Hendrik Post scite author profile

Configurable software is ubiquitous, and the term Software Product Line (SPL) has been coined for it lately. It remains a challenge, however, how such software can be verified over all variants. Enumerating all variants and analyzing them individually is inefficient, as knowledge cannot be shared between analysis runs. Instead of enumeration we present a new technique called lifting that converts all variants into a meta-program, and thus facilitates the configuration-aware application of verification techniques like static analysis, model checking and deduction-based approaches. As a side-effect, lifting provides a technique for checking software feature models, which describe software variants, for consistency.We demonstrate the feasibility of our approach by checking configuration dependent hazards for the highly configurable Linux kernel which possesses several thousand of configurable features. Using our techniques, two novel bugs in the kernel configuration system were found.

show abstract

Reducing False Positives by Combining Abstract Interpretation and Bounded Model Checking

Post¹,

Sinz²,

Gorges

2008

View full text Add to dashboard Cite

Fully automatic source code analysis tools based on abstract interpretation have become an integral part of the embedded software development process in many companies. And although these tools are of great help in identifying residual errors, they still possess a major drawback: analyzing industrial code comes at the cost of many spurious errors that must be investigated manually. The need for efficient development cycles prohibits extensive manual reviews, however. To overcome this problem, the combination of different software verification techniques has been suggested in the literature. Following this direction, we present a novel approach combining abstract interpretation and source code bounded model checking, where the model checker is used to reduce the number of false error reports. We apply our methodology to source code from the automotive industry written in C, and show that the number of spurious errors emitted by an abstract interpretation product can be reduced considerably.

show abstract

Integrated Static Analysis for Linux Device Driver Verification

Post

Küchlin

View full text Add to dashboard Cite

Safety Evaluation of Automotive Electronics Using Virtual Prototypes

Oetjens

Bannow

Becker

et al. 2014

View full text Add to dashboard Cite

Intelligent automotive electronics significantly improved driving safety in the last decades. With the increasing complexity of automotive systems, dependability of the electronic components themselves and of their interaction must be assured to avoid any risk to driving safety due to unexpected failures caused by internal or external faults.Additionally, Virtual Prototypes (VPs) have been accepted in many areas of system development processes in the automotive industry as platforms for SW development, verification, and design space exploration. We believe that VPs will significantly contribute to the analysis of safety conditions for automotive electronics. This paper shows the advantages of such a methodology based on today's industrial needs, presents the current state of the art in this field, and outlines upcoming research challenges that need to be addressed to make this vision a reality.

show abstract

Linking Functional Requirements and Software Verification

Post

Sinz

Merz

et al. 2009

View full text Add to dashboard Cite

Proving Functional Equivalence of Two AES Implementations Using Bounded Model Checking

Post¹,

Sinz²

2009

View full text Add to dashboard Cite

Bounded model checking-as well as symbolic equivalence checking-are highly successful techniques in the hardware domain. Recently, bit-vector bounded model checkers like CBMC have been developed that are able to check properties of (mostly low-level) software written in C. However, using these tools to check equivalence of software implementations has rarely been pursued. In this case study we tackle the problem of proving the functional equivalence of two implementations of the AES crypto-algorithm using automatic bounded model checking techniques. Cryptographic algorithms heavily rely on bit-level operations, which makes them particularly suitable for bit-precise tools like CBMC. Other software verification tools based on abstraction refinement or static analysis seem to be less appropriate for such software. We could semi-automatically prove equivalence of the first three rounds of the AES encryption routines. Moreover, by conducting a manually assisted inductive proof, we could show equivalence of the full AES encryption process.

show abstract

Towards automatic software model checking of thousands of Linux modules—a case study with Avinux

Post

Sinz

Küchlin

2008

Software Testing Verif & Rel

View full text Add to dashboard Cite

Modular software model checking of large real‐world systems is known to require extensive manual effort in environment modelling and preparing source code for model checking. Avinux is a tool chain that facilitates the automatic analysis of Linux and especially of Linux device drivers. The tool chain is implemented as a plugin for the Eclipse IDE, using the source code bounded model checker CBMC as its backend. Avinux supports a verification process for Linux that is built upon specification annotations with SLICx (an extension of the SLIC language), automatic data environment creation, source code transformation and simplification, and the invocation of the verification backend. In this paper technical details of the verification process are presented: Using Avinux on thousands of drivers from various Linux versions led to the discovery of six new errors. In these experiments, Avinux also reduced the immense overhead of manual code preprocessing that other projects incurred. Copyright © 2008 John Wiley & Sons, Ltd.

show abstract

Automatic data environment construction for static device drivers analysis

Post

Küchlin

2006

View full text Add to dashboard Cite

Linux contains thousands of device drivers that are developed independently by many developers. Though each individual driver source code is relatively small≈10k lines of codethe whole operating system contains a few million lines of code. Therefore Linux device drivers oer a useful application area for modular analysis. Our nding is that despite the precise modeling of most features of the standard systems programming language C, model checking software verication tools for C fail to provide means for modular analysis of device drivers. We inspected CBMC [2], SLAM-SDV [3], MAGIC [1], BLAST [4] and others and found that a rich additional environment model for every device driver is needed. This model must provide information on out-of-scope initialized pointers and complex data structures. We present strategies to automatically create feasible, bounded data environments for Linux device drivers instead of creating them manually. Our solution diers from general interface generation mechanisms (e.g. CUTE[5]), because is it specialised on bounded model checking of Linux device drivers written in C. Our contribution is a preprocessing step that extends the usability of CBMC for modular Linux device driver analysis.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

hi@scite.ai

334 Leonard St

Brooklyn, NY 11211

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Hendrik Post

Configuration Lifting: Verification meets Software Configuration

Reducing False Positives by Combining Abstract Interpretation and Bounded Model Checking

Integrated Static Analysis for Linux Device Driver Verification

Safety Evaluation of Automotive Electronics Using Virtual Prototypes

Linking Functional Requirements and Software Verification

Proving Functional Equivalence of Two AES Implementations Using Bounded Model Checking

Towards automatic software model checking of thousands of Linux modules—a case study with Avinux

Automatic data environment construction for static device drivers analysis

Contact Info

Product

Resources

About