Verifying temporal specifications of Java programs

Many Java programs encode temporal behaviors in their source code, typically mixing three features provided by the Java language: (1) pausing the execution for a limited amount of time, (2) waiting for an event that has to occur before a deadline expires, and (3) comparing timestamps. In this work, we show how to exploit modern SMT solvers together with static analysis in order to produce a network of timed automata approximating the temporal behavior of a set of Java threads. We also prove that the presented abstraction preserves the truth of MTL and ATCTL formulae, two well-known logics for expressing timed specifications. As far as we know, this is the first feasible approach enabling the user to automatically model check timed specifications of Java software directly from the source code.

[1]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[2]  Tobias Nipkow,et al.  Javalight is type-safe—definitely , 1998, POPL '98.

[3]  Dirk Beyer,et al.  Algorithms for software model checking: Predicate abstraction vs. Impact , 2012, 2012 Formal Methods in Computer-Aided Design (FMCAD).

[4]  Oded Maler,et al.  On Interleaving in Timed Automata , 2006, CONCUR.

[5]  Leslie Lamport,et al.  A fast mutual exclusion algorithm , 1987, TOCS.

[6]  Martin Pinzger,et al.  Extracting Timed Automata from Java Methods , 2017, 2017 IEEE 17th International Working Conference on Source Code Analysis and Manipulation (SCAM).

[7]  Bernd Fischer,et al.  SMT-Based Bounded Model Checking for Embedded ANSI-C Software , 2012, IEEE Transactions on Software Engineering.

[8]  Thomas A. Henzinger,et al.  The software model checker B last : Applications to software engineering , 2007 .

[9]  Luca Spalazzi,et al.  Accuracy of Message Counting Abstraction in Fault-Tolerant Distributed Algorithms , 2017, VMCAI.

[10]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[11]  Radu Grigore,et al.  Java generics are turing complete , 2016, POPL.

[12]  Joël Ouaknine,et al.  Model-Checking for Real-Time Systems , 1995, FCT.

[13]  Luca Spalazzi,et al.  Parameterized model checking of networks of timed automata with Boolean guards , 2020, Theor. Comput. Sci..

[14]  Heung Seok Chae,et al.  An adaptive load balancing management technique for RFID middleware systems , 2010 .

[15]  Daniel Kroening,et al.  A Survey of Automated Techniques for Formal Software Verification , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[16]  David Chenho Kung,et al.  On object state testing , 1994, Proceedings Eighteenth Annual International Computer Software and Applications Conference (COMPSAC 94).

[17]  Herbert B. Enderton,et al.  A mathematical introduction to logic , 1972 .

[18]  Cesare Tinelli,et al.  Satisfiability Modulo Theories , 2021, Handbook of Satisfiability.

[19]  Helmut Veith,et al.  Parameterized model checking of rendezvous systems , 2014, Distributed Computing.

[20]  Edmund M. Clarke,et al.  Model checking and abstraction , 1994, TOPL.

[21]  Jochen Hoenicke,et al.  Software Model Checking for People Who Love Automata , 2013, CAV.

[22]  Wang Yi,et al.  Uppaal in a nutshell , 1997, International Journal on Software Tools for Technology Transfer.

[23]  Weifeng Wang,et al.  Trace Abstraction Refinement for Timed Automata , 2014, ATVA.

[24]  Martin Leucker,et al.  Runtime Verification for LTL and TLTL , 2011, TSEM.

[25]  Bruno Dutertre,et al.  Yices 2.2 , 2014, CAV.

[26]  Corina S. Pasareanu,et al.  Concurrent Bounded Model Checking , 2015, SOEN.

[27]  Seppo J. Ovaska,et al.  Real-Time Systems Design and Analysis: Tools for the Practitioner , 2011 .

[28]  Dirk Beyer,et al.  Software model checking via large-block encoding , 2009, 2009 Formal Methods in Computer-Aided Design.

[29]  Alberto Griggio,et al.  The MathSAT5 SMT Solver , 2013, TACAS.

[30]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.

[31]  Daniel Kroening,et al.  JBMC: A Bounded Model Checking Tool for Verifying Java Bytecode , 2018, CAV.

[32]  Guy L. Steele,et al.  The Java Language Specification , 1996 .

[33]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[34]  Corina S. Pasareanu,et al.  Symbolic PathFinder: symbolic execution of Java bytecode , 2010, ASE.

[35]  Henny B. Sipma,et al.  What's Decidable About Arrays? , 2006, VMCAI.

[36]  Cindy Zheng,et al.  PA-RISC to IA-64: Transparent Execution, No Recompilation , 2000, Computer.

