Evaluating the Effectiveness of Slicing for Model Reduction of Concurrent Object-Oriented Programs

Model checking techniques have proven effective for checking a number of non-trivial concurrent object-oriented software systems. However, due to the high computational and memory costs, a variety of model reduction techniques are needed to overcome current limitations on applicability and scalability. Conventional wisdom holds that static program slicing can be an effective model reduction technique, yet anecdotal evidence is mixed, and there has been no work that has systematically studied the costs/benefits of slicing for model reduction in the context of model checking source code for realistic systems. In this paper, we present an overview of the sophisticated Indus program slicer that is capable of handling full Java and is readily applicable to interesting off-the-shelf concurrent Java programs. Using the Indus program slicer as part of the next generation of the Bandera model checking framework, we experimentally demonstrate significant benefits from using slicing as a fully automatic model reduction technique. Our experimental results consider a number of Java systems with varying structural properties, the effects of combining slicing with other well-known model reduction techniques such as partial order reductions, and the effects of slicing for different classes of properties. Our conclusions are that slicing concurrent object-oriented source code provides significant reductions that are orthogonal to a number of other reduction techniques, and that slicing should always be applied due to its automation and low computational costs.

[1]  Patrice Godefroid,et al.  Dynamic partial-order reduction for model checking software , 2005, POPL '05.

[2]  Jens Krinke,et al.  Static slicing of threaded programs , 1998, PASTE '98.

[3]  Scott D. Stoller,et al.  Model-checking multi-threaded distributed Java programs , 2000, International Journal on Software Tools for Technology Transfer.

[4]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching Time Temporal Logic , 2008, 25 Years of Model Checking.

[5]  James C. Corbett,et al.  A Formal Study of Slicing for Multi-threaded Programs with JVM Concurrency Primitives , 1999, SAS.

[6]  Laurie Hendren,et al.  Soot---a java optimization framework , 1999 .

[7]  Matthew B. Dwyer,et al.  Slicing Software for Model Construction , 2000, High. Order Symb. Comput..

[8]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[9]  Matthew B. Dwyer,et al.  Space Reductions for Model Checking Quasi-Cyclic Systems , 2003, EMSOFT.

[10]  Marius Bozga,et al.  IF: A Validation Environment for Timed Asynchronous Systems , 2000, CAV.

[11]  Gregg Rothermel,et al.  Infrastructure support for controlled experimentation with software testing and regression testing techniques , 2004, Proceedings. 2004 International Symposium on Empirical Software Engineering, 2004. ISESE '04..

[12]  Matthew B. Dwyer,et al.  Bogor: an extensible and highly-modular software model checking framework , 2003, ESEC/FSE-11.

[13]  Radu Iosif,et al.  Symmetry Reduction Criteria for Software Model Checking , 2002, SPIN.

[14]  Frank Tip,et al.  A survey of program slicing techniques , 1994, J. Program. Lang..

[15]  Matthew B. Dwyer,et al.  Exploiting Object Escape and Locking Information in Partial-Order Reductions for Concurrent Object-Oriented Programs , 2004, Formal Methods Syst. Des..

[16]  Alex Groce,et al.  Model checking Java programs using structural heuristics , 2002, ISSTA '02.

[17]  Susanne Graf,et al.  Verification experiments on the MASCARA protocol , 2001, SPIN '01.

[18]  Javier Esparza,et al.  jMoped: A Java Bytecode Checker Based on Moped , 2005, TACAS.

[19]  W. Visser,et al.  Second Generation of a Java Model Checker , 2000 .

[20]  Lori A. Clarke,et al.  A Formal Model of Program Dependences and Its Implications for Software Testing, Debugging, and Maintenance , 1990, IEEE Trans. Software Eng..

[21]  John Hatcliff,et al.  Pruning Interference and Ready Dependence for Slicing Concurrent Java Programs , 2004, CC.

[22]  M. Robby,et al.  Bogor : An Extensible and Highly Modular Model Checking Framework , 2003 .

[23]  Jacob A. Abraham,et al.  Formal verification of a system-on-chip using computation slicing , 2004, 2004 International Conferce on Test.

[24]  Patrice Godefroid,et al.  Partial-Order Methods for the Verification of Concurrent Systems , 1996, Lecture Notes in Computer Science.

[25]  Venkatesh Prasad Ranganath,et al.  OBJECT-FLOW ANALYSIS FOR OPTIMIZING FINITE-STATE MODELS OF JAVA SOFTWARE , 2002 .

[26]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[27]  John Hatcliff,et al.  Kaveri: Delivering the Indus Java Program Slicer to Eclipse , 2005, FASE.

[28]  James C. Corbett,et al.  Expressing checkable properties of dynamic systems: the Bandera Specification Language , 2002, International Journal on Software Tools for Technology Transfer.

[29]  Matthew B. Dwyer,et al.  Tool-supported program abstraction for finite-state verification , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[30]  Masahiro Fujita,et al.  Program Slicing of Hardware Description Languages , 1999, CHARME.

[31]  Matthew B. Dwyer,et al.  A new foundation for control dependence and slicing for modern program structures , 2005, TOPL.

[32]  Lynette I. Millett,et al.  Slicing Promela and its Applications to Model Checking, Simulation, and Protocol Understanding , 2002 .

[33]  Mangala Gowri Nanda,et al.  Slicing concurrent programs , 2000, ISSTA '00.

[34]  Matthew B. Dwyer,et al.  Space-Reduction Strategies for Model Checking Dynamic Software , 2003, SoftMC@CAV.

[35]  Gregory R. Andrews,et al.  Concurrent programming - principles and practice , 1991 .