scholarly journals Transformation-Enabled Precondition Inference

2021 ◽  
pp. 1-17
Author(s):  
BISHOKSAN KAFLE ◽  
GRAEME GANGE ◽  
PETER J. STUCKEY ◽  
PETER SCHACHTE ◽  
HARALD SØNDERGAARD
Keyword(s):  
Iterative Method ◽  
Program Analysis ◽  
Experimental Evaluation ◽  
Software Verification ◽  
Termination Criteria ◽  
Initial States

Abstract Precondition inference is a non-trivial problem with important applications in program analysis and verification. We present a novel iterative method for automatically deriving preconditions for the safety and unsafety of programs. Each iteration maintains over-approximations of the set of safe and unsafe initial states, which are used to partition the program’s initial states into those known to be safe, known to be unsafe and unknown. We then construct revised programs with those unknown initial states and iterate the procedure until the approximations are disjoint or some termination criteria are met. An experimental evaluation of the method on a set of software verification benchmarks shows that it can infer precise preconditions (sometimes optimal) that are not possible using previous methods.

Bounded Verification of Multi-threaded Programs via Lazy Sequentialization

2022 ◽  
Vol 44 (1) ◽  
pp. 1-50
Author(s):  
Omar Inverso ◽  
Ermenegildo Tomasco ◽  
Bernd Fischer ◽  
Salvatore La Torre ◽  
Gennaro Parlato
Keyword(s):  
Program Analysis ◽  
High Performance ◽  
Software Verification ◽  
Bounded Model Checking ◽  
New Approach ◽  
C Programming Language ◽  
C Programming ◽  
Verification Problem ◽  
Practical Program ◽  
Verification Techniques

Bounded verification techniques such as bounded model checking (BMC) have successfully been used for many practical program analysis problems, but concurrency still poses a challenge. Here, we describe a new approach to BMC of sequentially consistent imperative programs that use POSIX threads. We first translate the multi-threaded program into a nondeterministic sequential program that preserves reachability for all round-robin schedules with a given bound on the number of rounds. We then reuse existing high-performance BMC tools as backends for the sequential verification problem. Our translation is carefully designed to introduce very small memory overheads and very few sources of nondeterminism, so it produces tight SAT/SMT formulae, and is thus very effective in practice: Our Lazy-CSeq tool implementing this translation for the C programming language won several gold and silver medals in the concurrency category of the Software Verification Competitions (SV-COMP) 2014–2021 and was able to find errors in programs where all other techniques (including testing) failed. In this article, we give a detailed description of our translation and prove its correctness, sketch its implementation using the CSeq framework, and report on a detailed evaluation and comparison of our approach.

Chapter 20. Software Verification

2021 ◽  
Author(s):  
Daniel Kroening
Keyword(s):  
Program Analysis ◽  
Software Verification ◽  
Embedded Software ◽  
Propositional Satisfiability ◽  
Low Level

This chapter covers an application of propositional satisfiability to program analysis. We focus on the discovery of programming flaws in low-level programs, such as embedded software. The loops in the program are unwound together with a property to form a formula, which is then converted into CNF. The method supports low-level programming constructs such as bit-wise operators or pointer arithmetic.

scholarly journals An iterative approach to precondition inference using constrained Horn clauses

2018 ◽  
Vol 18 (3-4) ◽  
pp. 553-570 ◽  
Author(s):  
BISHOKSAN KAFLE ◽  
JOHN P. GALLAGHER ◽  
GRAEME GANGE ◽  
PETER SCHACHTE ◽  
HARALD SØNDERGAARD ◽  
...  
Keyword(s):  
Software Verification ◽  
Partial Evaluation ◽  
Iterative Approach ◽  
Horn Clauses ◽  
Disjunctive Constraints ◽  
Benchmark Suite ◽  
Initial States ◽  
Automatic Inference

AbstractWe present a method for automatic inference of conditions on the initial states of a program that guarantee that the safety assertions in the program are not violated. Constrained Horn clauses (CHCs) are used to model the program and assertions in a uniform way, and we use standard abstract interpretations to derive an over-approximation of the set ofunsafeinitial states. The precondition then is the constraint corresponding to the complement of that set, under-approximating the set ofsafeinitial states. This idea of complementation is not new, but previous attempts to exploit it have suffered from the loss of precision. Here we develop an iterative specialisation algorithm to give more precise, and in some cases optimal safety conditions. The algorithm combines existing transformations, namely constraint specialisation, partial evaluation and a trace elimination transformation. The last two of these transformations perform polyvariant specialisation, leading to disjunctive constraints which improve precision. The algorithm is implemented and tested on a benchmark suite of programs from the literature in precondition inference and software verification competitions.