[37]  Kim G. Larsen,et al.  Model-based schedulability analysis of safety critical hard real-time Java programs , 2008, JTRES '08.

[38]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[39]  Luca Spalazzi,et al.  Modeling Time in Java Programs for Automatic Error Detection , 2018, 2018 IEEE/ACM 6th International FME Workshop on Formal Methods in Software Engineering (FormaliSE).

[40]  Patrice Godefroid,et al.  SAGE: Whitebox Fuzzing for Security Testing , 2012, ACM Queue.

[41]  Alberto Griggio,et al.  HyComp: An SMT-Based Model Checker for Hybrid Systems , 2015, TACAS.

[42]  Dirk Beyer,et al.  CPAchecker: A Tool for Configurable Software Verification , 2009, CAV.

[43]  Paula Herber,et al.  Model checking SystemC designs using timed automata , 2008, CODES+ISSS '08.

[44]  Andreas Podelski,et al.  Fairness Modulo Theory: A New Approach to LTL Software Model Checking , 2015, CAV.

[45]  William Landi,et al.  Undecidability of static analysis , 1992, LOPL.

[46]  Rajib Mall,et al.  Extracting finite state representation of Java programs , 2014, Software & Systems Modeling.

[47]  Edsger W. Dijkstra,et al.  Notes on structured programming , 1970 .

[48]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[49]  Ilkka Niemelä,et al.  SMT-Based Induction Methods for Timed Systems , 2012, FORMATS.

[50]  Clark W. Barrett,et al.  The SMT-LIB Standard Version 2.0 , 2010 .

[51]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[52]  James Gosling,et al.  The Real-Time Specification for Java , 2000, Computer.

[53]  Aditya V. Thakur,et al.  The Yogi Project : Software Property Checking via Static Analysis and Testing , 2009 .

[54]  Lone Leth Thomsen,et al.  From Safety Critical Java Programs to Timed Process Models , 2015, Programming Languages with Applications to Biology and Security.

[55]  Christoph Scholl,et al.  Fully Symbolic Model Checking for Timed Automata , 2011, MBMV.

[56]  Thomas A. Henzinger,et al.  The software model checker Blast , 2007, International Journal on Software Tools for Technology Transfer.

[57]  Alessandro Armando,et al.  Bounded model checking of software using SMT solvers instead of SAT solvers , 2006, International Journal on Software Tools for Technology Transfer.

[58]  Taku Shimosawa,et al.  Parallel SMT Solving and Concurrent Symbolic Execution , 2015, 2015 IEEE Trustcom/BigDataSE/ISPA.

[59]  Pravin Varaiya,et al.  What's decidable about hybrid automata? , 1995, STOC '95.

[60]  Luca Spalazzi,et al.  Towards Model Checking Security of Real Time Java Software , 2018, 2018 International Conference on High Performance Computing & Simulation (HPCS).

[61]  José Meseguer,et al.  Formal Analysis of Java Programs in JavaFAN , 2004, CAV.

[62]  Parosh Aziz Abdulla,et al.  Model checking of systems with many identical timed processes , 2003, Theor. Comput. Sci..

[63]  Patrice Godefroid Invited Talk: "Model checking" software with VeriSoft , 2004, PASTE '04.

[64]  Benedikt Huber,et al.  Worst‐case execution time analysis for a Java processor , 2010, Softw. Pract. Exp..

[65]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[66]  Geguang Pu,et al.  Towards the Semantics and Verification of BPEL4WS , 2006, WLFM@FM.

[67]  Jorge A. Navas,et al.  The SeaHorn Verification Framework , 2015, CAV.

[68]  Stavros Tripakis,et al.  Model Checking of Real-Time Reachability Properties Using Abstractions , 1998, TACAS.

[69]  Nikolai Tillmann,et al.  Pex-White Box Test Generation for .NET , 2008, TAP.

[70]  Alberto Griggio,et al.  Software Model Checking via IC3 , 2012, CAV.

[71]  Cacm Staff,et al.  BufferBloat , 2011, Communications of the ACM.

[72]  Grigore Rosu,et al.  K-Java , 2015, POPL.

[73]  Bent Thomsen,et al.  Symbolic execution and timed automata model checking for timing analysis of Java real-time systems , 2015, EURASIP J. Embed. Syst..

[74]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[75]  Kim G. Larsen,et al.  Automatic Abstraction Refinement for Timed Automata , 2007, FORMATS.

[76]  Temesghen Kahsai,et al.  JayHorn: A Framework for Verifying Java programs , 2016, CAV.

[77]  Gerhard Goos,et al.  Automated Technology for Verification and Analysis , 2004, Lecture Notes in Computer Science.