Modular verification of software components in C

We present a new methodology for automatic verification of C programs against finite state machine specifications. Our approach is compositional, naturally enabling us to decompose the verification of large software systems into subproblems of manageable complexity. The decomposition reflects the modularity in the software design. We use weak simulation as the notion of conformance between the program and its specification. Following the counterexample guided abstraction refinement (CEGAR) paradigm, our tool MAGIC first extracts a finite model from C source code using predicate abstraction and theorem proving. Subsequently, weak simulation is checked via a reduction to Boolean satisfiability. MAGIC has been interfaced with several publicly available theorem provers and SAT solvers. We report experimental results with procedures from the Linux kernel, the OpenSSL toolkit, and several industrial strength benchmarks.

[1]  Sandeep K. Shukla,et al.  HORNSAT, Model Checking, Verification and games (Extended Abstract) , 1996, CAV.

[2]  David L. Dill,et al.  CVC: A Cooperating Validity Checker , 2002, CAV.

[3]  Giuseppe F. Italiano,et al.  On-Line Algorithms for Polynomially Solvable Satisfiability Problems , 1991, J. Log. Program..

[4]  Carlo Ghezzi,et al.  Using symbolic execution for verifying safety-critical systems , 2001, ESEC/FSE-9.

[5]  David L. Dill,et al.  Experience with Predicate Abstraction , 1999, CAV.

[6]  Joao Marques-Silva,et al.  GRASP-A new search algorithm for satisfiability , 1996, Proceedings of International Conference on Computer Aided Design.

[7]  Kevin J. Sullivan,et al.  COM revisited: tool-assisted modelling of an architectural framework , 2000, SIGSOFT '00/FSE-8.

[8]  Daniel Kroening,et al.  Application Specific Higher Order Logic Theorem Proving , 2002 .

[9]  Michael Goldsmith,et al.  Modelling and analysis of security protocols , 2001 .

[10]  Dawson R. Engler,et al.  Checking system rules using system-specific, programmer-written compiler extensions , 2000, OSDI.

[11]  Sharad Malik,et al.  Chaff: engineering an efficient SAT solver , 2001, Proceedings of the 38th Design Automation Conference (IEEE Cat. No.01CH37232).

[12]  Joël Ouaknine,et al.  Automated Compositional Abstraction Refinement for Concurrent C Programs: A Two-Level Approach , 2003, SoftMC@CAV.

[13]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[14]  Andreas Podelski,et al.  Boolean and Cartesian Abstraction for Model Checking C Programs , 2001, TACAS.

[15]  C. A. R. Hoare,et al.  Communicating sequential processes , 1978, CACM.

[16]  Klaus Havelund,et al.  Model checking JAVA programs using JAVA PathFinder , 2000, International Journal on Software Tools for Technology Transfer.

[17]  J. Lygeros,et al.  High-level modeling and analysis of the traffic alert and collision avoidance system (TCAS) , 2000, Proceedings of the IEEE.

[18]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[19]  C. A. R. Hoare,et al.  An axiomatic basis for computer programming , 1969, CACM.

[20]  Sarfraz Khurshid,et al.  Exploring the design of an intentional naming scheme with an automatic constraint analyzer , 2000, Proceedings ASE 2000. Fifteenth IEEE International Conference on Automated Software Engineering.

[21]  Sandeep Kumar Shukla Uniform approaches to the verification of finite state systems , 1997 .

[22]  Edmund M. Clarke,et al.  Counterexample-Guided Abstraction Refinement , 2000, CAV.

[23]  Charles Gregory Nelson,et al.  Techniques for program verification , 1979 .

[24]  Jeff Magee,et al.  Concurrency - state models and Java programs , 2006 .

[25]  Alex Groce,et al.  Predicate Abstraction with Minimum Predicates , 2003, CHARME.

[26]  Daniel Jackson,et al.  COM Revisited : Tool-Assisted Modelling and Analysis of Complex Software Structures , .

[27]  Edmund M. Clarke,et al.  Counterexample-guided abstraction refinement , 2003, 10th International Symposium on Temporal Representation and Reasoning, 2003 and Fourth International Conference on Temporal Logic. Proceedings..

[28]  Natarajan Shankar,et al.  ICS: Integrated Canonizer and Solver , 2001, CAV.

[29]  Lori A. Clarke,et al.  Data flow analysis for verifying properties of concurrent programs , 1994, SIGSOFT '94.

[30]  Yuri Matiyasevich,et al.  Hilbert’s tenth problem , 2019, 100 Years of Math Milestones.

[31]  Robin Milner,et al.  Communication and concurrency , 1989, PHI Series in computer science.

[32]  Leon J. Osterweil,et al.  Interprocedural static analysis of sequencing constraints , 1992, TSEM.

[33]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[34]  Sriram K. Rajamani,et al.  Automatically validating temporal safety properties of interfaces , 2001, SPIN '01.

[35]  David Harel,et al.  Statecharts: A Visual Formalism for Complex Systems , 1987, Sci. Comput. Program..

[36]  Andreas Podelski,et al.  Boolean and Cartesian abstraction for model checking C programs , 2001, International Journal on Software Tools for Technology Transfer.

[37]  Matthew B. Dwyer,et al.  Tool-supported program abstraction for finite-state verification , 2001, Proceedings of the 23rd International Conference on Software Engineering. ICSE 2001.

[38]  George S. Avrunin,et al.  PROPEL: an approach supporting property elucidation , 2002, ICSE '02.

[39]  Kedar S. Namjoshi,et al.  Shape Analysis through Predicate Abstraction and Model Checking , 2003, VMCAI.

[40]  Hantao Zhang,et al.  SATO: An Efficient Propositional Prover , 1997, CADE.

[41]  Matjaz B. Juric,et al.  Business process execution language for web services , 2004 .

[42]  Edsger W. Dijkstra A simple axiomatic basis for programming language constructs , 1973 .

[43]  Jean H. Gallier,et al.  Linear-Time Algorithms for Testing the Satisfiability of Propositional Horn Formulae , 1984, J. Log. Program..

[44]  Jan Mendling,et al.  Business Process Execution Language for Web Services , 2006, EMISA Forum.

[45]  Joël Ouaknine,et al.  State/Event-Based Software Model Checking , 2004, IFM.

[46]  Stephan Merz,et al.  Model Checking , 2000 .

[47]  Somesh Jha,et al.  Verifying security protocols with Brutus , 2000, TSEM.

[48]  Dawson R. Engler,et al.  A system and language for building system-specific, static analyses , 2002, PLDI '02.

[49]  Thomas A. Henzinger,et al.  Lazy abstraction , 2002, POPL '02.

[50]  Karem A. Sakallah,et al.  GRASP—a new search algorithm for satisfiability , 1996, ICCAD 1996.

[51]  Daniel Jackson Automating first-order relational logic , 2000, SIGSOFT '00/FSE-8.

[52]  Lars Ole Andersen,et al.  Program Analysis and Specialization for the C Programming Language , 2005 .

[53]  Armin Biere,et al.  Symbolic Model Checking without BDDs , 1999, TACAS.