Journal ArticleDOI
CMC: a pragmatic approach to model checking real code
Madanlal Musuvathi,David Y. W. Park,Andy Chou,Dawson Engler,David L. Dill +4 more
- Vol. 36, pp 75-88
Reads0
Chats0
TLDR
A new model checker, CMC, which checks C and C++ implementations directly, eliminating the need for a separate abstract description of the system behavior, and reduces missed errors as well as time-wasting false error reports resulting from inconsistencies between the abstract description and the actual implementation.Abstract:
Many system errors do not emerge unless some intricate sequence of events occurs. In practice, this means that most systems have errors that only trigger after days or weeks of execution. Model checking [4] is an effective way to find such subtle errors. It takes a simplified description of the code and exhaustively tests it on all inputs, using techniques to explore vast state spaces efficiently. Unfortunately, while model checking systems code would be wonderful, it is almost never done in practice: building models is just too hard. It can take significantly more time to write a model than it did to write the code. Furthermore, by checking an abstraction of the code rather than the code itself, it is easy to miss errors.The paper's first contribution is a new model checker, CMC, which checks C and C++ implementations directly, eliminating the need for a separate abstract description of the system behavior. This has two major advantages: it reduces the effort to use model checking, and it reduces missed errors as well as time-wasting false error reports resulting from inconsistencies between the abstract description and the actual implementation. In addition, changes in the implementation can be checked immediately without updating a high-level description.The paper's second contribution is demonstrating that CMC works well on real code by applying it to three implementations of the Ad-hoc On-demand Distance Vector (AODV) networking protocol [7]. We found 34 distinct errors (roughly one bug per 328 lines of code), including a bug in the AODV specification itself. Given our experience building systems, it appears that the approach will work well in other contexts, and especially well for other networking protocols.read more
Citations
More filters
Proceedings ArticleDOI
Lazy abstraction
TL;DR: This work presents an algorithm for model checking safety properties using lazy abstraction and describes an implementation of the algorithm applied to C programs and provides sufficient conditions for the termination of the method.
Journal ArticleDOI
A static analyzer for large safety-critical software
Bruno Blanchet,Patrick Cousot,Radhia Cousot,Jérôme Feret,Laurent Mauborgne,Antoine Miné,David Monniaux,Xavier Rival +7 more
TL;DR: It is shown that abstract interpretation-based static program analysis can be made efficient and precise enough to formally verify a class of properties for a family of large programs with few or no false alarms.
Journal ArticleDOI
CP-Miner: finding copy-paste and related bugs in large-scale software code
TL;DR: This paper proposes a tool, CP-Miner, that uses data mining techniques to efficiently identify copy-pasted code in large software suites and detects copy-paste bugs and has detected many new bugs in popular operating systems.
Journal ArticleDOI
Improving the reliability of commodity operating systems
TL;DR: Nooks, a reliability subsystem that seeks to greatly enhance operating system reliability by isolating the OS from driver failures, represents a substantial step beyond the specialized architectures and type-safe languages required by previous efforts directed at safe extensibility.
Journal ArticleDOI
The software model checker B last : Applications to software engineering
TL;DR: This paper gives an introduction to Blast and demonstrates, through two case studies, how it can be applied to program verification and test-case generation.
References
More filters
Ad hoc On-Demand Distance Vector (AODV) Routing
TL;DR: A logging instrument contains a pulsed neutron source and a pair of radiation detectors spaced along the length of the instrument to provide an indication of formation porosity which is substantially independent of the formation salinity.
Model checking
TL;DR: Model checking tools, created by both academic and industrial teams, have resulted in an entirely novel approach to verification and test case generation that often enables engineers in the electronics industry to design complex systems with considerable assurance regarding the correctness of their initial designs.
Journal ArticleDOI
The model checker SPIN
TL;DR: An overview of the design and structure of the verifier, its theoretical foundation, and an overview of significant practical applications are given.
Book
Symbolic Model Checking
TL;DR: Using symbolic model checking techniques it is possible to verify industrial-size finite state systems and models with more than 10120 states have been verified using special techniques.