article

Free access

Using shape analysis to reduce finite-state models of concurrent Java programs

Editor: Axel van Lamsweerde Author:

James C. CorbettAuthors Info & Claims

ACM Transactions on Software Engineering and Methodology (TOSEM), Volume 9, Issue 1

Pages 51 - 93

https://doi.org/10.1145/332740.332741

Published: 01 January 2000 Publication History

Abstract

Finite-state verification (e.g., model checking) provides a powerful means to detect concurrency errors, which are often subtle and difficult to reproduce. Nevertheless, widespread use of this technology by developers is unlikely until tools provide automated support for extracting the required finite-state models directly from program source. Unfortunately, the dynamic features of modern languages such as Java complicate the construction of compact finite-state models for verification. In this article, we show how shape analysis, which has traditionally been used for computing alias information in optimizers, can be used to greatly reduce the size of finite-state models of concurrent Java programs by determining which heap-allocated variables are accessible only by a single thread, and which shared variables are protected by locks. We also provide several other state-space reductions based on the semantics of Java monitors. A prototype of the reductions demonstrates their effectiveness.

References

[1]

ASHCROFT, E. AND MANNA, Z. 1971. Formalization of properties of parallel programs. Mach. Intell. 6, 1, 17-41.

[2]

AVRUNIN, G. S., BuY, U. A., CORBETT, J. C., DILLON, L. K., AND WILEDEN, J. C. 1991. Automated analysis of concurrent systems with the constrained expression toolset. IEEE Trans. Softw. Eng. 17, 11 (Nov.), 1204-1222.

[3]

BULTAN, T., FISCHER, J., AND GERBER, R. 1996. Compositional verification by model checking for counter-examples. SIGSOFT Softw. Eng. Notes 21, 3, 224-238.

[4]

BULTAN, T., GERBER, R., AND LEAGUE, C. 1998. Verifying systems with integer constraints and Boolean predicates: a composite approach. SIGSOFT Softw. Eng. Notes 23, 2, 113-123.

[5]

BURCH, J. R., CLARKE, E. M., MCMILLAN, K. L., DILL, D. L., AND HWANG, L.J. 1990. Symbolic model checking: 1020 states and beyond. In Proceedings of the 5th Annual IEEE Symposium on Logic in Computer Science (LICS '90, June), IEEE Press, Piscataway, NJ, 428-439.

[6]

CHASE, D. R., WEGMAN, M., AND ZADECK, F. K. 1990. Analysis of pointers and structures. SIGPLAN Not. 25, 6 (June), 296-310.

[7]

CHEUNG, S. C. AND KRAMER, J. 1993. Enhancing compositional reachability analysis with context constraints. In Proceedings of the 1st ACM SIGSOFT International Symposium on the Foundations of Software Engineering (SIGSOFT '93, Los Angeles, CA, Dec.), ACM Press, New York, NY, 115-125.

[8]

CLEAVELAND, R., FARROW, g., AND STEFFEN, B. 1993. The concurrency workbench: a semanticsbased tool for the verification of concurrent systems. ACM Trans. Program. Lang. Syst. 15, 1 (Jan. 1993), 36-72.

[9]

CORBETT, J. C. 1996a. Evaluating deadlock detection methods for concurrent software. IEEE Trans. Softw. Eng. 22, 3 (Mar.), 161-180.

[10]

CORBETT, J. C. 1996b. Timing analysis of Ada tasking programs. IEEE Trans. Softw. Eng. 22, 7, 461-483.

[11]

CORBETT, J. C. 1998. Constructing compact models of concurrent Java programs. SIGSOFT Softw. Eng. Notes 23, 2, 1-10.

[12]

COUSOT, P. AND COUSOT, R. 1977. Abstract interpretation: A unified lattice model for static analysis of programs by construction of approximation of fixed points. In Proceedings of the 4th ACM Symposium on the Principles of Programming Languages (Jan.), ACM, New York, NY, 238-252.

[13]

DILL, D. L., DREXLER, A. J., Hu, A. J., AND YANG, C. H. 1992. Protocol verification as a hardware design aid. In Proceedings of the 1992 IEEE International Conference on Computer Design: VLSI in Computers and Processors (Cambridge, MA, Oct. 11-14), IEEE Computer Society, Washington, DC, 522-525.

[14]

DURI, S., BuY, U., DEVARAPALLI, R., AND SHATZ, S. M. 1993. Using state space reduction methods for deadlock analysis in Ada tasking. SIGSOFT Softw. Eng. Notes 18, 3 (July 1993), 51-60.

[15]

DWYER, M. B. AND CLARKE, L.A. 1994. Data flow analysis for verifying properties of concurrent programs. In Proceedings of the 2nd ACM SIGSOFT Symposium on the Foundations of Software Engineering (SIGSOFT '94, New Orleans, LA, Dec.), ACM Press, New York, NY, 62-75.

[16]

DWYER, M. B., AVRUNIN, G. S., AND CORBETT, J. C. 1999. Patterns in property specifications for finite-state verification. In Proceedings of the International Conference on Software Engineering (ICSE '99, May), IEEE Press, Piscataway, NJ.

[17]

GODEFROID, P. AND WOLPER, P. 1991. Using partial orders for the efficient verification of deadlock freedom and safety properties. In Proceedings of the 3rd International Conference on Computer Aided Verification (CAV '91, Aalborg, Denmark, July), Springer Lecture Notes in Computer Science, vol. 575. Springer-Verlag, Berlin, Germany, 332-342.

[18]

GOSLING, J., JoY, B., AND STEELE, a. 1996. The Java Language Specification. Addison-Wesley, Reading, MA.

[19]

HATCLIFF, J., CORBETT, J. C., DWYER, M. B., SOKOLOWSKI, S., AND ZHENG, H. 1999. A formal study of slicing for multi-threaded programs with JVM concurrency primitives. Tech. Rep. KSU CIS TR 99-6. Kansas State Univ., Manhattan, KS.

[20]

HATCLIFF, J., DWYER, M. B., AND LAUBACH, S. 1998. Staging static analyses using abstractionbased proggram specialization. In Proceedings of the l Oth International Symposium on Principles of Declarative Programming (PDP '98), Springer Lecture Notes in Computer Science, vol. 1490. Springer-Verlag, Vienna, Austria.

[21]

HAVELUND, K. AND PRESSBURGER, T. 2000. Model checking Java programs using Java PathFinder. Int. J. Softw. Tools Tech. Transfer. To be published.

[22]

HOLZMANN, G.J. 1997. The model checker SPIN. IEEE Trans. Softw. Eng. 23, 5, 279-295.

[23]

HOLZMANN, G.J. 1998. Designing executable abstractions. In Proceedings of the 2nd Workshop on Formal Methods in Software Practice (FMSP'98, Clearwater Beach, FL, Mar. 4-5), M. Ardis and J. Atlee, Eds. ACM Press, New York, NY, 103-108.

[24]

IOSIF, R., DEMARTINI, C., AND SISTO, R. 1998. Modeling and validation of Java multithreaded applications using SPIN. In Proceedings of the 4th SPIN Workshop (Paris, France, Nov.),

[25]

JACKSON, D. AND DAMON, C.A. 1996. Elements of style: Analyzing a software design feature with a counterexample detector. SIGSOFT Softw. Eng. Notes 21, 3, 239-249.

[26]

LANDI, W. AND RYDER, B. G. 1991. Pointer-induced aliasing: A problem taxonomy. In Proceedings of the 18th Annual ACM Symposium on Principles of Programming Languages (POPL '91, Orlando, FL, Jan. 21-23), D. Wise, Ed. ACM Press, New York, NY, 93-103.

[27]

LEA, D. 1997. Concurrent Programming in Java: Design Principles and Patterns. Addison-Wesley, Reading, MA.

[28]

LICHTENSTEIN, O. AND PNEULI, A. 1985. Checking that finite state concurrent programs satisfy their linear specifications. In Proceedings of the 12th ACM Symposium on the Principles of Programming Langauges (POPL '85), ACM, New York, NY, 97-105.

