Model Checking Programs - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

Model Checking Programs

Description:

Abstraction, static analysis, runtime analysis. Applications of JPF Tools ... Predicate Abstraction ... Create abstract state-graph during model checking ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 21
Provided by: gjl59
Category:

less

Transcript and Presenter's Notes

Title: Model Checking Programs


1
Model Checking Programs
  • Willem Visser, Klaus Havelund, Guillaume Brat
    and SeungJoon Park
  • ASE 2000

2002/4/16 Geum-ja Lee
2
Contents
  • Motivation
  • Java PathFinder (JPF)
  • Enabling Technologies
  • Abstraction, static analysis, runtime analysis
  • Applications of JPF Tools
  • Conclusions and Future Work

3
Motivation(1/2)
  • Model checking usually applied to designs
  • Some errors get introduced after designs
  • Design errors are missed due to lack of detail
  • Sometimes there is no design
  • More advantages of checking code
  • No lack of examples and users
  • Harder problem, therefore more novel solution
    required

4
Motivation(2/2)
  • Can model checking find errors in real programs?
  • Can model checker be used by programmer?
  • Only if it takes real programs as input
  • Why Java?
  • Contained Important modern language feature
  • Object-oriented, multi-threading
  • Convenient breakdown into bytecode instruction

5
ProblemTranslation Gap
Programs Heap Allocation Objects Exception Real
s
Model Checker Input Guarded Commands Arrays Inte
gers Process
???
6
First version of JPF
  • Translation from Java to Promela
  • Drawback of source to source translation
  • Language coverage
  • Language feature is not same
  • Source required
  • Translation from bytecode
  • Ex) BANDERA Tool

7
Java PathFinder (1/3)
Property (Java)
bytecode
Counter example Yes
Program (Java)
bytecode
JPF System Layout
8
Java PathFinder (2/3)
  • Verification and testing environment for Java
    which integrates model checking,  program
    analysis and testing
  • Properties
  • invariants and deadlock
  • LTL properties (integrated with Bandera)

9
Java PathFinder (3/3)
  • MC-JVM
  • Execute bytecode
  • Added new feature
  • Garbage collection
  • Nondeterministic Environments
  • Ex) Verify.Random(I), Verify.RandomBool(i)
  • Structure State
  • Explicit state model checking similar to Spin
  • DFS algorithm
  • Sacrificed speed in the process

10
Enabling Technologies
  • Property Preserving Slicing
  • Abstraction
  • Static analysis
  • Partial-order reduction
  • Runtime analysis
  • Deadlock detection
  • State Compression

11
Predicate Abstraction
  • Mapping of a concrete system to an abstract
    system, whose states correspond to truth values
    of a set of predicate
  • Two methods
  • Create abstract state-graph during model checking
  • Create abstract transition system before model
    checking

12
JPF Predicate Abstraction
  • Annotations used to indicate abstractions
  • Abstraction.remove(x)
  • Abstraction.remove(y)
  • Abstraction.addBoolean(EQ,xy)
  • Tool generates abstract Java program
  • Using Standford Validity Checker(SVC)
  • JVM is extended with nondeterminism
  • to handle over approximation

13
Static Analysis
  • Computing executable program slices
  • Partial-order reduction technique
  • Only one interleaving of independent statement is
    executed
  • Determine safe statements globally independent

14
Runtime Analysis
  • Observing an arbitrary execution trace
  • Used algorithm
  • Data race detection algorithm Eraser
  • (at Compaq)
  • Maintaining lock to variable
  • Locking order analysis (LockTree)
  • Potential deadlock detection

15
State Compression
  • To ensure termination, revisited state must be
    known during explicit state MC
  • Each state thread information static
    variables(in classes)dynamic variables(in
    objects)
  • State storing
  • Generalization of method from Spin
  • Component of JVM state is stored separately
  • Only indexes need to be compared

16
Applications JPF Tools(1/2)
  • The Remote Agent Spacecraft Controller
  • AI-based spacecraft controller
  • LISP code
  • Formally analyzed before and after flight
  • Three component
  • Executive system multi-threaded OS
  • Planner, Recovery system exchange message
  • Modeling
  • Two component modeled (event, task)
  • Based on suspicion from code review

17
  • Abstraction process
  • Remove counter variable
  • Abstraction.remove(count)
  • Abstraction.addBoolean
  • (EQ,countevent1.count)
  • Analysis
  • Error using Eraser data algorithm

The RAX Error in Java
18
Applications JPF Tools(2/2)
  • The DEOS Avionics Operating System
  • Real-time OS with Error in time-partitioning of
    thread
  • JPF1 verification
  • C code -gt Promela
  • Predicate abstraction by hand
  • JPF2 verification
  • Size - 14 Java classes (1000 lines),
  • Environment reused (443 lines)
  • Used Techniques - Partial-order reduction,
  • Abstraction by tool
  • Invariant error founded

19
Conclusions
  • Model checking at code level is worthwhile
  • Used Techniques to analyze Java software
  • Abstraction
  • static analysis
  • runtime analysis

20
Future work
  • Need to develop methods the construction of
    environment
  • Measure are needed
  • Ex) Coverage measure
  • (branch, method, condition/decision)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Model Checking Programs" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!