Model Checking Software Using The Bogor Framework

Slides:



Advertisements
Similar presentations
Chapter 22 Implementing lists: linked implementations.
Advertisements

Chapter 23 Organizing list implementations. This chapter discusses n The notion of an iterator. n The standard Java library interface Collection, and.
Copyright © 2006 The McGraw-Hill Companies, Inc. Programming Languages 2nd edition Tucker and Noonan Chapter 18 Program Correctness To treat programming.
Lists and the Collection Interface Chapter 4. Chapter Objectives To become familiar with the List interface To understand how to write an array-based.
ITEC200 Week04 Lists and the Collection Interface.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Analyzing Interaction Orderings with Model Checking Support US National Science Foundation (NSF CISE/SEL) US Department of Defense Advanced Research Projects.
George Blank University Lecturer. CS 602 Java and the Web Object Oriented Software Development Using Java Chapter 4.
1 BOGOR – A Flexible Framework For Creating Model Checkers Presented by : Roli Shrivastava 20 March 2007.
Bogor Support US Army Research Office (ARO) US National Science Foundation (NSF) US Department of Defense Advanced Research Projects Agency (DARPA) Rockwell-Collins.
Lists and the Collection Interface Chapter 4. Chapter 4: Lists and the Collection Interface2 Chapter Objectives To become familiar with the List interface.
Fall 2007CS 2251 Lists and the Collection Interface Chapter 4.
CHAPTER 6 Stacks Array Implementation. 2 Stacks A stack is a linear collection whose elements are added and removed from one end The last element to be.
Copyright © 2009 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Java Software Solutions Foundations of Program Design Sixth Edition by Lewis.
OOP Languages: Java vs C++
Introduction to Java Appendix A. Appendix A: Introduction to Java2 Chapter Objectives To understand the essentials of object-oriented programming in Java.
Programming Languages and Paradigms Object-Oriented Programming.
1 Inheritance and Polymorphism Chapter 9. 2 Polymorphism, Dynamic Binding and Generic Programming public class Test { public static void main(String[]
Domain-specific Model Checking with Bogor SAnToS Laboratory, Kansas State University, USA US Army Research Office (ARO)
1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.
Arrays and ArrayLists in Java L. Kedigh. Array Characteristics List of values. A list of values where every member is of the same type. Each member in.
CS 112 Department of Computer Science George Mason University CS 112 Department of Computer Science George Mason University Final Review Lecture 14.
Some Other Collections: Bags, Sets, Queues and Maps COMP T2 Lecture 4 School of Engineering and Computer Science, Victoria University of Wellington.
Selected Topics in Software Engineering - Distributed Software Development.
Data Design and Implementation. Definitions of Java TYPES Atomic or primitive type A data type whose elements are single, non-decomposable data items.
1/20/03A2-1 CS494 Interfaces and Collection in Java.
CS-2852 Data Structures LECTURE 7A Andrew J. Wozniewicz Image copyright © 2010 andyjphoto.com.
Model construction and verification for dynamic programming languages Radu Iosif
An extensible and highly-modular model checking framework SAnToS Laboratory, Kansas State University, USA Matt Dwyer.
Stacks and Queues. 2 3 Runtime Efficiency efficiency: measure of computing resources used by code. can be relative to speed (time), memory (space), etc.
BEGINNING PROGRAMMING.  Literally – giving instructions to a computer so that it does what you want  Practically – using a programming language (such.
Domain-specific Model Checking with Bogor SAnToS Laboratory, Kansas State University, USA US Army Research Office (ARO)
Inheritance. Inheritance - Introduction Idea behind is to create new classes that are built on existing classes – you reuse the methods and fields and.
Building Java Programs Bonus Slides Hashing. 2 Recall: ADTs (11.1) abstract data type (ADT): A specification of a collection of data and the operations.
Chapter 3 Collections. Objectives  Define the concepts and terminology related to collections  Explore the basic structures of the Java Collections.
1 Bogor – Software Model Checking Framework Presented by: Arpita Gandhi.
U n i v e r s i t y o f H a i l 1 ICS 202  2011 spring  Data Structures and Algorithms 
Chapter 8 Class Inheritance and Interfaces F Superclasses and Subclasses  Keywords: super F Overriding methods  The Object Class  Modifiers: protected,
1 Stacks (Continued) and Queues Array Stack Implementation Linked Stack Implementation The java.util.Stack class Queue Abstract Data Type (ADT) Queue ADT.
Iterators ITI 1121 N. El Kadri. Motivation Given a (singly) linked-list implementation of the interface List, defined as follows, public interface List.
Domain-specific Model Checking with Bogor SAnToS Laboratory, Kansas State University, USA US Army Research Office (ARO)
CSC 243 – Java Programming, Spring, 2014 Week 4, Interfaces, Derived Classes, and Abstract Classes.
OOPSLA Lab1 Chapter 7 Java Binding Prof. Hyoung-Joo Kim OOPSLA Lab. Dept. of Computer Engineering Seoul National University.
RealTimeSystems Lab Jong-Koo, Lim
CSC 243 – Java Programming, Fall, 2008 Tuesday, September 30, end of week 5, Interfaces, Derived Classes, and Abstract Classes.
 It is a pure oops language and a high level language.  It was developed at sun microsystems by James Gosling.
Lists and the Collection Interface Chapter 4. Chapter 4: Lists and the Collection Interface2 Chapter Objectives To become familiar with the List interface.
Stacks and Queues. 2 Abstract Data Types (ADTs) abstract data type (ADT): A specification of a collection of data and the operations that can be performed.
C11, Implications of Inheritance
Using the Java Collection Libraries COMP 103 # T2
Lecture 10 Collections Richard Gesick.
Sixth Lecture ArrayList Abstract Class and Interface
JAVA MULTIPLE CHOICE QUESTION.
Chapter No. : 1 Introduction to Java.
Stacks.
Model Checking Software Using The Bogor Framework
Space-Reduction Strategies for Model Checking Dynamic Software
CS360 Windows Programming
slides created by Marty Stepp and Hélène Martin
slides adapted from Marty Stepp and Hélène Martin
CSE 143 Lecture 25 Set ADT implementation; hashing read 11.2
Copyright © Aiman Hanna All rights reserved
Introduction to Data Structure
CSE 373 Separate chaining; hash codes; hash maps
Data Structures & Algorithms
slides created by Marty Stepp and Hélène Martin
The Bogor Model Checking Framework
A type is a collection of values
slides created by Marty Stepp and Hélène Martin
Presentation transcript:

