scholarly journals A program analysis framework for tccp based on abstract interpretation

2017 ◽  
Vol 29 (3) ◽  
pp. 531-557
Author(s):  
Marco Comini ◽  
María-del-Mar Gallardo ◽  
Laura Titolo ◽  
Alicia Villanueva
Keyword(s):  
Program Analysis ◽  
Abstract Interpretation ◽  
Analysis Framework

CODE-CHANGE IMPACT ANALYSIS USING COUNTERFACTUALS: THEORY AND IMPLEMENTATION

2013 ◽  
Vol 23 (10) ◽  
pp. 1459-1486
Author(s):  
MANUEL PERALTA ◽  
SUPRATIK MUKHOPADHYAY
Keyword(s):  
Static Analysis ◽  
Theorem Proving ◽  
Program Analysis ◽  
Impact Analysis ◽  
Source Code ◽  
Analysis Framework ◽  
Change Impact Analysis ◽  
Code Change ◽  
Change Impact ◽  
Automated Tool

This article shows a novel program analysis framework based on Lewis' theory of counterfactuals. Using this framework we are capable of performing change-impact static analysis on a program's source code. In other words, we are able to prove the properties induced by changes to a given program before applying these changes. Our contribution is two-fold; we show how to use Lewis' logic of counterfactuals to prove that proposed changes to a program preserve its correctness. We report the development of an automated tool based on resolution and theorem proving for performing code change-impact analysis.

scholarly journals Theory-Specific Reasoning about Loops with Arrays using Vampire

10.29007/qk21 ◽  
2018 ◽  
Author(s):  
Yuting Chen ◽  
Laura Kovacs ◽  
Simon Robillard
Keyword(s):  
Program Analysis ◽  
Theorem Prover ◽  
Common Theme ◽  
Analysis Framework ◽  
Elimination Method ◽  
First Order ◽  
The Common

We describe new extensions of the first-order theorem prover Vampire for supporting program analysis and proving properties of loops with arrays. The common theme of our work is the symbol elimination method for generating loop invariants. In our work, we improve symbol elimination for program analysis in two ways. First, we enhance the program analysis framework of Vampire by simplifying skolemization during consequence finding. Second, we extend symbol elimination with theory-specific reasoning, in particular in the theory of polymorphic arrays, and generate and prove program properties over arrays. We illustrate our approach on a number of challenging examples coming from program analysis and verification. Our experiments show that, thanks to our improvements, programs that could not be analyzed before can now be verified with our method.

scholarly journals Practical Abstract Interpretation of Binary Code

2020 ◽  
Vol 32 (6) ◽  
pp. 101-110
Author(s):  
Mikhail Aleksandrovich Solovev ◽  
Maksim Gennadevich Bakulin ◽  
Sergei Sergeevich Makarov ◽  
Dmitrii Valerevich Manushin ◽  
Vartan Andronikovich Padaryan
Keyword(s):  
Program Analysis ◽  
Abstract Interpretation ◽  
Binary Code ◽  
Transfer Functions ◽  
Main Memory ◽  
Code Analysis ◽  
Concolic Execution ◽  
Point Analysis ◽  
Dynamic Execution ◽  
Mathematical Foundations

The mathematical foundations of abstract interpretation provide a unified method of formalization and research of program analysis algorithms for a broad spectrum of practical problems. However, its practical usage for binary code analysis faces several challenges, of both scientific and engineering nature. In this paper we address some of those challenges. We describe an intermediate representation that is tailored to binary code analysis; unlike some other IRs it is still useable in system code analysis. To achieve this, we take into account the low-level specifics of how CPUs work; on the IR level this mostly pertains to modeling main memory in that accesses can fail, and addresses can alias. Further, we propose an infrastructure for carrying out abstract interpretation on top of the IR. The user needs to implement the abstract state and the transfer functions, and the infrastructure handles the rest: two executors are currently implemented, one for analysis of a single path, and one for fixed point analysis. Both executors handle interprocedural analysis internally, via inlining or using summaries, so the interpretations only consider only procedure at a time, which greatly simplifies implementation. The IR and the abstract interpretation framework are used together to define a model pipeline for a target instruction set architecture, consisting of a fetch stage, a decode stage, and an execute stage. A distinct fetch stage allows to model delay slots, hardware loops, etc. We currently have limited implementations for RISC-V and x86. The x86 implementation is evaluated in two experiments where concolic execution is used to automatically analyze a «crackme» program, both in dynamic (execution trace) and static (executable image) setting. In conclusion, we outline the future directions of our project.