[29]

LINDHOLM, T. AND YELLIN, F. 1997. The Java Virtual Machine Specification. Addison-Wesley, Reading, MA.

[30]

MASTICOLA, S. P. AND RYDER, B. G. 1990. Static infinite wait anomaly detection in polynomial time. In Proceedings of the International Conference on Parallel Processing, 78-87.

[31]

MAZURKIEWICZ, A. 1989. Basic notions of trace theory. In Linear Time, Branching Time and Partial Orders in Logics and Models for Concurrency, J. W. De Bakker, W. -P. de Roever, and G. Rozenberg, Eds. Springer Lecture Notes in Computer Science, vol. 354. Springer-Verlag, Vienna, Austria, 285-363.

[32]

MCMILLAN, K. L. 1993. Symbolic Model Checking. Kluwer Academic Publishers, Hingham, MA.

[33]

MURATA, T., SHATZ, S. M., AND SHENKER, B. 1989. Detection of Ada static deadlocks using Petri net invariants. IEEE Trans. Softw. Eng. 15, 3 (Mar. 1989), 314-326.

[34]

NAUMOVICH, G., AVRUNIN, G. S., AND CLARKE, L.A. 1999. Data flow analysis for checking properties of concurrent Java programs. In Proceedings of the International Conference on Software Engineering (ICSE '99, May), IEEE Press, Piscataway, NJ.

[35]

PELED, D. 1993. All for one, one for all: On model checking with representatives. In Proceedings of the 5th International Conference on Computer-Aided Verification (CAV '93, Elounda, Greece, June), C. Courcoubetis, Ed. Lecture Notes in Computer Science, vol. 697. Springer-Verlag, New York, 409-423.

[36]

SAGIV, M., REPS, T., AND WILHELM, R. 1998. Solving shape-analysis problems in languages with destructive updating. ACM Trans. Program. Lang. Syst. 20, 1 (Jan.), 1-50.

[37]

VALMARI, A. 1992. A stubborn attack on state explosion. Formal Methods Syst. Des. 1, 4 (Dec.), 297-322.

[38]

VERMEULEN, A. 1997. Java deadlock. Dr. Dobb's J. 22.

[39]

YEH, W. g. AND YOUNG, M. 1991. Compositional reachability analysis using process algebra. In Proceedings of the symposium on Testing, Analysis, and Verification (TAV4, Victoria, British Columbia, Oct. 8-10, 1991), W. Howden, Ed. ACM Press, New York, NY, 49-59.

[40]

YOUNG, M., TAYLOR, R., FORESTER, K., AND BRODBECK, D. 1989. Integrated concurrency analysis in a software development enviornment. SIGSOFT Softw. Eng. Notes 14, 8 (Dec. 1989), 200-209.

Cited By

Du YGu NCao H(2016)Detecting Deadlocks Involving Diverse Synchronization Mechanisms Using Extended Petri NetsArabian Journal for Science and Engineering10.1007/s13369-016-2367-042:2(913-923)Online publication date: 9-Dec-2016
https://doi.org/10.1007/s13369-016-2367-0
Nikolić ĐSpoto F(2014)Reachability analysis of program variablesACM Transactions on Programming Languages and Systems10.1145/252999035:4(1-68)Online publication date: 3-Jan-2014
https://dl.acm.org/doi/10.1145/2529990
Ding ZZhou MWang S(2014)Ordinary Differential Equation-Based Deadlock DetectionIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2014.231175744:10(1435-1454)Online publication date: Oct-2014
https://doi.org/10.1109/TSMC.2014.2311757
Show More Cited By

Index Terms

Using shape analysis to reduce finite-state models of concurrent Java programs

Recommendations

Constructing compact models of concurrent Java programs

Finite-state verification technology (e.g., model checking) provides a powerful means to detect concurrency errors, which are often subtle and difficult to reproduce. Nevertheless, widespread use of this technology by developers is unlikely until tools ...
Constructing compact models of concurrent Java programs
ISSTA '98: Proceedings of the 1998 ACM SIGSOFT international symposium on Software testing and analysis

