Skip to main content
SpringerLink
Log in

Exploiting traces in static program analysis: better model checking through \({{\tt printf}}\)s

  • TACAS 06
  • Published:
International Journal on Software Tools for Technology Transfer Aims and scope Submit manuscript

Abstract

From operating systems and web browsers to spacecraft, many software systems maintain a log of events that provides a partial history of execution, supporting post-mortem (or post-reboot) analysis. Unfortunately, bandwidth, storage limitations, and privacy concerns limit the information content of logs, making it difficult to fully reconstruct execution from these traces. This paper presents a technique for modifying a program such that it can produce exactly those executions consistent with a given (partial) trace of events, enabling efficient analysis of the reduced program. Our method requires no additional history variables to track log events, and it can slice away code that does not execute in a given trace. We describe initial experiences with implementing our ideas by extending the CBMC bounded model checker for C programs. Applying our technique to a small, 400-line file system written in C, we get more than three orders of magnitude improvement in running time over a naïve approach based on adding history variables, along with fifty- to eighty-fold reductions in the sizes of the SAT problems solved.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. http://stardust.jpl.nasa.gov/acronyms.html

  2. Agrawal, H., Horgan, J.R.: Dynamic program slicing. In: Programming Language Design and Implementation, pp. 246–256 (1990)

  3. Alpern, B., Wegman, M.N., Zadeck, F.K.: Detecting equality of variables in programs. In: Principles of Programming Languages, pp. 1–11 (1988)

  4. Ball, T.: The concept of dynamic analysis. In: European Software Engineering Conference/Foundations of Software Engineering, pp. 216–234 (1999)

  5. Biere, A.: The evolution from Limmat to Nanosat. Technical Report 444, Deptartment of Computer Science, ETH Zŭrich, (2004)

  6. Biere, A., Cimatti, A., Clarke, E.M., Zhu, Y.: Symbolic model checking without BDDs. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 193–207 (1999)

  7. Clarke, E.M., Emerson, E.: The design and synthesis of synchronization skeletons using temporal logic. In: Workshop on Logics of Programs, pp. 52–71 (1981)

  8. Clarke, E.M., Fujita, M., Rajan, S.P., Reps, T.W., Shankar, S., Teitelbaum, T.: Program slicing of hardware description languages. In: Correct Hardware Design and Verification Methods (CHARME), pp. 298–312 (1999)

  9. Clarke, E.M., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (2000)

    Google Scholar 

  10. Dijkstra, E.W.: A Discipline of Programming. Prentice-Hall, Englewood Cliffs (1976)

    MATH  Google Scholar 

  11. Dijkstra, E.W., Scholten, C.S.: Predicate Calculus and Program Semantics. Texts and Monographs in Computer Science. Springer, Heidelberg (1990)

    Google Scholar 

  12. Dwyer, M.B., Hatcliff, J., Hoosier, M., Prasad Ranganath, V., Robby, Wallentine, T.: Evaluating the effectiveness of slicing for model reduction of concurrent object-oriented programs. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 73–89 (2006)

  13. Een, N., Sorensson, N.: An extensible SAT-solver. In: Symposium on the Theory and Applications of Satisfiability Testing (SAT), pp. 502–518 (2003)

  14. Field, J., Ramalingam, G., Tip, F.: Parametric program slicing. In: Principles of Programming Languages, pp. 379–392 (1995)

  15. Flanagan, C., Rustan, K., Leino, M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings of the 2002 ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI), pp. 234–245 (2002)

  16. Flanagan, C., Saxe, J.B.: Avoiding exponential explosion: Generating compact verification conditions. In: Principles of Programming Languages, pp. 193–205 (2002)

  17. Gannod, G., Murthy, S.: Using log files to reconstruct state-based software architectures. In: WCRE’02 Workshop on Software Architecture Reconstruction (2002)

  18. Groce, A., Joshi, R.: Exploiting traces in program analysis. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 379–393 (2006)

  19. Hatcliff, J., Dwyer, M.B., Zheng, H.: Slicing software for model construction. High. Order Symb. Comput. 13(4), 315–353 (2000)

    Article  MATH  Google Scholar 

  20. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Principles of Programming Languages, pp. 58–70 (2002)