scholarly journals Goblint: Thread-Modular Abstract Interpretation Using Side-Effecting Constraints

2021 ◽  
pp. 438-442
Author(s):  
Simmo Saan ◽  
Michael Schwarz ◽  
Kalmer Apinis ◽  
Julian Erhard ◽  
Helmut Seidl ◽  
...  
Keyword(s):  
Static Analysis ◽  
Abstract Interpretation ◽  
Analysis Framework ◽  
Data Race ◽  
C Programs ◽  
Global Invariants ◽  
Race Analysis

AbstractGoblintis a static analysis framework for C programs specializing in data race analysis. It relies on thread-modular abstract interpretation where thread interferences are accounted for by means of flow-insensitive global invariants.

scholarly journals Program analysis via efficient symbolic abstraction

2021 ◽  
Vol 5 (OOPSLA) ◽  
pp. 1-32
Author(s):  
Peisen Yao ◽  
Qingkai Shi ◽  
Heqing Huang ◽  
Charles Zhang
Keyword(s):  
Strong Evidence ◽  
Program Analysis ◽  
Abstract Interpretation ◽  
State Of The Art ◽  
Diverse Group ◽  
Machine Code ◽  
Code Analysis ◽  
Polyhedral Domain ◽  
Performance Issues ◽  
Bit Vector

This paper concerns the scalability challenges of symbolic abstraction: given a formula ϕ in a logic L and an abstract domain A , find a most precise element in the abstract domain that over-approximates the meaning of ϕ. Symbolic abstraction is an important point in the space of abstract interpretation, as it allows for automatically synthesizing the best abstract transformers. However, current techniques for symbolic abstraction can have difficulty delivering on its practical strengths, due to performance issues. In this work, we introduce two algorithms for the symbolic abstraction of quantifier-free bit-vector formulas, which apply to the bit-vector interval domain and a certain kind of polyhedral domain, respectively. We implement and evaluate the proposed techniques on two machine code analysis clients, namely static memory corruption analysis and constrained random fuzzing. Using a suite of 57,933 queries from the clients, we compare our approach against a diverse group of state-of-the-art algorithms. The experiments show that our algorithms achieve a substantial speedup over existing techniques and illustrate significant precision advantages for the clients. Our work presents strong evidence that symbolic abstraction of numeric domains can be efficient and practical for large and realistic programs.

scholarly journals Ultimate Taipan with Symbolic Interpretation and Fluid Abstractions

2020 ◽  
pp. 418-422 ◽  
Author(s):  
Daniel Dietsch ◽  
Matthias Heizmann ◽  
Alexander Nutz ◽  
Claus Schätzle ◽  
Frank Schüssele
Keyword(s):  
Program Analysis ◽  
Abstract Interpretation ◽  
Model Checker ◽  
New Techniques ◽  
New Approach ◽  
Smt Solving ◽  
Software Model ◽  
Symbolic Interpretation

Abstract Ultimate Taipan is a software model checker that combines trace abstraction with abstract interpretation on path programs. In this year’s version, we replaced our abstract interpretation engine and now use a combination of multiple abstraction functions, fixpoint computation, algebraic program analysis, and SMT solving. Our new approach will allow us to integrate new techniques more easily.

Sign in / Sign up

Export Citation Format

Share Document