Challenges and Applications of Assembly-Level Software Model Checking

ion functions φ map states S = (S1, . . . , Sk) to patterns φ(S) = (φ(S1), . . . , φ(Sk)). Pattern databases [CS98] are hash tables for fully explored abstract state spaces, storing with each abstract state the shortest path distance in the abstract space to the abstract goal. They are constructed in a complete traversal of the inverse abstract search space graph. Each distance value stored in the hash table is a lower bound on the solution cost in original space and serves as a heuristic estimate. Different pattern databases can be combined either by adding or maximizing the individual entries for a state. Pattern databases work, if the abstraction function is a homomorphism, so that each path in the original state space has a corresponding one in the abstract state space. In difference to the search in original space, the entire abstract space has to be looked at. As pattern databases are themselves hash tables we apply incremental hashing, too. If we restrict the exploration in STRIPS planning to some certain subset of propositions R ⊆ AP , we generate a planning state space homomorphism φ and an abstract planning state space [Ede01] with states SA ⊆ R. Abstractions of operators o = (P,A, D) are defined as φ(o) = (P ∩ R, A ∩ R,D ∩ R). Multiple pattern databases are composed based on a partition AP = R1 ∪ . . . ∪ Rl and induce abstractions φ1, . . . , φl as well as lookup hash tables PDB1,. . . ,PDBl. Two pattern databases are additive, if the sum of the retrieved values is admissible. One sufficient criterion is the following. For every pair of non-trivial operators o1 and o2 in the abstract spaces according to φ1 and φ2, we have that preimage φ−1 1 (o1) differs from φ −1 2 (o2). For pattern database addressing we use a multivariate variable encoding, namely, SAS+ [Hel04]. 6.7 Hashing Dynamic State Vectors In the previous section, we devised an incremental hashing scheme for static state vectors. This is not directly applicable for program model checkers, as they operate on dynamic and structured states. Dynamic means, that the size of a vector may change. For example, a program can dynamically allocate new memory regions. Structured means, that the state is separated in several subvectors rather than a single big vector. In StEAM for example, the stacks, machines, variable sections and the lock/memory pools constitute subvectors which together form a global state vector. In the following, we extend the incremental hashing scheme from the last section to be applicable for dynamic and distributed states. For dynamic vectors, components may be inserted at arbitrary positions. We will regard dynamic vectors as the equivalent of strings over an alphabet Σ. In the following, for two vectors a and b, let a, b denote the concatenation of a and b. For 100 CHAPTER 6. HASHING example, for a = (0, 8) and b = (15), we define a, b = (0, 8, 15). We define four general lemmas for the hash function h as used in Rabin-Karp hashing (cf. Section 6.5.1). Lemmas 1 and 2 relate to the insertion-, lemmas 3 and 4 to the deletion of components. Afterwards, we apply the lemmas to different types of data structures, such as stacks and queues. We use |a| to denote the size of a vector a. Lemma 1. For all a, b, c ∈ Σ∗ we have h(a, b, c) = h(a, c)− h(c) · |Σ||a| + h(b) · |Σ||a| + h(c) · |Σ||a|+|b| mod q.

[1]  David L. Dill,et al.  An Incremental Heap Canonicalization Algorithm , 2005, SPIN.

[2]  Amir Pnueli,et al.  The temporal logic of programs , 1977, 18th Annual Symposium on Foundations of Computer Science (sfcs 1977).

[3]  Marco Pistore,et al.  NuSMV 2: An OpenSource Tool for Symbolic Model Checking , 2002, CAV.

[4]  Stefan Edelkamp,et al.  Byte code distance heuristics and trail direction for model checking java programs , 2003 .

[5]  Jonathan Schaeffer,et al.  Searching with Pattern Databases , 1996, Canadian Conference on AI.

[6]  Jan Friso Groote,et al.  Formal Verification of a Leader Election Protocol in Process Algebra , 1997, Theor. Comput. Sci..

[7]  Kim Guldstrand Larsen,et al.  Solving Planning Problems Using Real-Time Model Checking: Translating PDDL3 into Timed Automata , 2002 .

[8]  Claudio Demartini,et al.  dSPIN: A Dynamic Extension of SPIN , 1999, SPIN.

[9]  Shlomo Zilberstein,et al.  LAO*: A heuristic search algorithm that finds solutions with loops , 2001, Artif. Intell..

[10]  Gerard J. Holzmann,et al.  An Analysis of Bitstate Hashing , 1995, Formal Methods Syst. Des..

[11]  Patrik Haslum,et al.  Extending TALplanner with Concurrency and Resources , 2000, ECAI.

[12]  Rolf Niedermeier,et al.  Finding Optimal Solutions to Atomix , 2001, KI/ÖGAI.

[13]  Michael D. Jones,et al.  Model Checking Machine Code with the GNU Debugger , 2005, SPIN.

[14]  Stefan Edelkamp,et al.  Dynamic Incremental Hashing in Program Model Checking , 2006, MoChArt@CONCUR/SPIN.

[15]  Peter Norvig,et al.  Artificial Intelligence: A Modern Approach , 1995 .

[16]  Richard E. Korf,et al.  Best-First Frontier Search with Delayed Duplicate Detection , 2004, AAAI.

[17]  Michal Pechoucek,et al.  ExPlanTech: Applying multi-agent systems in production planning , 2002 .

[18]  M. AdelsonVelskii,et al.  AN ALGORITHM FOR THE ORGANIZATION OF INFORMATION , 1963 .

[19]  Stefan Edelkamp,et al.  Directed explicit-state model checking in the validation of communication protocols , 2004, International Journal on Software Tools for Technology Transfer.

[20]  Nico Roos,et al.  28th German Conference on Artificial Intelligence (KI) , 2005 .

[21]  Markus Holzer,et al.  Assembling molecules in ATOMIX is hard , 2004, Theor. Comput. Sci..

[22]  Stefan Edelkamp,et al.  Directed Error Detection in C++ with the Assembly-Level Model Checker StEAM , 2004, SPIN.

[23]  Thomas A. Henzinger,et al.  Software Verification with BLAST , 2003, SPIN.

[24]  Alexander Reinefeld,et al.  Enhanced Iterative-Deepening Search , 1994, IEEE Trans. Pattern Anal. Mach. Intell..

[25]  Sami Evangelista,et al.  Memory Efficient State Space Storage in Explicit Software Model Checking , 2005, SPIN.

[26]  Richard E. Korf,et al.  Pruning Duplicate Nodes in Depth-First Search , 1993, AAAI.

[27]  Gerard J. Holzmann,et al.  The Model Checker SPIN , 1997, IEEE Trans. Software Eng..

[28]  Stephan Merz,et al.  Model Checking , 2000 .

[29]  W. Visser,et al.  Second Generation of a Java Model Checker , 2000 .

[30]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[31]  Stefan Edelkamp,et al.  Knowledge Acquisition and Knowledge Engineering in the ModPlan Workbench , 2005 .

[32]  Radu Iosif Exploiting heap symmetries in explicit-state model checking of software , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[33]  Alex Groce,et al.  Model checking Java programs using structural heuristics , 2002, ISSTA '02.

[34]  Richard E. Korf,et al.  Depth-First Iterative-Deepening: An Optimal Admissible Tree Search , 1985, Artif. Intell..

[35]  Fausto Giunchiglia,et al.  NUSMV: A New Symbolic Model Verifier , 1999, CAV.

[36]  Alessandro Cimatti,et al.  Symbolic Model Checking for Multi-Agent Systems , 2007 .

[37]  Klaus Havelund,et al.  Model Checking Programs , 2004, Automated Software Engineering.

[38]  Martin Peschke,et al.  Design and Validation of Computer Protocols , 2003 .

[39]  Larry S. Davis,et al.  Pattern Databases , 1979, Data Base Design Techniques II.

[40]  David L. Dill,et al.  Combining State Space Caching and Hash Compaction , 1996 .

[41]  Edmund M. Clarke,et al.  Symbolic Model Checking: 10^20 States and Beyond , 1990, Inf. Comput..

[42]  Stefan Edelkamp,et al.  Incremental Hashing in State Space Search , 2004 .

[43]  Oded Maler,et al.  Preemptive Job-Shop Scheduling Using Stopwatch Automata , 2002, TACAS.

