Model Checking Database Applications

Gligoric, Milos; Majumdar, Rupak

doi:10.1007/978-3-642-36742-7_40

Milos Gligoric¹⁸ &
Rupak Majumdar¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 7795))

Included in the following conference series:

International Conference on Tools and Algorithms for the Construction and Analysis of Systems

2521 Accesses

Abstract

We describe the design of DPF, an explicit-state model checker for database-backed web applications. DPF interposes between the program and the database layer, and precisely tracks the effects of queries made to the database. We experimentally explore several implementation choices for the model checker: stateful vs. stateless search, state storage and backtracking strategies, and dynamic partial-order reduction. In particular, we define independence relations at different granularity levels of the database (at the database, relation, record, attribute, or cell level), and show the effectiveness of dynamic partial-order reduction based on these relations.

We apply DPF to look for atomicity violations in web applications. Web applications maintain shared state in databases, and typically there are relatively few database accesses for each request. This implies concurrent interactions are limited to relatively few and well-defined points, enabling our model checker to scale. We explore the performance implications of various design choices and demonstrate the effectiveness of DPF on a set of Java benchmarks. Our model checker was able to find new concurrency bugs in two open-source web applications, including in a standard example distributed with the Spring framework.

Download to read the full chapter text

Chapter PDF

Checking Robustness Between Weak Transactional Consistency Models

Starling: Lightweight Concurrency Verification with Views

Database Management System Verification with Separation Logics

Article 28 December 2021

Keywords

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

References

Artzi, S., Kiezun, A., Dolby, J., Tip, F., Dig, D., Paradkar, A., Ernst, M.D.: Finding bugs in web applications using dynamic test generation and explicit-state model checking. IEEE Trans. Softw. Eng. 36(4), 474–494 (2010)
Article Google Scholar
Baier, C., Katoen, J.-P.: Principles of Model Checking. The MIT Press (2008)
Google Scholar
Bernstein, P.A., Hadzilacos, V., Goodman, N.: Concurrency Control and Recovery in Database Systems. Addison-Wesley (1987)
Google Scholar
DPF home page, http://mir.cs.illinois.edu/~gliga/projects/dpf/
Emmi, M., Majumdar, R., Sen, K.: Dynamic test input generation for database applications. In: ISSTA, pp. 151–162 (2007)
Google Scholar
Felmetsger, V., Cavedon, L., Kruegel, C., Vigna, G.: Toward automated detection of logic vulnerabilities in web applications. In: USENIX Security Symposium, pp. 143–160 (2010)
Google Scholar
Flanagan, C., Freund, S.: Atomizer: A dynamic atomicity checker for multithreaded programs. Sci. Comput. Program. 71(2), 89–109 (2008)
Article MathSciNet MATH Google Scholar
Flanagan, C., Godefroid, P.: Dynamic partial-order reduction for model checking software. In: POPL, pp. 110–121 (2005)
Google Scholar
Fonseca, P., Li, C., Rodrigues, R.: Finding complex concurrency bugs in large multi-threaded applications. In: EuroSys, pp. 215–228 (2011)
Google Scholar
Giannakopoulou, D., Păsăreanu, C.S.: Interface Generation and Compositional Verification in JavaPathfinder. In: Chechik, M., Wirsing, M. (eds.) FASE 2009. LNCS, vol. 5503, pp. 94–108. Springer, Heidelberg (2009)
Chapter Google Scholar
Godefroid, P.: Partial-Order Methods for the Verification of Concurrent Systems. LNCS, vol. 1032. Springer, Heidelberg (1996)
Book Google Scholar
Godefroid, P.: Model checking for programming languages using VeriSoft. In: POPL, pp. 174–186 (1997)
Google Scholar
Grechanik, M., Csallner, C., Fu, C., Xie, Q.: Is data privacy always good for software testing? In: ISSRE, pp. 368–377 (2010)
Google Scholar
Holzmann, G.J.: The model checker SPIN. IEEE Trans. Softw. Eng. 23(5), 279–295 (1997)
Article MathSciNet Google Scholar
Iosif, R.: Exploiting heap symmetries in explicit-state model checking of software. In: ASE, pp. 254–261 (2001)
Google Scholar
JPF home page, http://babelfish.arc.nasa.gov/trac/jpf/
Khalek, S.A., Khurshid, S.: Systematic testing of database engines using a relational constraint solver. In: ICST, pp. 50–59 (2011)
Google Scholar
Martin, M., Lam, M.S.: Automatic generation of XSS and SQL injection attacks with goal-directed model checking. In: USENIX Security Symposium, pp. 31–43 (2008)
Google Scholar
Mentis, A., Katsaros, P.: Model checking and code generation for transaction processing software. Concurr. Comput.: Pract. Exper. 24(7), 711–722 (2012)
Article Google Scholar
Musuvathi, M., Dill, D.L.: An Incremental Heap Canonicalization Algorithm. In: Godefroid, P. (ed.) SPIN 2005. LNCS, vol. 3639, pp. 28–42. Springer, Heidelberg (2005)
Chapter Google Scholar
Musuvathi, M., Qadeer, S.: Iterative context bounding for systematic testing of multithreaded programs. In: PLDI, pp. 446–455 (2007)
Google Scholar
Paleari, R., Marrone, D., Bruschi, D., Monga, M.: On Race Vulnerabilities in Web Applications. In: Zamboni, D. (ed.) DIMVA 2008. LNCS, vol. 5137, pp. 126–142. Springer, Heidelberg (2008)
Chapter Google Scholar
Pan, K., Wu, X., Xie, T.: Database state generation via dynamic symbolic execution for coverage criteria. In: DBTest, pp. 1–6 (2011)
Google Scholar
Pan, K., Wu, X., Xie, T.: Generating program inputs for database application testing. In: ASE, pp. 73–82 (2011)
Google Scholar
Petrov, B., Vechev, M., Sridharan, M., Dolby, J.: Race detection for web applications. In: PLDI, pp. 251–262 (2012)
Google Scholar
Savage, S., Burrows, M., Nelson, G., Sobalvarro, P., Anderson, T.: Eraser: A dynamic data race detector for multithreaded programs. ACM Trans. Comput. Syst. 15(4), 391–411 (1997)
Article Google Scholar
Spring Framework home page, http://springsource.org/
Visser, W., Havelund, K., Brat, G., Park, S.: Model checking programs. Automated Software Engineering 10(2), 203–232 (2003)
Article Google Scholar
Wassermann, G., Yu, D., Chander, A., Dhurjati, D., Inamura, H., Su, Z.: Dynamic test input generation for web applications. In: ISSTA, pp. 249–260 (2008)
Google Scholar
Yang, Y., Chen, X., Gopalakrishnan, G., Kirby, R.M.: Efficient Stateful Dynamic Partial Order Reduction. In: Havelund, K., Majumdar, R. (eds.) SPIN 2008. LNCS, vol. 5156, pp. 288–305. Springer, Heidelberg (2008)
Chapter Google Scholar
Zheng, Y., Zhang, X.: Static detection of resource contention problems in server-side scripts. In: ICSE, pp. 584–594 (2012)
Google Scholar

Download references

Author information

Authors and Affiliations

University of Illinois at Urbana-Champaign, USA
Milos Gligoric
Max Planck Institute for Software Systems, Germany
Rupak Majumdar

Authors

Milos Gligoric
View author publications
You can also search for this author in PubMed Google Scholar
Rupak Majumdar
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Computer Science, University of Leicester, University Road, LE1 7RH, Leicester, UK
Nir Piterman
Department of Computer Science, State University of New York at Stony Brook, 11794-4400, Stony Brook, NY, USA
Scott A. Smolka

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Gligoric, M., Majumdar, R. (2013). Model Checking Database Applications. In: Piterman, N., Smolka, S.A. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2013. Lecture Notes in Computer Science, vol 7795. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-36742-7_40

Download citation

DOI: https://doi.org/10.1007/978-3-642-36742-7_40
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-36741-0
Online ISBN: 978-3-642-36742-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics