Java PathFinder - D3S

CHARLES UNIVERSITY IN PRAGUE

http://d3s.mff.cuni.cz

faculty of mathematics and physics

Java PathFinder

Pavel Parízek

Java PathFinder (JPF)

Pavel Parízek Java Pathfinder 2

Verification framework for Java programs

Explicit state space traversal (with POR)

Highly customizable and extensible (API)

Open source since April 2005

Maintainers: NASA Ames Research Center

Available on GitHub since 2018

WWW: https://github.com/javapathfinder/jpf-core

What JPF really is ...

Special JVM

Execution choices

Backtracking

State matching

State space exploration

assertions, deadlocks, races, ...

General usage pattern

Picture taken from JPF wiki (https://github.com/javapathfinder/jpf-core/wiki)

Architecture

Picture taken from JPF wiki (https://github.com/javapathfinder/jpf-core/wiki)

Program state space in JPF

States

Full snapshot of JVM

Dynamic heap

Thread stacks

Program counters

Static data (classes)

Locks and monitors

Transitions

Non-empty sequences of bytecode instructions

Terminates when JPF makes a new choice

Choices

Thread scheduling

Data (boolean, int)

On-the-fly state space construction

public Producer extends Thread {

void run() {

while (true) {

d.buf = i;

d.count++;

public Consumer extends Thread {

void run() {

while (true) {

k = d.buf;

print(k);

public static void main(...) {

Data d = new Data();

new Producer(d).start();

new Consumer(d).start();

P: buf = iP: i++

C: k = bufC: print(k)

void run() {

while (true) {

d.buf = i;

d.count++;

void run() {

while (true) {

k = d.buf;

print(k);

P: buf = iP: i++

P: count ++

void run() {

while (true) {

d.buf = i;

d.count++;

void run() {

while (true) {

k = d.buf;

print(k);

P: buf = iP: i++

P: count ++

P: buf = iP: i++

C: k = bufC: print(k)P: buf = i

P: i++

Properties

Built-in

Deadlock freedom

Race conditions

Uncaught exceptions

Assertions

Features

Partial order reduction

Class loading symmetry

Heap symmetry

Selected heuristics

Running JPF

Download JPF and unpack somewhere

http://d3s.mff.cuni.cz/teaching/program_analysis_verification/files/JPF.zip

Example: Dining Philosophers

Command: java -jar build\RunJPF.jar src\examples\DiningPhil.jpf

Output: application, error info, statistics

Error info

Full error trace (counterexample)

Snapshot of the error state

Message from the property checker

Command:java -jar build\RunJPF.jar

+report.console.property_violation

=trace,error,snapshot

src\examples\DiningPhil.jpf

Running JPF

Examples

BoundedBuffer

Crossing

oldclassic

JPF API

ListenersInspecting current program state

Custom properties

Search driver

AdvancedInstruction factory (bytecode interpreter)

Scheduler (sync policy, sharedness policy)

Listeners

Observer design pattern

Notified about specific events

JVM: bytecode instruction executed, new heap object allocated, start of a new thread

State space traversal: new state, backtrack, finish

Inspecting current program state

heap objects, local variables, thread call stacks, ...

Listeners

SearchListener

VMListener

ListenerAdapter

Examples (source code)JPF/src/main/gov/nasa/jpf/listener

Custom properties

Property

GenericProperty

PropertyListenerAdapter

Common practice: decide property status based on listener notifications (and program state)

Examples (source code)JPF/src/main/gov/nasa/jpf/vm

Registering listeners and properties

listener=<class name 1>,...,<class N>

search.listener=...

search.properties=...

Listeners: tracking bytecode instructions

ExecTracker

ObjectTracker

Listeners: inspecting program state

CallMonitor

ObjectTracker

Task 1

Write your own listenerAfter every field write instruction, print the field name and new valueBefore every method call (invoke), print values of all parameters supplied by the caller

Use existing classes as a basic templateListenerAdapter, VMListener, CallMonitor, ObjectTrackersrc/main/gov/nasa/jpf/listener/*src/main/gov/nasa/jpf/jvm/bytecode/*

Ask questions !!

Configuration properties

File jpf.properties

JPF wiki

Main page

https://github.com/javapathfinder/jpf-core/wiki

User guidehttps://github.com/javapathfinder/jpf-core/wiki/How-to-use-JPF

Internals (developer guide)https://github.com/javapathfinder/jpf-core/wiki/Developer-guide

JPF source code tree

src/main/gov/nasa/jpf

the “main” class (JPF), interfaces

vm: virtual machine, choices, built-in properties

jvm: Java bytecode specific, instructions, class file

search: search driver, heuristics

util: custom data structures, utility classes

report: reporting system (console, XML)

listener: various listeners

JPF and native methods

Support for all Java bytecode instructions

but some library methods are native

file I/O, GUI, networking, ...

Problem

JPF cannot determine how execution of a native method changes the program state

Solution: Model-Java Interface (MJI)

Model-Java Interface (MJI)

Executing native methods in the underlying JVMSimilar mechanism to Java-Native Interface (JNI)Custom versions of some Java library classes

Object, Thread, Class, java.util.concurrent.*, ...

Environment construction

Why: some programs do not contain “main”libraries, components, plug-ins

Problem: JPF accepts only complete programs

Solution: create artificial environment

Program with multiple threads and data choices

Also called “test driver”

Example

Program: java.util.HashMap

public class PutTh

extends Thread {

Map m;

public void run() {

m.put("1", "abc");

m.put("2", "def");

public class GetTh

extends Thread {

Map m;

public void run() {

m.get("1");

m.get("0");

Map m = new HashMap();

Thread th1 = new PutTh(m);

Thread th2 = new GetTh(m);

th1.start();

th2.start();

th1.join();

th2.join();

Environment construction – challenges

Coverage

Should trigger all (most) execution paths, thread interleavings, and error states

Approach

Different method call sequences

Many combinations of parameter values

Several concurrent threads

State explosion

Use the least possible number of concurrent threads (2)

Reasonable number of parameter values (domain size)

Using the Verify class

JPF-aware test drivers (environments)Checking program behavior for different inputs

Data choiceimport gov.nasa.jpf.vm.Verify

if (Verify.getBoolean())

int x = Verify.getInt(0,10)

Search pruningVerify.ignoreIf(cond)

Task 2

Write reasonable environment for

java.util.LinkedList

java.util.concurrent.Semaphore

Run JPF on the complete program

Enable search for data race conditions

Use: gov.nasa.jpf.listener.PreciseRaceDetector

Try different workloads (threads, input data)

Time for questions about JPF

ArchitectureImplementationHow something worksPublic APIOutput

Play with JPFlook into source code & try examples

Explore wikihttps://github.com/javapathfinder/jpf-core/wiki

Ask questions

Java PathFinder - D3S

Documents

Model Checking Java Programs (Java PathFinder)

Your Pathfinder Adventure. Welcome to Pathfinder! Who is Pathfinder? Pathfinder is a non-profit organization that builds personal, social and environmental

Carnegie Mellon University Java PathFinder and Model Checking of Programs Guillaume Brat, Dimitra Giannakopoulou, Klaus Havelund, Mike Lowry, Phil Oh,

Supplementary material D3S – A Discriminative Single Shot ...€¦ · Supplementary material D3S – A Discriminative Single Shot Segmentation Tracker Alan Lukeˇzi cˇ1, Jiˇr´ı

Java PathFinder and Model Checking of Programs

D3S Technical Guide En

JPF Tutorial – Part 2 Symbolic PathFinder – Symbolic Execution of Java Byte-code Corina Pãsãreanu Carnegie Mellon University/NASA Ames Research

Java PathFinder (JPF) cs498dm Software Testing January 19, 2012

PZO9445E - daggerfordcampaign.weebly.com · Pathfinder Flip-Mat, Pathfinder Map Pack, Pathfinder Module, Pathfinder Pawns, Pathfinder Player Companion, Pathfinder Roleplaying Game,

Model Checking Programs with Java PathFinder …Model Checking Programs with Java PathFinder ~ Part 2: Design 1 Willem Visser Peter Mehlitz

Java Pathfinder - PLGplg.uwaterloo.ca/~olhotak/seminars/PParizek-JPF.pdf• Google Summer of Code (GSoC) JPF-Inspector, LTL checking, symbolic string analysis, Java memory model, native

Xenons4U - Philips D3S Bulb

1 Java PathFindercent.xii.jp/tanabe.yoshinori/09/06/jpflect/jpfInstall.pdf1 Java PathFinder 1.1 基本情報バージョン： 1.0-7 インストーラ： javapathfinder-src-libs-1.0-7-oct-05.zip

D3S: Debugging Deployed Distributed Systems - USENIX

BZX84C33VLT116: Diodes · bzx84c7v5l d3q bzx84c33vl d5f bzx84c8v2l d3r bzx84c36vl d5g bzx84c9v1l d3s

The Trove [multi]/1st... · PATHFINDER RPG CORE RULEBOOK , PATHFINDER RPG BESTI ARY , PATHFINDER RPG BESTIARY 2 , PATHFINDER RPG BESTIARY 3 , PATHFINDER RPG ADVANCED PLAYER S GUID

Configuring Java Pathfinder for concurrent Java programs1105877/FULLTEXT01.pdfa Java program and its corresponding configuration file. The config-uration file tells JPF specifically

D3S: Debugging Deployed Distributed Systemschecked at runtime. An evaluation with 5 deployed sys-tems shows that D3S can detect non-trivial correctness and performance bugs at runtime

The D3S: on assignment · The D3S: on assignment Printed in Japan Code No. 6CE90085 (0910/A)K DSLR-D3S-30-10/09 From the bustling metropolis of Sydney to aboriginal villages in the

Java Pathfinder JPF Tutorial - //javapathfinder.sourceforge.net/ Test Input Generation With Java Pathfinder