What is your experience with software model checking? [closed]
Asked Answered
E

5

7
  • What types of applications have you used model checking for?
  • What model checking tool did you use?
  • How would you summarize your experience w/ the technique, specifically in evaluating its effectiveness in delivering higher quality software?

In the course of my studies, I had a chance to use Spin, and it aroused my curiosity as to how much actual model checking is going on and how much value are organizations getting out of it. In my work experience, I've worked on business applications, where there is (naturally) no consideration of applying formal verification to the logic. I'd really like to learn about SO folks model checking experience and thoughts on the subject. Will model checking ever become a more widely used developing practice that we should have in our toolkit?

Erato answered 24/8, 2008 at 16:8 Comment(0)
S
3

I just finished a class on model checking and the big tools we used were Spin and SMV. We ended up using them to check properties on common synchronization problems, and I found SMV just a little bit easier to use.

Although these tools were fun to use, I think they really shine when you combine them with something that dynamically enforces constraints on your program (so that it's a bit easier to verify 'useful' things about your program). We ended up taking the Spring WebFlow framework, which uses XML to write a state-machine like file that specifies which web pages can transition to which other ones, and using SMV to be able to perform verification on said applications (shameless plug here).

To answer your last question, I think model checking is definitely useful to have, but I lean more towards using unit testing as a technique that makes me feel comfortable about delivering my final product.

Speedometer answered 24/8, 2008 at 18:17 Comment(0)
V
2

We have used several model checkers in teaching, systems design, and systems development. Our toolbox includes SPIN, UPPAL, Java Pathfinder, PVS, and Bogor. Each has its strengths and weaknesses. All find problems with models that are simply impossible for human beings to discover. Their usability varies, though most are pushbutton automated.

When to use a model checker? I'd say any time you are describing a model that must have (or not have) particular properties and it is any larger than a handful of concepts. Anyone who thinks that they can describe and understand anything larger or more complex is fooling themselves.

Vistula answered 24/10, 2009 at 10:38 Comment(0)
M
2

What types of applications have you used model checking for?

We used the Java Path Finder model checker to verify some security (deadlock, race condition) and temporal properties (using Linear temporal logic to specify them). It supports classical assertions (like NotNull) on Java (bytecode) - it is for program model checking.

What model checking tool did you use?

We used Java Path Finder (for academic purposes). It's open source software developed by NASA initially.

How would you summarize your experience w/ the technique, specifically in evaluating its effectiveness in delivering higher quality software?

Program model checking has a major problem with state space explosion (memory & disk usage). But there are a wide variety of techniques to reduce the problems, to handle large artifacts, such as partial order reduction, abstraction, symmetry reduction, etc.

Morse answered 5/5, 2011 at 1:52 Comment(0)
O
0

I used SPIN to find a concurrency issue in PLC software. It found an unsuspected race condition that would have been very tough to find by inspection or testing.

By the way, is there a "SPIN for Dummies" book? I had to learn it out of "The SPIN Model Checker" book and various on-line tutorials.

Ollie answered 25/11, 2008 at 22:46 Comment(1)
I would suggest Principles of the SPIN Model Checker as the closest to a "SPIN for Dummies" book.Sligo
H
0

I've done some research on that subject during my time at the university, expanding the State Exploring Assembly Model Checker.

We used a virtual machine to walk each and every possible path/state of the program, using A* and some heuristic, depending on the kind of error (deadlock, I/O errors, ...)

It was inspired by Java Pathfinder and it worked with C++ code. (Everything GCC could compile)

But in our experiences this kind of technology will not be used in business applications soon, because of GUI related problems, the work necessary for creating an initial test environment and the enormous hardware requirements. (You need lots of RAM and disc space, because of the gigantic state space)

Houseless answered 26/1, 2009 at 12:51 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.