LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A new scheme for memory-efficient probabilistic verification
IFIP TC6/ 6.1 international conference on formal description techniques IX/protocol specification, testing and verification XVI on Formal description techniques IX : theory, application and tools: theory, application and tools
Model checking
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Symbolic Model Checking
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Protocol Verification as a Hardware Design Aid
ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
Automatic verification of the SCI cache coherence protocol
CHARME '95 Proceedings of the IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
FAST'05 Proceedings of the 4th conference on USENIX Conference on File and Storage Technologies - Volume 4
Using model checking to find serious file system errors
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Model checking concurrent linux device drivers
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Slede: a domain-specific verification framework for sensor network security protocol implementations
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Model Checking Dynamic Memory Allocation in Operating Systems
Journal of Automated Reasoning
CrystalBall: predicting and preventing inconsistencies in deployed distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Predicting and preventing inconsistencies in deployed distributed systems
ACM Transactions on Computer Systems (TOCS)
Exhaustive testing of safety critical Java
Proceedings of the 8th International Workshop on Java Technologies for Real-Time and Embedded Systems
Model checking a networked system without the network
Proceedings of the 8th USENIX conference on Networked systems design and implementation
Depth bounded explicit-state model checking
Proceedings of the 18th international SPIN conference on Model checking software
A source-to-source transformation tool for error fixing
CASCON '13 Proceedings of the 2013 Conference of the Center for Advanced Studies on Collaborative Research
Verification of complex dynamic data tree with mu-calculus
Automated Software Engineering
Hi-index | 0.00 |
Many system errors do not emerge unless some intricate sequence of events occurs. In practice, this means that most systems have errors that only trigger after days or weeks of execution. Model checking [4] is an effective way to find such subtle errors. It takes a simplified description of the code and exhaustively tests it on all inputs, using techniques to explore vast state spaces efficiently. Unfortunately, while model checking systems code would be wonderful, it is almost never done in practice: building models is just too hard. It can take significantly more time to write a model than it did to write the code. Furthermore, by checking an abstraction of the code rather than the code itself, it is easy to miss errors.The paper's first contribution is a new model checker, CMC, which checks C and C++ implementations directly, eliminating the need for a separate abstract description of the system behavior. This has two major advantages: it reduces the effort to use model checking, and it reduces missed errors as well as time-wasting false error reports resulting from inconsistencies between the abstract description and the actual implementation. In addition, changes in the implementation can be checked immediately without updating a high-level description.The paper's second contribution is demonstrating that CMC works well on real code by applying it to three implementations of the Ad-hoc On-demand Distance Vector (AODV) networking protocol [7]. We found 34 distinct errors (roughly one bug per 328 lines of code), including a bug in the AODV specification itself. Given our experience building systems, it appears that the approach will work well in other contexts, and especially well for other networking protocols.