Top

Published in:

2021 | OriginalPaper | Chapter

Verification by Gambling on Program Slices

Authors : Murad Akhundov, Federico Mora, Nick Feng, Vincent Hui, Marsha Chechik

Published in: Automated Technology for Verification and Analysis

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Automated software verification is a computationally hard problem that is often exasperated by irrelevant context. Existing verification engines address this problem with slicing techniques that are either too cautious, producing large verification condition queries, or too aggressive, sacrificing soundness. In this paper, we present a novel technique, called Qicc, that is aggressive, sound, and “a little risky.” Specifically, we use procedure extraction to generate a small set of verification queries that we check with existing verification engines. If any query in the set passes verification, then the original program will pass verification. However, there is no guarantee that such a query will exist, so Qicc may waste time searching. We study the effectiveness of Qicc when it is combined with two different verification engines, finding that Qicc’s extra cost is small while the rewards it brings to the analysis are significant. We evaluated Qicc on a case study—the verification of a cryptographic function in BusyBox—and found that Qicc succeeds when paired with two different verifiers, while both verifiers are unsuccessful on their own.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Proving SIFA Protection of Masked Redundant Circuits

next chapter Runtime Enforcement of Hyperproperties

https://github.com/MuradAkh/Qicc.

Beyer, D.: Advances in automatic software verification: SV-COMP 2020. In: Biere, A., Parker, D. (eds.) TACAS 2020. LNCS, vol. 12079, pp. 347–367. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45237-7_21CrossRef

Beyer, D., Gulwani, S., Schmidt, D.A.: Combining model checking and data-flow analysis. In: Clarke, E., Henzinger, T., Veith, H., Bloem, R. (eds.) Handbook of Model Checking, pp. 493–540. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_16CrossRefMATH

Biere, A., Cimatti, A., Clarke, E.M., Strichman, O., Zhu, Y., et al.: Bounded Model Checking. Adv. Comput. 58(11), 117–148 (2003)CrossRef

Chalupa, M., Strejček, J.: Evaluation of program slicing in software verification. In: Ahrendt, W., Tapia Tarifa, S.L. (eds.) IFM 2019. LNCS, vol. 11918, pp. 101–119. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34968-4_6CrossRef

Clarke, E., Kroening, D., Lerda, F.: A tool for checking ANSI-C programs. In: Jensen, K., Podelski, A. (eds.) TACAS 2004. LNCS, vol. 2988, pp. 168–176. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24730-2_15CrossRefMATH

Clarke, E., Kroening, D., Sharygina, N., Yorav, K.: Predicate abstraction of ANSI-C programs using SAT. Formal Methods Syst. Des. 25(2–3), 105–127 (2004)CrossRef

Cook, B., et al.: Using model checking tools to triage the severity of security bugs in the Xen hypervisor. In: Proceedings of FMCAD 2020 (2020)

DeMillo, R.A., Pan, H., Spafford, E.H.: Critical slicing for software fault localization. ACM SIGSOFT Softw. Eng. Notes 21(3), 121–134 (1996)CrossRef

Donaldson, A.F., Haller, L., Kroening, D., Rümmer, P.: Software verification using k-induction. In: Yahav, E. (ed.) SAS 2011. LNCS, vol. 6887, pp. 351–368. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23702-7_26CrossRef

10.

Feng, N., Hui, V., Mora, F., Chechik, M.: Scaling client-specific equivalence checking via impact boundary search. In: Proceedings of ASE 2020. ACM (2020)

11.

Gadelha, M.Y., Ismail, H.I., Cordeiro, L.C.: Handling loops in bounded model checking of C programs via k-induction. STTT 19(1), 97–114 (2017)CrossRef

12.

Gurfinkel, A., Wei, O., Chechik, M.: Model checking recursive programs with exact predicate abstraction. In: Cha, S.S., Choi, J.-Y., Kim, M., Lee, I., Viswanathan, M. (eds.) ATVA 2008. LNCS, vol. 5311, pp. 95–110. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88387-6_9CrossRef

13.

Hecht, M.S., Ullman, J.D.: Characterizations of reducible flow graphs. J. ACM 21(3), 367–375 (1974)MathSciNetCrossRef

14.

Heizmann, M., et al.: Ultimate automizer with SMTInterpol. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 641–643. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36742-7_53CrossRef

15.

Jana, A., Khedker, U.P., Datar, A., Venkatesh, R., Niyas, C.: Scaling bounded model checking by transforming programs with arrays. In: Hermenegildo, M.V., Lopez-Garcia, P. (eds.) LOPSTR 2016. LNCS, vol. 10184, pp. 275–292. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63139-4_16CrossRef

16.

Komondoor, R., Horwitz, S.: Semantics-preserving procedure extraction. In: Proceedings of POPL 2000, pp. 155–169 (2000)

17.

Lahiri, S.K., Hawblitzel, C., Kawaguchi, M., Rebêlo, H.: SYMDIFF: a language-agnostic semantic diff tool for imperative programs. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 712–717. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-31424-7_54CrossRef

18.

Lahiri, S.K., McMillan, K.L., Sharma, R., Hawblitzel, C.: Differential assertion checking. In: Proceedings of ESEC/FSE 2013, pp. 345–355. ACM (2013)

19.

Lai, A., Qadeer, S.: A program transformation for faster goal-directed search. In: Proceedings of FMCAD 2014, pp. 147–154. IEEE (2014)

20.

Necula, G.C., McPeak, S., Rahul, S.P., Weimer, W.: CIL: intermediate language and tools for analysis and transformation of C programs. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 213–228. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45937-5_16CrossRef

21.

Prasad, M.R., Biere, A., Gupta, A.: A survey of recent advances in SAT-based formal verification. Int. J. Softw. Tools Technol. Transfer 7(2), 156–173 (2005)CrossRef

22.

Tarjan, R.: Depth-first search and linear graph algorithms. SIAM J. Comput. 1(2), 146–160 (1972)MathSciNetCrossRef

23.

Weiser, M.: Program slicing. In: Proceedings of ICSE 1981, pp. 439–449. IEEE Press (1981)

Title: Verification by Gambling on Program Slices
Authors: Murad Akhundov
Federico Mora
Nick Feng
Vincent Hui
Marsha Chechik
Publisher: Springer International Publishing
Book: Automated Technology for Verification and Analysis
Print ISBN: 978-3-030-88884-8

Electronic ISBN: 978-3-030-88885-5

Copyright Year: 2021
DOI: https://doi.org/10.1007/978-3-030-88885-5_18

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner