Bandera: Extracting Finitestate Models from Java Source Code - PowerPoint PPT Presentation

1 / 25
About This Presentation
Title:

Bandera: Extracting Finitestate Models from Java Source Code

Description:

Automatic specification verification. Covers all possible paths in the model ... Verification tools use an specification language. Requirement Specification Problem ... – PowerPoint PPT presentation

Number of Views:65
Avg rating:3.0/5.0
Slides: 26
Provided by: christian104
Category:

less

Transcript and Presenter's Notes

Title: Bandera: Extracting Finitestate Models from Java Source Code


1
Bandera Extracting Finite-state Models from Java
Source Code
  • James C. Corbett (Hawaii)
  • Matthew B. Dwyer, John Hatcliff, Shawn Laubach,
    Corina S. Pasareanu, Robby, Hongjun Zheng (KSU)
  • Presented by Christian Almazan
  • 18 November 2003 (CMSC 631)

2
Model Checking in One Slide
Verified
  • Model Checker
  • SPIN
  • dSPIN
  • SMV

Finite-State Model
Counter-Example
  • Temporal Logic Formula
  • Linear Temporal Logic (LTL)
  • Computation Tree Logic (CTL)
  • Automatic specification verification
  • Covers all possible paths in the model
  • Popular in hardware and protocol verification

3
Difficulty in BringingModel Checking to Software
  • State-Explosion Problem
  • States increase exponentially as program size
    grows
  • Model Construction Problem
  • Development in a general-purpose language
  • Verification tools use an specification language
  • Requirement Specification Problem
  • Specification languages tend to be mathematical
  • Hard to use, read, debug, very lengthy
  • Output Interpretation Problem
  • Counter-example long and complex
  • Hard to map directly to source code

4
Problems in Previous Efforts
  • Monolithic Approach
  • Model checker for a specific language (Erlang)
  • Difficult to place newer model checking
    techniques
  • Source Code ? Verifier Input Language
  • Translates program directly from source code
  • JCAT or Java PathFinder to PROMELA for SPIN
  • Program Size Increases Exponential State Growth
  • Combined Problems
  • Keeps developers tied to one technology
  • Limited support for control and data abstraction

5
Overcoming Obstacles Bandera
  • Use proven model checkers
  • SPIN, dSPIN, Java PathFinder
  • Automated transformations
  • Compacting number of states
  • Use individual models for each property
  • Design for extensibility
  • Build individual components
  • Create a friendly environment
  • Familiar, uniform, specifications easy to learn
  • Leveraged for testing, debugging, and simulation

6
Bandera Components
7
Program Infrastructure
  • Built on top of the Soot compiler framework
  • Uses control-flow graph language Jimple
  • Language used by all middleware components
  • Java-to-Jimple-to-Java Compiler (JJJC)
  • Easily use internal tools and return Java code
  • Allows model checker counter-examples to be
    mapped back into original Java source code

8
Property Specification
  • Bandera Specification Language (BSL)
  • Collection of temporal specification patterns in
    English
  • Parameterized macros ? LTL or CTL
  • Defined in source code directly using Javadoc
  • Not mathematical like LTL or CTL

9
Bounded Buffer Specification
  • If a buffer becomes full, it will eventually
    become non-full.
  • /
  • _at_observable
  • EXP Full(this) (head tail)
  • FullToNonFull forallbBoundedBuffer
  • !Full(b) responds to Full(b)
    globally
  • /
  • class BoundedBuffer
  • ...

10
Static Analysis
  • Bandera Object Flow Analysis (BOFA)
  • Optimizations data/control analysis
  • Statically collects information about objects
    that may flow into each program expression at
    runtime
  • Associates a set of tokens t1, , tn for a
    particular expression e.
  • ti is a pair (C,s) C is a class name and s is
    where object is created
  • Similar to points to analysis for imperative
    languages and closure analysis used for
    functional programming languages

11
Slicing
In Property
Relevant
  • Given program P and slicing criterion ? based on
    the observables in the specification
  • Does program dependence-based slicing to get a
    reduced version of P
  • dependences data, control, interference, ready,
    wait
  • backwards slicing
  • Effectiveness based on structure of program

12
Abstract Interpretation
  • Further reductions through data abstraction
  • Useful when specification does not need concrete
    values, but only properties of values
  • Developers aid abstraction libraries Bandera
    Abstraction Specification Library (BASL)
  • Utilizes the PVS theorem prover
  • Examples
  • integers to signs positive, zero, negative
  • vector items ItemInVector, ItemNotInVector

13
Back End Model Generation
  • Bandera Intermediate Representation language
    (BIR)
  • Jimple-BIR BIR Constructor
  • Used between Bandera components and model checker
    input languages
  • Model checker writers only need to write a
    translator from BIR to their input language
  • BIR contains higher-level constructs to model
    Java code more efficiently
  • locks, threads, references, heap

14
Bandera Components
15
Using Bandera
  • Launch the Bandera User Interface (BUI) from the
    command line
  • Future runs save which components you want to
    use in session files

16
Counter-Example Overview
  • Counter-example with a thousand states?!?!
  • Bandera provides debugger-like features
  • map states to source code
  • program tracing
  • create checkpoints
  • keep track of variables and objects
  • UML-like object displays
  • lock graphs

17
Counter-ExampleProgram Tracing
18
Counter-ExampleLock Graph
19
Counter-ExampleObject Viewer
20
Mandatory Performance Slide
Threaded Pipeline b basic d defective
variant r response property p precedence
property n no reductions s slicing a slicing
data abstraction
21
When to Use Model Checking
  • Control-related properties
  • assertions
  • pre- and post-conditions
  • simple data invariants
  • Container objects
  • stacks
  • queues
  • Verifying concurrent behavior
  • Necessity for counter-examples
  • Automatic property verification of source code

22
Analysis Not Appropriate for Model Checking
  • Data-related properties
  • Verification of sorting algorithms
  • Use other formal methods instead (theorem
    proving)
  • Where static dataflow analysis is better
  • array-bounds errors
  • buffer overruns
  • null-pointer de-referencing

23
The Future of Bandera
  • Bandera 0.3b2 Summer 2003
  • Bandera 1.0 Summer 2004
  • No more command line startup
  • Collection of plug-ins for the Eclipse IDE
  • All features re-deigned, re-implemented, re-done
  • Future of Model Checking? Bogor (KSU)
  • Forget supporting other model checkers in Bandera
  • Bogor is a big step in model checking?

24
Links and Related Work
  • Try Me!
  • http//bandera.projects.cis.ksu.edu/
  • Visit Citeseer for abstraction and slicing papers
  • Model Checkers SPIN, dSPIN, JPF
  • Source Code Translators JPF, JCAT
  • Many More! Use Google!

25
Questions?
  • Learn anything from this talk or the class?
  • Would you use model checking? If so, when?
  • Do you like the push for the original Bandera?
  • Using only Eclipse a good idea?
  • Why stop supporting other model checkers?
  • Support their own tool Bogor?
  • Too time consuming writing BIR translators?
  • A dream writing BIR, universal language?
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Bandera: Extracting Finitestate Models from Java Source Code" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!