Differential assertion checking

Previous version of a program can be a powerful enabler for program analysis by defining new relative specifications and making the results of current program analysis more relevant. In this paper, we describe the approach of differential assertion checking (DAC) for comparing different versions of a program with respect to a set of assertions. DAC provides a natural way to write relative specifications over two programs. We introduce a novel modular approach to DAC by reducing it to safety checking of a composed program, which can be accomplished by standard program verifiers. In particular, we leverage automatic invariant generation to synthesize relative specifications for pairs of loops and procedures. We provide a preliminary evaluation of a prototype implementation within the SymDiff tool along two directions (a) soundly verifying bug fixes in the presence of loops and (b) providing a knob for suppressing alarms when checking a new version of a program.

[1]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[2]  Martín Abadi,et al.  The existence of refinement mappings , 1988, [1988] Proceedings. Third Annual Information Symposium on Logic in Computer Science.

[3]  Scott A. Smolka,et al.  Incremental Model Checking in the Modal Mu-Calculus , 1994, CAV.

[4]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[5]  Amir Pnueli,et al.  Translation Validation , 1998, TACAS.

[6]  George C. Necula,et al.  Translation validation for an optimizing compiler , 2000, PLDI '00.

[7]  K. Rustan M. Leino,et al.  Houdini, an Annotation Assistant for ESC/Java , 2001, FME.

[8]  David Notkin Longitudinal program analysis , 2002, PASTE '02.

[9]  K. Rustan M. Leino,et al.  The Spec# Programming System: An Overview , 2004, CASSIS.

[10]  Kenneth L. McMillan,et al.  An interpolating theorem prover , 2005, Theor. Comput. Sci..

[11]  K. Rustan M. Leino,et al.  Weakest-precondition of unstructured programs , 2005, PASTE '05.

[12]  Bor-Yuh Evan Chang,et al.  Boogie: A Modular Reusable Verifier for Object-Oriented Programs , 2005, FMCO.

[13]  Alexander Aiken,et al.  Secure Information Flow as a Safety Problem , 2005, SAS.

[14]  Gregg Rothermel,et al.  Supporting Controlled Experimentation with Testing Techniques: An Infrastructure and its Potential Impact , 2005, Empirical Software Engineering.

[15]  Amir Pnueli,et al.  Translation and Run-Time Validation of Loop Transformations , 2005, Formal Methods Syst. Des..

[16]  Zhe Yang,et al.  Modular checking for buffer overflows in the large , 2006, ICSE.

[17]  Matthew B. Dwyer,et al.  Differential symbolic execution , 2008, SIGSOFT '08/FSE-16.

[18]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[19]  Amir Pnueli,et al.  CoVaC: Compiler Validation by Program Analysis of the Cross-Product , 2008, FM.

[20]  Sorin Lerner,et al.  Proving optimizations correct using parameterized program equivalence , 2009, PLDI '09.

[21]  Ofer Strichman,et al.  Regression verification , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[22]  Shuvendu K. Lahiri,et al.  Unifying type checking and property checking for low-level code , 2009, POPL '09.

[23]  Michael Stepp,et al.  Equality saturation: a new approach to optimization , 2009, POPL '09.

[24]  C. A. R. Hoare,et al.  Differential static analysis: opportunities, applications, and challenges , 2010, FoSER '10.

[25]  Zhendong Su,et al.  Has the bug really been fixed? , 2010, 2010 ACM/IEEE 32nd International Conference on Software Engineering.

[26]  Dawson R. Engler,et al.  Practical, Low-Effort Equivalence Verification of Real Code , 2011, CAV.

[27]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[28]  Martin C. Rinard,et al.  Proving acceptability properties of relaxed nondeterministic approximate programs , 2012, PLDI.

[29]  Shuvendu K. Lahiri,et al.  Underspecified harnesses and interleaved bugs , 2012, POPL '12.

[30]  Shuvendu K. Lahiri,et al.  A Solver for Reachability Modulo Theories , 2012, CAV.

[31]  Shuvendu K. Lahiri,et al.  SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs , 2012, CAV.

[32]  Shuvendu K. Lahiri,et al.  Towards Modularly Comparing Programs Using Automated Theorem Provers , 2013, CADE.

[33]  Martin C. Rinard,et al.  Verified integrity properties for safe approximate program transformations , 2013, PEPM '13.

[34]  Robert P. Kurshan,et al.  Computer-Aided Verification of Coordinating Processes: The Automata-Theoretic Approach , 2014 .