Model Checking for Simple Java Programs Taehoon Lee, Gihwon Kwon Department of Computer Science Kyonggi University, Korea IWFST, Shanghai, China,

2 2 Verification Does system satisfy requirements? system requirement yes no + why ? system requirement yes no + why propertymodel modeling property specification model checking Model checking

3 3 JAMES Java Application Model checking Embedded Software  JAMES.abs: abstraction module  JAMES.mc: model checking module Abstraction Model checking Java program & Predicates CTL logic True Counter Example Boolean Program JAMES.abs JAMES.mc Theorem Prover

4 4 JAMES.abs public void main( ){ Predicate C1: m<=10; Predicate C2: x==0; Predicate C3: r==true; int m = 0; int x = 0; boolean r = false; while( !r ){ if(m <= 10){ m++; }else{ x = 1; r = true; } 1. public void main( ){ Predicate C1: m <= 10; Predicate C2: x == 0; Predicate C3: r == true; 2. C1 = true; 3.C2 = true; 4.C3 = false; 5.L1: 6.if( * ){ 7.assume( !(C3)); 8.if( * ){ 9.assume( C1); 10.C1 = select(false, !C1); }else { 11.assume( !(C1)); 12.C2 = false; 13.C3 = true; } 14. goto L1; } 15. }

5 5 JAMES.mc 1. public void main( ){ Predicate C1: m <= 10; Predicate C2: x == 0; Predicate C3: r == true; 2. C1 = true; 3.C2 = true; 4.C3 = false; 5.L1: 6.if( * ){ 7.assume( !(C3)); 8.if( * ){ 9.assume( C1); 10.C1 = select(false, !C1); }else { 11.assume( !(C1)); 12.C2 = false; 13.C3 = true; } 14. goto L1; } 15. }

6 6 Results and Discussion Application results  JAMES was applied to verify LEGO robot programs in Java  Two properties were verified successfully Limitations  No support for abstraction refinement  No support for dynamic constructs in Java Discussion topics  How to find a good initial set of predicates in predicate abstraction ?  How to reduce iteration times in abstraction-checking-refinement ?  Which abstraction techniques are good for Java ?  How to deal with dynamic constructs in Java ?