Model Checking Software at Compile Time

Fehnker, Ansgar; Huuck, Ralf; Jayet, P.; Lussenburg, Michel; Rauch, Felix

doi:10.1109/tase.2007.34

Cited by 25 publications

(18 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Static analysis bug patterns can be formulated in a temporal logic and evaluated automatically by the model checker. As the annotated CFG discards most of the program semantics apart void foo() { l0 : int x, * a; l1 : int * p=malloc(sizeof(int)); for(l2 : x = 10; l3 : x > 0; l7 : from the annotations and reduces a program to its syntactical structure the approach is called syntactic model checking [13].…”

Section: Syntactic Model Checking and Language Refinementmentioning

confidence: 99%

SMT-Based False Positive Elimination in Static Program Analysis

Junker

Huuck

Fehnker

et al. 2012

Formal Methods and Software Engineering

Self Cite

View full text Add to dashboard Cite

Abstract. Static program analysis for bug detection in large C/C++ projects typically uses a high-level abstraction of the original program under investigation. As a result, so-called false positives are often inevitable, i.e., warnings that are not true bugs. In this work we present a novel abstraction refinement approach to automatically investigate and eliminate such false positives. Central to our approach is to view static analysis as a model checking problem, to iteratively compute infeasible sub-paths of infeasible paths using SMT solvers, and refine our models by adding observer automata to exclude such paths. Based on this new framework we present an implementation of the approach into the static analyzer Goanna and discuss a number of real-life experiments on larger C code projects, demonstrating that we were able to remove most false positives automatically.

show abstract

Section: Syntactic Model Checking and Language Refinementmentioning

confidence: 99%

SMT-Based False Positive Elimination in Static Program Analysis

Junker

Huuck

Fehnker

et al. 2012

Formal Methods and Software Engineering

Self Cite

View full text Add to dashboard Cite

show abstract

“…Other tools such as Astree [37], CodeSurfer/x86 and WPDS++ [7], Coverity Prevent, FlexeLint, Goanna [44,45], Klocwork K7, Metal [54], PolySpace Verifier, PREfix/PREfast [22], and RT-Tester [90,91] use static analysis itself to analyze programs. As static analysis can be applied to very large programs in contrast to model checking, we can use static analysis to annotate the program with information that is used during state space creation to limit the size of the resulting state spaces.…”

Section: Static Analysis In [Mc]squarementioning

confidence: 99%

Model Checking Software

Donaldson¹,

Parker²

2012

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Software of microcontrollers is getting more and more complex. It is mandatory to extensively analyze their software as errors can lead to severe failures or cause high costs. Model checking is a formal method used to verify whether a system satisfies certain properties.This thesis describes a new approach for model checking software for microcontrollers. In this approach, assembly code is used for model checking instead of an intermediate representation such as C code.The development of [mc]square, which is a microcontroller assembly code model checker implementing this approach, is detailed.[mc]square has a modular architecture to cope with the hardware dependency of this approach. The single steps of the model checking process are divided into separate packages. The creation of the states is conducted by a specific simulator, which is the only hardware-dependent package. Within the simulator, the different microcontrollers are modeled accurately.This work describes the modeling of the ATMEL ATmega16 microcontroller and details implemented abstraction techniques, which are used to tackle the stateexplosion problem. These abstraction techniques include lazy interrupt evaluation, lazy stack evaluation, delayed nondeterminism, dead variable reduction, and path reduction. Delayed nondeterminism introduces symbolic states, which represent a set of states, into [mc]square while still explicit model checking techniques are used. Thus, we successfully combined explicit and symbolic model checking techniques.A formal model of the simulator, which we developed to prove the correctness of abstraction techniques, is described. In this work, the formal model is used to show the correctness of delayed nondeterminism.To show the applicability of the approach, two case studies are described. In these case studies, we used programs of different sizes. All these programs were created by students in lab courses, during diploma theses, or in exercises without the intention to use them for model checking.

show abstract

“…In contrast to typical equation solving approaches to static analysis we use an automata based approach [12,8,16]. While the details of our approach are described in [9] the basic idea is to map a C/C++ program to its corresponding control flow graph (CFG), and to label the CFG with occurrences of syntactic constructs of interest. The CFG together with the labels can be seen as a Kripke structure that can easily be mapped to the input language of a common model checking tool.…”

Section: Syntactic Model Checkingmentioning

confidence: 99%

Model checking dataflow for malicious input

Fehnker

Huuck

Rödiger

2011

Proceedings of the Workshop on Embedded Systems Security

Self Cite

View full text Add to dashboard Cite

Many embedded systems today are no longer isolated control units, but are fully fledged miniature desktops with their own kernel and sometimes operating system networked with the outside world. This opens up a whole new set of security issues previously not known to embedded systems. One example is potentially malicious input that exploits source code weaknesses leading to critical mission failures. In this paper we propose a new automated malicious input detection approach that works on a staged application of traditional tainted dataflow analysis and syntactic software model checking. The advantages of this approach are that tainted data can be tracked from its source to its application point, a precise path through the source code can be computed, speed and precision can be custom-tuned by automated refinement, and the approach is flexible to deal with real-life security threats. We illustrate our approach with a number of analysis examples taken from existing open source C/C++ projects.

show abstract

Model Checking Software at Compile Time

Cited by 25 publications

References 10 publications

SMT-Based False Positive Elimination in Static Program Analysis

SMT-Based False Positive Elimination in Static Program Analysis

Model Checking Software

Model checking dataflow for malicious input

Contact Info

Product

Resources

About