The dogged pursuit of bug-free C programs

Patrick Baudin; François Bobot; David Bühler; Loïc Correnson; Florent Kirchner; Nikolai Kosmatov; André Maroneze; Valentin Perrelle; Virgile Prevosto; Julien Signoles; Nicky Williams

doi:10.1145/3470569

Shape Neutral Analysis of Graph-based Data-structures

Theory and Practice of Logic Programming ◽

10.1017/s147106841800025x ◽

2018 ◽

Vol 18 (3-4) ◽

pp. 470-483 ◽

Cited By ~ 1

Author(s):

GREGORY J. DUCK ◽

JOXAN JAFFAR ◽

ROLAND H. C. YAP

Keyword(s):

Data Structure ◽

Data Structures ◽

Program Analysis ◽

Constraint Handling ◽

C Programs ◽

Wide Range ◽

Target Program ◽

Target Data ◽

Structure Graph ◽

Structure Properties

AbstractMalformed data-structures can lead to runtime errors such as arbitrary memory access or corruption. Despite this, reasoning over data-structure properties for low-level heap manipulating programs remains challenging. In this paper we present a constraint-based program analysis that checks data-structure integrity, w.r.t. given target data-structure properties, as the heap is manipulated by the program. Our approach is to automatically generate a solver for properties using the type definitions from the target program. The generated solver is implemented using a Constraint Handling Rules (CHR) extension of built-in heap, integer and equality solvers. A key property of our program analysis is that the target data-structure properties are shape neutral, i.e., the analysis does not check for properties relating to a given data-structure graph shape, such as doubly-linked-lists versus trees. Nevertheless, the analysis can detect errors in a wide range of data-structure manipulating programs, including those that use lists, trees, DAGs, graphs, etc. We present an implementation that uses the Satisfiability Modulo Constraint Handling Rules (SMCHR) system. Experimental results show that our approach works well for real-world C programs.

E-ACSL, a Runtime Verification Tool for Safety and Security of C Programs (tool paper)

10.29007/fpdh ◽

2018 ◽

Author(s):

Julien Signoles ◽

Nikolai Kosmatov ◽

Kostyantyn Vorobyov

Keyword(s):

Formal Specification ◽

Runtime Verification ◽

Specification Language ◽

Formal Specifications ◽

C Programs ◽

Verification Tool ◽

Security Properties ◽

C Program ◽

Formal Properties ◽

Formal Specification Language

This tool paper presents E-ACSL, a runtime verification tool for C programs capable of checking a broad range of safety and security properties expressed using a formal specification language. E-ACSL consumes a C program annotated with formal specifications and generates a new C program that behaves similarly to the original if the formal properties are satisfied, or aborts its execution whenever a property does not hold. This paper presents an overview of E-ACSL and its specification language.

A Decision Tree Lifted Domain for Analyzing Program Families with Numerical Features

Fundamental Approaches to Software Engineering - Lecture Notes in Computer Science ◽

10.1007/978-3-030-71500-7_4 ◽

2021 ◽

pp. 67-86

Author(s):

Aleksandar S. Dimovski ◽

Sven Apel ◽

Axel Legay

Keyword(s):

Decision Tree ◽

Decision Trees ◽

Static Analysis ◽

Program Analysis ◽

Empirical Evaluation ◽

Linear Constraints ◽

Combinatorial Explosion ◽

C Programs ◽

Feature Based ◽

Family Based

AbstractLifted (family-based) static analysis by abstract interpretation is capable of analyzing all variants of a program family simultaneously, in a single run without generating any of the variants explicitly. The elements of the underlying lifted analysis domain are tuples, which maintain one property per variant. Still, explicit property enumeration in tuples, one by one for all variants, immediately yields combinatorial explosion. This is particularly apparent in the case of program families that, apart from Boolean features, contain also numerical features with large domains, thus giving rise to astronomical configuration spaces.The key for an efficient lifted analysis is a proper handling of variability-specific constructs of the language (e.g., feature-based runtime tests and $$\texttt {\#if}$$ # if directives). In this work, we introduce a new symbolic representation of the lifted abstract domain that can efficiently analyze program families with numerical features. This makes sharing between property elements corresponding to different variants explicitly possible. The elements of the new lifted domain are constraint-based decision trees, where decision nodes are labeled with linear constraints defined over numerical features and the leaf nodes belong to an existing single-program analysis domain. To illustrate the potential of this representation, we have implemented an experimental lifted static analyzer, called SPLNum$$^2$$ 2 Analyzer, for inferring invariants of C programs. An empirical evaluation on BusyBox and on benchmarks from SV-COMP yields promising preliminary results indicating that our decision trees-based approach is effective and outperforms the baseline tuple-based approach.