  21. Holzmann, G.J.: The SPIN Model Checker: Primer and Reference Manual. Addison-Wesley, Reading (2003)

    Google Scholar 

  22. Howard, Y., Gruner, S., Gravell, A.M., Ferreira, C., Augusto, J.C.: Model-based trace-checking. In: SoftTest: UK Software Testing Research Workshop II (2003)

  23. Jhala, R., Majumdar, R.: Path slicing. In: Programming Language Design and Implementation, pp. 38–47 (2005)

  24. Kroening, D., Clarke, E.M., Lerda, F.: A tool for checking ANSI-C programs. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 168–176 (2004)

  25. Kurshan, R.P.: Computer-Aided Verification of Coordinating Processes: The Automata- Theoretic Approach. Princeton University Press, New Jersey (1995)

    MATH  Google Scholar 

  26. Lal, A., Lim, J., Polishchuk, M., Liblit, B.: Path optimization in programs and its application to debugging. In: European Symposium on Programming, pp. 246–263 (2006)

  27. Rustan, K., Leino, M.: Efficient weakest preconditions. Inf. Process. Lett. 93(6), 281–288 (2005)

    Article  Google Scholar 

  28. Liblit, B., Aiken, A.: Building a better backtrace: Techniques for postmortem program analysis. Technical Report UCB CSD-02-1203, Computer Science Division, University of California at Berkeley (2002)

  29. Manevich, R., Sridharan, M., Adams, S., Das, M., Yang, Z.: PSE: explaining program failures via postmortem static analysis. In: Foundations of Software Engineering, pp. 63–72 (2004)

  30. Millett, L.I., Teitelbaum, T.: Slicing Promela and its applications to model checking, simulation, and protocol understanding. In: SPIN Workshop on Model Checking of Software, pp. 75–83 (1998)

  31. Morgan, C.: The specification statement. ACM Trans. Program. Lang. Syst. 10(3), 403–419 (1988)

    Article  MATH  Google Scholar 

  32. Moskewicz, M.W., Madigan, C.F., Zhao, Y., Zhang, L., Malik, S.: Chaff: engineering an efficient SAT solver. In: Design Automation Conference, pp. 530–535 (2001)

  33. Nelson, G.: A generalization of Dijkstra’s calculus. TOPLAS 11(4), 517–561 (1989)

    Article  Google Scholar 

  34. Petroski, H.: To Engineer is Human: The Role of Failure in Successful Design. St. Martin’s Press, New York (1985)

    Google Scholar 

  35. Qadeer, S., Rehof, J.: Context-bounded model checking of concurrent software. In: Tools and Algorithms for the Construction and Analysis of Systems, pp. 93–107 (2005)

  36. Queille, J.-P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: International Symposium on Programming, pp. 337–351 (1982)

  37. Rabinovitz, I., Grumberg, O.: Bounded model checking of concurrent programs. In: Computer-Aided Verification, pp. 82–97 (2005)

  38. Reeves, G., Neilson, T.: The Mars Rover Spirit Flash anomaly. In: IEEE Aerospace Conference (2005)

  39. Roger, M., Goubault-Larrecq, J.: Log auditing through model-checking. In: IEEE Workshop on Computer Security Foundations, pp. 220 (2001)

  40. Tip, F.: A survey of program slicing techniques. J. program. lang. 3, 121–189 (1995)

    Google Scholar 

  41. Visser, W., Havelund, K., Brat, G., Joon Park, S., Lerda, F.: Model checking programs. Autom. Softw Eng. 10(2), 203–232 (2003)

    Article  Google Scholar 

  42. Zeller, A.: Why Programs Fail: A Guide to Systematic Debugging. Morgan Kaufmann, San Fransisco (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory for Reliable Software, Jet Propulsion Laboratory, California Institute of Technology, Pasadena, CA, 91109, USA

    Alex Groce & Rajeev Joshi

Authors
  1. Alex Groce
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rajeev Joshi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Alex Groce.

Additional information

The work described in this paper was carried out at the Jet Propulsion Laboratory, California Institute of Technology, under a contract with the National Aeronautics and Space Administration.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Groce, A., Joshi, R. Exploiting traces in static program analysis: better model checking through \({{\tt printf}}\)s. Int J Softw Tools Technol Transf 10, 131–144 (2008). https://doi.org/10.1007/s10009-007-0058-6

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10009-007-0058-6

Keywords

Search

Navigation