Abstract. This paper describes a translator called Java PathFinder (Jpf), from Java to Promela, the modeling language of the Spin model checker. Jpf translates a given Java program into a Promela model, which then can be model checked using Spin. The Java program may contain assertions, which are translated to similar assertions in the Promela model. The Spin model checker will then look for deadlocks and violations of any stated assertions. Jpf generates a Promela model with the same state space characteristics as the Java program. Hence, the Java program must have a finite and tractable state space. This work should be seen in a broader attempt to make formal methods applicable within NASA's areas such as space, aviation, and robotics. The work is a continuation of an effort to formally analyze, using Spin, a multi--threaded operating system for the Deep-Space 1 space craft, and of previous work in applying existing model checkers and theorem provers to real applications.
|
1442
|
Model Checking
– Grumberg, Peled
|
|
1416
|
The Java Language Specification
– Gosling, Joy, et al.
- 1996
|
|
927
|
The model checker SPIN
– Holzmann
- 1997
|
|
809
|
The temporal logic of programs
– Pnueli
- 1977
|
|
719
|
The Java Programming Language
– Arnold, Gosling
- 1996
|
|
714
|
Design and Validation of Computer Protocols
– Holzmann
- 1991
|
|
407
|
Construction of abstract state graphs with PVS
– Graf, Saïdi
- 1997
|
|
403
|
Bandera: extracting finitestate models from java source code
– Corbett, Dwyer, et al.
- 2000
|
|
390
|
PVS: A prototype verification system
– Owre, Shankar, et al.
- 1992
|
|
332
|
Uppaal in a Nutshell
– Larsen, Pettersson, et al.
- 1997
|
|
289
|
Eraser: A dynamic data race detector for multi-threaded programs
– Savage, Burrows, et al.
- 1997
|
|
250
|
Extended static checking
– Detlefs, Leino, et al.
- 1998
|
|
246
|
Model checking programs
– Visser, Havelund, et al.
- 2003
|
|
229
|
Model checking java programs using java pathfinder
– Havelund, Presburger
- 1998
|
|
215
|
Model checking for programming languages using VeriSoft
– Godefroid
- 1997
|
|
183
|
Abstract Interpretation Frameworks
– Cousot, Cousot
- 1992
|
|
138
|
Validity Checking for Combinations of Theories with Equality, M. Srivas and A. Camilleri (eds), Formal Methods
– Barrett, Dill, et al.
- 1996
|
|
91
|
Monitoring Java Programs with Java PathExplorer
– Havelund, Ro
- 2001
|
|
91
|
An improvement in formal verification
– Holzmann, Peled
- 1994
|
|
85
|
Boolean and Cartesian abstractions for model checking C programs. In TACAS 01: Tools and Algorithms for Construction and Analysis of Systems, LNCS 2031
– Ball, Podelski, et al.
- 2001
|
|
77
|
Experiments in theorem proving and model checking for protocol verification
– Havelund, Shankar
- 1996
|
|
72
|
Efficient monitoring of safety properties
– Havelund, Rosu
|
|
70
|
The Temporal Rover and the ATG Rover
– Drusinsky
- 2000
|
|
66
|
Slicing software for model construction
– Dwyer, Hatcliff
- 1999
|
|
63
|
Formal Analysis of a Space Craft Controller using SPIN
– Havelund, Lowry, et al.
- 2001
|
|
60
|
A deadlock detection tool for concurrent Java programs. Software: Practice and Experience
– Demartini, Iosif, et al.
- 1999
|
|
52
|
Runtime assurance based on formal specifications
– Lee, Kannan, et al.
- 1999
|
|
49
|
Tool-supported program abstraction for finite-state verification
– Dwyer, Hatcliff, et al.
|
|
47
|
Formal modelling and analysis of an audio/video protocol: An industrial study using uppaal
– Havelund, Skou, et al.
- 1997
|
|
43
|
Using runtime analysis to guide model checking of Java programs
– Havelund
- 2000
|
|
43
|
Finding feasible counter-examples when model checking abstracted Java programs
– Pasareanu, Dwyer, et al.
- 2001
|
|
41
|
Monitoring Programs using Rewriting
– Havelund, Ro¸su
- 2001
|
|
40
|
A formal study of slicing for multi-threaded programs with jvm concurrency primitives
– Hatcliff, Corbett, et al.
- 1999
|
|
38
|
Automata-based verification of temporal properties on running programs
– Giannakopoulou, Havelund
- 2001
|
|
36
|
Model checking java programs using structural heuristics
– Groce, Visser
- 2002
|
|
36
|
Runtime checking of multithreaded applications with visual threads
– Harrow
- 2000
|
|
33
|
dSPIN: A Dynamic Extension of SPIN
– Demartini, Iosif, et al.
- 1999
|
|
30
|
A practical method for verifying event-driven software
– Holzmann, Smith
- 1999
|
|
28
|
Constructing compact models of concurrent java programs
– Corbett
- 1998
|
|
28
|
High-level data races
– Artho, Havelund, et al.
- 2003
|
|
26
|
Filter-based model checking of partial systems
– Dwyer, Pasareanu
- 1998
|
|
25
|
Formal Analysis of the Remote Agent Before and After Flight
– Havelund, Lowry, et al.
- 2000
|
|
24
|
InVeSt: A Tool for the Verification of Invariants
– Bensalem, Lakhnech, et al.
- 1998
|
|
24
|
Addressing dynamic issues of program model checking
– Lerda, Visser
- 2001
|
|
22
|
Plan execution for autonomous spacecrafts
– Pell, Gat, et al.
- 1997
|
|
21
|
W.“Experiments with Test Case Generation and Runtime Analysis
– Artho, Drusinsky, et al.
- 2003
|
|
21
|
Towards monitoring-oriented programming: A paradigm combining specification and implementation
– Chen, Rosu
- 2003
|
|
18
|
Using predicate abstraction to reduce object-oriented programs for model checking
– Visser, Park, et al.
- 2000
|
|
17
|
Verification of time partitioning in the DEOS scheduler kernel
– Penix, Visser, et al.
- 2000
|
|
17
|
Modeling and Validation of Java Multithreading Applications using SPIN
– Demartini, Iosif, et al.
- 1998
|
