Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessing the practical value of a technique and for choosing the best method for a particular problem. In this paper, we carry out an evaluation of three techniques for combating the state explosion problem in deadlock detection: reachability search with a partial order state space reduction, symbolic model checking, and inequality necessary conditions. We justify the method used for the comparison, and carefully analyze several sources of potential bias. The results of our evaluation provide valuable data on the kinds of programs to which each technique might best be applied. Furthermore, we believe that the methodological issues we discuss are of general significance in comparison of analysis te...

Finite-state verification (e.g., model checking) provides a powerful means to detect concurrency errors, which are often subtle and difficult to reproduce. Nevertheless, widespread use of this technology by developers is unlikely until tools provide automated support for extracting the required finite-state models directly from program source. Unfortunately, the dynamic features of modern languages such as Java complicate the construction of compact finitestate models for verification. In this paper, we show how shape analysis, which has traditionally been used for computing alias information in optimizers, can be used to greatly reduce the size of finite-state models of concurrent Java programs by determining which heap-allocated variables are accessible only by a single thread, and which shared variables are protected by locks. We also provide several other state-space reductions based on the semantics of Java monitors. A prototype implementation of the reductions demonstrates their ...

Finite-state verification technology (e.g., model checking) provides a powerful means to detect concurrency errors, which are often subtle and difficult to reproduce. Nevertheless, widespread use of this technology by developers is unlikely until tools provide automated support for extracting the required finite-state models directly from program source. In this paper, we explore the extraction of compact concurrency models from Java code. In particular, we show how static pointer analysis, which has traditionally been used for computing alias information in optimizers, can be used to greatly reduce the size of finite-state models of concurrent Java programs.

As part of our continuing research on using Petri nets to support automated analysis of Ada tasking behavior, we have investigated the application of Petri net reduction for deadlock analysis. Although reachability analysis is an important method to detect deadlocks, it is in general inefficient or even intractable. Net reduction can aid the analysis by reducing the size of the net while preserving relevant properties. We introduce a number of reduction rules and show how they can be applied to Ada nets, which are automatically generated Petri net models of Ada tasking. We define a reduction process and a method by which a useful description of a detected deadlock state can be obtained from the reduced net's information. A reduction tool and experimental results from applying the reduction process are discussed.

The goal of net reduction is to increase the effectiveness of Petrinet -based real-time program analysis. Petri-net-based analysis, like all reachability-based methods, suffers from the state explosion problem. Petri net reduction is one key method for combating this problem. In this paper, we extend several rules for the reduction of ordinary Petri nets to work with time Petri nets. We introduce a notion of equivalence among time Petri nets, and prove that our reduction rules yield equivalent nets. This notion of equivalence guarantees that crucial timing and concurrency properties are preserved. Partially supported by NSF grants CCR-9108753 and CCR-9314258. Email: sloan@eecs.uic.edu. y Partially supported by NSF grants CCR-9109231 and CCR-9314258. Email: buy@eecs.uic.edu. 1 Introduction Petri nets have proven to be a very useful tool for the analysis of concurrent systems. To date several approaches have been defined that use Petri nets to model a system being analyzed (e.g...

Static analysis of Ada tasking programs has been hindered by the well known state explosion problem that arises in the verification of concurrent systems. Many different techniques have been proposed to combat this state explosion. All proposed methods excel on certain kinds of systems, but there is little empirical data comparing the performance of the methods. In this paper, we select one representative from each of three very different approaches to the state explosion problem: partial-orders (representing state-space reductions), symbolic model checking (representing OBDD-based approaches), and inequality necessary conditions (representing integer programming-based approaches). We apply the methods to several scalable concurrency examples from the literature and to one real Ada tasking program. The results of these experiments are presented and their significance is discussed. 1 Introduction Ada tasks arm software developers with the power, and dangers, of concurrency. With this p...

We propose to extend existing Petri-net-based tools for concurrency analysis to real-time analysis. The goal is to create a fully automated system, which starts from code in a higher level language for real-time programming, and answers programmers' queries about timing properties of the code. The key difficulty with all reachability-based approaches is that the state space quickly becomes intractably large. To circumvent this state explosion problem, we propose using a combination of several heuristics for model reduction and state space reduction that have been effective for untimed concurrency analysis. In: Proceedings of the Seventh International Workshop on Software Specification and Design, pp. 56--60, December 1993, IEEE Computer Society Press. 1 Introduction The analysis of real-time software is very difficult. Indeed, the activities of design, implementation and testing are costly and complex even for traditional software, considerably more costly and complex for untimed co...

We present a first report on our PARTS toolset for the automated static analysis of real-time systems. The PARTS toolset is based upon a timed extension of Petri nets. Our simple time Petri nets or STP nets are specifically aimed at facilitating real-time analysis. Our analysis approach uses the state space of an STP net in order to answer queries about the concurrency and timing behavior of the corresponding system. An attractive feature of STP nets is that they support a variety of techniques for controlling the number of states that must be explicitly enumerated. These techniques were originally defined for the analysis of concurrency properties of untimed systems, and in this paper we discuss the extension of each to the timed domain. We also report on some preliminary experimental results that we obtained by running our toolset on examples of real-time systems. In: Proceedings of the 1994 Internatinal Symposium on Software Testing and Analysis (ISSTA '94), pp. 228--239, August 1...

The stubborn-set method attempts to reduce the number of states that must be explicitly enumerated during reachability analysis of a concurrent system, while preserving crucial concurrency properties in the reduced state space. Here we extend the method to the analysis of certain timed models. We also prove that timing properties of interest, such as minimum and maximum delays between events, are preserved in the reduced model. Finally, we report on some experimental results that we have obtained with our extension. These results show that real-time stubborn sets can often provide significant reductions in state space size. 1 Introduction Both formal analysis and testing of real-time programs are very difficult, and yet at the same time very important, since there are so many safety-critical real-time programs. Formal analysis methods are conceptually appealing because these methods, unlike testing, can guarantee that a real-time system satisfies given timing properties. Of course, in...

Real-time systems are becoming increasingly widespread, especially for safety-critical applications. It is therefore crucial that these systems be correct; however, there are few automated tools for analyzing concurrency and timing properties of these systems. The PARTS toolset uses a Petri-net-based reachability analysis to analyze programs written in an Ada subset. Our simple time Petri nets or STP nets are specifically aimed at facilitating real-time analysis. In order to control the state-explosion problem, PARTS employs several optimization techniques aimed at state-space reduction. In this paper we discuss our approach and we report on extensive experiments with several examples of real-time Ada programs. When this is possible, we also compare our experimental results with results obtained by other approaches to real-time analysis. 1 Introduction Real-time software systems are becoming more and more widespread. By real-time software systems, we mean systems with timing constra...