A Fresh Look at Zones and Octagons

2021 ◽  
Vol 43 (3) ◽  
pp. 1-51
Author(s):  
Graeme Gange ◽  
Zequn Ma ◽  
Jorge A. Navas ◽  
Peter Schachte ◽  
Harald Søndergaard ◽  
...  
Keyword(s):  
Data Structures ◽  
Program Analysis ◽  
Software Verification ◽  
State Of The Art ◽  
The State ◽  
Bound Constraints ◽  
Data Structures And Algorithms ◽  
Alternative Approaches ◽  
Abstract Domains ◽  
Automated Discovery

Zones and Octagons are popular abstract domains for static program analysis. They enable the automated discovery of simple numerical relations that hold between pairs of program variables. Both domains are well understood mathematically but the detailed implementation of static analyses based on these domains poses many interesting algorithmic challenges. In this article, we study the two abstract domains, their implementation and use. Utilizing improved data structures and algorithms for the manipulation of graphs that represent difference-bound constraints, we present fast implementations of both abstract domains, built around a common infrastructure. We compare the performance of these implementations against alternative approaches offering the same precision. We quantify the differences in performance by measuring their speed and precision on standard benchmarks. We also assess, in the context of software verification, the extent to which the improved precision translates to better verification outcomes. Experiments demonstrate that our new implementations improve the state of the art for both Zones and Octagons significantly.

scholarly journals A Theory of Arrays with set and copy Operations

10.29007/q58t ◽  
2018 ◽  
Author(s):  
Stephan Falke ◽  
Carsten Sinz ◽  
Florian Merz
Keyword(s):  
Model Checking ◽  
Program Analysis ◽  
Software Verification ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Main Memory ◽  
Basic Theory ◽  
Analysis Software

The theory of arrays is widely used in order to model main memory in program analysis, software verification, bounded model checking, symbolic execution, etc. Nonetheless, the basic theory as introduced by McCarthy is not expressive enough for important practical cases since it only supports array updates at single locations. In programs, the memory is often modified using functions such as memset or memcpy/memmove, which modify a user-specified range of locations whose size might not be known statically. In this paper we present an extension of the theory of arrays with set and copy operations which make it possible to reason about such functions. We also discuss further applications of the theory.

scholarly journals Violation Witnesses and Result Validation for Multi-Threaded Programs

2020 ◽  
pp. 449-470
Author(s):  
Dirk Beyer ◽  
Karlheinz Friedberger
Keyword(s):  
Program Analysis ◽  
Software Verification ◽  
Large Set ◽  
Standard Format ◽  
Exchange Format ◽  
Program Traces ◽  
Verification Tools ◽  
Reference Implementation ◽  
Validation Of Results

Abstract Invariants and error traces are important results of a program analysis, and therefore, a standardized exchange format for verification witnesses is used by many program analyzers to store and share those results. This way, information about program traces and variable assignments can be shared across tools, e.g., to validate verification results, or provided to users, e.g., to visualize and explore the results in order to fix bugs or understand the reason for a program’s correctness. The standard format for correctness and violation witnesses that was used by SV-COMP for several years was only applicable to sequential (single-threaded) programs. To enable the validation of results for multi-threaded programs, we extend the existing standard exchange format by adding information about thread management and thread interleaving. We contribute a reference implementation of a validator for violation witnesses in the new format, which we implemented as component of the software-verification framework "Image missing" . We experimentally evaluate the format and validator on a large set of violation witnesses. The outcome is promising: several verification tools already produce violation witnesses that help validating the verification results, and our witness validator can re-verify most of the produced witnesses.

scholarly journals Verification Artifacts in Cooperative Verification: Survey and Unifying Component Framework

2020 ◽  
pp. 143-167
Author(s):  
Dirk Beyer ◽  
Heike Wehrheim
Keyword(s):  
Program Analysis ◽  
Software Verification ◽  
State Of The Art ◽  
System Model ◽  
Precise Meaning ◽  
Automatic Program ◽  
Information Verification ◽  
Effectiveness And Efficiency ◽  
Verification Process ◽  
Overall Effectiveness

Abstract The goal of cooperative verification is to combine verification approaches in such a way that they work together to verify a system model. In particular, cooperative verifiers provide exchangeable information (verification artifacts) to other verifiers or consume such information from other verifiers with the goal of increasing the overall effectiveness and efficiency of the verification process. This paper first gives an overview over approaches for leveraging strengths of different techniques, algorithms, and tools in order to increase the power and abilities of the state of the art in software verification. To limit the scope, we restrict our overview to tools and approaches for automatic program analysis. Second, we specifically outline cooperative verification approaches and discuss their employed verification artifacts. Third, we formalize all artifacts in a uniform way, thereby fixing their semantics and providing verifiers with a precise meaning of the exchanged information.

scholarly journals Order-sorted Homeomorphic Embedding Modulo Combinations of Associativity and/or Commutativity Axioms*

2020 ◽  
Vol 177 (3-4) ◽  
pp. 297-329
Author(s):  
María Alpuente ◽  
Angel Cuenca-Ortega ◽  
Santiago Escobar ◽  
José Meseguer
Keyword(s):  
Program Analysis ◽  
Symbolic Execution ◽  
Experimental Results ◽  
Termination Criteria ◽  
Symbolic Methods

The Homeomorphic Embedding relation has been amply used for defining termination criteria of symbolic methods for program analysis, transformation, and verification. However, homeomorphic embedding has never been investigated in the context of order-sorted rewrite theories that support symbolic execution methods modulo equational axioms. This paper generalizes the symbolic homeomorphic embedding relation to order–sorted rewrite theories that may contain various combinations of associativity and/or commutativity axioms for different binary operators. We systematically measure the performance of different, increasingly efficient formulations of the homeomorphic embedding relation modulo axioms that we implement in Maude. Our experimental results show that the most efficient version indeed pays off in practice.

Sign in / Sign up

Export Citation Format

Share Document