This paper summarises our experience in using model checking technology to test concurrent programs. We use the tool Verisoft to understand various aspects of a firewall tool kit by instrumenting three components of the firewall tool kit with hooks to test their behaviour. Some of the key changes include changing socket communication to message passing queues and adding appropriate synchronisations so that the behaviour of the system can be tracked. We aim to minimize the number of changes to the original source code so that its original behaviour is not affected The main conclusion is that it is possible to inspect source code with a view towards verifying key behavioural properties without understanding the entire behaviour of the system.
[1]
Constance L. Heitmeyer,et al.
On the Need for Practical Formal Methods
,
1998,
FTRTFT.
[2]
Stephan Merz,et al.
Model Checking
,
2000
.
[3]
James C. Corbett,et al.
Bandera: extracting finite-state models from Java source code
,
2000,
ICSE.
[4]
Patrice Godefroid,et al.
Automatically closing open reactive programs
,
1998,
PLDI.
[5]
Marc Roper,et al.
The role of comprehension in software inspection
,
2000,
J. Syst. Softw..
[6]
Robert S. Hanmer,et al.
Model checking without a model: an analysis of the heart-beat monitor of a telephone switch using VeriSoft
,
1998,
ISSTA '98.