LCLint: a tool for using specifications to check code
SIGSOFT '94 Proceedings of the 2nd ACM SIGSOFT symposium on Foundations of software engineering
IEEE Transactions on Software Engineering - Special issue on formal methods in software practice
Model checking for programming languages using VeriSoft
Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A new scheme for memory-efficient probabilistic verification
IFIP TC6/ 6.1 international conference on formal description techniques IX/protocol specification, testing and verification XVI on Formal description techniques IX : theory, application and tools: theory, application and tools
Model checking
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
ESP: path-sensitive program verification in polynomial time
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Symbolic Model Checking
Tracking down software bugs using automatic anomaly detection
Proceedings of the 24th International Conference on Software Engineering
Protocol Verification as a Hardware Design Aid
ICCD '92 Proceedings of the 1991 IEEE International Conference on Computer Design on VLSI in Computer & Processors
Automatic verification of the SCI cache coherence protocol
CHARME '95 Proceedings of the IFIP WG 10.5 Advanced Research Working Conference on Correct Hardware Design and Verification Methods
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
ASE '00 Proceedings of the 15th IEEE international conference on Automated software engineering
Checking system rules using system-specific, programmer-written compiler extensions
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Separating agreement from execution for byzantine fault tolerant services
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
iWatcher: Efficient Architectural Support for Software Debugging
Proceedings of the 31st annual international symposium on Computer architecture
Is runtime verification applicable to cheat detection?
Proceedings of 3rd ACM SIGCOMM workshop on Network and system support for games
Lessons Learned from Model Checking a NASA Robot Controller
Formal Methods in System Design
Network protocol development with nsclick
Wireless Networks
Using build-integrated static checking to preserve correctness invariants
Proceedings of the 11th ACM conference on Computer and communications security
AccMon: Automatically Detecting Memory-Related Bugs via Program Counter-Based Invariants
Proceedings of the 37th annual IEEE/ACM International Symposium on Microarchitecture
Efficient and flexible architectural support for dynamic monitoring
ACM Transactions on Architecture and Code Optimization (TACO)
Model checking software with well-defined APIs: the socket case
Proceedings of the 10th international workshop on Formal methods for industrial critical systems
Joining dataflow with predicates
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
SOBER: statistical model-based bug localization
Proceedings of the 10th European software engineering conference held jointly with 13th ACM SIGSOFT international symposium on Foundations of software engineering
Mondrix: memory isolation for linux using mondriaan memory protection
Proceedings of the twentieth ACM symposium on Operating systems principles
CP-Miner: Finding Copy-Paste and Related Bugs in Large-Scale Software Code
IEEE Transactions on Software Engineering
Discovering faults in idiom-based exception handling
Proceedings of the 28th international conference on Software engineering
HeapMon: a helper-thread approach to programmable, automatic, and low-overhead memory bug detection
IBM Journal of Research and Development
Testing, abstraction, theorem proving: better together!
Proceedings of the 2006 international symposium on Software testing and analysis
Efficient software model checking of data structure properties
Proceedings of the 21st annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
Controlling factors in evaluating path-sensitive error detection techniques
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Embedded software verification using symbolic execution and uninterpreted functions
International Journal of Parallel Programming
Using model checking to find serious file system errors
ACM Transactions on Computer Systems (TOCS)
PathExpander: Architectural Support for Increasing the Path Coverage of Dynamic Bug Detection
Proceedings of the 39th Annual IEEE/ACM International Symposium on Microarchitecture
Statistical Debugging: A Hypothesis Testing-Based Approach
IEEE Transactions on Software Engineering
Modular Pluggable Analyses for Data Structure Consistency
IEEE Transactions on Software Engineering
Randomized Differential Testing as a Prelude to Formal Verification
ICSE '07 Proceedings of the 29th international conference on Software Engineering
Iterative context bounding for systematic testing of multithreaded programs
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Model checking large network protocol implementations
NSDI'04 Proceedings of the 1st conference on Symposium on Networked Systems Design and Implementation - Volume 1
CP-Miner: a tool for finding copy-paste and related bugs in operating system code
OSDI'04 Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6
Formal Software Analysis Emerging Trends in Software Model Checking
FOSE '07 2007 Future of Software Engineering
Delta execution for efficient state-space exploration of object-oriented programs
Proceedings of the 2007 international symposium on Software testing and analysis
State space exploration using feedback constraint generation and Monte-Carlo sampling
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
SLEDE: lightweight verification of sensor network security protocol implementations
Proceedings of the the 6th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering
/*icomment: bugs or bad comments?*/
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
SLEDE: lightweight verification of sensor network security protocol implementations
The 6th Joint Meeting on European software engineering conference and the ACM SIGSOFT symposium on the foundations of software engineering: companion papers
EXPLODE: a lightweight, general system for finding serious storage system errors
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Netstub: a framework for verification of distributed java applications
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Verifying C++ with STL containers via predicate abstraction
Proceedings of the twenty-second IEEE/ACM international conference on Automated software engineering
Rule-based static analysis of network protocol implementations
Information and Computation
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
EIO: error handling is occasionally correct
FAST'08 Proceedings of the 6th USENIX Conference on File and Storage Technologies
Experience applying the SPIN model checker to an industrial telecommunications system
Proceedings of the 30th international conference on Software engineering
Proceedings of the 2008 ACM SIGPLAN conference on Programming language design and implementation
Toasters, Seat Belts, and Inferring Program Properties
Verified Software: Theories, Tools, Experiments
Regression Verification - A Practical Way to Verify Programs
Verified Software: Theories, Tools, Experiments
Programming with Proofs: Language-Based Approaches to Totally Correct Software
Verified Software: Theories, Tools, Experiments
New Challenges in Model Checking
25 Years of Model Checking
Efficient Stateful Dynamic Partial Order Reduction
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Verifying Multi-threaded C Programs with SPIN
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Efficient software model checking of soundness of type systems
Proceedings of the 23rd ACM SIGPLAN conference on Object-oriented programming systems languages and applications
Original papers: Model-checking for adventure videogames
Information and Software Technology
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
An empirical security study of the native code in the JDK
SS'08 Proceedings of the 17th conference on Security symposium
MODIST: transparent model checking of unmodified distributed systems
NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
Cardinality Abstraction for Declarative Networking Applications
CAV '09 Proceedings of the 21st International Conference on Computer Aided Verification
Developing topology discovery in Event-B
Science of Computer Programming
Proceedings of the 42nd Annual IEEE/ACM International Symposium on Microarchitecture
Deductive Runtime Certification
Electronic Notes in Theoretical Computer Science (ENTCS)
Error Detection in Concurrent Java Programs
Electronic Notes in Theoretical Computer Science (ENTCS)
On the application of clustering techniques to support debugging large-scale multi-agent systems
ProMAS'06 Proceedings of the 4th international conference on Programming multi-agent systems
The verifying compiler: a grand challenge for computing research
CC'03 Proceedings of the 12th international conference on Compiler construction
Extending model checking with dynamic analysis
VMCAI'08 Proceedings of the 9th international conference on Verification, model checking, and abstract interpretation
SUDS: an infrastructure for creating dynamic software defect detection tools
Automated Software Engineering
Finding and reproducing Heisenbugs in concurrent programs
OSDI'08 Proceedings of the 8th USENIX conference on Operating systems design and implementation
Efficient modular glass box software model checking
Proceedings of the ACM international conference on Object oriented programming systems languages and applications
Finding latent performance bugs in systems implementations
Proceedings of the eighteenth ACM SIGSOFT international symposium on Foundations of software engineering
Design and verification of systems with exogenous coordination using Vereofy
ISoLA'10 Proceedings of the 4th international conference on Leveraging applications of formal methods, verification, and validation - Volume Part II
Making the common case the only case with anticipatory memory allocation
FAST'11 Proceedings of the 9th USENIX conference on File and stroage technologies
Life, death, and the critical transition: finding liveness bugs in systems code
NSDI'07 Proceedings of the 4th USENIX conference on Networked systems design & implementation
Finding protocol manipulation attacks
Proceedings of the ACM SIGCOMM 2011 conference
SimGrid MC: verification support for a multi-API simulation platform
FMOODS'11/FORTE'11 Proceedings of the joint 13th IFIP WG 6.1 and 30th IFIP WG 6.1 international conference on Formal techniques for distributed systems
Practical software model checking via dynamic interface reduction
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Towards reliable storage systems
Towards reliable storage systems
Making the common case the only case with anticipatory memory allocation
ACM Transactions on Storage (TOS)
Accurate theorem proving for program verification
ISoLA'04 Proceedings of the First international conference on Leveraging Applications of Formal Methods
Path-Sensitive dataflow analysis with iterative refinement
SAS'06 Proceedings of the 13th international conference on Static Analysis
Finding bugs in network protocols using simulation code and protocol-specific heuristics
ICFEM'05 Proceedings of the 7th international conference on Formal Methods and Software Engineering
Optimized execution of deterministic blocks in java pathfinder
ICFEM'06 Proceedings of the 8th international conference on Formal Methods and Software Engineering
Checking memory safety with blast
FASE'05 Proceedings of the 8th international conference, held as part of the joint European Conference on Theory and Practice of Software conference on Fundamental Approaches to Software Engineering
Context-Bounded model checking of concurrent software
TACAS'05 Proceedings of the 11th international conference on Tools and Algorithms for the Construction and Analysis of Systems
FMOODS'05 Proceedings of the 7th IFIP WG 6.1 international conference on Formal Methods for Open Object-Based Distributed Systems
Concrete model checking with abstract matching and refinement
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Model checking x86 executables with codesurfer/x86 and WPDS++
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
An incremental heap canonicalization algorithm
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
Software model checking: searching for computations in the abstract or the concrete
IFM'05 Proceedings of the 5th international conference on Integrated Formal Methods
Automatic parallelization of fine-grained meta-functions on a chip multiprocessor
CGO '11 Proceedings of the 9th Annual IEEE/ACM International Symposium on Code Generation and Optimization
Automated analysis of AODV using UPPAAL
TACAS'12 Proceedings of the 18th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Towards LTL model checking of unmodified thread-based c & c++ programs
NFM'12 Proceedings of the 4th international conference on NASA Formal Methods
Challenges of a Validation Process Based on Models: An Industrial Case Study
Bell Labs Technical Journal
BloomUnit: declarative testing for distributed programs
DBTest '12 Proceedings of the Fifth International Workshop on Testing Database Systems
Adversarial testing of wireless routing implementations
Proceedings of the sixth ACM conference on Security and privacy in wireless and mobile networks
AMC: verifying user interface properties for vehicular applications
Proceeding of the 11th annual international conference on Mobile systems, applications, and services
Sequence numbers do not guarantee loop freedom: AODV can yield routing loops
Proceedings of the 16th ACM international conference on Modeling, analysis & simulation of wireless and mobile systems
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
ACM SIGOPS 24th Symposium on Operating Systems Principles
Parrot: a practical runtime for deterministic, stable, and reliable threads
Proceedings of the Twenty-Fourth ACM Symposium on Operating Systems Principles
Distributed LTL Model Checking with Hash Compaction
Electronic Notes in Theoretical Computer Science (ENTCS)
FORMATS'13 Proceedings of the 11th international conference on Formal Modeling and Analysis of Timed Systems
Automatic parallelization of fine-grained metafunctions on a chip multiprocessor
ACM Transactions on Architecture and Code Optimization (TACO)
Counterexample-guided abstraction refinement for linear programs with arrays
Automated Software Engineering
DECAF: detecting and characterizing ad fraud in mobile apps
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Software dataplane verification
NSDI'14 Proceedings of the 11th USENIX Conference on Networked Systems Design and Implementation
Hi-index | 0.00 |
Many system errors do not emerge unless some intricate sequence of events occurs. In practice, this means that most systems have errors that only trigger after days or weeks of execution. Model checking [4] is an effective way to find such subtle errors. It takes a simplified description of the code and exhaustively tests it on all inputs, using techniques to explore vast state spaces efficiently. Unfortunately, while model checking systems code would be wonderful, it is almost never done in practice: building models is just too hard. It can take significantly more time to write a model than it did to write the code. Furthermore, by checking an abstraction of the code rather than the code itself, it is easy to miss errors.The paper's first contribution is a new model checker, CMC, which checks C and C++ implementations directly, eliminating the need for a separate abstract description of the system behavior. This has two major advantages: it reduces the effort to use model checking, and it reduces missed errors as well as time-wasting false error reports resulting from inconsistencies between the abstract description and the actual implementation. In addition, changes in the implementation can be checked immediately without updating a high-level description.The paper's second contribution is demonstrating that CMC works well on real code by applying it to three implementations of the Ad-hoc On-demand Distance Vector (AODV) networking protocol [7]. We found 34 distinct errors (roughly one bug per 328 lines of code), including a bug in the AODV specification itself. Given our experience building systems, it appears that the approach will work well in other contexts, and especially well for other networking protocols.