Model-Checking Multi-threaded Distributed Java Programs

State-space exploration is a powerful technique for verification of concurrent software systems. Applying it to software systems written in standard programming languages requires powerful abstractions (of data) and reductions (of atomicity), which focus on simplifying the data and control, respectively, by aggregation. We propose a reduction that exploits a common pattern of synchronization, namely, the use of locks to protect shared data structures. This pattern of synchronization is particularly common in concurrent Java programs, because Java provides built-in locks. We describe the design of a new tool for state-less state-space exploration of Java programs that incorporates this reduction. We also describe an implementation of the reduction in Java PathFinder, a more traditional state-space exploration tool for Java programs.

[1]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[2]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[3]  Derek L. Bruening Systematic testing of multithreaded Java programs , 1999 .

[4]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[5]  Gerard J. Holzmann,et al.  An improvement in formal verification , 1994, FORTE.

[6]  Michael Burrows,et al.  Eraser: a dynamic data race detector for multithreaded programs , 1997, TOCS.

[7]  James C. Corbett,et al.  Using shape analysis to reduce finite-state models of concurrent Java programs , 2000, TSEM.

[8]  Martín Abadi,et al.  Types for Safe Locking , 1999, ESOP.

[9]  Butler W. Lampson,et al.  Experience with processes and monitors in Mesa , 1980, CACM.

[10]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[11]  Antti Valmari,et al.  The State Explosion Problem , 1996, Petri Nets.

[12]  Tadao Murata,et al.  An Application of Petri Net Reduction for Ada Tasking Deadlock Analysis , 1996, IEEE Trans. Parallel Distributed Syst..

[13]  Richard J. Lipton,et al.  Reduction: a method of proving properties of parallel programs , 1975, CACM.

[14]  Leslie Lamport,et al.  Reduction in TLA , 1998, CONCUR.

[15]  K. Rustan M. Leino,et al.  Extended static checking , 1998, PROCOMET.

[16]  Robert S. Hanmer,et al.  Model checking without a model: an analysis of the heart-beat monitor of a telephone switch using VeriSoft , 1998, ISSTA '98.

[17]  Stephen N. Freund,et al.  Type-based race detection for Java , 2000, PLDI '00.

[18]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[19]  Radu Iosif,et al.  A deadlock detection tool for concurrent Java programs , 1999, Softw. Pract. Exp..

[20]  Martin C. Rinard,et al.  Compositional pointer and escape analysis for Java programs , 1999, OOPSLA '99.

[21]  Klaus Havelund,et al.  Applying Model Checking in Java Verification , 1999, SPIN.

[22]  David Gries,et al.  The Science of Programming , 1981, Text and Monographs in Computer Science.