Complete decision procedure for the theory of bounded pointer arithmetic based on quantifier instantiation and SMT

Proceedings of the Institute for System Programming of RAS ◽

10.15514/ispras-2021-33(4)-13 ◽

2021 ◽

Vol 33 (4) ◽

pp. 177-194

Author(s):

Rafael Faritovich Sadykov ◽

Mikhail Usamovich Mandrykin

Keyword(s):

Program Verification ◽

Source Code ◽

Decision Procedures ◽

C Programs ◽

Smt Solver ◽

Smt Solvers ◽

Relevant Logics ◽

Soundness And Completeness ◽

C Program ◽

Quantifier Instantiation

The process of developing C programs is quite often prone to errors related to the uses of pointer arithmetic and operations on memory addresses. This promotes a need in developing various tools for automated program verification. One of the techniques frequently employed by those tools is invocation of appropriate decision procedures implemented within existing SMT-solvers. But at the same time both the SMT standard and most existing SMT-solvers lack the relevant logics (combinations of logical theories) for directly and precisely modelling the semantics of pointer operations in C. One of the possible ways to support these logics is to implement them in an SMT solver, but this approach can be time-consuming (as requires modifying the solver’s source code), inflexible (introducing any changes to the theory’s signature or semantics can be unreasonably hard) and limited (every solver has to be supported separately). Another way is to design and implement custom quantifier instantiation strategies. These strategies can be then used to translate formulas in the desired theory combinations to formulas in well-supported decidable logics such as QF_UFLIA. In this paper, we present an instantiation procedure for translating formulas in the theory of bounded pointer arithmetic into the QF_UFLIA logic. We formally proved soundness and completeness of our instantiation procedure in Isabelle/HOL. The paper presents an informal description of this proof of the proposed procedure. The theory of bounded pointer arithmetic itself was formulated based on known errors regarding the correct use of pointer arithmetic operations in industrial code as well as the semantics of these operations specified in the C standard. Similar procedure can also be defined for a practically relevant fragment of the theory of bit vectors (monotone propositional combinations of equalities between bitwise expressions). Our approach is sufficient to obtain efficient decision procedures implemented as Isabelle/HOL proof methods for several decidable logical theories used in C program verification by relying on the existing capabilities of well-known SMT solvers, such as Z3 and proof reconstruction capabilities of the Isabelle/HOL proof assistant.

Formal Modeling and Verification of Security Property in Handel C Program

International Journal of Secure Software Engineering ◽

10.4018/jsse.2012070103 ◽

2012 ◽

Vol 3 (3) ◽

pp. 50-65

Author(s):

Yujian Fu ◽

Jeffery Kulick ◽

Lok K. Yan ◽

Steven Drager

Keyword(s):

Model Checking ◽

Petri Nets ◽

Formal Specification ◽

Critical Systems ◽

Formal Approach ◽

C Programs ◽

Translation Rule ◽

Security Properties ◽

C Program ◽

Security Property

Multi-million gate system-on-chip (SoC) designs easily fit into today’s Field Programmable Gate Arrays (FPGAs). As FPGAs become more common in safety-critical and mission-critical systems, researchers and designers require information flow guarantees for the FPGAs. Tools for designing a secure system of chips (SOCs) using FPGAs and new techniques to manage and analyze the security properties precisely are desirable. In this work we propose a formal approach to model, analyze and verify a typical set of security properties – noninterference – of Handel C programs using Petri Nets and model checking. This paper presents a method to model Handel C programs using Predicate Transition Nets, a type of Petri Net, and define security properties on the model, plus a verification approach where security properties are checked. Three steps are used. First, a formal specification on the Handel C description using Petri Nets is extracted. Second, the dynamic noninterference properties with respect to the Handel C program statements are defined on the model. To assist in verification, a translation rule from the Petri Nets specification to the Maude programming language is also defined. Thus, the formal specification can be verified against the system properties using model checking. A case study of the pipeline multiplier is discussed to illustrate the concept and validate the approach.

Solutions to Infection Prevention and Control challenges in developing countries, do they exist?

International Journal of Infection Control ◽

10.3396/ijic.v16i1.007.20 ◽

2019 ◽

Vol 16 (1) ◽

Author(s):

Vanessa Leonie Sparke ◽

Jason Diau ◽

David MacLaren ◽

Caryn West

Keyword(s):

Developing Countries ◽

Prevention And Control ◽

Infection Prevention ◽

Infection Prevention And Control ◽

Original Research ◽

Extensive Literature ◽

Spiritual Beliefs ◽

C Programs ◽

C Program ◽

And Control

Implementing sustainable infection prevention and control (IP&C) programs in developing countries is challenging. Many developing countries experience high burdens of disease and political instability. In addition, they are affected by geographical and climatic challenges, and have unique social, cultural and spiritual beliefs, all of which contribute to a higher prevalence of healthcare associated infections. The aim of this integrative review is to identify existing solutions to the challenges faced by developing countries when implementing IP&C programs. An extensive literature review was conducted to explore improvements in infection control in rural hospitals in developing countries. Three electronic databases were searched for relevant articles written between 1980 and 2018, published in peer reviewed English language journals, and relating to hospitals, not community settings. The findings indicate that developing countries continue to face many challenges in implementing IP&C programs. Limited success has been described with some IP&C program components but it is clear that little original research on the topic exists. Notably scarce are studies on the influences that culture, religious and spiritual beliefs have on IP&C program implementation. This review highlights opportunities for further research into healthcare workers perceptions of disease causation and infection transmission, and the role this plays in the effective implementation of an IP&C program. By exploring these opportunities appropriate and culturally sensitive solutions may be identified, which can assist with the design and implementation of culturally relevant IP&C programs in these settings.

Program refactoring in the presence of preprocessor directives

10.35537/10915/4167 ◽

2005 ◽

Author(s):

◽

Alejandra Garrido

Keyword(s):

Program Analysis ◽

Single Unit ◽

Source Code ◽

C Language ◽

C Programs ◽

Novel Approach ◽

C Preprocessor ◽

Single Configuration

The C preprocessor is heavily used in C programs because it provides useful and even necessary additions to the C language. Since preprocessor directives are not part of C, they are removed before parsing and program analysis take place, during the phase called preprocessing. In the context of refactoring, it is inappropriate to remove preprocessor directives: if changes are applied on the preprocessed version of a program, it may not be possible to recover the un-preprocessed version. This means that after refactoring, all the source code would be contained in a single unit, targeted to a single configuration and without preprocessor macros. This thesis describes a novel approach to preserve preprocessor directives during parsing and program analysis, and integrate them in the program representations. Furthermore, it illustrates how the program representations are used during refactor ing and how transformations preserve preprocessor directives. Additionally, the semantics of the C preprocessor are formally specified, and the results of implementing this approach in a refactoring tool for C, CRefactory, are presented.

Defining the undefinedness of C11 : practical semantics-based program analysis

10.32469/10355/63596 ◽

2017 ◽

Author(s):

◽

Chris Hathhorn

Keyword(s):

Program Analysis ◽

Third Party ◽

Test Suite ◽

University Of Missouri ◽

C Language ◽

C Programs ◽

Semantic Treatment ◽

Practical Analysis ◽

Core Language ◽

The University

[ACCESS RESTRICTED TO THE UNIVERSITY OF MISSOURI AT AUTHOR'S REQUEST.] This thesis extends the work of Ellison and Ros,u [13, 12] but focuses on the "negative" semantics of the C11 language--the semantics required to not just give meaning to correct programs, but also to reject undefined programs. We investigate undefined behavior in C and discuss the techniques and special considerations needed to formally specify it. Using these techniques, we have modified and extended a semantics of C into one that captures undefined behavior. The amount of semantic infrastructure and effort required to achieve this was unexpectedly high, in the end more than tripling the size of the original semantics. From our semantics, we automatically extract kcc, a tool for checking realworld C programs for undefined behavior and other common programmer mistakes. Previous versions of this tool were used primarily for testing the correctness of the semantics, but we have improved it into a tool for doing practical analysis of real C programs. It beats many similar tools in its ability to catch a broad range of undesirable behaviors. We demonstrate this with comparisons based on our own test suite in addition to third-party benchmarks. Our checker is capable of detecting examples of all 77 categories of core language undefinedness appearing in the C11 standard, more than any other tool we considered. Based on this evaluation, we argue that our work is the most comprehensive and complete semantic treatment of undefined behavior in C, and thus of the C language itself.

DeepWukong

ACM Transactions on Software Engineering and Methodology ◽

10.1145/3436877 ◽

2021 ◽

Vol 30 (3) ◽

pp. 1-33

Author(s):

Xiao Cheng ◽

Haoyu Wang ◽

Jiayi Hua ◽

Guoai Xu ◽

Yulei Sui

Keyword(s):

Deep Learning ◽

Program Analysis ◽

Evaluation Studies ◽

Software Systems ◽

Bug Detection ◽

C Programs ◽

Static Code Analysis ◽

Programming Logic ◽

Low Dimensional ◽

High Level

Static bug detection has shown its effectiveness in detecting well-defined memory errors, e.g., memory leaks, buffer overflows, and null dereference. However, modern software systems have a wide variety of vulnerabilities. These vulnerabilities are extremely complicated with sophisticated programming logic, and these bugs are often caused by different bad programming practices, challenging existing bug detection solutions. It is hard and labor-intensive to develop precise and efficient static analysis solutions for different types of vulnerabilities, particularly for those that may not have a clear specification as the traditional well-defined vulnerabilities. This article presents D eep W ukong , a new deep-learning-based embedding approach to static detection of software vulnerabilities for C/C++ programs. Our approach makes a new attempt by leveraging advanced recent graph neural networks to embed code fragments in a compact and low-dimensional representation, producing a new code representation that preserves high-level programming logic (in the form of control- and data-flows) together with the natural language information of a program. Our evaluation studies the top 10 most common C/C++ vulnerabilities during the past 3 years. We have conducted our experiments using 105,428 real-world programs by comparing our approach with four well-known traditional static vulnerability detectors and three state-of-the-art deep-learning-based approaches. The experimental results demonstrate the effectiveness of our research and have shed light on the promising direction of combining program analysis with deep learning techniques to address the general static code analysis challenges.

Runtime Program Analysis Tool for a Simulation Engine

PsycEXTRA Dataset ◽

10.1037/e513562010-001 ◽

2010 ◽

Author(s):

Mark Stewart Nichols

Keyword(s):

Program Analysis ◽

Analysis Tool ◽

Simulation Engine