Sufficient Preconditions for Modular Assertion Checking

Assertion checking is the restriction of program verification to validity of program assertions. It encompasses safety checking, which is program verification of safety properties, like memory safety or absence of overflows. In this paper, we consider assertion checking of program parts instead of whole programs, which we call modular assertion checking. Classically, modular assertion checking is possible only if the context in which a program part is executed is known. By default, the worst-case context must be assumed, which may impair the verification task. It usually takes user effort to detail enough the execution context for the verification task to succeed, by providing strong enough preconditions. We propose a method to automatically infer sufficient preconditions in the context of modular assertion checking of imperative pointer programs. It combines abstract interpretation, weakest precondition calculus and quantifier elimination. We instantiate this method to prove memory safety for C and Java programs, under some memory separation conditions.

[1]  Nicolas Halbwachs,et al.  Automatic discovery of linear restraints among variables of a program , 1978, POPL.

[2]  David A. Wagner,et al.  A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities , 2000, NDSS.

[3]  Ian Sommerville,et al.  Software Engineering — ESEC '93 , 1993, Lecture Notes in Computer Science.

[4]  Michael Norrish,et al.  Types, bytes, and separation logic , 2007, POPL '07.

[5]  Xavier Allamigeon,et al.  Static Analysis of String Manipulations in Critical Embedded C Programs , 2006, SAS.

[6]  Xavier Rival,et al.  Understanding the Origin of Alarms in Astrée , 2005, SAS.

[7]  Sumit Gulwani,et al.  Logical Interpretation: Static Program Analysis Using Theorem Proving , 2007, CADE.

[8]  Barton P. Miller,et al.  Typestate Checking of Machine Code , 2001, ESOP.

[9]  David Ryan Koes,et al.  Programmer specified pointer independence , 2004, MSP '04.

[10]  Claude Marché,et al.  Multi-prover Verification of C Programs , 2004, ICFEM.

[11]  K. Rustan M. Leino,et al.  Loop Invariants on Demand , 2005, APLAS.

[12]  Sumit Gulwani,et al.  Assertion Checking Unified , 2007, VMCAI.

[13]  Frank Pfenning,et al.  Automated Deduction - CADE-21, 21st International Conference on Automated Deduction, Bremen, Germany, July 17-20, 2007, Proceedings , 2007, CADE.

[14]  Peter W. O'Hearn,et al.  Footprint Analysis: A Shape Analysis That Discovers Preconditions , 2007, SAS.

[15]  Marsha Chechik,et al.  A buffer overflow benchmark for software model checkers , 2007, ASE.

[16]  Patrick Cousot,et al.  Modular Static Program Analysis , 2002, CC.

[17]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[18]  Barton P. Miller,et al.  Safety checking of machine code , 2000, PLDI '00.

[19]  Alexander Aiken,et al.  Checking and inferring local non-aliasing , 2003, PLDI '03.

[20]  Norihisa Suzuki,et al.  Implementation of an array bound checker , 1977, POPL.

[21]  Claude Marché,et al.  The Why/Krakatoa/Caduceus Platform for Deductive Program Verification , 2007, CAV.

[22]  K. Leino,et al.  Using widenings to infer loop invariants inside an SMT solver, or: A theorem prover as abstract domain , 2007 .

[23]  François Bourdoncle,et al.  Assertion-based Debugging of Imperative Programs by Abstract Interpretation , 1993, ESEC.

[24]  Ajitha Rajan,et al.  Requirements Coverage as an Adequacy Measure for Conformance Testing , 2008, ICFEM.

[25]  Yannick Moy,et al.  Inferring Local (Non-)Aliasing and Strings for Memory Safety 1 , 2007 .

[26]  Michael Rodeh,et al.  CSSV: towards a realistic tool for statically detecting all buffer overflows in C , 2003, PLDI '03.

[27]  Kousha Etessami,et al.  Analysis of Recursive Game Graphs Using Data Flow Equations , 2004, VMCAI.

[28]  Brian Campbell,et al.  Amortised Memory Analysis Using the Depth of Data Structures , 2009, ESOP.