Model checking programs

Visser, Willem; Havelund, Klaus; Brat, Guillaume; Park, Seungjoon

doi:10.1109/ase.2000.873645

Cited by 596 publications

(750 citation statements)

References 54 publications

Supporting

Mentioning

743

Contrasting

Unclassified

Order By: Relevance

“…Model checking is a formal approach for systematically exploring all possible behaviors of a concurrent software system [9,17,25,3]. The state space explosion problem renders it intractable in verifying medium to large-sized programs.…”

Section: Related Workmentioning

confidence: 99%

“…Explicit state model checking enumerates all possible thread schedules and input data values of a program in order to check for errors [9,25]. Whereas symbolic execution techniques substitute certain data values with symbolic values while all other values are concrete [11,24,16].…”

Section: Introductionmentioning

confidence: 99%

“…Certain thread interleavings, data input values, or combinations of both often cause errors in the system. Systematic verification techniques such as explicit state model checking and symbolic execution are extensively used to detect errors in such systems [9,25,7,11,16].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Efficient Testing of Concurrent Programs with Abstraction-Guided Symbolic Execution

Rungta

Mercer

Visser

2009

Model Checking Software

View full text Add to dashboard Cite

Abstract. Exhaustive search techniques such as model checking and symbolic execution are insufficient to detect errors in concurrent programs. In this work we present an abstraction-guided symbolic execution technique that quickly detects errors in concurrent programs that arise from thread schedules and input data values. An abstract system is generated that contains a set of key program locations that are relevant in testing the feasibility of a possible error in the program. We guide a symbolic execution along locations in the abstract system in an effort to generate a corresponding feasible execution trace to the error location. A combination of heuristics are used to automatically rank thread and data non-determinism in order to guide the execution. We demonstrate empirically that abstraction-guided symbolic execution generates feasible execution paths in the actual system to find concurrency errors in a few seconds where exhaustive symbolic execution fails to find the same errors in an hour.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Testing of Concurrent Programs with Abstraction-Guided Symbolic Execution

Rungta

Mercer

Visser

2009

Model Checking Software

View full text Add to dashboard Cite

show abstract

“…To perform white box tests in the style of Pathfinder [11], SpecExplorer [8], or Korat [4], it is necessary to make the program paths explicit in the program representation and amenable to the rules of the operational semantics. Therefore, a pre-processing step is necessary that unfolds all WHILE -loops up to a certain limit, the unwind-factor k. This principle can also be applied in a language extension with procedure calls such as IMPP, also available in the Isabelle distribution.…”

Section: Unwinding Imp Programsmentioning

confidence: 99%

“…In Sec. 5, we will exploit the underlying generality of Isabelle for a different testing technique in the style of Pathfinder [11], SpecExplorer [8], and Korat [4]. The approach is based on a suitable semantic presentation of a programming language (a "logical embedding"), which can be used to both derive semantic constraints underlying a test as well as solving them in an integrated way.…”

Section: Introductionmentioning

confidence: 99%

Interactive Testing with HOL-TestGen

Brucker

Wolff

2006

Formal Approaches to Software Testing

View full text Add to dashboard Cite

HOL-TestGen is a test environment for specification-based unit testing build upon the proof assistant Isabelle/HOL. While there is considerable skepticism with regard to interactive theorem provers in testing communities, we argue that they are a natural choice for (automated) symbolic computations underlying systematic tests. This holds in particular for the development on non-trivial formal test plans of complex software, where some parts of the overall activity require inherently guidance by a test engineer. In this paper, we present the underlying methods for both black box and white box testing in interactive unit test scenarios. HOL-TestGen can also be understood as a unifying technical and conceptual framework for presenting and investigating the variety of unit test techniques in a logically consistent way.

show abstract