CPA-BAM-BnB: Block-Abstraction Memoization and Region-Based Memory Models for Predicate Abstractions

Andrianov, Pavel S.; Friedberger, Karlheinz; Mandrykin, Mikhail; Mutilin, Vadim; Volkov, A.F.

doi:10.1007/978-3-662-54580-5_22

Cited by 21 publications

(8 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…It was evaluated on 2734 tasks from the Systems DeviceDriversLinux64 ReachSafety subcategory of the SV-COMP'18 benchmarks on Intel Xeon E3-1230 v5 (3.4 GHz) machines in the competition setting. The submitted configuration with slicing was compared to baseline CPA-BAM-BnB [7,8] configuration (-ldv-bam-svcomp) without slicing that was also submitted to this year's competition. The results are presented in the following There are two significant limitations of the approach.…”

Section: Evaluation Of the Approachmentioning

confidence: 99%

CPA-BAM-Slicing: Block-Abstraction Memoization and Slicing with Region-Based Dependency Analysis

Andrianov

Mutilin

Mandrykin

et al. 2018

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

Our submission to SV-COMP'18 is a composite tool based on software verification framework CPAchecker and static analysis platform Frama-C. The base verifier uses a combination of predicate and explicit value analysis with block-abstraction memoization as the CPA-BAM-BnB tool presented at SV-COMP'17. In this submission we augment the verifier on reachability verification tasks with a slicer that is able to remove those statements that are irrelevant to the reachability of error locations in the analysed program. The slicer is based on contextsensitive flow-insensitive separation analysis with typed polymorphic regions and simple dependency analysis with transitive closures. The resulting analysis preserves reachability modulo possible non-termination while removing enough irrelevant code to achieve considerable speedup of the main analysis. The slicer is implemented as a Frama-C plugin.

show abstract

Section: Evaluation Of the Approachmentioning

confidence: 99%

CPA-BAM-Slicing: Block-Abstraction Memoization and Slicing with Region-Based Dependency Analysis

Andrianov

Mutilin

Mandrykin

et al. 2018

Tools and Algorithms for the Construction and Analysis of Systems

Self Cite

View full text Add to dashboard Cite

show abstract

“…Software verification is an increasingly important research area, and the annual Competition on Software Verification (SV-COMP) 1 is the showcase of the state of the art in the area, in particular, of the effectiveness and efficiency that is currently achieved by tool implementations of the most recent ideas, concepts, and algorithms for fully automatic verification. Every year, the SV-COMP project consists of two parts: (1) The collection of verification tasks and their partitioning into categories has to take place before the actual experiments start, and requires quality-assurance work on the source code in order to ensure a high-quality evaluation.…”

Section: Introductionmentioning

confidence: 99%

“…As for (1), there were 31 participating software systems from 14 countries, representing a broad spectrum of technologies (cf. Table 5).…”

Section: Introductionmentioning

confidence: 99%

Automatic Verification of C and Java Programs: SV-COMP 2019

Beyer

2019

Tools and Algorithms for the Construction and Analysis of Systems

View full text Add to dashboard Cite

This report describes the 2019 Competition on Software Verification (SV-COMP), the 8 th edition of a series of comparative evaluations of fully automatic software verifiers for C programs, and now also for Java programs. The competition provides a snapshot of the current state of the art in the area, and has a strong focus on replicability of its results. The repository of benchmark verification tasks now supports a new, more flexible format for task definitions (based on YAML), which was a precondition for conveniently benchmarking Java programs in the same controlled competition setting that was successfully applied in the previous years. The competition was based on 10 522 verification tasks for C programs and 368 verification tasks for Java programs. Each verification task consisted of a program and a property (reachability, memory safety, overflows, termination). SV-COMP 2019 had 31 participating verification systems from 14 countries.

show abstract

“…Одним из ключевых факторов для эффективного процесса верификации является выбор модели для представления памяти программы. В предикатных моделях памяти [10] используется предикатная логика и, соответственно, память программы описывается с помощью логических формул, в которых могут использоваться различные теории, например, теория массивов или теория неинтерпретируемых функций [11,12,13]. Данные модели реализованы, например, в инструментах BLAST [14,15], SLAM [16], CPAchecker [8].…”

Section: Introductionunclassified

Predicate extension of symbolic memory graphs for analysis of memory safety correctness

Васильев¹,

Mutilin²

2019

Proceedings of ISP RAS

View full text Add to dashboard Cite

Анализ корректности работы с памятью с использованием расширения теории символьных графов памяти предикатами над символьными значениями А.А. Васильев, ORCID: 0000-0002-5738-9171 В.С. Мутилин, ORCID: 0000-0003-3097-8512 Институт системного программирования им. В.П. Иванникова РАН, 109004, Россия, г. Москва, ул. А. Солженицына, д. 25 Аннотация. В работе мы рассмотрим подход статической верификации исходного кода программы на предмет корректной работы с памятью. Метод основывается на использовании символьных графов для представления памяти программы. В работе представлено расширение символьных графов памяти, позволяющее использовать предикаты над символьными значениями для повышения точности анализа. Предикаты позволяют отсекать недостижимые пути, уменьшая количество ложных сообщений об ошибках, а также находить новые ошибки за счет добавления новых проверок на символьных значениях. Метод реализован на основе инструмента CPAchecker. Практическая полезность продемонстрирована на драйверах ядра операционной системы Linux. Ключевые слова: символьные графы памяти; верификация; модель памяти; предикатные абстракции; динамические структуры данных Для цитирования: Васильев А.А, Мутилин В.С. Анализ корректности работы с памятью с использованием расширения теории символьных графов памяти предикатами над символьными значениями. Труды ИСП РАН, том 31, вып. 6, 2019 г., стр. 7-20.Abstract. Safety-critical systems require additional effort to comply with specifications. One of the required specification is correct memory usage. The article describes an efficient method for static verification against memory safety errors as a combination of Symbolic Memory Graphs and predicate abstraction on symbolic values used in graph. In this article, we introduce an extension of Symbolic Memory Graphs. In addition to symbolic values, the graph stores predicates over symbolic values, which allow to track the relationship between symbolic values in the graph. We also expand existing vertex types to support arbitrary abstract regions, which allow us to represent such dynamic data structures as lists and trees. One of the types of abstract regions is also the ODM region, which presents a special kind of on-demand memory that occurs when analyzing incomplete programs. For this memory, the size and structure of the contents are not known in advance, but it is believed that such memory can be operated safely. The method is implemented in CPAchecker Vasilyev A.A., Mutilin V.S. Predicate extension of symbolic memory graphs for analysis of memory safety correctness. Trudy ISP RAN/Proc. ISP RAS, vol. 31, issue 6, 2019. pp. 7-20 8 tool. Practical usage is demonstrated on Linux kernel modules. The practical contribution of our work is to reduce false error messages by constructing more accurate abstractions using predicates over symbolic values.For citation: Vasilyev A.A., Mutilin V.S. Predicate extension of symbolic memory graphs for analysis of memory safety correctness. Trudy ISP RAN/Proc.

show abstract

CPA-BAM-BnB: Block-Abstraction Memoization and Region-Based Memory Models for Predicate Abstractions

Cited by 21 publications

References 6 publications

CPA-BAM-Slicing: Block-Abstraction Memoization and Slicing with Region-Based Dependency Analysis

CPA-BAM-Slicing: Block-Abstraction Memoization and Slicing with Region-Based Dependency Analysis

Automatic Verification of C and Java Programs: SV-COMP 2019

Predicate extension of symbolic memory graphs for analysis of memory safety correctness

Contact Info

Product

Resources

About