Abstract
In Promela, communication buffers are defined with a fixed length, and buffer overflows can be handled in two different ways: block the send statement or lose the message. Both solutions change the semantics of the system, compared to one with unbounded channels. The question arises, if such buffer overflows can ever occur in a given system and what buffer lengths are sufficient to avoid them. We describe a scalable incomplete boundedness test for the communication buffers in Promela models, which is based on overapproximation and static analysis. We first reduce Promela models to systems of communicating finite state machines (CFSMs) and then apply further abstractions that leave us with a system of linear inequalities. Those represent the message sending and receiving effect that the control flow cycles of every process have on any message buffer. The test tries to establish the existence of a linear combination of the effect vectors so that at least one message can occur an unbounded number of times. If no such linear combination exists then the system is bounded. We discuss the complexity of this test and present experimental results using our implementation in the IBOC system. Scalability of the test is in part due to the fact that it is polynomial for the type of sparse control flow graphs derived from Promela models. Also, the analysis is local, i.e., it avoids the combinatorial state space explosion due to concurrency of the models. We also present a method to derive upper bound estimates for the maximal occupancy of each individual message buffer. Previously, we have applied this approach to UML RT models, while in this paper we focus on the additional problems specific to Promela code: determining the potential message types of any channel, tracking potential contents of variables, channels passed as arguments to processes, channel assignments, channel arrays and parallel process creation.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abdulla, P., Jonsson, B.: Verifying Programs with Unreliable Channels. In: LICS 1993, IEEE, Los Alamitos (1993)
Bevier, W.R.: Towards an operational semantics of promela in acl2. In: Proceedings of the Third SPIN Workshop, SPIN 1997 (1997)
Bouajjani, A., Mayr, R.: Model checking lossy vector addition systems. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, p. 323. Springer, Heidelberg (1999)
Brand, D., Zafiropulo, P.: On communicating finite-state machines. Journal of the ACM 2(5), 323–342 (1983)
Esparza, J., Melzer, S.: Verification of safety properties using integer programming: Beyond the state equation. Formal Methods in System Design 16, 159–189 (2000)
Esparza, J., Nielsen, M.: Decidability issues for Petri nets - a survey. Journal of Informatics, Processing and Cybernetics 30(3), 143–160 (1994)
Holzmann, G.J.: The Spin Model Checker - Primer and Reference Manual. Addison-Wesley, Reading (2004)
Jeron, T., Jard, C.: Testing for unboundedness of fifo channels. Theoretical Computer Science (113), 93–117 (1993)
Kamel, M., Leue, S.: Formalization and validation of the general inter-orb protocol (GIOP) using Promela and SPIN. In: Software Tools for Technology Transfer (STTT), vol. 2, pp. 394–409 (2000)
Leue, S., Mayr, R., Wei, W.: A scalable incomplete test for the boundedness of UML RT models. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 327–341. Springer, Heidelberg (2004)
Melzer, S., Esparza, J.: Checking system properties via integer programming. In: Riis Nielson, H. (ed.) ESOP 1996. LNCS, vol. 1058, pp. 250–264. Springer, Heidelberg (1996)
Memmi, G., Roucairol, G.: Linear algebra in net theory. In: Net Theory and Applications. LNCS, vol. 84, pp. 213–223 (1980)
Natarajan, V., Holzmann, G.J.: Outline for an operational semantics of promela. In: Grégoire, J.C., Holzmann, G.J., Peled, D.A. (eds.) The SPIN Verification System. Proceedings of the Second SPIN Workshop 1996. DIMACS, vol. 32, AMS, Providence (1997)
Selic, B., Gullekson, G., Ward, P.T.: Real-Time Object-Oriented Modelling. John Wiley & Sons, Inc., Chichester (1994)
Selic, B., Rumbaugh, J.: Using UML for modeling complex real-time systems (March 1998), http://www.rational.com/media/whitepapers/umlrt.pdf
Weise, C.: An incremental formal semantics for promela. In: Proceedings of the Third SPIN Workshop, SPIN 1997 (1997)
Yen, H.: A unified approach for deciding the existence of certain Petri net paths. Information and Computation 96(1), 119–137 (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Leue, S., Mayr, R., Wei, W. (2004). A Scalable Incomplete Test for Message Buffer Overflow in Promela Models. In: Graf, S., Mounier, L. (eds) Model Checking Software. SPIN 2004. Lecture Notes in Computer Science, vol 2989. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24732-6_16
Download citation
DOI: https://doi.org/10.1007/978-3-540-24732-6_16
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-21314-7
Online ISBN: 978-3-540-24732-6
eBook Packages: Springer Book Archive