Model Checking Software Using The Bogor Framework SAnToS Laboratory, Kansas State University, USA http://bogor.projects.cis.ksu.edu Matthew B. Dwyer John Hatcliff Robby [45sec] Session III: BIR Extensions Support US Army Research Office (ARO) US National Science Foundation (NSF) US Department of Defense Advanced Research Projects Agency (DARPA) Boeing Honeywell Technology Center IBM Intel Lockheed Martin NASA Langley Rockwell-Collins ATC Sun Microsystems

Customization Mechanisms Bogor -- Extensible Modeling Language Core Modeling Language Threads, Objects, Methods, Exceptions, etc. Domain-Specific Abstractions + Bogor -- Customizable Checking Engine Modules Scheduling Strategy State-space Exploration State Representation Core Checker Modules Customized Checker Modules …existing modules… Domain-Specific Scheduler Domain-Specific Search Domain-Specific State Rep.

Extensible Input Language — Resource Contention Example Process#1 Process#2 acquire acquire release release Resource Pool release release 1 minute for the next three slides acquire acquire Process#3 Process#4

Extensible Input Language — Resource Contention Example Process#1 Process#2 Resource Pool acquire acquire Process#3 Process#4

Extensible Input Language — Resource Contention Example Process#1 Process#2 how do we represent the resource pool if we only care about whether a resource is acquired or not? Resource Pool release release how do we encode the representation in the model? Process#3 Process#4 imagine using an array to represent the resource pool

Domain-Specific Modeling Bogor -- Extensible Modeling Language New Bogor types and primitives + create() choose() add() forAll() … Set.type<‘a> Threads, Objects, Methods, Exceptions, etc. IValue choose(…) { Bogor API calls… } Java implementation of new values and new primitives inside model-checker IValue forAll(…) { class SetValue implements IValue { byte[] linearize(…) { } … … Core Modeling Language

Modeling Language Extensions Bogor allows definitions of new abstract types and abstract operations as first-class constructs A new type to represent polymorphic symmetric sets extension Set for SetModule { typedef type<‘a>; expdef Set.type<‘a> create<‘a>(‘a ...); expdef ‘a choose<‘a>(Set.type<‘a>); actiondef add<‘a>(Set.type<‘a>, ‘a); actiondef remove<‘a>(Set.type<‘a>, ‘a); expdef boolean forAll<‘a>(‘a -> boolean, Set.type<‘a>); } 1 minutes 30 seconds up to domain-specific modeling slide

Modeling Language Extensions Bogor allows definitions of new abstract types and abstract operations as first-class constructs extension Set for SetModule { typedef type<‘a>; expdef Set.type<‘a> create<‘a>(‘a ...); expdef ‘a choose<‘a>(Set.type<‘a>); actiondef add<‘a>(Set.type<‘a>, ‘a); actiondef remove<‘a>(Set.type<‘a>, ‘a); expdef boolean forAll<‘a>(‘a -> boolean, Set.type<‘a>); } Variable arity function for creating symmetric sets

Modeling Language Extensions Bogor allows definitions of new abstract types and abstract operations as first-class constructs extension Set for SetModule { typedef type<‘a>; expdef Set.type<‘a> create<‘a>(‘a ...); expdef ‘a choose<‘a>(Set.type<‘a>); actiondef add<‘a>(Set.type<‘a>, ‘a); actiondef remove<‘a>(Set.type<‘a>, ‘a); expdef boolean forAll<‘a>(‘a -> boolean, Set.type<‘a>); } Non-deterministically pick an element of the set to return

Modeling Language Extensions Bogor allows definitions of new abstract types and abstract operations as first-class constructs extension Set for SetModule { typedef type<‘a>; expdef Set.type<‘a> create<‘a>(‘a ...); expdef ‘a choose<‘a>(Set.type<‘a>); actiondef add<‘a>(Set.type<‘a>, ‘a); actiondef remove<‘a>(Set.type<‘a>, ‘a); expdef boolean forAll<‘a>(‘a -> boolean, Set.type<‘a>); } Predicate on set element Set value to interate over Higher-order function implements quantification over set elements

Domain-Specific Modeling Bogor -- Extensible Modeling Language New Bogor types and primitives + create() choose() add() forAll() … Set.type<‘a> Threads, Objects, Methods, Exceptions, etc. IValue choose(…) { Bogor API calls… } Java implementation of new values and new primitives inside model-checker IValue forAll(…) { class SetValue implements IValue { byte[] linearize(…) { } … … Core Modeling Language

Extension Implementation Implementing the set value for the set type operations on the value e.g., add, remove, isEmpty, etc. visitor pattern for the value used for linearization, etc. linearization for state storage fine-grained control over the value representation XML externalization for counter-example display 1 minute 30 seconds

Extension Implementation Implementing the set value for the set type public interface ISetValue extends INonPrimitiveExtValue { void add(IValue v); boolean contains(IValue v); IValue[] elements(); boolean isEmpty(); void remove(IValue v); } Create an interface for all implementations of set values

Extension Implementation Implementing the set value for the set type public class ReferenceElementSetValue implements ISetValue { protected HashSet set = new HashSet(); public void add(IValue v) { set.add(v); } public boolean contains(IValue v) { return set.contains(v); } public boolean isEmpty() { return set.size() == 0; } public void remove(IValue v) { set.remove(v); } public IValue[] elements() { Object[] elements = set.toArray(); orderValues(elements); IValue[] result = new IValue[elements.length]; System.arraycopy(elements, 0, result, 0, elements.length); return result; } … A set value implementation where its elements are of reference types

Extension Implementation Implementing the set value for the set type public class ReferenceElementSetValue implements ISetValue { protected HashSet set = new HashSet(); public void add(IValue v) { set.add(v); } public boolean contains(IValue v) { return set.contains(v); } public boolean isEmpty() { return set.size() == 0; } public void remove(IValue v) { set.remove(v); } public IValue[] elements() { Object[] elements = set.toArray(); orderValues(elements); IValue[] result = new IValue[elements.length]; System.arraycopy(elements, 0, result, 0, elements.length); return result; } … Reuse Java collection class

Extension Implementation Implementing the set value for the set type Most set operations are wrapper calls to HashSet methods public class ReferenceElementSetValue implements ISetValue { protected HashSet set = new HashSet(); public void add(IValue v) { set.add(v); } public boolean contains(IValue v) { return set.contains(v); } public boolean isEmpty() { return set.size() == 0; } public void remove(IValue v) { set.remove(v); } public IValue[] elements() { Object[] elements = set.toArray(); orderValues(elements); IValue[] result = new IValue[elements.length]; System.arraycopy(elements, 0, result, 0, elements.length); return result; } … order elements for consistency

Extension Implementation Implementing the set value for the set type operations on the value e.g., add, remove, isEmpty, etc. visitor pattern for the value used for garbage collection, etc. linearization for state storage fine-grained control over the value representation XML externalization for counter-example display 1 minute 30 seconds

Extension Implementation Implementing the visitor pattern for set values public class ReferenceElementSetValue implements ISetValue { public IValue[] elements() { … } public void visit(…, boolean depthFirst, Set seen, LinkedList workList, …) { IValue[] elements = elements(); if (depthFirst) { for (int i = 0; i < elements.length; i++) { workList.addFirst(elements[i]); } } else { workList.add(elements[i]); … Visitor pattern for traversing element values in the set (used for GC, symmetry, etc.)

Extension Implementation Implementing the set value for the set type operations on the value e.g., add, remove, isEmpty, etc. visitor pattern for the value used for garbage collection, etc. linearization for state storage fine-grained control over the value representation XML externalization for counter-example display 1 minute 30 seconds

Extension Implementation Implementing the linearization function public class ReferenceElementSetValue implements ISetValue { public byte[][] linearize(int bitsPerNonPrimitiveValue, ObjectIntTable nonPrimitiveValueIdMap, …) { IValue[] elements = elements(); BitBuffer bb = new BitBuffer(); if (elements.length > 0) { int[] elementIds = new int[elements.length]; for (int i = 0; i < elements.length; i++) { elementIds[i] = nonPrimitiveValueIdMap.get(elements[i]); } Arrays.sort(elementIds); bb.append(elementIds[i], bitsPerNonPrimitiveValue); return new byte[][] { bb.toByteArray() }; … Convert the set value to a bit vector for state storage

Extensible Input Language — Set Extension Example (Semantics) R G B Suppose the references to resources are represented as integers R, G, B The state of the set consists of encodings of the references to resources <R,G,B> …convert to canonical order! <B,G,R>

Extension Implementation Implementing the set value for the set type operations on the value e.g., add, remove, isEmpty, etc. visitor pattern for the value used for garbage collection, etc. linearization for state storage fine-grained control over the value representation XML externalization for counter-example display 1 minute 30 seconds

Extension Implementation Implementing the XML externalization public class ReferenceElementSetValue implements ISetValue { public void externalize(PrintWriter pw, INonPrimitiveValueIdTracker npvIdTracker) { IValue[] elements = elements(); pw.println("<fields>"); Type elementType = type.getTypeArg(0); for (int i = 0; i < elements.length; i++) { pw.println("<field>"); pw.println("<id>element</id>"); INonPrimitiveValue value = (INonPrimitiveValue) elements[i]; pw.print("<value type=\""); pw.print(Util.encodeXML(elementType.toString())); pw.print("\" val=\""); pw.print(npvIdTracker.getNonPrimitiveValueId(value)); pw.print("\""); pw.println(" />"); pw.println("</field>"); } pw.println("</fields>"); pw.flush(); … Convert the set value to an XML representation for counter-example display

