Results 1  10
of
17
Model Checking for Programming Languages using VeriSoft
 IN PROCEEDINGS OF THE 24TH ACM SYMPOSIUM ON PRINCIPLES OF PROGRAMMING LANGUAGES
, 1997
"... Verification by statespace exploration, also often referred to as "model checking", is an effective method for analyzing the correctness of concurrent reactive systems (e.g., communication protocols). Unfortunately, existing modelchecking techniques are restricted to the verification of properties ..."
Abstract

Cited by 369 (12 self)
 Add to MetaCart
Verification by statespace exploration, also often referred to as "model checking", is an effective method for analyzing the correctness of concurrent reactive systems (e.g., communication protocols). Unfortunately, existing modelchecking techniques are restricted to the verification of properties of models, i.e., abstractions, of concurrent systems. In this paper, we discuss how model checking can be extended to deal directly with "actual" descriptions of concurrent systems, e.g., implementations of communication protocols written in programming languages such as C or C++. We then introduce a new search technique that is suitable for exploring the state spaces of such systems. This algorithm has been implemented in VeriSoft, a tool for systematically exploring the state spaces of systems composed of several concurrent processes executing arbitrary C code. As an example of application, we describe how VeriSoft successfully discovered an error in a 2500line C program controlling rob...
Exploiting Object Escape and Locking Information in PartialOrder Reductions for Concurrent ObjectOriented Programs
 Form. Methods Syst. Des
, 2004
"... Explicitstate model checking tools often incorporate partialorder reductions to reduce the number of system states explored (and thus the time and memory required) for verification. As model checking techniques are scaled up to software systems, it is important to develop and assess partialorder ..."
Abstract

Cited by 47 (14 self)
 Add to MetaCart
Explicitstate model checking tools often incorporate partialorder reductions to reduce the number of system states explored (and thus the time and memory required) for verification. As model checking techniques are scaled up to software systems, it is important to develop and assess partialorder reduction strategies that are effective for addressing the complex structures found in software and for reducing the tremendous cost of model checking software systems. In this paper...
Efficient Verification of Parallel RealTime Systems
 In Costas Courcoubetis, editor, Computer Aided Verification
, 1997
"... This paper presents an efficient model checking algorithm for onesafe time Petri nets and a timed temporal logic. The approach is based on the idea of (1) using only differences of timing variables to be able to construct a finite representation of the set of all reachable states and (2) further r ..."
Abstract

Cited by 45 (10 self)
 Add to MetaCart
This paper presents an efficient model checking algorithm for onesafe time Petri nets and a timed temporal logic. The approach is based on the idea of (1) using only differences of timing variables to be able to construct a finite representation of the set of all reachable states and (2) further reducing the size of this representation by exploiting the concurrency in the net. This reduction of the state space is possible, because the considered lineartime temporal logic is stuttering invariant. The firings of transitions are only partially ordered by causality and a given formula
SelfStabilizing Distributed Constraint Satisfaction
, 1991
"... Distributed architectures and solutions are described for classes of constraint satisfaction problems, called network consistency problems. An inherent assumption of these architectures is that the communication network mimics the structure of the constraint problem. The solutions are required to be ..."
Abstract

Cited by 37 (3 self)
 Add to MetaCart
Distributed architectures and solutions are described for classes of constraint satisfaction problems, called network consistency problems. An inherent assumption of these architectures is that the communication network mimics the structure of the constraint problem. The solutions are required to be selfstabilizing and to treat arbitrary networks, which makes them suitable for dynamic or errorprone environments. We first show that even for relatively simple constraint networks, such as rings, there is no selfstabilizing solution that guarantees convergence from every initial state of the system using a completely uniform, asynchronous model (where all processors are identical). An almostuniform, asynchronous, network consistency protocol with one specially designated node is shown and proven correct. We also show that some restricted topologies such as trees can accommodate the uniform, asynchronous model when neighboring nodes cannot take simultaneous steps. 1 Introduction Consid...
Using partialorder methods in the formal validation of industrial concurrent programs
 IEEE Transactions on Software Engineering
, 1996
"... Copyright © 1996 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work ..."
Abstract

