Skip to main content
SpringerLink
Log in

A Flexible Framework for the Estimation of Coverage Metrics in Explicit State Software Model Checking

  • Conference paper
Book cover Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3362))

Abstract

Explicit-State Model Checking is a well-studied technique for the verification of concurrent programs. Due to exponential costs associated with model checking, researchers often focus on applying model checking to software units rather than whole programs. Recently, we have introduced a framework that allows developers to specify and model check rich properties of Java software units using the Java Modeling Language (JML). An often overlooked problem in research on model checking software units is the problem of environment generation: how does one develop code for a test harness (representing the behaviors of contexts in which a unit may eventually be deployed) for the purpose of driving the unit being checked along relevant execution paths?

In this paper, we build on previous work in the testing community and we focus on the use of coverage information to assess the appropriateness of environments and to guide the design/modification of environments for model checking software units. A novel aspect of our work is the inclusion of specification coverage of JML specifications in addition to code coverage in an approach for assessing the quality of both environments and specifications. To study these ideas, we have built a framework called MAnTA on top of the Bogor Software Model Checking Framework that allows the integration of a variety of coverage analyses with the model checking process. We show how we have used this framework to add two different types of coverage analysis to our model checker (Bogor) and how it helped us find coverage holes in several examples. We make an initial effort to describe a methodology for using code and specification coverage to aid in the development of appropriate environments and JML specifications for model checking Java units.

This work was supported in part by the U.S. Army Research Office (DAAD190110564), by DARPA/IXO’s PCES program (AFRL Contract F33615-00-C-3044), by NSF (CCR-0306607), by Lockheed Martin, and by Rockwell-Collins.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ball, T., Rajamani, S.K.: The slam toolkit. In: Proceedings of the 13th International Conference on Computer Aided Verification, pp. 260–264. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  2. Binder, R.V.: Testing object-oriented systems: models, patterns, and tools. Addison-Wesley, Longman Publishing Co., Inc. (1999)

    Google Scholar 

  3. Brat, G., Havelund, K., Park, S., Visser, W.: Java PathFinder – a second generation of a Java model-checker. In: Proceedings of the Workshop on Advances in Verification (July 2000)

    Google Scholar 

  4. Chockler, H., Kupferman, O., Kurshan, R., Vardi, M.: A practical approach to coverage in model checking. In: Berry, G., Comon, H., Finkel, A. (eds.) CAV 2001. LNCS, vol. 2102, pp. 66–78. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  5. Dwyer, M.B., Hatcliff, J., Prasad, V.R., Robby: Exploiting object escape and locking information in partial order reductions for concurrent object-oriented programs. Formal Methods in System Designs (2004) (to appear)

    Google Scholar 

  6. Dwyer, M.B., Hatcliff, J., Schmidt, D.: Bandera: Tools for automated reasoning about software system behaviour. ERCIM News 36 (January 1999)

    Google Scholar 

  7. Engler, D.R., Musuvathi, M.: Static analysis versus software model checking for bug finding. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 191–210. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  8. Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns. Addison-Wesley Pub. Co., Reading (1995)

    Google Scholar 

  9. Groce, A., Visser, W.: Model checking java programs using structural heuristics. In: Proceedings of the International Symposium on Software Testing and Analysis, pp. 12–21. ACM Press, New York (2002)

    Chapter  Google Scholar 

  10. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proceedings of the 29th ACM Symposium on Principles of Programming Languages, pp. 58–70 (January 2002)

    Google Scholar 

  11. Holzmann, G.J.: The model checker SPIN. IEEE Transactions on Software Engineering 23(5), 279–294 (1997)

    Article  MathSciNet  Google Scholar 

  12. Holzmann, G.J., Smith, M.H.: A practical method for verifying event-driven software. In: Proceedings of the 21st international conference on Software engineering, pp. 597–607. IEEE Computer Society Press, Los Alamitos (1999)

    Chapter  Google Scholar 

  13. Hoskote, Y., Kam, T., Ho, P.-H., Zhao, X.: Coverage estimation for symbolic model checking. In: Proceedings of the 36th ACM/IEEE Design automation conference, pp. 300–305. ACM Press, New York (1999)

    Chapter  Google Scholar 

  14. Kupferman, O., Vardi, M.: Vacuity detection in temporal model checking. In: Pierre, L., Kropf, T. (eds.) CHARME 1999. LNCS, vol. 1703, pp. 82–98. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  15. Lea, D.: Concurrent Programming in Java, 2nd edn. Addison-Wesley, Reading (2000)

    Google Scholar 

  16. Leavens, G.T., Baker, A.L., Ruby, C.: JML: a Java modeling language. In: Formal Underpinnings of Java Workshop (October 1998)

    Google Scholar 

  17. Musuvathi, M., Engler, D.R.: Model checking large network protocol implementations. In: Proceedings of The First Symposium on Networked Systems Design and Implementation, pp. 155–168. USENIX Association (2004)

    Google Scholar 

  18. Penix, J., Visser, W., Engstrom, E., Larson, A., Weininger, N.: Verification of time partitioning in the deos scheduler kernel. In: Proceedings of the 22nd international conference on Software engineering, pp. 488–497. ACM Press, New York (2000)

    Google Scholar 

  19. Robby, M.B.D., Hatcliff, J.: Bogor: An extensible and highly-modular model checking framework. In: Proceedings of the 9th European Software Engineering Conference held jointly with the 11th ACM SIGSOFT Symposium on the Foundations of Software Engineering (2003)

    Google Scholar 

  20. Robby, E.R., Dwyer, M., Hatcliff, J.: Checking strong specifications using an extensible software model checking framework. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 404–420. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  21. Tkachuk, O., Dwyer, M., Pasareanu, C.: Automated environment generation for software model checking. In: Proceedings of the 18th International Conference on Automated Software Engineering (October 2003)

    Google Scholar 

  22. Tkachuk, O., Dwyer, M.B.: Adapting side effects analysis for modular program model checking. In: Proceedings of the Fourth joint meeting of the European Software Engineering Conference and ACM SIGSOFT Symposium on the Foundations of Software Engineering (September 2003)

    Google Scholar 

  23. Zhu, H., Hall, P., May, J.: Software unit test coverage and adequacy. ACM Computing Surveys 29(4), 366–427 (1997)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Computing and Information Sciences, Kansas State University, 234 Nichols Hall, Manhattan, KS, 66506, USA

    Edwin Rodríguez, Matthew B. Dwyer, John Hatcliff &  Robby

Authors
  1. Edwin Rodríguez
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Matthew B. Dwyer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. John Hatcliff
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Robby
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software, Madrid, Spain

    Gilles Barthe

  2. INRIA Sophia Antipolis, France

    Lilian Burdy  & Marieke Huisman  & 

  3. Gemalto, France

    Jean-Louis Lanet

  4. Ecole Supérieure D’Ingénieurs de Luminy - Case 925 - ESIL Parc Scientifique, Université de la Méditerranée, 13288, Marseille, France

    Traian Muntean

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rodríguez, E., Dwyer, M.B., Hatcliff, J., Robby (2005). A Flexible Framework for the Estimation of Coverage Metrics in Explicit State Software Model Checking. In: Barthe, G., Burdy, L., Huisman, M., Lanet, JL., Muntean, T. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2004. Lecture Notes in Computer Science, vol 3362. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30569-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30569-9_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-24287-1

  • Online ISBN: 978-3-540-30569-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation