Automatic verification of finite-state concurrent systems using temporal logic specifications
ACM Transactions on Programming Languages and Systems (TOPLAS)
Data flow analysis is model checking of abstract interpretations
POPL '98 Proceedings of the 25th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Bandera: extracting finite-state models from Java source code
Proceedings of the 22nd international conference on Software engineering
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Bebop: A Symbolic Model Checker for Boolean Programs
Proceedings of the 7th International SPIN Workshop on SPIN Model Checking and Software Verification
An Optimizing Compiler for Efficient Model Checking
FORTE XII / PSTV XIX '99 Proceedings of the IFIP TC6 WG6.1 Joint International Conference on Formal Description Techniques for Distributed Systems and Communication Protocols (FORTE XII) and Protocol Specification, Testing and Verification (PSTV XIX)
Bogor: an extensible and highly-modular software model checking framework
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
A context-sensitive structural heuristic for guided search model checking
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Software verification with BLAST
SPIN'03 Proceedings of the 10th international conference on Model checking software
Model checking machine code with the GNU debugger
SPIN'05 Proceedings of the 12th international conference on Model Checking Software
On-the-fly dynamic dead variable analysis
Proceedings of the 14th international SPIN conference on Model checking software
RWset: attacking path explosion in constraint-based test generation
TACAS'08/ETAPS'08 Proceedings of the Theory and practice of software, 14th international conference on Tools and algorithms for the construction and analysis of systems
Application of static analyses for state space reduction to microcontroller assembly code
FMICS'07 Proceedings of the 12th international conference on Formal methods for industrial critical systems
Application of static analyses for state-space reduction to the microcontroller binary code
Science of Computer Programming
Electronic Notes in Theoretical Computer Science (ENTCS)
| Hi-index | 0.01 |
Explicit state enumeration model checking for software is a kind of formal verification in which the reachable states of a software artifact are generated using an exhaustive search algorithm. The limiting factor in explicit software model checking is the size of the hash table of visited states used to avoid duplicate work and detect termination. The size of the hash table can be reduced by identifying and ignoring dead variables. We present a new kind of dead variable analysis that combines the usual static dead variable analysis with a specialized data flow analysis and an incomplete forward simulation to identify dead variables based on variable valuations at run time. The analysis is implemented in an explicit model checker for machine code programs on embedded processors. The analysis is most effective for code segments with pointers and nested conditional expressions in which disjoint sets of variables are used in each branch. Results for an ideal synthetic program are quite encouraging while results for three non-synthetic programs are more modest. The results suggest that the run-time portion of the analysis should only be performed on code segments which contain pointer dereferences and nested branches. Segments with these properties can be identified statically. The results also suggest that the analysis will result in a larger reduction using a specialized hash table.