Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Verification, Model Checking, and Abstract Interpretation

VMCAI 2004: Verification, Model Checking, and Abstract Interpretation pp 191–210Cite as

Static Analysis versus Software Model Checking for Bug Finding

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2937))

Abstract

This paper describes experiences with software model checking after several years of using static analysis to find errors. We initially thought that the trade-off between the two was clear: static analysis was easy but would mainly find shallow bugs, while model checking would require more work but would be strictly better – it would find more errors, the errors would be deeper, and the approach would be more powerful. These expectations were often wrong.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kuskin, J., Ofelt, D., Heinrich, M., Heinlein, J., Simoni, R., Gharachorloo, K., Chapin, J., Nakahira, D., Baxter, J., Horowitz, M., Gupta, A., Rosenblum, M., Hennessy, J.: The Stanford FLASH multiprocessor. In: Proceedings of the 21st International Symposium on Computer Architecture (1994)

    Google Scholar 

  2. Chou, A., Chelf, B., Engler, D., Heinrich, M.: Using meta-level compilation to check FLASH protocol code. In: Ninth International Conference on Architecture Support for Programming Languages and Operating Systems (2000)

    Google Scholar 

  3. Lie, D., Chou, A., Engler, D., Dill, D.: A simple method for extracting models from protocol code. In: Proceedings of the 28th Annual International Symposium on Computer Architecture (2001)

    Google Scholar 

  4. Perkins, C., Royer, E., Das, S.: Ad Hoc On Demand Distance Vector (AODV) Routing. IETF Draft, http://www.ietf.org/internet-drafts/draft-ietf-manet-aodv-10.txt (2002)

  5. Musuvathi, M., Park, D., Chou, A., Engler, D.R., Dill, D.L.: CMC: A Pragmatic Approach to Model Checking Real Code. In: Proceedings of the Fifth Symposium on Operating Systems Design and Implementation (2002)

    Google Scholar 

  6. Dill, D.L., Drexler, A.J., Hu, A.J., Yang, C.H.: Protocol verification as a hardware design aid. In: IEEE International Conference on Computer Design: VLSI in Computers and Processors, pp. 522–525 (1992)

    Google Scholar 

  7. Holzmann, G.J.: The model checker SPIN. Software Engineering 23, 279–295 (1997)

    Article  Google Scholar 

  8. Corbett, J., Dwyer, M., Hatcliff, J., Laubach, S., Pasareanu, C., Robby, Z.H.: Bandera: Extracting finite-state models from Java source code. In: ICSE 2000 (2000)

    Google Scholar 

  9. Holzmann, G., Smith, M.: Software model checking: Extracting verification models from source code. In: Proc. PSTV/FORTE 1999, Kluwer Publ., Dordrecht (1999) (invited paper)

    Google Scholar 

  10. Godefroid, P.: Model Checking for Programming Languages using VeriSoft. In: Proceedings of the 24th ACM Symposium on Principles of Programming Languages (1997)

    Google Scholar 

  11. Chandra, S., Godefroid, P., Palm, C.: Software model checking in practice: An industrial case study. In: Proceedings of International Conference on Software Engineering, ICSE (2002)

    Google Scholar 

  12. Brat, G., Havelund, K., Park, S., Visser, W.: Model checking programs. In: IEEE International Conference on Automated Software Engineering, ASE (2000)

    Google Scholar 

  13. Bush, W., Pincus, J., Sielaff, D.: A static analyzer for finding dynamic programming errors. Software: Practice and Experience 30, 775–802 (2000)

    Article  MATH  Google Scholar 

  14. Das, M., Lerner, S., Seigle, M.: Esp: Path-sensitive program verification in polynomial time. In: Conference on Programming Language Design and Implementation (2002)

    Google Scholar 

  15. Flanagan, C., Leino, M.R.K., Lillibridge, M., Nelson, C., Saxe, J., Stata, R.: Extended static checking for Java. In: Conference on Programming Language Design and Implementation, pp. 234–245 (2002)

    Google Scholar 

  16. Chen, H., Wagner, D.: MOPS: an infrastructure for examining security properties of software. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 235–244. ACM Press, New York (2002)

    Chapter  Google Scholar 

  17. Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K.: Automatic predicate abstraction of C programs. In: Proceedings of the SIGPLAN 2001 Conference on Programming Language Design and Implementation (2001)

    Google Scholar 

  18. Engler, D., Chelf, B., Chou, A., Hallem, S.: Checking system rules using systemspecific, programmer-written compiler extensions. In: Proceedings of Operating Systems Design and Implementation, OSDI (2000)

    Google Scholar 

  19. Hallem, S., Chelf, B., Xie, Y., Engler, D.: A system and language for building system-specific, static analyses. In: SIGPLAN Conference on Programming Language Design and Implementation (2002)

    Google Scholar 

  20. Engler, D., Chen, D., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: A general approach to inferring errors in systems code. In: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles (2001)

    Google Scholar 

  21. Park, S., Dill, D.: Verification of FLASH cache coherence protocol by aggregation of distributed transactions. In: Proceedings of he 8th ACM Symposium on Parallel Algorithsm and Architectures, pp. 288–296 (1996)

    Google Scholar 

  22. Stern, U., Dill, D.L.: A New Scheme for Memory-Efficient Probabilistic Verification. In: IFIP TC6/WG6.1 Joint International onference on Formal Description Techniques for Distributed Systems and Communication Protocols, and Protocol Specification, Testing, and Verification (1996)

    Google Scholar 

  23. Lilieblad, F., et al.: Mad-hoc AODV Implementation, http://mad-hoc.flyinglinux.net/

  24. Klein-Berndt, L., et al.: Kernel AODV Implementation, http://w3.antd.nist.gov/wctg/aodvkernel/

  25. Nordstrom, E., et al.: AODV-UU Implementation, http://user.it.uu.se/henrikl/aodv/

  26. Lundgren, H., Lundberg, D., Nielsen, J., Nordstrom, E., Tschudin, C.: A largescale testbed for reproducible ad hoc protocol evaluations. In: IEEE Wireless Communications and Networking Conference (2002)

    Google Scholar 

  27. (The User-mode Linux Kernel), http://user-mode-linux.sourceforge.net/

Download references

Author information

Authors and Affiliations

  1. Computer Systems Laboratory, Stanford University, Stanford, CA, 94305, U.S.A.

    Dawson Engler & Madanlal Musuvathi

Authors
  1. Dawson Engler
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Madanlal Musuvathi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Chair Programming Systems, Universität Dortmund, Otto-Hahn-Str. 14, 44227, Dortmund, Germany

    Bernhard Steffen

  2. Dipartimento di Informatica, Università di Pisa, Via Buonarroti, 2, 56100, Pisa, Italy

    Giorgio Levi

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Engler, D., Musuvathi, M. (2004). Static Analysis versus Software Model Checking for Bug Finding. In: Steffen, B., Levi, G. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2004. Lecture Notes in Computer Science, vol 2937. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24622-0_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24622-0_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-20803-7

  • Online ISBN: 978-3-540-24622-0

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation