Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution

Slaby, Jiri; Strejček, Jan; Trtík, Marek

doi:10.1007/978-3-642-32469-7_14

Cited by 19 publications

(6 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Program transformations have been shown to increase the number of problems that a verifier can solve (see, e.g., [20]). In order to make program transformations reusable, and to simplify their development process, we developed the tool CEGAR-PT.…”

Section: Discussionmentioning

confidence: 99%

CEGAR-PT: A Tool for Abstraction by Program Transformation

Beyer,

Lingsch-Rosenfeld,

Spiessl

2023

2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

ion is an important approach for proving the correctness of computer programs. There are many implementations of this approach available, but unfortunately, the various implementations are difficult to reuse and combine, and the successful techniques have to be re-implemented in new tools again and again. We address this problem by contributing the tool CEGAR-PT, which views abstraction as program transformation and integrates different verification components off-the-shelf. The idea is to use existing components without having to change their implementation, while still adjusting the precision of the abstraction using the successful CEGAR approach. The approach of CEGAR-PT is largely general: It only restricts the abstraction to transform, given a precision that defines the level of abstraction, one program into another program. The abstraction by program transformation can over-approximate the data flow (e.g., havoc some variables, use more abstract types) or the control flow (e.g., loop abstraction, slicing). To illustrate our tool, we provide a demonstration video, accessible at https://youtu.be/ASZ6hoq8asE.

show abstract

Section: Discussionmentioning

confidence: 99%

CEGAR-PT: A Tool for Abstraction by Program Transformation

Beyer,

Lingsch-Rosenfeld,

Spiessl

2023

2023 38th IEEE/ACM International Conference on Automated Software Engineering (ASE)

View full text Add to dashboard Cite

show abstract

“…The summed complexity of programming language constructs, the problem domain logic, and the resource handling may cause errors which are not easily detectable or reproducible [14]. Static analysis can be used to detect violations of such contracts [15].…”

Section: Program Pathmentioning

confidence: 99%

“…A hybrid implementation of FSM-based error detection is given by Slabý et al [15]. The authors use a multiphase analysis technique which employs flow-sensitive analysis and points-to analysis in the first phase to produce an instrumented version of the source code, which has the same semantics concerning the original problem it was specified for but initializes and triggers transition in a state machine that describes the problem to be detected.…”

Section: Related Workmentioning

confidence: 99%

A DSL for Resource Checking Using Finite State Automaton-Driven Symbolic Execution

Fülöp

Pataki

2020

Open Computer Science

View full text Add to dashboard Cite

Static analysis is an essential way to find code smells and bugs. It checks the source code without execution and no test cases are required, therefore its cost is lower than testing. Moreover, static analysis can help in software engineering comprehensively, since static analysis can be used for the validation of code conventions, for measuring software complexity and for executing code refactorings as well. Symbolic execution is a static analysis method where the variables (e.g. input data) are interpreted with symbolic values. Clang Static Analyzer is a powerful symbolic execution engine based on the Clang compiler infrastructure that can be used with C, C++ and Objective-C. Validation of resources’ usage (e.g. files, memory) requires finite state automata (FSA) for modeling the state of resource (e.g. locked or acquired resource). In this paper, we argue for an approach in which automata are in-use during symbolic execution. The generic automaton can be customized for different resources. We present our domain-specific language to define automata in terms of syntactic and semantic rules. We have developed a tool for this approach which parses the automaton and generates Clang Static Analyzer checker that can be used in the symbolic execution engine. We show an example automaton in our domain-specific language and the usage of generated checker.

show abstract

“…The basic approach of Symbiotic remains unchanged [7]: it uses instrumentation to reduce checking of specific properties (e.g. no-overflow or memory safety) to checking reachability of error locations.…”

Section: Verification Approachmentioning

confidence: 99%

Symbiotic 5: Boosted Instrumentation

Chalupa

Vitovská

Strejček

2018

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

The fifth version of Symbiotic significantly improves instrumentation capabilities that the tool uses to participate in the category MemSafety. It leverages an extended pointer analysis redesigned for instrumenting programs with memory safety errors, and staged instrumentation reducing the number of inserted function calls that track or check the memory state. Apart from various bugfixes, we have ported Symbiotic (including the external symbolic executor Klee) to llvm 3.9 and improved the generation of violation witnesses by providing values of some variables. The research is supported by the Czech Science Foundation grant GBP202/12/G061. M. Chalupa-Jury member.

show abstract

Checking Properties Described by State Machines: On Synergy of Instrumentation, Slicing, and Symbolic Execution

Cited by 19 publications

References 36 publications

CEGAR-PT: A Tool for Abstraction by Program Transformation

CEGAR-PT: A Tool for Abstraction by Program Transformation

A DSL for Resource Checking Using Finite State Automaton-Driven Symbolic Execution

Symbiotic 5: Boosted Instrumentation

Contact Info

Product

Resources

About