Cited by 16 (2 self)
 Add to MetaCart
Copyright © 1996 IEEE. Personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution to servers or lists, or to reuse any copyrighted component of this work in other works must be obtained from the IEEE.
On the Costs and Benefits of using PartialOrder Methods for the Verification of Concurrent Systems
 Proceedings of DIMACS Workshop on PartialOrder Methods in Verification
, 1997
"... Verification by statespace exploration is one of the most successful strategies for analyzing the correctness of finitestate concurrent reactive systems. Partialorder methods are algorithms for dynamically pruning the state space of such systems without incurring the risk of any incompleteness in ..."
Abstract

Cited by 13 (0 self)
 Add to MetaCart
Verification by statespace exploration is one of the most successful strategies for analyzing the correctness of finitestate concurrent reactive systems. Partialorder methods are algorithms for dynamically pruning the state space of such systems without incurring the risk of any incompleteness in the verification results. This paper presents results of experiments performed with these algorithms on real protocol examples, and discusses the practical significance of partialorder methods. 1. Introduction Statespace exploration is one of the most successful strategies for checking the correctness of finitestate concurrent reactive systems. It consists in exploring a global state graph, called the state space, representing the combined behavior of all concurrent components in the system. Many different types of properties of a system can be checked by exploring its state space: deadlocks, dead code, unspecified receptions, violations of userspecified assertions, etc. Moreo...
Monotonic Partial Order Reduction: An Optimal Symbolic Partial Order Reduction Technique
"... Abstract. We present a new technique called Monotonic Partial Order Reduction (MPOR) that effectively combines dynamic partial order reduction with symbolic state space exploration for model checking concurrent software. Our technique hinges on a new characterization of partial orders defined by com ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Abstract. We present a new technique called Monotonic Partial Order Reduction (MPOR) that effectively combines dynamic partial order reduction with symbolic state space exploration for model checking concurrent software. Our technique hinges on a new characterization of partial orders defined by computations of a concurrent program in terms of quasimonotonic sequences of threadids. This characterization, which is of independent interest, can be used both for explicit or symbolic model checking. For symbolic model checking, MPOR works by adding constraints to allow automatic pruning of redundant interleavings in a SAT/SMT solver based search by restricting the interleavings explored to the set of quasimonotonic sequences. Quasimonotonicity guarantees both soundness (all necessary interleavings are explored) and optimality (no redundant interleaving is explored) and is, to the best of our knowledge, the only known optimal symbolic POR technique. 1
Peephole Partial Order Reduction
"... Abstract. We present a symbolic dynamic partial order reduction (POR) method for model checking concurrent software. We introduce the notion of guarded independent transitions, i.e., transitions that can be considered as independent in certain (but not necessarily all) execution paths. These can be ..."
Abstract

Cited by 9 (5 self)
 Add to MetaCart
Abstract. We present a symbolic dynamic partial order reduction (POR) method for model checking concurrent software. We introduce the notion of guarded independent transitions, i.e., transitions that can be considered as independent in certain (but not necessarily all) execution paths. These can be exploited by using a new peephole reduction method. A symbolic formulation of the proposed peephole reduction adds concise constraints to allow automatic pruning of redundant interleavings in an SMT/SAT solver based search. Our new method does not directly correspond to any explicitstate algorithm in the literature, e.g., those based on persistent sets. For two threads, our symbolic method guarantees the removal of all redundant interleavings (better than the smallest persistentset based methods). To our knowledge, this type of reduction has not been achieved by other symbolic methods. 1
Partial order reduction for rewriting semantics of programming languages
 In WRLA06
, 2005
"... Software model checkers are typically languagespecific, require substantial development efforts, and are hard to reuse for other languages. Adding partial order reduction (POR) capabilities to such tools typically requires sophisticated changes to the tool’s model checking algorithms. This paper pr ..."
Abstract

Cited by 5 (5 self)
 Add to MetaCart
Software model checkers are typically languagespecific, require substantial development efforts, and are hard to reuse for other languages. Adding partial order reduction (POR) capabilities to such tools typically requires sophisticated changes to the tool’s model checking algorithms. This paper proposes a new method to make software model checkers languageindependent and improving their performance through POR. Getting the POR capabilities does not require making any changes to the underlying model checking algorithms: for each language L, they are instead achieved through a theory transformation RL ↦ → RL+P OR of L’s formal semantics, rewrite theory RL. Under very minimal assumptions, this can be done for any language L with relatively little effort. Our experiments with the JVM, a Promelalike language and Maude indicate that significant state space reductions and time speedups can be gained for tools generated this way. Key words: Partial order reduction, model checking, programming language semantics, rewriting logic, Maude. 1