Skip to main content
SpringerLink
Log in

Extending Model Checking with Dynamic Analysis

  • Conference paper
Verification, Model Checking, and Abstract Interpretation (VMCAI 2008)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 4905))

Abstract

In model-driven verification a model checker executes a program by embedding it within a test harness, thus admitting program verification without the need to translate the program, which runs as native code. Model checking techniques in which code is actually executed have recently gained popularity due to their ability to handle the full semantics of actual implementation languages and to support verification of rich properties. In this paper, we show that combination with dynamic analysis can, with relatively low overhead, considerably extend the capabilities of this style of model checking. In particular, we show how to use the CIL framework to instrument code in order to allow the SPIN model checker, when verifying C programs, to check additional properties, simulate system resets, and use local coverage information to guide the model checking search. An additional benefit of our approach is that instrumentations developed for model checking may be used without modification in testing or monitoring code. We are motivated by experience in applying model-driven verification to JPL-developed flight software modules, from which we take our example applications. We believe this is the first investigation in which an independent instrumentation for dynamic analysis has been integrated with model checking.

The work described in this paper was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration. Funding was also provided by NASA ESAS 6G.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ball, T.: The concept of dynamic analysis. In: European Software Engineering Conference/Foundations of Software Engineering, pp. 216–234 (1999)

    Google Scholar 

  2. Nethercote, N., Seward, J.: Valgrind: A framework for heavyweight dynamic binary instrumentation. In: Proceedings of the 2007 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI) (2007)

    Google Scholar 

  3. Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)

    Google Scholar 

  4. Kroening, D., Clarke, E.M., Lerda, F.: A tool for checking ANSI-C programs. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 168–176 (2004)

    Google Scholar 

  5. Ball, T., Rajamani, S.: Automatically validating temporal safety properties of interfaces. In: SPIN Workshop on Model Checking of Software, pp. 103–122 (2001)

    Google Scholar 

  6. Musuvathi, M., et al.: CMC: A pragmatic approach to model checking real code. In: Symposium on Operating System Design and Implementation (2002)

    Google Scholar 

  7. Holzmann, G.J., Joshi, R.: Model-driven software verification. In: SPIN Workshop on Model Checking of Software, pp. 76–91 (2004)

    Google Scholar 

  8. Groce, A., Holzmann, G., Joshi, R.: Randomized differential testing as a prelude to formal verification. In: International Conference on Software Engineering (2007)

    Google Scholar 

  9. Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003)

    Google Scholar 

  10. Holzmann, G.J., Bosnacki, D.: The design of a multi-core extension of the Spin model checker. IEEE Transactions on Software Engineering 33, 659–674 (2007)

    Article  Google Scholar 

  11. Leino, K.R.M.: Toward Reliable Modular Programs. PhD thesis, California Institute of Technology (1995)

    Google Scholar 

  12. Necula, G., et al.: CIL: Intermediate language and tools for analysis and transformation of C programs. In: International Conference on Compiler Construction, pp. 213–228 (2002)

    Google Scholar 

  13. Flanagan, C., et al.: Extended static checking for Java. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 234–245 (2002)

    Google Scholar 

  14. Burdy, L., et al.: An overview of JML tools and applications. International Journal on Software Tools for Technology Transfer 7, 212–232 (2005)

    Article  Google Scholar 

  15. Wing, J.M.: A two-tiered approach to specifying programs (1983)

    Google Scholar 

  16. Various: A collection of NAND Flash application notes, whitepapers and articles, http://www.data-io.com/NAND/NANDApplicationNotes.asp

  17. Dwyer, M., Person, S., Elbaum, S.G.: Controlling factors in evaluating path-sensitive error detection techniques. In: Foundations of Software Engineering, pp. 92–104 (2006)

    Google Scholar 

  18. IBM Rational Software: Purify: Advanced runtime error checking for C/C++ developers, http://www-306.ibm.com/software/awdtools/purify/

  19. Cowan, C., et al.: StackGuard: Automatic adaptive detection and prevention of buffer-overflow attacks. In: Proc. 7th USENIX Security Conference, pp. 63–78 (1998)

    Google Scholar 

  20. Musuvathi, M.: Email communications (2007)

    Google Scholar 

  21. Visser, W., et al.: Model checking programs. Automated Software Engineering 10(2), 203–232 (2003)

    Article  Google Scholar 

  22. Ernst, M., et al.: Dynamically discovering likely program invariants to support program evolution. In: International Conference on Software Engineering, pp. 213–224 (1999)

    Google Scholar 

  23. Groce, A., Visser, W.: What went wrong: Explaining counterexamples. In: SPIN Workshop on Model Checking of Software, pp. 121–135 (2003)

    Google Scholar 

  24. Godefroid, P.: Verisoft: A tool for the automatic analysis of concurrent software. In: Computer-Aided Verification, pp. 172–186 (1997)

    Google Scholar 

  25. Kroening, D., Groce, A., Clarke, E.M.: Counterexample guided abstraction refinement via program execution. In: International Conference on Formal Engineering Methods, pp. 224–238 (2004)

    Google Scholar 

  26. Havelund, K., Goldberg, A.: Verify your runs. In: Verified Software: Theories, Tools, Experiments (2005)

    Google Scholar 

  27. Havelund, K.: RMOR Version 2.0 user manual. Kestrel Technology, California, USA (2006)

    Google Scholar 

  28. Yang, J., et al.: Perracotta: Mining temporal API rules from imperfect traces. In: International Conference on Software Engineering, pp. 282–291 (2006)

    Google Scholar 

  29. Yang, J., Evans, D.: Dynamically inferring temporal properties. In: Workshop on Program Analysis For Software Tools and Engineering, pp. 23–28 (2004)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory for Reliable Software Jet Propulsion Laboratory California Institute of Technology, Pasadena, CA 91109, USA

    Alex Groce & Rajeev Joshi

Authors
  1. Alex Groce
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajeev Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Francesco Logozzo Doron A. Peled Lenore D. Zuck

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Groce, A., Joshi, R. (2008). Extending Model Checking with Dynamic Analysis. In: Logozzo, F., Peled, D.A., Zuck, L.D. (eds) Verification, Model Checking, and Abstract Interpretation. VMCAI 2008. Lecture Notes in Computer Science, vol 4905. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-78163-9_15

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-78163-9_15

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-78162-2

  • Online ISBN: 978-3-540-78163-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation