Result Certification of Static Program Analysers with Automated Theorem Provers

Besson, Frédéric; Cornilleau, Pierre-Emmanuel; Jensen, Thomas

doi:10.1007/978-3-642-54108-7_16

Cited by 4 publications

(6 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To improve on AFL, VeriFuzz applies verification techniques to compute initial inputs and to set the parameters for AFL. For the comparison of CoVeriTest with Veri-Fuzz, and Klee, we used VeriFuzz's and Klee's results 8 from Test-Comp 2019 [12], 9 where the coverage of the test suites was measured using the test-suite validator TestCov [34] in version v1.2, 10 which is based on gcov 11 to measure branch coverage.…”

Section: Toolsmentioning

confidence: 99%

See 1 more Smart Citation

Cooperative verifier-based testing with CoVeriTest

Beyer

Jakobs

2021

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

Testing is a widely applied technique to evaluate software quality, and coverage criteria are often used to assess the adequacy of a generated test suite. However, manually constructing an adequate test suite is typically too expensive, and numerous techniques for automatic test-suite generation were proposed. All of them come with different strengths. To build stronger test-generation tools, different techniques should be combined. In this paper, we study cooperative combinations of verification approaches for test generation, which exchange high-level information. We present CoVeriTest, a hybrid technique for test-suite generation. CoVeriTest iteratively applies different conditional model checkers and allows users to adjust the level of cooperation and to configure individual time limits for each conditional model checker. In our experiments, we systematically study different CoVeriTest cooperation setups, which either use combinations of explicit-state model checking and predicate abstraction, or bounded model checking and symbolic execution. A comparison with state-of-the-art test-generation tools reveals that CoVeriTest achieves higher coverage for many programs (about 15%).

show abstract

Section: Toolsmentioning

confidence: 99%

“…state-space information [3,10,86,110], transform the state space into verification conditions [9,46,75,114], or transform the program into an easier verifiable program [87].…”

Section: Reusing Information From State-space Explorationmentioning

confidence: 99%

Cooperative verifier-based testing with CoVeriTest

Beyer

Jakobs

2021

Int J Softw Tools Technol Transfer

View full text Add to dashboard Cite

show abstract

“…In the literature, there are several techniques for evaluating different qualities of program analyzers. Especially to ensure soundness of an analyzer, existing work has explored a wide spectrum of techniques requiring varying degrees of human effort, for instance, manual proofs (e.g., [44]), interactive and automatic proofs (e.g., [45], [46]), testing (e.g., [47], [48]), and "smoke checking" [13]. There also exist evaluations of the efficiency [49] and precision [50] of various analyses.…”

Section: Related Workmentioning

confidence: 99%

Differentially testing soundness and precision of program analyzers

Klinger

Christakis

Wüstholz³

2019

Proceedings of the 28th ACM SIGSOFT International Symposium on Software Testing and Analysis

View full text Add to dashboard Cite

In the last decades, numerous program analyzers have been developed both by academia and industry. Despite their abundance however, there is currently no systematic way of comparing the effectiveness of different analyzers on arbitrary code. In this paper, we present the first automated technique for differentially testing soundness and precision of program analyzers. We used our technique to compare six mature, state-ofthe art analyzers on tens of thousands of automatically generated benchmarks. Our technique detected soundness and precision issues in most analyzers, and we evaluated the implications of these issues to both designers and users of program analyzers.

show abstract

“…There are, however, several approaches for ensuring soundness of static analyzers and checkers, ranging from manual proofs [14], over interactive and automatic proofs [3,4], to less formal techniques, such as "smoke checking" [1].…”

Section: Related Workmentioning

confidence: 99%

An Experimental Evaluation of Deliberate Unsoundness in a Static Program Analyzer

Christakis

Müller

Wüstholz

2015

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Many practical static analyzers are not completely sound by design. Their designers trade soundness to increase automation, improve performance, and reduce the number of false positives or the annotation overhead. However, the impact of such design decisions on the effectiveness of an analyzer is not well understood. This paper reports on the first systematic effort to document and evaluate the sources of unsoundness in a static analyzer. We developed a code instrumentation that reflects the sources of deliberate unsoundness in the .NET static analyzer Clousot and applied it to code from six open-source projects. We found that 33% of the instrumented methods were analyzed soundly. In the remaining methods, Clousot made unsound assumptions, which were violated in 2-26% of the methods during concrete executions. Manual inspection of these methods showed that no errors were missed due to an unsound assumption, which suggests that Clousot's unsoundness does not compromise its effectiveness. Our findings can guide users of static analyzers in using them fruitfully, and designers in finding good trade-offs.

show abstract

Result Certification of Static Program Analysers with Automated Theorem Provers

Cited by 4 publications

References 33 publications

Cooperative verifier-based testing with CoVeriTest

Cooperative verifier-based testing with CoVeriTest

Differentially testing soundness and precision of program analyzers

An Experimental Evaluation of Deliberate Unsoundness in a Static Program Analyzer

Contact Info

Product

Resources

About