Efficient Elimination of False Positives Using Bounded Model Checking

Software verification using abstract interpretation is scalable but imprecise. Model checking is precise in verifying a property but not scalable. Often, these two techniques are combined to achieve better precision. A possible way is to analyze a software system first by using abstract interpretation and later eliminating the false positives using bounded model checking. This is a time consuming process as it typically involves verifying an assertion corresponding to each generated warning. We observe verifying all assertions often introduces redundancy, and some verifications may not even eliminate a false positive. In this paper, we present an approach consisting of three techniques to make such false positives elimination faster. Two of the techniques identify an assertion as being equivalent to an other assertion thus avoiding its verification. The third technique tries to identify and skip a class of assertion verifications that will not eliminate a false positive. Empirical results indicate that these techniques are quite useful in reducing the number of assertions being verified by 53%, and the false positives elimination time by 60%. Keywords—Abstract Interpretation; Model Checking; False Positives Elimination; Data Flow Analysis.

[1]  Amitabha Sanyal,et al.  Data Flow Analysis - Theory and Practice , 2009 .

[2]  Parosh Aziz Abdulla,et al.  Tools and Algorithms for the Construction and Analysis of Systems - 17th International Conference, TACAS 2011, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2011, Saarbrücken, Germany, March 26-April 3, 2011. Proceedings , 2011, TACAS.

[3]  Padmanabhan Krishnan,et al.  Comparing model checking and static program analysis: A case study in error detection approaches , 2010 .

[4]  Joe D. Warren,et al.  The program dependence graph and its use in optimization , 1984, TOPL.

[5]  Willem Visser,et al.  Combining static analysis and model checking for software analysis , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[6]  Qiang Zhang,et al.  Automated Detection of Code Vulnerabilities Based on Program Analysis and Model Checking , 2008, 2008 Eighth IEEE International Working Conference on Source Code Analysis and Manipulation.

[7]  Alastair F. Donaldson,et al.  Software Model Checking , 2014, Computing Handbook, 3rd ed..

[8]  Ralf Huuck,et al.  Model checking driven static analysis for the real world: designing and tuning large scale bug detection , 2012, Innovations in Systems and Software Engineering.

[9]  Carsten Sinz,et al.  Reducing False Positives by Combining Abstract Interpretation and Bounded Model Checking , 2008, 2008 23rd IEEE/ACM International Conference on Automated Software Engineering.

[10]  Priyanka Darke,et al.  Precise Analysis of Large Industry Code , 2012, 2012 19th Asia-Pacific Software Engineering Conference.

[11]  Daniel Kroening,et al.  A Survey of Automated Techniques for Formal Software Verification , 2008, IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems.

[12]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[13]  Daniel Kroening,et al.  Loop Summarization and Termination Analysis , 2011, TACAS.

[14]  Daniel Kroening,et al.  SATABS: SAT-Based Predicate Abstraction for ANSI-C , 2005, TACAS.

[15]  Maximilian Junker,et al.  SMT-Based False Positive Elimination in Static Program Analysis , 2012, ICFEM.

[16]  Henny B. Sipma,et al.  Termination Analysis of Integer Linear Loops , 2005, CONCUR.

[17]  A. De Lucia Program slicing: methods and applications , 2001, Proceedings First IEEE International Workshop on Source Code Analysis and Manipulation.

[18]  Patrick Cousot,et al.  Basic concepts of abstract interpretation , 2004, IFIP Congress Topical Sessions.

[19]  Martín Abadi,et al.  CONCUR 2005 - Concurrency Theory, 16th International Conference, CONCUR 2005, San Francisco, CA, USA, August 23-26, 2005, Proceedings , 2005, CONCUR.

[20]  Frances E. Allen,et al.  Control-flow analysis , 2022 .