[44]  Kenneth L. McMillan,et al.  The SMV System , 1993 .

[45]  Stefan Edelkamp,et al.  Planning in Concurrent Multiagent Systems with the Assembly Model Checker StEAM , 2022 .

[46]  Fahiem Bacchus,et al.  Using temporal logics to express search control knowledge for planning , 2000, Artif. Intell..

[47]  Stefan Edelkamp,et al.  Abstraction in directed model checking , 2004 .

[48]  Philippe Schnoebelen,et al.  On Model Checking Durational Kripke Structures , 2002, FoSSaCS.

[49]  Jonathan D. Cohen,et al.  Recursive hashing functions for n-grams , 1997, TOIS.

[50]  Alex Groce,et al.  What Went Wrong: Explaining Counterexamples , 2003, SPIN.

[51]  Michael Brenner,et al.  Multiagent Planning with Partially Ordered Temporal Plans , 2003, IJCAI.

[52]  Alberto Lluch-Lafuente Symmetry reduction and heuristic search for error detection in model checking , 2003 .

[53]  Gerard J. Holzmann,et al.  Designing bug-free protocols with SPIN , 1997, Comput. Commun..

[54]  Stefan Edelkamp,et al.  Promela Planning , 2003, SPIN.

[55]  Richard M. Karp,et al.  Efficient Randomized Pattern-Matching Algorithms , 1987, IBM J. Res. Dev..

[56]  Stefan Edelkamp,et al.  I/O Efficient Directed Model Checking , 2005, VMCAI.

[57]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[58]  Radu Iosif,et al.  Modeling and Validation of Java Multithreading Applications using SPIN , 1998 .

[59]  Gerard J. Holzmann,et al.  An analysis of bistate hashing , 1995, Protocol Specification, Testing and Verification.

[60]  Jakob Rehof,et al.  Zing: A Model Checker for Concurrent Software , 2004, CAV.

[61]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.

[62]  Piergiorgio Bertoli,et al.  Interleaving Execution and Planning via Symbolic Model Checking , 2007 .

[63]  Patrik Haslum,et al.  New Admissible Heuristics for Domain-Independent Planning , 2005, AAAI.

[64]  Gerard J. Holzmann,et al.  The SPIN Model Checker - primer and reference manual , 2003 .

[65]  Malte Helmert,et al.  A Planning Heuristic Based on Causal Graph Analysis , 2004, ICAPS.

[66]  Willem Visser,et al.  Addressing dynamic issues of program model checking , 2001, SPIN '01.

[67]  Albert L. Zobrist,et al.  A New Hashing Method with Application for Game Playing , 1990 .

[68]  Richard E. Korf,et al.  Divide-and-Conquer Frontier Search Applied to Optimal Sequence Alignment , 2000, AAAI/IAAI.

[69]  Richard E. Korf,et al.  Large-Scale Parallel Breadth-First Search , 2005, AAAI.

[70]  Cees Witteveen,et al.  Cooperative heuristic multi-agent planning , 2001 .

[71]  Jesse Hoey,et al.  SPUDD: Stochastic Planning using Decision Diagrams , 1999, UAI.

[72]  Fred Kröger,et al.  Temporal Logic of Programs , 1987, EATCS Monographs on Theoretical Computer Science.

[73]  Dawson R. Engler,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Cmc: a Pragmatic Approach to Model Checking Real Code , 2022 .

[74]  Jonathan Schaeffer,et al.  Efficiently Searching the 15-Puzzle , 1994 .

[75]  Yichen Xie,et al.  Zing: Exploiting Program Structure for Model Checking Concurrent Software , 2004, CONCUR.

[76]  Rajeev Alur,et al.  Model checking of hierarchical state machines , 1998, TOPL.

[77]  Stefan Edelkamp,et al.  External A* , 2004, KI.

[78]  J. Michael Spivey,et al.  The Z notation - a reference manual , 1992, Prentice Hall International Series in Computer Science.

[79]  Albert Nymeyer,et al.  Guided Invariant Model Checking Based on Abstraction and Symbolic Pattern Databases , 2004, TACAS.

[80]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.