Classification D.2.4 Software/Program Verification, D.1.3 Concurrent Programming This paper describes FLAVERS, a finite-state verification approach that analyzes whether concurrent systems satisfy user-defined, behavioral properties. FLAVERS automatically creates a compact, event-based model of the system that supports efficient data-flow analysis. FLAVERS achieves this efficiency at the cost of precision. Analysts, however, can improve the precision of analysis results by selectively and judiciously incorporating additional semantic information into an analysis. We report on an empirical study of the performance of the FLAVERS/Ada toolset applied to a collection of multitasking Ada systems. This study indicates that sufficient precision for proving system properties can usually be

Static analysis of concurrent programs has been hindered by the well known state explosion problem. Although many different techniques have been proposed to combat this state explosion, there is little empirical data comparing the performance of the methods. This information is essential for assessing the practical value of a technique and for choosing the best method for a particular problem. In this paper, we carry out an evaluation of three techniques for combating the state explosion problem in deadlock detection: reachability search with a partial order state space reduction, symbolic model checking, and inequality necessary conditions. We justify the method used for the comparison, and carefully analyze several sources of potential bias. The results of our evaluation provide valuable data on the kinds of programs to which each technique might best be applied. Furthermore, we believe that the methodological issues we discuss are of general significance in comparison of analysis te...

In this paper we demonstrate that data flow analysis is an effective approach for verifying requirements of communication protocols. Communication protocols are responsible for establishing the communication patterns between different processes within a distributed computer system. Data flow analysis is a static analysis method for increasing confidence in the correctness of software systems by automatically verifying that a given software artifact (e.g., design or code) must behave consistently with a specified requirement. In this case study, we apply the FLAVERS data flow analysis tool to pseudocode designs of the three way handshake connection establishment protocol and of the alternating bit protocol and prove that the behavior of the pseudocode is consistent with protocol behavioral requirement specifications. In addition, we show how assumptions about the environment in which a software system is executed can be incorporated into the analysis, using message losses as an...

Developers of modern software systems are increasingly employing concurrency to meet demanding system requirements. To deal with the inherent complexity that results from concurrency, developers require cost-effective automated analysis techniques to gain confidence in the quality of their concurrent software. We present an approach, called FLAVERS, that is able to provide cost-effective analysis of concurrent programs with respect to a rich class of explicitly stated correctness properties. FLAVERS is based on a family of polynomial-time, conservative data flow analysis algorithms. Unlike existing analysis approaches for concurrent software, FLAVERS allows developers to control the tradeoff between analysis cost an...

Static analysis of Ada tasking programs has been hindered by the well known state explosion problem that arises in the verification of concurrent systems. Many different techniques have been proposed to combat this state explosion. All proposed methods excel on certain kinds of systems, but there is little empirical data comparing the performance of the methods. In this paper, we select one representative from each of three very different approaches to the state explosion problem: partial-orders (representing state-space reductions), symbolic model checking (representing OBDD-based approaches), and inequality necessary conditions (representing integer programming-based approaches). We apply the methods to several scalable concurrency examples from the literature and to one real Ada tasking program. The results of these experiments are presented and their significance is discussed. 1 Introduction Ada tasks arm software developers with the power, and dangers, of concurrency. With this p...

Analysis of concurrent systems is plagued by the state explosion problem. The constrained expression analysis technique uses necessary conditions, in the form of linear inequalities, to verify certain properties of concurrent systems without enumerating the system's states. While effective against the state explosion due to interleaving, the technique fails to yield a tractable analysis if the size of the components themselves grow exponentially due to the use of variables in the components. As a partial solution to this problem, we present a technique for representing certain program variables as integer programming variables. We also present a synergistic technique for efficiently representing many identical components in the context of an integer programming analysis.