Cascade 2.0

Cascade is a program static analysis tool developed at New York University. Cascade takes as input a program and a control file. The control file specifies one or more assertions to be checked together with restrictions on program behaviors. The tool generates verification conditions for the specified assertions and checks them using an SMT solver which either produces a proof or gives a concrete trace showing how an assertion can fail. Version 2.0 supports the majority of standard C features except for floating point. It can be used to verify both memory safety as well as user-defined assertions. In this paper, we describe the Cascade system including some of its distinguishing features such as its support for different memory models trading off precision for scalability and its ability to reason about linked data structures.

[1]  Daniel Kroening,et al.  A Tool for Checking ANSI-C Programs , 2004, TACAS.

[2]  Michal Moskal,et al.  Heaps and Data Structures: A Challenge for Automated Provers , 2011, CADE.

[3]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[4]  Dawson R. Engler,et al.  KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs , 2008, OSDI.

[5]  Larry L. Constantine,et al.  Back to the future , 2001, CACM.

[6]  Nikolai Kosmatov,et al.  Frama-C: A software analysis perspective , 2015, Formal Aspects of Computing.

[7]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[8]  Bjarne Steensgaard,et al.  Points-to analysis in almost linear time , 1996, POPL '96.

[9]  Thomas Wies,et al.  Complete Instantiation-Based Interpolation , 2013, Journal of Automated Reasoning.

[10]  Shuvendu K. Lahiri,et al.  A Reachability Predicate for Analyzing Low-Level Software , 2007, TACAS.

[11]  K. Rustan M. Leino,et al.  The Spec# Programming System , 2012 .

[12]  Aaas News,et al.  Book Reviews , 1893, Buffalo Medical and Surgical Journal.

[13]  Shuvendu K. Lahiri,et al.  Back to the future: revisiting precise program verification using SMT solvers , 2008, POPL '08.

[14]  E. Clarke,et al.  Symbolic model checking using SAT procedures instead of BDDs , 1999, Proceedings 1999 Design Automation Conference (Cat. No. 99CH36361).

[15]  Alan J. Hu,et al.  An Inference-Rule-Based Decision Procedure for Verification of Heap-Manipulating Programs with Mutable Data and Cyclic Data Structures , 2007, VMCAI.

[16]  Anna Philippou,et al.  Tools and Algorithms for the Construction and Analysis of Systems , 2018, Lecture Notes in Computer Science.

[17]  Stephen Gilmore,et al.  Mobile Resource Guarantees for Smart Devices , 2004, CASSIS.

[18]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[19]  Alan J. Hu,et al.  A Scalable Memory Model for Low-Level Code , 2008, VMCAI.

[20]  Clark W. Barrett,et al.  cascade: C Assertion Checker and Deductive Engine , 2006, CAV.

[21]  Shuvendu K. Lahiri,et al.  A Solver for Reachability Modulo Theories , 2012, CAV.

[22]  Claude Marché,et al.  Multi-prover Verification of C Programs , 2004, ICFEM.

[23]  James C. King,et al.  Symbolic execution and program testing , 1976, CACM.

[24]  David L. Dill,et al.  A decision procedure for an extensional theory of arrays , 2001, Proceedings 16th Annual IEEE Symposium on Logic in Computer Science.

[25]  Nikolaj Bjørner,et al.  Automated Deduction - CADE-23 - 23rd International Conference on Automated Deduction, Wroclaw, Poland, July 31 - August 5, 2011. Proceedings , 2011, CADE.

[26]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[27]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[28]  Wolfram Schulte,et al.  A Precise Yet Efficient Memory Model For C , 2009, Electron. Notes Theor. Comput. Sci..

[29]  David Aspinall,et al.  Formalising Java's Data Race Free Guarantee , 2007, TPHOLs.

[30]  R. M. Burstall,et al.  Some Techniques for Proving Correctness of Programs which Alter Data Structures , 2013 .

[31]  Daniel Brand,et al.  Verification of Protocols Using Symbolic Execution , 1978, Comput. Networks.

[32]  Mark A. Hillebrand,et al.  VCC: A Practical System for Verifying Concurrent C , 2009, TPHOLs.

[33]  Nikolai Kosmatov,et al.  Frama-C - A Software Analysis Perspective , 2012, SEFM.

[34]  Viorica Sofronie-Stokkermans Interpolation in Local Theory Extensions , 2006, IJCAR.

[35]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[36]  Bernd Fischer,et al.  SMT-Based Bounded Model Checking for Embedded ANSI-C Software , 2012, IEEE Transactions on Software Engineering.

[37]  Shuvendu K. Lahiri,et al.  Corral: A Solver for Reachability Modulo Theories , 2012 .

[38]  Viktor Kuncak,et al.  Development and Evaluation of LAV: An SMT-Based Error Finding Platform - System Description , 2012, VSTTE.

[39]  Richard Lippmann,et al.  Testing static analysis tools using exploitable buffer overflows from open source code , 2004, SIGSOFT '04/FSE-12.