Skip to main content

A Scalable Incomplete Test for Message Buffer Overflow in Promela Models

  • Conference paper
Model Checking Software (SPIN 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2989))

Included in the following conference series:

Abstract

In Promela, communication buffers are defined with a fixed length, and buffer overflows can be handled in two different ways: block the send statement or lose the message. Both solutions change the semantics of the system, compared to one with unbounded channels. The question arises, if such buffer overflows can ever occur in a given system and what buffer lengths are sufficient to avoid them. We describe a scalable incomplete boundedness test for the communication buffers in Promela models, which is based on overapproximation and static analysis. We first reduce Promela models to systems of communicating finite state machines (CFSMs) and then apply further abstractions that leave us with a system of linear inequalities. Those represent the message sending and receiving effect that the control flow cycles of every process have on any message buffer. The test tries to establish the existence of a linear combination of the effect vectors so that at least one message can occur an unbounded number of times. If no such linear combination exists then the system is bounded. We discuss the complexity of this test and present experimental results using our implementation in the IBOC system. Scalability of the test is in part due to the fact that it is polynomial for the type of sparse control flow graphs derived from Promela models. Also, the analysis is local, i.e., it avoids the combinatorial state space explosion due to concurrency of the models. We also present a method to derive upper bound estimates for the maximal occupancy of each individual message buffer. Previously, we have applied this approach to UML RT models, while in this paper we focus on the additional problems specific to Promela code: determining the potential message types of any channel, tracking potential contents of variables, channels passed as arguments to processes, channel assignments, channel arrays and parallel process creation.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abdulla, P., Jonsson, B.: Verifying Programs with Unreliable Channels. In: LICS 1993, IEEE, Los Alamitos (1993)

    Google Scholar 

  2. Bevier, W.R.: Towards an operational semantics of promela in acl2. In: Proceedings of the Third SPIN Workshop, SPIN 1997 (1997)

    Google Scholar 

  3. Bouajjani, A., Mayr, R.: Model checking lossy vector addition systems. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, p. 323. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  4. Brand, D., Zafiropulo, P.: On communicating finite-state machines. Journal of the ACM 2(5), 323–342 (1983)

    Article  MathSciNet  Google Scholar 

  5. Esparza, J., Melzer, S.: Verification of safety properties using integer programming: Beyond the state equation. Formal Methods in System Design 16, 159–189 (2000)

    Article  Google Scholar 

  6. Esparza, J., Nielsen, M.: Decidability issues for Petri nets - a survey. Journal of Informatics, Processing and Cybernetics 30(3), 143–160 (1994)

    MATH  Google Scholar 

  7. Holzmann, G.J.: The Spin Model Checker - Primer and Reference Manual. Addison-Wesley, Reading (2004)

    Google Scholar 

  8. Jeron, T., Jard, C.: Testing for unboundedness of fifo channels. Theoretical Computer Science (113), 93–117 (1993)

    Google Scholar 

  9. Kamel, M., Leue, S.: Formalization and validation of the general inter-orb protocol (GIOP) using Promela and SPIN. In: Software Tools for Technology Transfer (STTT), vol. 2, pp. 394–409 (2000)

    Google Scholar 

  10. Leue, S., Mayr, R., Wei, W.: A scalable incomplete test for the boundedness of UML RT models. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 327–341. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  11. Melzer, S., Esparza, J.: Checking system properties via integer programming. In: Riis Nielson, H. (ed.) ESOP 1996. LNCS, vol. 1058, pp. 250–264. Springer, Heidelberg (1996)

    Google Scholar 

  12. Memmi, G., Roucairol, G.: Linear algebra in net theory. In: Net Theory and Applications. LNCS, vol. 84, pp. 213–223 (1980)

    Google Scholar 

  13. Natarajan, V., Holzmann, G.J.: Outline for an operational semantics of promela. In: Grégoire, J.C., Holzmann, G.J., Peled, D.A. (eds.) The SPIN Verification System. Proceedings of the Second SPIN Workshop 1996. DIMACS, vol. 32, AMS, Providence (1997)

    Google Scholar 

  14. Selic, B., Gullekson, G., Ward, P.T.: Real-Time Object-Oriented Modelling. John Wiley & Sons, Inc., Chichester (1994)

    Google Scholar 

  15. Selic, B., Rumbaugh, J.: Using UML for modeling complex real-time systems (March 1998), http://www.rational.com/media/whitepapers/umlrt.pdf

  16. Weise, C.: An incremental formal semantics for promela. In: Proceedings of the Third SPIN Workshop, SPIN 1997 (1997)

    Google Scholar 

  17. Yen, H.: A unified approach for deciding the existence of certain Petri net paths. Information and Computation 96(1), 119–137 (1992)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Leue, S., Mayr, R., Wei, W. (2004). A Scalable Incomplete Test for Message Buffer Overflow in Promela Models. In: Graf, S., Mounier, L. (eds) Model Checking Software. SPIN 2004. Lecture Notes in Computer Science, vol 2989. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24732-6_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-24732-6_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-21314-7

  • Online ISBN: 978-3-540-24732-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics