scholarly journals A Theory of Arrays with set and copy Operations

10.29007/q58t ◽  
2018 ◽  
Author(s):  
Stephan Falke ◽  
Carsten Sinz ◽  
Florian Merz
Keyword(s):  
Model Checking ◽  
Program Analysis ◽  
Software Verification ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Main Memory ◽  
Basic Theory ◽  
Analysis Software

The theory of arrays is widely used in order to model main memory in program analysis, software verification, bounded model checking, symbolic execution, etc. Nonetheless, the basic theory as introduced by McCarthy is not expressive enough for important practical cases since it only supports array updates at single locations. In programs, the memory is often modified using functions such as memset or memcpy/memmove, which modify a user-specified range of locations whose size might not be known statically. In this paper we present an extension of the theory of arrays with set and copy operations which make it possible to reason about such functions. We also discuss further applications of the theory.

Concurrent Bug Finding Based on Bounded Model Checking

2020 ◽  
Vol 30 (05) ◽  
pp. 669-694
Author(s):  
Milena Vujošević Janičić
Keyword(s):  
Model Checking ◽  
Software Verification ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Sequential Approach ◽  
Software Analysis ◽  
Verification Tool ◽  
Single Compound ◽  
Bug Finding ◽  
Reliable Software

Automated and reliable software verification is of crucial importance for development of high-quality software. Formal methods can be used for finding different kinds of bugs without executing the software, for example, for finding possible run-time errors. The methods like model checking and symbolic execution offer very precise static analysis but on real world programs do not always scale well. One way to tackle the scalability problem is to apply new concurrent and sequential approaches to complex algorithms used in these kinds of software analysis. In this paper, we compare different variants of bounded model checking and propose two concurrent approaches: concurrency of intra-procedural analysis and concurrency of inter-procedural analysis. We implemented these approaches in a software verification tool LAV, a tool that is based on bounded model checking and symbolic execution. For assessing the improvements gained, we experimentally compared the concurrent approaches with the standard bounded model checking approach (where all correctness conditions are put into a single compound formula) and with a sequential approach (where correctness conditions are checked separately, one after the other). The results show that, in many cases, the proposed concurrent approaches give significant improvements.

scholarly journals FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

2021 ◽  
pp. 363-367 ◽  
Author(s):  
Kaled M. Alshmrany ◽  
Rafael S. Menezes ◽  
Mikhail R. Gadelha ◽  
Lucas C. Cordeiro
Keyword(s):  
Model Checking ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Test Cases ◽  
Security Vulnerabilities ◽  
C Programs ◽  
Code Coverage

AbstractWe describe and evaluate a novel white-box fuzzer for C programs named , which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. successfully participates in Test-Comp’21 and achieves first place in the category and second place in the category.

Bounded Verification of Multi-threaded Programs via Lazy Sequentialization

2022 ◽  
Vol 44 (1) ◽  
pp. 1-50
Author(s):  
Omar Inverso ◽  
Ermenegildo Tomasco ◽  
Bernd Fischer ◽  
Salvatore La Torre ◽  
Gennaro Parlato
Keyword(s):  
Program Analysis ◽  
High Performance ◽  
Software Verification ◽  
Bounded Model Checking ◽  
New Approach ◽  
C Programming Language ◽  
C Programming ◽  
Verification Problem ◽  
Practical Program ◽  
Verification Techniques

Bounded verification techniques such as bounded model checking (BMC) have successfully been used for many practical program analysis problems, but concurrency still poses a challenge. Here, we describe a new approach to BMC of sequentially consistent imperative programs that use POSIX threads. We first translate the multi-threaded program into a nondeterministic sequential program that preserves reachability for all round-robin schedules with a given bound on the number of rounds. We then reuse existing high-performance BMC tools as backends for the sequential verification problem. Our translation is carefully designed to introduce very small memory overheads and very few sources of nondeterminism, so it produces tight SAT/SMT formulae, and is thus very effective in practice: Our Lazy-CSeq tool implementing this translation for the C programming language won several gold and silver medals in the concurrency category of the Software Verification Competitions (SV-COMP) 2014–2021 and was able to find errors in programs where all other techniques (including testing) failed. In this article, we give a detailed description of our translation and prove its correctness, sketch its implementation using the CSeq framework, and report on a detailed evaluation and comparison of our approach.

Comparison of Model Checking Tools

2013 ◽  
Vol 659 ◽  
pp. 181-185
Author(s):  
Wei Gong ◽  
Jun Wei Jia
Keyword(s):  
Model Checking ◽  
Software Verification ◽  
Bounded Model Checking ◽  
Hardware Verification ◽  
Model Checker ◽  
Software And Hardware ◽  
Inherent Part

Model Checking is a method for verification. The model will be checked until the specification of it is proved or disproved. With the rising complexity of big models, there are non-checkable cases, in which cases the problem can be analyzed by some models, for example, bounded Model Checking means to analyze the model until a defined time or depth. The verification happens automatically. The programs for doing this are called Model Checking Tools or Model Checker. Model Checking are used in both software and hardware verification. It is an inherent part of hardware verification, whereas it is less used in the software verification.

scholarly journals Efficient SAT-based bounded model checking for software verification

2008 ◽  
Vol 404 (3) ◽  
pp. 256-274 ◽  
Author(s):  
Franjo Ivančić ◽  
Zijiang Yang ◽  
Malay K. Ganai ◽  
Aarti Gupta ◽  
Pranav Ashar
Keyword(s):  
Model Checking ◽  
Software Verification ◽  
Bounded Model Checking

scholarly journals Disk Based Software Verification via Bounded Model Checking

2007 ◽  
Author(s):  
Fernando Brizzolari ◽  
Igor Melatti ◽  
Enrico Tronci ◽  
Giuseppe Della Penna
Keyword(s):  
Model Checking ◽  
Software Verification ◽  
Bounded Model Checking

scholarly journals Cooperative verifier-based testing with CoVeriTest

2021 ◽  
Author(s):  
Dirk Beyer ◽  
Marie-Christine Jakobs
Keyword(s):  
Model Checking ◽  
Test Generation ◽  
Symbolic Execution ◽  
Bounded Model Checking ◽  
Test Suite ◽  
Hybrid Technique ◽  
Conditional Model ◽  
Level Information ◽  
High Level ◽  
Test Suite Generation

AbstractTesting is a widely applied technique to evaluate software quality, and coverage criteria are often used to assess the adequacy of a generated test suite. However, manually constructing an adequate test suite is typically too expensive, and numerous techniques for automatic test-suite generation were proposed. All of them come with different strengths. To build stronger test-generation tools, different techniques should be combined. In this paper, we study cooperative combinations of verification approaches for test generation, which exchange high-level information. We present CoVeriTest, a hybrid technique for test-suite generation. CoVeriTest iteratively applies different conditional model checkers and allows users to adjust the level of cooperation and to configure individual time limits for each conditional model checker. In our experiments, we systematically study different CoVeriTest cooperation setups, which either use combinations of explicit-state model checking and predicate abstraction, or bounded model checking and symbolic execution. A comparison with state-of-the-art test-generation tools reveals that CoVeriTest achieves higher coverage for many programs (about 15%).

Bounded Model Checking for Probabilistic Computation Tree Logic

2012 ◽  
Vol 23 (7) ◽  
pp. 1656-1668 ◽  
Author(s):  
Cong-Hua ZHOU ◽  
Zhi-Feng LIU ◽  
Chang-Da WANG
Keyword(s):  
Model Checking ◽  
Bounded Model Checking ◽  
Probabilistic Computation ◽  
Computation Tree Logic ◽  
Computation Tree
Sign in / Sign up

Export Citation Format

Share Document