Extension Implementation Implementing the XML externalization <element id="Set.type<Resource>#1" isExt="true"> <fields> <field> <id>element</id> <value type="Resource" val="Disk#1"/> </field> <value type="Resource" val="Disk#2"/> <value type="Resource" val="Display#1"/> </fields> </element> An example XML representation of a set value with three elements: Disk#1, Disk#2, Display#1

Domain-Specific Modeling Bogor -- Extensible Modeling Language New Bogor types and primitives + create() choose() add() forAll() … Set.type<‘a> Threads, Objects, Methods, Exceptions, etc. IValue choose(…) { Bogor API calls… } Java implementation of new values and new primitives inside model-checker IValue forAll(…) { class SetValue implements IValue { byte[] linearize(…) { } … … Core Modeling Language

Extension Implementation Implementing the set operations for the set type set module extension set creation non-deterministically choose a set element adding an element 1 minute 30 seconds

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected SymbolTable symbolTable; protected TypeFactory tf; protected IExpEvaluator ee; protected IValueFactory vf; protected ISchedulingStrategist ss; public String getCopyrightNotice() { return null; } public void setOptions(String key, Properties options) {} public void connect(IBogorConfiguration bc) { symbolTable = bc.getSymbolTable(); tf = symbolTable.getTypeFactory(); ee = bc.getExpEvaluator(); ss = bc.getSchedulingStrategist(); vf = bc.getValueFactory(); } public void dispose() { symbolTable = tf = ee = ss = vf = null; … The set module must implement IModule

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected SymbolTable symbolTable; protected TypeFactory tf; protected IExpEvaluator ee; protected IValueFactory vf; protected ISchedulingStrategist ss; public String getCopyrightNotice() { return null; } public void setOptions(String key, Properties options) {} public void connect(IBogorConfiguration bc) { symbolTable = bc.getSymbolTable(); tf = symbolTable.getTypeFactory(); ee = bc.getExpEvaluator(); ss = bc.getSchedulingStrategist(); vf = bc.getValueFactory(); } public void dispose() { symbolTable = tf = ee = ss = vf = null; … Store references to other Bogor modules as needed

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected SymbolTable symbolTable; protected TypeFactory tf; protected IExpEvaluator ee; protected IValueFactory vf; protected ISchedulingStrategist ss; public String getCopyrightNotice() { return null; } public void setOptions(String key, Properties options) {} public void connect(IBogorConfiguration bc) { symbolTable = bc.getSymbolTable(); tf = symbolTable.getTypeFactory(); ee = bc.getExpEvaluator(); ss = bc.getSchedulingStrategist(); vf = bc.getValueFactory(); } public void dispose() { symbolTable = tf = ee = ss = vf = null; … Used for displaying copyright notices

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected SymbolTable symbolTable; protected TypeFactory tf; protected IExpEvaluator ee; protected IValueFactory vf; protected ISchedulingStrategist ss; public String getCopyrightNotice() { return null; } public void setOptions(String key, Properties options) {} public void connect(IBogorConfiguration bc) { symbolTable = bc.getSymbolTable(); tf = symbolTable.getTypeFactory(); ee = bc.getExpEvaluator(); ss = bc.getSchedulingStrategist(); vf = bc.getValueFactory(); } public void dispose() { symbolTable = tf = ee = ss = vf = null; … Used for setting options of Bogor modules

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected SymbolTable symbolTable; protected TypeFactory tf; protected IExpEvaluator ee; protected IValueFactory vf; protected ISchedulingStrategist ss; public String getCopyrightNotice() { return null; } public void setOptions(String key, Properties options) {} public void connect(IBogorConfiguration bc) { symbolTable = bc.getSymbolTable(); tf = symbolTable.getTypeFactory(); ee = bc.getExpEvaluator(); ss = bc.getSchedulingStrategist(); vf = bc.getValueFactory(); } public void dispose() { symbolTable = tf = ee = ss = vf = null; … Connect to other Bogor modules

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected SymbolTable symbolTable; protected TypeFactory tf; protected IExpEvaluator ee; protected IValueFactory vf; protected ISchedulingStrategist ss; public String getCopyrightNotice() { return null; } public void setOptions(String key, Properties options) {} public void connect(IBogorConfiguration bc) { symbolTable = bc.getSymbolTable(); tf = symbolTable.getTypeFactory(); ee = bc.getExpEvaluator(); ss = bc.getSchedulingStrategist(); vf = bc.getValueFactory(); } public void dispose() { symbolTable = tf = ee = ss = vf = null; … Unlink references to other Bogor modules

Extension Implementation Implementing the set operations for the set type set module extension set creation non-deterministically choose a set element adding an element 1 minute 30 seconds

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // expdef Set.type<'a> create<'a>('a ...); public IValue create(IExtArguments arg) { if (arg.getTypeVariableArgument(0) instanceof NonPrimitiveType) { ISetValue result = new ReferenceElementSetValue( (NonPrimitiveExtType) arg.getExpType(), vf.newReferenceId()); int size = arg.getArgumentCount(); for (int i = 0; i < size; i++) { result.add(arg.getArgument(i)); } return result; else if … … If the type argument is reference type then use the previously implemented set value

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // expdef Set.type<'a> create<'a>('a ...); public IValue create(IExtArguments arg) { if (arg.getTypeVariableArgument(0) instanceof NonPrimitiveType) { ISetValue result = new ReferenceElementSetValue( (NonPrimitiveExtType) arg.getExpType(), vf.newReferenceId()); int size = arg.getArgumentCount(); for (int i = 0; i < size; i++) { result.add(arg.getArgument(i)); } return result; else if … … Add arguments to the set value

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // expdef Set.type<'a> create<'a>('a ...); public IValue create(IExtArguments arg) { if (arg.getTypeVariableArgument(0) instanceof NonPrimitiveType) { ISetValue result = new ReferenceElementSetValue( (NonPrimitiveExtType) arg.getExpType(), vf.newReferenceId()); int size = arg.getArgumentCount(); for (int i = 0; i < size; i++) { result.add(arg.getArgument(i)); } return result; else if … … other element types are handled differently (more efficiently)

Extension Implementation Implementing the set operations for the set type set module extension set creation non-deterministically choose a set element adding an element 1 minute 30 seconds

ISchedulingStrategist Used to determine enabled transitions: isEnabled(), getEnabledTransformations() which transition to take: advise() create strategy info

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // expdef 'a choose<'a>(Set.type<'a>); public IValue choose(IExtArguments arg) { ISetValue set = (ISetValue) arg.getArgument(0); IValue[] elements = set.elements(); int size = elements.length; int index = 0; if (size > 1) { index = ss.advise(arg.getExtDesc(), arg.getNode(), elements, arg.getSchedulingStrategyInfo()); } return elements[index]; … Get the set value

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // expdef 'a choose<'a>(Set.type<'a>); public IValue choose(IExtArguments arg) { ISetValue set = (ISetValue) arg.getArgument(0); IValue[] elements = set.elements(); int size = elements.length; int index = 0; if (size > 1) { index = ss.advise(arg.getExtDesc(), arg.getNode(), elements, arg.getSchedulingStrategyInfo()); } return elements[index]; … Get the set elements

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // expdef 'a choose<'a>(Set.type<'a>); public IValue choose(IExtArguments arg) { ISetValue set = (ISetValue) arg.getArgument(0); IValue[] elements = set.elements(); int size = elements.length; int index = 0; if (size > 1) { index = ss.advise(arg.getExtDesc(), arg.getNode(), elements, arg.getSchedulingStrategyInfo()); } return elements[index]; … Ask the scheduler which one to pick if there are two or more elements

Extension Implementation Implementing the set operations for the set type set module extension set creation non-deterministically choose a set element adding an element 1 minute 30 seconds

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // actiondef add<'a>(Set.type<'a>, 'a); public IBacktrackingInfo[] add(IExtArguments arg) { ISetValue set = (ISetValue) arg.getArgument(0); IValue element = (IValue) arg.getArgument(1); if (!set.contains(element)) { set.add(element); ISchedulingStrategyContext ssc = arg.getSchedulingStrategyContext(); return new IBacktrackingInfo[] { createAddBacktrackingInfo(set, element, arg.getNode() ssc.getStateId(), ssc.getThreadId(), arg.getSchedulingStrategyInfo()) }; } else { return new IBacktrackingInfo[0]; } … Get the set and the element

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // actiondef add<'a>(Set.type<'a>, 'a); public IBacktrackingInfo[] add(IExtArguments arg) { ISetValue set = (ISetValue) arg.getArgument(0); IValue element = (IValue) arg.getArgument(1); if (!set.contains(element)) { set.add(element); ISchedulingStrategyContext ssc = arg.getSchedulingStrategyContext(); return new IBacktrackingInfo[] { createAddBacktrackingInfo(set, element, arg.getNode() ssc.getStateId(), ssc.getThreadId(), arg.getSchedulingStrategyInfo()) }; } else { return new IBacktrackingInfo[0]; } … Add the element if it is not already in the set value

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // actiondef add<'a>(Set.type<'a>, 'a); public IBacktrackingInfo[] add(IExtArguments arg) { ISetValue set = (ISetValue) arg.getArgument(0); IValue element = (IValue) arg.getArgument(1); if (!set.contains(element)) { set.add(element); ISchedulingStrategyContext ssc = arg.getSchedulingStrategyContext(); return new IBacktrackingInfo[] { createAddBacktrackingInfo(set, element, arg.getNode() ssc.getStateId(), ssc.getThreadId(), arg.getSchedulingStrategyInfo()) }; } else { return new IBacktrackingInfo[0]; } … Create the backtracking information

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { // actiondef add<'a>(Set.type<'a>, 'a); public IBacktrackingInfo[] add(IExtArguments arg) { ISetValue set = (ISetValue) arg.getArgument(0); IValue element = (IValue) arg.getArgument(1); if (!set.contains(element)) { set.add(element); ISchedulingStrategyContext ssc = arg.getSchedulingStrategyContext(); return new IBacktrackingInfo[] { createAddBacktrackingInfo(set, element, arg.getNode() ssc.getStateId(), ssc.getThreadId(), arg.getSchedulingStrategyInfo()) }; } else { return new IBacktrackingInfo[0]; } … If the element is already in the set then do nothing

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected IBacktrackingInfo createAddBacktrackingInfo( final ISetValue set, final IValue element, … ) { return new IBacktrackingInfo() { public void backtrack(IState state) { set.remove(element); } public IBacktrackingInfo clone(Map cloneMap) { return createAddBacktrackingInfo( (ISetValue) cloneMap.get(set), (IValue) ((element instanceof INonPrimitiveValue) ? cloneMap.get(element) : element), node, stateId, threadId, ssi.clone(cloneMap)); … }; Backtrack by removing the element from the set

Extension Implementation Implementing the set operations for the set type public class SetModule implements IModule { protected IBacktrackingInfo createAddBacktrackingInfo( final ISetValue set, final IValue element, … ) { return new IBacktrackingInfo() { public void backtrack(IState state) { set.remove(element); } public IBacktrackingInfo clone(Map cloneMap) { return createAddBacktrackingInfo( (ISetValue) cloneMap.get(set), (IValue) ((element instanceof INonPrimitiveValue) ? cloneMap.get(element) : element), node, stateId, threadId, ssi.clone(cloneMap)); … }; (Deep) clone the backtracking information

A BIR Example ¡ Resource Contention Demo Model with the Set extension Incorporating the extension in the Bogor Eclipse plugin Run the example invalid end state invariant checking

Assessments Bogor provides a clean and well-designed framework for extending its modeling language Allows introduction of new abstract types and abstract operations as first-class construct Complete control over value representation (linearization) No double interpretation (the operations are executed as atomic actions in the model checker instead of being interpreted by the model checker) Analogous to adding new instructions to a Virtual Machine essentially, we are building abstract machines for particular domains

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.