Finite-state verification technology (e.g., model checking) provides a powerful means to detect concurrency errors, which are often subtle and difficult to reproduce. Nevertheless, widespread use of this technology by developers is unlikely until tools ...
Managing space for finite-state verification
ICSE '06: Proceedings of the 28th international conference on Software engineering

Finite-state verification (FSV) techniques attempt to prove properties about a model of a system by examining all possible behaviors of that model. This approach suffers from the state-explosion problem, where the size of the model or the analysis costs ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Software Engineering and Methodology

ACM Transactions on Software Engineering and Methodology Volume 9, Issue 1

Jan. 2000

129 pages

ISSN:1049-331X

EISSN:1557-7392

DOI:10.1145/332740

Editor:
Axel van Lamsweerde
Univ. Catholique de Louvain, Louvain-la-Neuve, Belgium

Issue’s Table of Contents

Copyright © 2000 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 January 2000

Published in TOSEM Volume 9, Issue 1

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

15
Total Citations
View Citations
1,028
Total Downloads

Downloads (Last 12 months)96
Downloads (Last 6 weeks)11

Reflects downloads up to 06 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Du YGu NCao H(2016)Detecting Deadlocks Involving Diverse Synchronization Mechanisms Using Extended Petri NetsArabian Journal for Science and Engineering10.1007/s13369-016-2367-042:2(913-923)Online publication date: 9-Dec-2016
https://doi.org/10.1007/s13369-016-2367-0
Nikolić ĐSpoto F(2014)Reachability analysis of program variablesACM Transactions on Programming Languages and Systems10.1145/252999035:4(1-68)Online publication date: 3-Jan-2014
https://dl.acm.org/doi/10.1145/2529990
Ding ZZhou MWang S(2014)Ordinary Differential Equation-Based Deadlock DetectionIEEE Transactions on Systems, Man, and Cybernetics: Systems10.1109/TSMC.2014.231175744:10(1435-1454)Online publication date: Oct-2014
https://doi.org/10.1109/TSMC.2014.2311757
Nyström JEarle CThompson S(2009)Automatic assessment of failure recovery in Erlang applicationsProceedings of the 8th ACM SIGPLAN workshop on ERLANG10.1145/1596600.1596604(23-32)Online publication date: 5-Sep-2009
https://dl.acm.org/doi/10.1145/1596600.1596604
Cozzie AStratton FXue HKing S(2008)Digging for data structuresProceedings of the 8th USENIX conference on Operating systems design and implementation10.5555/1855741.1855759(255-266)Online publication date: 8-Dec-2008
https://dl.acm.org/doi/10.5555/1855741.1855759
Yahav ESagiv M(2008)Verifying safety properties of concurrent heap-manipulating programsACM Transactions on Programming Languages and Systems10.1145/1745312.174531532:5(1-50)Online publication date: 24-May-2008
https://dl.acm.org/doi/10.1145/1745312.1745315
Chen RWotawa F(2006)Diagnosing program errors with light-weighted specificationsProceedings of the 19th international conference on Advances in Applied Artificial Intelligence: industrial, Engineering and Other Applications of Applied Intelligent Systems10.1007/11779568_69(639-649)Online publication date: 27-Jun-2006
https://dl.acm.org/doi/10.1007/11779568_69
Nandivada VDetlefs D(2005)Compile-Time Concurrent Marking Write Barrier RemovalProceedings of the international symposium on Code generation and optimization10.1109/CGO.2005.12(37-48)Online publication date: 20-Mar-2005
https://dl.acm.org/doi/10.1109/CGO.2005.12
Sălcianu ARinard M(2005)Purity and side effect analysis for java programsProceedings of the 6th international conference on Verification, Model Checking, and Abstract Interpretation10.1007/978-3-540-30579-8_14(199-215)Online publication date: 17-Jan-2005
https://dl.acm.org/doi/10.1007/978-3-540-30579-8_14
Chen RKöb DWotawa F(2004)Improving Fault Localization of Programs by Using Labeled DependenciesKI 2004: Advances in Artificial Intelligence10.1007/978-3-540-30221-6_28(366-380)Online publication date: 2004
https://doi.org/10.1007/978-3-540-30221-6_28
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents