Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bandera: Extracting Finite-state Models from Java Source Code James C. Corbett (Hawai’i) Matthew B. Dwyer, John Hatcliff, Shawn Laubach, Corina S. Păsăreanu,

Published byGilbert Shaw Modified over 9 years ago

Similar presentations

Presentation on theme: "Bandera: Extracting Finite-state Models from Java Source Code James C. Corbett (Hawai’i) Matthew B. Dwyer, John Hatcliff, Shawn Laubach, Corina S. Păsăreanu,"— Presentation transcript:

1 Bandera: Extracting Finite-state Models from Java Source Code James C. Corbett (Hawai’i) Matthew B. Dwyer, John Hatcliff, Shawn Laubach, Corina S. Păsăreanu, Robby, Hongjun Zheng (KSU) Presented by Christian Almazan 18 November 2003 (CMSC 631)

2 Model Checking in One Slide Automatic specification verification Covers all possible paths in the model Popular in hardware and protocol verification Finite-State Model Temporal Logic Formula Linear Temporal Logic (LTL) Computation Tree Logic (CTL) Verified Counter-Example Model Checker SPIN dSPIN SMV …

3 Difficulty in Bringing Model Checking to Software State-Explosion Problem States increase exponentially as program size grows Model Construction Problem Development in a general-purpose language Verification tools use an specification language Requirement Specification Problem Specification languages tend to be mathematical Hard to use, read, debug, very lengthy Output Interpretation Problem Counter-example long and complex Hard to map directly to source code

4 Problems in Previous Efforts Monolithic Approach Model checker for a specific language (Erlang) Difficult to place newer model checking techniques Source Code  Verifier Input Language Translates program directly from source code JCAT or Java PathFinder to PROMELA for SPIN Program Size Increases = Exponential State Growth Combined Problems Keeps developers tied to one technology Limited support for control and data abstraction

5 Overcoming Obstacles: Bandera Use proven model checkers SPIN, dSPIN, Java PathFinder Automated transformations Compacting number of states Use individual models for each property Design for extensibility Build individual components Create a friendly environment Familiar, uniform, specifications easy to learn Leveraged for testing, debugging, and simulation

6 Bandera Components

7 Program Infrastructure Built on top of the Soot compiler framework Uses control-flow graph language Jimple Language used by all middleware components Java-to-Jimple-to-Java Compiler (JJJC) Easily use internal tools and return Java code Allows model checker counter-examples to be mapped back into original Java source code

8 Property Specification Bandera Specification Language (BSL) Collection of temporal specification patterns in English Parameterized macros  LTL or CTL Defined in source code directly using Javadoc Not mathematical like LTL or CTL

9 Bounded Buffer Specification If a buffer becomes full, it will eventually become non-full. /** * @observable * EXP Full(this): (head == tail); * * FullToNonFull: forall[b:BoundedBuffer]; * {!Full(b)} responds to {Full(b)} globally */ class BoundedBuffer {... }

10 Static Analysis Bandera Object Flow Analysis (BOFA) Optimizations: data/control analysis Statically collects information about objects that may flow into each program expression at runtime Associates a set of tokens { t 1, …, t n } for a particular expression e. t i is a pair (C,s): C is a class name and s is where object is created Similar to “points to” analysis for imperative languages and “closure analysis” used for functional programming languages

11 Slicing Given program P and slicing criterion  based on the observables in the specification… Does program dependence-based slicing to get a reduced version of P dependences: data, control, interference, ready, wait backwards slicing Effectiveness based on structure of program Relevant In Property

12 Abstract Interpretation Further reductions through data abstraction Useful when specification does not need concrete values, but only properties of values Developers aid abstraction libraries: Bandera Abstraction Specification Library (BASL) Utilizes the PVS theorem prover Examples integers to signs: { positive, zero, negative } vector items: { ItemInVector, ItemNotInVector }

13 Back End Model Generation Bandera Intermediate Representation language (BIR) Jimple-BIR: BIR Constructor Used between Bandera components and model checker input languages Model checker writers only need to write a translator from BIR to their input language BIR contains higher-level constructs to model Java code more efficiently locks, threads, references, heap

14 Bandera Components

15 Using Bandera Launch the Bandera User Interface (BUI) from the command line Future runs: save which components you want to use in session files

16 Counter-Example: Overview Counter-example with a thousand states?!?! Bandera provides debugger-like features: map states to source code program tracing create checkpoints keep track of variables and objects UML-like object displays lock graphs

17 Counter-Example: Program Tracing

18 Counter-Example: Lock Graph

19 Counter-Example: Object Viewer

20 Mandatory Performance Slide ProblemExtract Time (s) Check Time (s) Check Result States b, r1, n242674true7338120 b, r1, s134true3478 b, r1, a154true895 b, r2, s1356true528059 b, r2, a1611true27519 b, p1, s134true2507 b, p1, a154true331 d, r1, s133false88 d, r1, a152false17 Threaded Pipeline b: basic d: defective variant r: response property p: precedence property n: no reductions s: slicing a: slicing + data abstraction

21 When to Use Model Checking Control-related properties assertions pre- and post-conditions simple data invariants Container objects stacks queues Verifying concurrent behavior Necessity for counter-examples Automatic property verification of source code

22 Analysis Not Appropriate for Model Checking Data-related properties Verification of sorting algorithms Use other formal methods instead (theorem proving) Where static dataflow analysis is better array-bounds errors buffer overruns null-pointer de-referencing

23 The Future of Bandera Bandera 0.3b2Summer 2003 Bandera 1.0Summer 2004 No more command line startup Collection of plug-ins for the Eclipse IDE All features re-deigned, re-implemented, re-done Future of Model Checking?: Bogor (KSU) Forget supporting other model checkers in Bandera Bogor is a big step in model checking?

24 Links and Related Work Try Me! http://bandera.projects.cis.ksu.edu/ Visit Citeseer for abstraction and slicing papers Model Checkers: SPIN, dSPIN, JPF Source Code Translators: JPF, JCAT Many More! Use Google!

25 Questions? Learn anything from this talk or the class? Would you use model checking? If so, when? Do you like the push for the original Bandera? Using only Eclipse a good idea? Why stop supporting other model checkers? Support their own tool Bogor? Too time consuming writing BIR translators? A dream writing BIR, universal language?

Download ppt "Bandera: Extracting Finite-state Models from Java Source Code James C. Corbett (Hawai’i) Matthew B. Dwyer, John Hatcliff, Shawn Laubach, Corina S. Păsăreanu,"

Similar presentations

1 Verification by Model Checking. 2 Part 1 : Motivation.

1 Verification by Model Checking. 2 Part 1 : Motivation.
Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.

Copyright 2000 Cadence Design Systems. Permission is granted to reproduce without modification. Introduction An overview of formal methods for hardware.
Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.

Auto-Generation of Test Cases for Infinite States Reactive Systems Based on Symbolic Execution and Formula Rewriting Donghuo Chen School of Computer Science.
M ODEL CHECKING -Vasvi Kakkad University of Sydney.

M ODEL CHECKING -Vasvi Kakkad University of Sydney.
CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.

Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.

Model Checking I What are LTL and CTL?. and or dreq q0 dack q0bar.
1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)

1 Symbolic Execution for Model Checking and Testing Corina Păsăreanu (Kestrel) Joint work with Sarfraz Khurshid (MIT) and Willem Visser (RIACS)
Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,

Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:

Software Model Checking for Embedded Systems PIs: Matthew Dwyer 1, John Hatcliff 1, and George Avrunin 2 Post-docs: Steven Seigel 2, Radu Iosif 1 Students:
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.

Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.

An Automata-based Approach to Testing Properties in Event Traces H. Hallal, S. Boroday, A. Ulrich, A. Petrenko Sophia Antipolis, France, May 2003.
10/22/2002© 2002 Hal Perkins & UW CSEG-1 CSE 582 – Compilers Intermediate Representations Hal Perkins Autumn 2002.

10/22/2002© 2002 Hal Perkins & UW CSEG-1 CSE 582 – Compilers Intermediate Representations Hal Perkins Autumn 2002.
1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.

1 Carnegie Mellon UniversitySPINFlavio Lerda SPIN An explicit state model checker.
1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.

1 Predicate Abstraction of ANSI-C Programs using SAT Edmund Clarke Daniel Kroening Natalia Sharygina Karen Yorav (modified by Zaher Andraus for presentation.
Bandera Tool Set Presented by: Dor Nir. Outline Specification Language (LTL) Software verification problems Introduction to Bandera tool Set Bandera Specification.

Bandera Tool Set Presented by: Dor Nir. Outline Specification Language (LTL) Software verification problems Introduction to Bandera tool Set Bandera Specification.
Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.

Efficient Software Model Checking of Data Structure Properties Paul T. Darga Chandrasekhar Boyapati The University of Michigan.
School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

School of Computer ScienceG53FSP Formal Specification1 Dr. Rong Qu Introduction to Formal Specification

Similar presentations

Ads by Google