Ultimate Taipan with Symbolic Interpretation and Fluid Abstractions

Abstract Ultimate Taipan is a software model checker that combines trace abstraction with abstract interpretation on path programs. In this year’s version, we replaced our abstract interpretation engine and now use a combination of multiple abstraction functions, fixpoint computation, algebraic program analysis, and SMT solving. Our new approach will allow us to integrate new techniques more easily.

Download Full-text

Bin2vec: learning representations of binary executable programs for security tasks

Cybersecurity ◽

10.1186/s42400-021-00088-4 ◽

2021 ◽

Vol 4 (1) ◽

Author(s):

Shushan Arakelyan ◽

Sima Arasteh ◽

Christophe Hauser ◽

Erik Kline ◽

Aram Galstyan

Keyword(s):

Program Analysis ◽

State Of The Art ◽

Classification Error ◽

New Approach ◽

Convolutional Networks ◽

Computational Program ◽

Functional Algorithm ◽

Binary Program ◽

Vulnerability Discovery ◽

Executable Programs

AbstractTackling binary program analysis problems has traditionally implied manually defining rules and heuristics, a tedious and time consuming task for human analysts. In order to improve automation and scalability, we propose an alternative direction based on distributed representations of binary programs with applicability to a number of downstream tasks. We introduce Bin2vec, a new approach leveraging Graph Convolutional Networks (GCN) along with computational program graphs in order to learn a high dimensional representation of binary executable programs. We demonstrate the versatility of this approach by using our representations to solve two semantically different binary analysis tasks – functional algorithm classification and vulnerability discovery. We compare the proposed approach to our own strong baseline as well as published results, and demonstrate improvement over state-of-the-art methods for both tasks. We evaluated Bin2vec on 49191 binaries for the functional algorithm classification task, and on 30 different CWE-IDs including at least 100 CVE entries each for the vulnerability discovery task. We set a new state-of-the-art result by reducing the classification error by 40% compared to the source-code based inst2vec approach, while working on binary code. For almost every vulnerability class in our dataset, our prediction accuracy is over 80% (and over 90% in multiple classes).

Download Full-text

Bounded Verification of Multi-threaded Programs via Lazy Sequentialization

ACM Transactions on Programming Languages and Systems ◽

10.1145/3478536 ◽

2022 ◽

Vol 44 (1) ◽

pp. 1-50

Author(s):

Omar Inverso ◽

Ermenegildo Tomasco ◽

Bernd Fischer ◽

Salvatore La Torre ◽

Gennaro Parlato

Keyword(s):

Program Analysis ◽

High Performance ◽

Software Verification ◽

Bounded Model Checking ◽

New Approach ◽

C Programming Language ◽

C Programming ◽

Verification Problem ◽

Practical Program ◽

Verification Techniques

Bounded verification techniques such as bounded model checking (BMC) have successfully been used for many practical program analysis problems, but concurrency still poses a challenge. Here, we describe a new approach to BMC of sequentially consistent imperative programs that use POSIX threads. We first translate the multi-threaded program into a nondeterministic sequential program that preserves reachability for all round-robin schedules with a given bound on the number of rounds. We then reuse existing high-performance BMC tools as backends for the sequential verification problem. Our translation is carefully designed to introduce very small memory overheads and very few sources of nondeterminism, so it produces tight SAT/SMT formulae, and is thus very effective in practice: Our Lazy-CSeq tool implementing this translation for the C programming language won several gold and silver medals in the concurrency category of the Software Verification Competitions (SV-COMP) 2014–2021 and was able to find errors in programs where all other techniques (including testing) failed. In this article, we give a detailed description of our translation and prove its correctness, sketch its implementation using the CSeq framework, and report on a detailed evaluation and comparison of our approach.

Download Full-text

Yasm: A Software Model-Checker for Verification and Refutation

Computer Aided Verification - Lecture Notes in Computer Science ◽

10.1007/11817963_18 ◽

2006 ◽

pp. 170-174 ◽

Cited By ~ 26

Author(s):

Arie Gurfinkel ◽

Ou Wei ◽

Marsha Chechik

Keyword(s):

Model Checker ◽

Software Model

Download Full-text

Fairness Modulo Theory: A New Approach to LTL Software Model Checking

Computer Aided Verification - Lecture Notes in Computer Science ◽

10.1007/978-3-319-21690-4_4 ◽

2015 ◽

pp. 49-66 ◽

Cited By ~ 16

Author(s):

Daniel Dietsch ◽

Matthias Heizmann ◽

Vincent Langenfeld ◽

Andreas Podelski

Keyword(s):

