Dynamic Path Reduction for Software Model Checking

Yang, Zijiang; Al-Rawi, Bashar; Sakallah, Karem A.; Huang, Xiaowan; Smolka, Scott A.; Grosu, Radu

doi:10.1007/978-3-642-00255-7_22

Cited by 8 publications

(3 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The main contributions are (1) a new symbolic encoding of executions of a multithreaded program, (2) using both under-and over-approximations in the same trace-driven abstraction framework, where refinement involving the mutual guidance between concrete program execution and symbolic analysis. For future work, we plan to investigate performance enhancement techniques, such as minimal unsatisfiable core analysis [23] and dynamic path reduction [31], to allow TDV to scale to larger programs.…”

Section: Discussionmentioning

confidence: 99%

Trace-Driven Verification of Multithreaded Programs

Yang

Sakallah

2010

Formal Methods and Software Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. We present a new method that combines the efficiency of testing with the reasoning power of satisfiability modulo theory (SMT) solvers for the verification of multithreaded programs under a user specified test vector. Our method performs dynamic executions to obtain both under-and over-approximations of the program, represented as quantifier-free first order logic formulas. The formulas are then analyzed by an SMT solver which implicitly considers all possible thread interleavings. The symbolic analysis may return the following results: (1) it reports a real bug, (2) it proves that the program has no bug under the given input, or (3) it remains inconclusive because the analysis is based on abstractions. In the last case, we present a refinement procedure that uses symbolic analysis to guide further executions.

show abstract

Section: Discussionmentioning

confidence: 99%

Trace-Driven Verification of Multithreaded Programs

Yang

Sakallah

2010

Formal Methods and Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…However they have not investigated its use in static analysis. Yang et al [26] propose the use of SMT solvers to remove infeasible paths by Dynamic Path Reduction. However, the work only addresses programs without pointers employing standard weakest precondition and it is not aimed at false positive elimination.…”

Section: Related Workmentioning

confidence: 99%

SMT-Based False Positive Elimination in Static Program Analysis

Junker

Huuck

Fehnker

et al. 2012

Formal Methods and Software Engineering

View full text Add to dashboard Cite

Abstract. Static program analysis for bug detection in large C/C++ projects typically uses a high-level abstraction of the original program under investigation. As a result, so-called false positives are often inevitable, i.e., warnings that are not true bugs. In this work we present a novel abstraction refinement approach to automatically investigate and eliminate such false positives. Central to our approach is to view static analysis as a model checking problem, to iteratively compute infeasible sub-paths of infeasible paths using SMT solvers, and refine our models by adding observer automata to exclude such paths. Based on this new framework we present an implementation of the approach into the static analyzer Goanna and discuss a number of real-life experiments on larger C code projects, demonstrating that we were able to remove most false positives automatically.

show abstract

“…The rest of the report summarizes the main contributions of our research. More details about our research can be found in our publications [13,37,38,39,45,46,47] and a forthcoming Ph.D. thesis [36].…”

Section: Approach and Outlinementioning

confidence: 99%

Program Analysis Techniques for Efficient Software Model Checking

Boyapati¹,

Sakallah²

2011

Self Cite

View full text Add to dashboard Cite

The need to build next generation air force systems with highly complex functions, but at relatively low cost, will inevitably means a major investment in software. Without highly reliable software, any ambitious air force program cannot succeed. Indeed, software is the keystone (or perhaps the Achilles heel) of most large-scale automation projects; and the problem of making software reliable has become one of today's most important technological challenges.To address this problem and to improve software reliability, we designed novel program analysis techniques that significantly speed up software model checking, thereby enabling the checking of much larger programs and broader class of program properties than previously possible.In particular, we developed a software model checker for efficiently checking data oriented programs with respect to complex data dependent properties. We used our model checker for checking programs that use linked data structures such as lists, queues, trees, and maps. Verifying such programs has often been an obstacle to progress in the past and is a key underlying technical challenge in software verification. Because these programs have complex data dependent properties, the state space reduction techniques (such as predicate abstraction or partial order reduction) used by other model checkers are largely ineffective on such programs. Our model checker uses novel techniques to achieve orders of magnitude state space reduction.In addition, we also developed a novel trace driven approach to use counter example guided abstraction refinement (CEGAR) to check for concurrency errors in multithreaded programs.

show abstract

Dynamic Path Reduction for Software Model Checking

Cited by 8 publications

References 18 publications

Trace-Driven Verification of Multithreaded Programs

Trace-Driven Verification of Multithreaded Programs

SMT-Based False Positive Elimination in Static Program Analysis

Program Analysis Techniques for Efficient Software Model Checking

Contact Info

Product

Resources

About