ASE (2000)
Bush, W., Pincus, J., Sielaff, D.: A static analyzer for finding dynamic programming errors. Software: Practice and Experience 30, 775–802 (2000)
Das, M., Lerner, S., Seigle, M.: Esp: Path-sensitive program verification in polynomial time. In: Conference on Programming Language Design and Implementation (2002)
Flanagan, C., Leino, M.R.K., Lillibridge, M., Nelson, C., Saxe, J., Stata, R.: Extended static checking for Java. In: Conference on Programming Language Design and Implementation, pp. 234–245 (2002)
Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 235–244. ACM Press, New York (2002)
Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K.: Automatic predicate abstraction of C programs. In: Proceedings of the SIGPLAN 2001 Conference on Programming Language Design and Implementation (2001)
Engler, D., Chelf, B., Chou, A., Hallem, S.: Checking system rules using systemspecific, programmer-written compiler extensions. In: Proceedings of Operating Systems Design and Implementation, OSDI (2000)
Hallem, S., Chelf, B., Xie, Y., Engler, D.: A system and language for building system-specific, static analyses. In: SIGPLAN Conference on Programming Language Design and Implementation (2002)
Engler, D., Chen, D., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: A general approach to inferring errors in systems code. In: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles (2001)
Park, S., Dill, D.: Verification of FLASH cache coherence protocol by aggregation of distributed transactions. In: Proceedings of he 8th ACM Symposium on Parallel Algorithsm and Architectures, pp. 288–296 (1996)
Stern, U., Dill, D.L.: A New Scheme for Memory-Efficient Probabilistic Verification. In: IFIP TC6/WG6.1 Joint International onference on Formal Description Techniques for Distributed Systems and Communication Protocols, and Protocol Specification, Testing, and Verification (1996)
Lilieblad, F., et al.: Mad-hoc AODV Implementation, http://mad-hoc.flyinglinux.net/
Klein-Berndt, L., et al.: Kernel AODV Implementation, http://w3.antd.nist.gov/wctg/aodvkernel/
Nordstrom, E., et al.: AODV-UU Implementation, http://user.it.uu.se/henrikl/aodv/
Lundgren, H., Lundberg, D., Nielsen, J., Nordstrom, E., Tschudin, C.: A largescale testbed for reproducible ad hoc protocol evaluations. In: IEEE Wireless Communications and Networking Conference (2002)
(The User-mode Linux Kernel), http://user-mode-linux.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Engler, D., Musuvathi, M. (2004). Static Analysis versus Software Model Checking for Bug Finding. In: Steffen, B., Levi, G. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2004. Lecture Notes in Computer Science, vol 2937. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24622-0_17
Download citation
DOI: https://doi.org/10.1007/978-3-540-24622-0_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20803-7
Online ISBN: 978-3-540-24622-0
eBook Packages: Springer Book Archive