MetaVal: Witness Validation via Verification

Beyer, Dirk; Spiessl, Martin

doi:10.1007/978-3-030-53291-8_10

Cited by 19 publications

(8 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…All SV-COMP verifiers are required to justify the result (True or False) by producing a verification witness (except for those categories for which no witness validator is available). We used six independently developed witness-based result validators [19,20,21,25,66]. The majority of witnesses that the verifiers produced can be confirmed by the results-validation process.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Advances in Automatic Software Verification: SV-COMP 2020

Beyer

2020

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

This report describes the 2020 Competition on Software Verification (SV-COMP), the 9$$^{\text {th}}$$ edition of a series of comparative evaluations of fully automatic software verifiers for C and Java programs. The competition provides a snapshot of the current state of the art in the area, and has a strong focus on replicability of its results. The competition was based on 11 052 verification tasks for C programs and 416 verification tasks for Java programs. Each verification task consisted of a program and a property (reachability, memory safety, overflows, termination). SV-COMP 2020 had 28 participating verification systems from 11 countries.

show abstract

Section: Resultsmentioning

confidence: 99%

“…A few categories were excluded from validation if the validators did not sufficiently support a certain kind of program or property. Two new validators participated in SV-COMP 2020: Nitwit [66] and MetaVal [25].…”

Section: Organization Definitions Formats and Rulesmentioning

confidence: 99%

Advances in Automatic Software Verification: SV-COMP 2020

Beyer

2020

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…(5) The violation type, i.e., NULL Pointer. Using "-w" script argument, it is possible to generate GraphML file [34] of each vulnerability found in order to use CPAchecker [17] to perform a counterexample validation.…”

Section: F Exporting the Resultsmentioning

confidence: 99%

“…1 C o u n t e r e x a m p l e : A counterexample validation was performed using existing tools to ensure that vulnerabilities we have found are real ones. The first tool we used was CPAchecker [17], which is a comprehensive tool for configurable software verification and contains a module to validate counterexamples [34], i.e., witness validation, and is used in SV-COMP to validate the results of the competition. Moreover, model checkers implement an option to output the counterexample as a GraphML file [34] and CPAchecker uses such file, the source-code, and a specification file, i.e., a definition of the type of property violation in the program.…”

Section: ) Multi-core K-inductionmentioning

confidence: 99%

“…In particular, we pre-process the input source-code files and then guide the model checker to explore specific locations in the state-space, e.g., functions, so that the usage of the computational resources is reduced and it can find real bugs in large software systems. Once a counterexample is found, we use existing approaches to check whether such violation is reproducible in the program or not [16], [17]. Our main contribution is to propose a novel approach for detecting and exploiting security vulnerabilities in large software systems.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Verifying Security Vulnerabilities in Large Software Systems using Multi-Core k-Induction

Thales¹,

Porto²,

Alves³

et al. 2021

Preprint

View full text Add to dashboard Cite

Computer-based systems have been used to solve several domain problems, such as industrial, military, education, and wearable. Those systems need high-quality software to guarantee security and safety. We advocate that Bounded Model Checking (BMC) techniques can detect security vulnerabilities in the early stages of development processes. However, this technique struggles to scale up and verify large software commonly found on computer-based systems. Here, we develop and evaluate a pragmatic approach to verify large software systems using a state-of-the-art bounded model checker. In particular, we pre-process the input source-code files and then guide the model checker to explore the code systematically. We also present a multi-core implementation of the k-induction proof algorithm to verify and falsify large software systems iteratively. Our experimental results using the Efficient SMT-based Model Checker (ESBMC) show that our approach can guide ESBMC to efficiently verify large software systems. We evaluate our approach using the PuTTY application to verify 136 files and 2803 functions in less than 86 minutes, and the SlimGuard allocator, where we have found real security vulnerabilities confirmed by the developers. We conclude that our approach can successfully guide a bounded model checker to verify large software systems systematically.

show abstract

Software Verification: 10th Comparative Evaluation (SV-COMP 2021)

Beyer

2021

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

SV-COMP 2021 is the 10th edition of the Competition on Software Verification (SV-COMP), which is an annual comparative evaluation of fully automatic software verifiers for C and Java programs. The competition provides a snapshot of the current state of the art in the area, and has a strong focus on reproducibility of its results. The competition was based on 15 201 verification tasks for C programs and 473 verification tasks for Java programs. Each verification task consisted of a program and a property (reachability, memory safety, overflows, termination). SV-COMP 2021 had 30 participating verification systems from 27 teams from 11 countries.

show abstract

MetaVal: Witness Validation via Verification

Cited by 19 publications

References 40 publications

Advances in Automatic Software Verification: SV-COMP 2020

Advances in Automatic Software Verification: SV-COMP 2020

Verifying Security Vulnerabilities in Large Software Systems using Multi-Core k-Induction

Software Verification: 10th Comparative Evaluation (SV-COMP 2021)

Contact Info

Product

Resources

About