Abstract
In model-driven verification a model checker executes a program by embedding it within a test harness, thus admitting program verification without the need to translate the program, which runs as native code. Model checking techniques in which code is actually executed have recently gained popularity due to their ability to handle the full semantics of actual implementation languages and to support verification of rich properties. In this paper, we show that combination with dynamic analysis can, with relatively low overhead, considerably extend the capabilities of this style of model checking. In particular, we show how to use the CIL framework to instrument code in order to allow the SPIN model checker, when verifying C programs, to check additional properties, simulate system resets, and use local coverage information to guide the model checking search. An additional benefit of our approach is that instrumentations developed for model checking may be used without modification in testing or monitoring code. We are motivated by experience in applying model-driven verification to JPL-developed flight software modules, from which we take our example applications. We believe this is the first investigation in which an independent instrumentation for dynamic analysis has been integrated with model checking.
The work described in this paper was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration. Funding was also provided by NASA ESAS 6G.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Ball, T.: The concept of dynamic analysis. In: European Software Engineering Conference/Foundations of Software Engineering, pp. 216–234 (1999)
Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (2007)
Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)
Kroening, D., Clarke, E.M., Lerda, F.: A tool for checking ANSI-C programs. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 168–176 (2004)
Ball, T., Rajamani, S.: Automatically validating temporal safety properties of interfaces. In: SPIN Workshop on Model Checking of Software, pp. 103–122 (2001)
Musuvathi, M., et al.: CMC: A pragmatic approach to model checking real code. In: Symposium on Operating System Design and Implementation (2002)
Holzmann, G.J., Joshi, R.: Model-driven software verification. In: SPIN Workshop on Model Checking of Software, pp. 76–91 (2004)
Groce, A., Holzmann, G., Joshi, R.: Randomized differential testing as a prelude to formal verification. In: International Conference on Software Engineering (2007)
Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003)
Holzmann, G.J., Bosnacki, D.: The design of a multi-core extension of the Spin model checker. IEEE Transactions on Software Engineering 33, 659–674 (2007)
Leino, K.R.M.: Toward Reliable Modular Programs. PhD thesis, California Institute of Technology (1995)
Necula, G., et al.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: International Conference on Compiler Construction, pp. 213–228 (2002)
Flanagan, C., et al.: Extended static checking for Java. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 234–245 (2002)
Burdy, L., et al.: An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer 7, 212–232 (2005)
Wing, J.M.: A two-tiered approach to specifying programs (1983)
Various: A collection of NAND Flash application notes, whitepapers and articles, http://www.data-io.com/NAND/NANDApplicationNotes.asp
Dwyer, M., Person, S., Elbaum, S.G.: Controlling factors in evaluating path-sensitive error detection techniques. In: Foundations of Software Engineering, pp. 92–104 (2006)
IBM Rational Software: Purify: Advanced runtime error checking for C/C++ developers, http://www-306.ibm.com/software/awdtools/purify/
Cowan, C., et al.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, pp. 63–78 (1998)
Musuvathi, M.: Email communications (2007)
Visser, W., et al.: Model checking programs. Automated Software Engineering 10(2), 203–232 (2003)
Ernst, M., et al.: Dynamically discovering likely program invariants to support program evolution. In: International Conference on Software Engineering, pp. 213–224 (1999)
Groce, A., Visser, W.: What went wrong: Explaining counterexamples. In: SPIN Workshop on Model Checking of Software, pp. 121–135 (2003)
Godefroid, P.: Verisoft: A tool for the automatic analysis of concurrent software. In: Computer-Aided Verification, pp. 172–186 (1997)
Kroening, D., Groce, A., Clarke, E.M.: Counterexample guided abstraction refinement via program execution. In: International Conference on Formal Engineering Methods, pp. 224–238 (2004)
Havelund, K., Goldberg, A.: Verify your runs. In: Verified Software: Theories, Tools, Experiments (2005)
Havelund, K.: RMOR Version 2.0 user manual. Kestrel Technology, California, USA (2006)
Yang, J., et al.: Perracotta: Mining temporal API rules from imperfect traces. In: International Conference on Software Engineering, pp. 282–291 (2006)
Yang, J., Evans, D.: Dynamically inferring temporal properties. In: Workshop on Program Analysis For Software Tools and Engineering, pp. 23–28 (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Groce, A., Joshi, R. (2008). Extending Model Checking with Dynamic Analysis. In: Logozzo, F., Peled, D.A., Zuck, L.D. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2008. Lecture Notes in Computer Science, vol 4905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78163-9_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-78163-9_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-78162-2
Online ISBN: 978-3-540-78163-9
eBook Packages: Computer ScienceComputer Science (R0)