Life, Death, and the Critical Transition: Finding Liveness Bugs in Systems Code (Awarded Best Paper)

Modern software model checkers find safetyviolations: breaches where the system enters some bad state. However, we argue tha t checkinglivenessproperties offers both a richer and more natural way to search for errors, particularly in complex concur rent and distributed systems. Liveness properties specify desi rable system behaviors which must be satisfied eventually, but are not alwayssatisfied, perhaps as a result of failure or during system

[1]  Amin Vahdat,et al.  Bullet: high bandwidth data dissemination using an overlay mesh , 2003, SOSP '03.

[2]  Alex Groce,et al.  What Went Wrong: Explaining Counterexamples , 2003, SPIN.

[3]  Joseph Sifakis,et al.  Specification and verification of concurrent systems in CESAR , 1982, Symposium on Programming.

[4]  Ion Stoica,et al.  Friday: Global Comprehension for Distributed Replay , 2007, NSDI.

[5]  Amin Vahdat,et al.  Mace: language support for building distributed systems , 2007, PLDI '07.

[6]  Peter Druschel,et al.  Pastry: Scalable, distributed object location and routing for large-scale peer-to- , 2001 .

[7]  Junfeng Yang,et al.  Using model checking to find serious file system errors , 2004, TOCS.

[8]  David R. Karger,et al.  Chord: a scalable peer-to-peer lookup protocol for internet applications , 2003, TNET.

[9]  Amin Vahdat,et al.  Using Random Subsets to Build Scalable Network Services , 2003, USENIX Symposium on Internet Technologies and Systems.

[10]  Alexander Aiken,et al.  Scalable error detection using boolean satisfiability , 2005, POPL '05.

[11]  Mayur Naik,et al.  From symptom to cause: localizing errors in counterexample traces , 2003, POPL '03.

[12]  Edmund M. Clarke,et al.  Design and Synthesis of Synchronization Skeletons Using Branching-Time Temporal Logic , 1981, Logic of Programs.

[13]  Sriram K. Rajamani,et al.  The SLAM project: debugging system software via static analysis , 2002, POPL '02.

[14]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[15]  David R. Karger,et al.  Chord: A scalable peer-to-peer lookup service for internet applications , 2001, SIGCOMM '01.

[16]  Thomas A. Henzinger,et al.  MOCHA: Modularity in Model Checking , 1998, CAV.

[17]  Andreas Podelski,et al.  Termination proofs for systems code , 2006, PLDI '06.

[18]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[19]  E. Kindler Safety and Liveness Properties: A Survey , 2007 .

[20]  Kenneth L. McMillan,et al.  A methodology for hardware verification using compositional model checking , 2000, Sci. Comput. Program..

[21]  David A. Wagner,et al.  MOPS: an infrastructure for examining security properties of software , 2002, CCS '02.

[22]  Alan J. Hu,et al.  Protocol verification as a hardware design aid , 1992, Proceedings 1992 IEEE International Conference on Computer Design: VLSI in Computers & Processors.

[23]  Patrice Godefroid,et al.  Model checking for programming languages using VeriSoft , 1997, POPL '97.

[24]  Ganesh Gopalakrishnan,et al.  Random Walk Based Heuristic Algorithms for Distributed Memory Model Checking , 2003, PDMC@CAV.

[25]  Gerard J. Holzmann,et al.  Logic Verification of ANSI-C Code with SPIN , 2000, SPIN.

[26]  Andreas Podelski,et al.  Termination Proofs for Systems Code Draft: please do not distribute , 2005 .

[27]  Gerard J. Holzmann,et al.  The SPIN Model Checker , 2003 .

[28]  Wei Lin,et al.  WiDS Checker: Combating Bugs in Distributed Systems , 2007, NSDI.

[29]  Dawson R. Engler,et al.  Model Checking Large Network Protocol Implementations , 2004, NSDI.

[30]  Dawson R. Engler,et al.  Proceedings of the 5th Symposium on Operating Systems Design and Implementation Cmc: a Pragmatic Approach to Model Checking Real Code , 2022 .

[31]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[32]  James C. Corbett,et al.  Bandera: extracting finite-state models from Java source code , 2000, ICSE.