Abstract
Modular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments allowed by unconstrained or partial specifications. The inability to preclude overly adversarial environments makes such checkers less attractive to developers and severely limits the adoption of such tools in the development cycle.
In this work, we propose a parameterized framework for prioritizing the assertion failures reported by a modular verifier, with the goal of suppressing warnings from overly demonic environments. We formalize it almost-correct specifications as the minimal weakening of an angelic specification (over a set of predicates) that precludes any dead code intraprocedurally. Our work is inspired by and generalizes some aspects of semantic inconsistency detection. Our formulation allows us to lift this idea to a general class of warnings. We have developed a prototype acspec, which we use to explore a few instantiations of the framework and report preliminary findings on a diverse set of C benchmarks.
- M. Barnett, K. R. M. Leino, and W. Schulte. The Spec# programming system: An overview. In Construction and Analysis of Safe, Secure and Interoperable Smart Devices, LNCS, 2005. Google Scholar
Digital Library
- A. Bessey, K. Block, B. Chelf, A. Chou, B. Fulton, S. Hallem, C. Henri-Gros, A. Kamsky, S. McPeak, and D. Engler. A few billion lines of code later: using static analysis to find bugs in the real world. Commun. ACM, 53(2):66--75, Feb. 2010. Google Scholar
Digital Library
- J. Condit, B. Hackett, S. K. Lahiri, and S. Qadeer. Unifying type checking and property checking for low-level code. In Principles of Programming Languages (POPL'09), pages 302--314, 2009. Google Scholar
Digital Library
- P. Cousot and R. Cousot. Abstract interpretation : A Unified Lattice Model for the Static Analysis of Programs by Construction or Approximation of Fixpoints. In Symposium on Principles of Programming Languages (POPL'77). ACM Press, 1977. Google Scholar
Digital Library
- P. Cousot, R. Cousot, M. Fähndrich, and F. Logozzo. Automatic inference of necessary preconditions. In VMCAI, pages 128--148, 2013.Google Scholar
Digital Library
- L. de Moura and N. Bjørner. Z3: An efficient SMT solver. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS'08), 2008. Google Scholar
Digital Library
- R. DeLine and K. R. M. Leino. BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report MSR-TR-2005--70, Microsoft Research, 2005.Google Scholar
- E. W. Dijkstra. Guarded commands, nondeterminacy and formal derivation of programs. Communications of the ACM, 1975. Google Scholar
Digital Library
- I. Dillig, T. Dillig, and A. Aiken. Static error detection using semantic inconsistency inference. In Programming Language Design and Implementation (PLDI'07), pages 435--445, 2007. Google Scholar
Digital Library
- I. Dillig, T. Dillig, and A. Aiken. Automated error diagnosis using abductive inference. In Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation, PLDI'12, pages 181--192, New York, NY, USA, 2012. ACM. Google Scholar
Digital Library
- D. R. Engler, D. Y. Chen, and A. Chou. Bugs as inconsistent behavior: A general approach to inferring errors in systems code. In Symposium on Operating Systems Principles (SOSP'01), pages 57--72, 2001. Google Scholar
Digital Library
- C. Flanagan, K. R. M. Leino, M. Lillibridge, G. Nelson, J. B. Saxe, and R. Stata. Extended static checking for Java. In Programming Language Design and Implementation (PLDI'02), 2002. Google Scholar
Digital Library
- C. Flanagan and J. B. Saxe. Avoiding exponential explosion: generating compact verification conditions. In Symposium on Principles of Programming Languages (POPL'01), pages 193--205. ACM, 2001. Google Scholar
Digital Library
- S. Graf and H. Saïdi. Construction of abstract state graphs with PVS. In Computer-Aided Verification (CAV'97). Google Scholar
Digital Library
- J. Hoenicke, K. R. M. Leino, A. Podelski, M. Schäf, and T. Wies. Doomed program points. Formal Methods in System Design, 37(2--3):171--199, 2010. Google Scholar
Digital Library
- S. Joshi, S. K. Lahiri, and A. Lal. Underspecified harnesses and interleaved bugs. In Principles of Programming Languages (POPL'12), pages 19--30. ACM, 2012. Google Scholar
Digital Library
- T. Kremenek and D. R. Engler. Z-ranking: Using statistical analysis to counter the impact of static analysis approximations. In Static Analysis Symposium (SAS'03), LNCS 2694, pages 295--315, 2003. Google Scholar
Digital Library
- T. Kremenek, P. Twohey, G. Back, A. Y. Ng, and D. R. Engler. From uncertainty to belief: Inferring the specification within. In OSDI, 2006. Google Scholar
Digital Library
- S. K. Lahiri, R. Nieuwenhuis, and A. Oliveras. Smt techniques for fast predicate abstraction. In Computer Aided Verification (CAV'06), Lecture Notes in Computer Science, 2006. Google Scholar
Digital Library
- NIST SAMATE Benchmarks. http://samate.nist.gov/SRD/testsuite.php.Google Scholar
- A. Tomb and C. Flanagan. Detecting inconsistencies via universal reachability analysis. In International Symposium on Software Testing and Analysis (ISSTA'12), 2012. Google Scholar
Digital Library
Index Terms
Almost-correct specifications: a modular semantic framework for assigning confidence to warnings
Recommendations
Almost-correct specifications: a modular semantic framework for assigning confidence to warnings
PLDI '13: Proceedings of the 34th ACM SIGPLAN Conference on Programming Language Design and ImplementationModular assertion checkers are plagued with false alarms due to the need for precise environment specifications (preconditions and callee postconditions). Even the fully precise checkers report assertion failures under the most demonic environments ...
Efficient Verification of Sequential and Concurrent C Programs
There has been considerable progress in the domain of software verification over the last few years. This advancement has been driven, to a large extent, by the emergence of powerful yet automated abstraction techniques such as predicate abstraction. ...
Modeling Predicate Abstraction of Timed Automata in PVS
ITHINGSCPSCOM '11: Proceedings of the 2011 International Conference on Internet of Things and 4th International Conference on Cyber, Physical and Social ComputingIn this paper, we propose a mechanized framework for formal verification of real-time systems based on predicate abstraction in PVS (Prototype Verification System) based on timed automata model. This framework is composed by two parts: one for modeling ...







Comments