Model Checking ◽

Software Model Checking ◽

New Approach ◽

Software Model

Download Full-text

The Use of Entropy in Modeling the Mechanical Degradation of Grease

Lubricants ◽

10.3390/lubricants7100082 ◽

2019 ◽

Vol 7 (10) ◽

pp. 82 ◽

Cited By ~ 4

Author(s):

Gurt ◽

Khonsari

Keyword(s):

Future Research ◽

Mechanical Degradation ◽

New Techniques ◽

Lubricating Grease ◽

New Approach ◽

Modeling Techniques ◽

Theoretical Developments

Recent theoretical developments linking degradation to the thermodynamic concept of entropy have allowed a new approach to modeling all types of degradation. The theory has been successfully applied to wear, fatigue, and numerous other forms of degradation and experimentation has confirmed its applicability to modeling the mechanical degradation of lubricating grease. This paper overviews the mechanical degradation of grease, discusses past and present modeling techniques, shows how new techniques can be used to predict grease life, and provides suggestions for future research.

Download Full-text

A program analysis framework for tccp based on abstract interpretation

Formal Aspects of Computing ◽

10.1007/s00165-016-0409-8 ◽

2017 ◽

Vol 29 (3) ◽

pp. 531-557

Author(s):

Marco Comini ◽

María-del-Mar Gallardo ◽

Laura Titolo ◽

Alicia Villanueva

Keyword(s):

Program Analysis ◽

Abstract Interpretation ◽

Analysis Framework

Download Full-text

A business process modeling‐based approach to investigate complex processes

Business Process Management Journal ◽

10.1108/14637151211215046 ◽

2012 ◽

Vol 18 (1) ◽

pp. 122-137 ◽

Cited By ~ 5

Author(s):

Faisal A. Abu Rub ◽

Ayman A. Issa

Keyword(s):

Business Process ◽

Process Modeling ◽

Business Processes ◽

Business Process Modeling ◽

New Techniques ◽

New Approach ◽

Content Type ◽

Complex Processes ◽

Model Complex

PurposeThe purpose of this paper is to develop a new approach to investigate complex processes, such as software development processes, using business process modeling.Design/methodology/approachThe paper presents an investigation into the use of role activity diagramming (RAD) to model complex processes in the software industry sector, with reference to the process of TestWarehouse as a case study.FindingsSystematic extension and quantitative analysis to RAD models led to the discovery of process bottlenecks, identification of cross functional boundary problems, and focused discussion about automation of processes.Research limitations/implicationsFurther work is required to validate and evaluate the proposed approach using several cases with different application domains and thus generalize the adopted approach.Practical implicationsA new approach has been used successfully to understand and analyze business processes. The tools and techniques that are used to perform the approach are not complicated and do not need much specialist expertise, so the approach is not only oriented toward specialists but also toward organizations' managers and staff.Originality/valueNew techniques have been developed by using process modelling to deepen the understanding and analyzing of complex organizational processes. This research implements a practical investigation which uses a case study to validate the new techniques.

Download Full-text

ac2lus: Bringing SMT-Solving and Abstract Interpretation Techniques to Real-Time Calculus through the Synchronous Language Lustre

2010 22nd Euromicro Conference on Real-Time Systems ◽

10.1109/ecrts.2010.11 ◽

2010 ◽

Cited By ~ 3

Author(s):

Karine Altisen ◽

Matthieu Moy

Keyword(s):

Real Time ◽

Abstract Interpretation ◽

Smt Solving ◽

Synchronous Language

Download Full-text

JDart: Dynamic Symbolic Execution for Java Bytecode (Competition Contribution)

Tools and Algorithms for the Construction and Analysis of Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-030-45237-7_28 ◽

2020 ◽

pp. 398-402 ◽

Cited By ~ 2

Author(s):

Malte Mues ◽

Falk Howar

Keyword(s):

Symbolic Execution ◽

Model Checker ◽

Constraint Solver ◽

Java Bytecode ◽

Software Model ◽

Dynamic Symbolic Execution ◽

Symbolic Constraints

Abstract JDart performs dynamic symbolic execution of Java programs: it executes programs with concrete inputs while recording symbolic constraints on executed program paths. A constraint solver is then used for generating new concrete values from recorded constraints that drive execution along previously unexplored paths. JDart is built on top of the Java PathFinder software model checker and uses the JConstraints library for the integration of constraint solvers.

Download Full-text

Kratos – A Software Model Checker for SystemC

Computer Aided Verification - Lecture Notes in Computer Science ◽

10.1007/978-3-642-22110-1_24 ◽

2011 ◽

pp. 310-316 ◽

Cited By ~ 28

Author(s):

Alessandro Cimatti ◽

Alberto Griggio ◽

Andrea Micheli ◽

Iman Narasamdya ◽

Marco Roveri

Keyword(s):

Model Checker ◽

Software Model

Download Full-text