Gamifying Program Analysis

Abstract interpretation is a powerful tool in program verification. Several commercial or industrial scale implementations of abstract interpretation have demonstrated that this approach can verify safety properties of real-world code. However, using abstract interpretation tools is not always simple. If no user-provided hints are available, the abstract interpretation engine may lose precision during widening and produce an overwhelming number of false alarms. However, manually providing these hints is time consuming and often frustrating when re-running the analysis takes a lot of time. We present an algorithm for program verification that combines abstract interpretation, symbolic execution and crowdsourcing. If verification fails, our procedure suggests likely invariants, or program patches, that provide helpful information to the verification engineer and makes it easier to find the correct specification. By complementing machine learning with well-designed games, we enable program analysis to incorporate human insights that help improve their scalability and usability.

[1]  Daniel Kroening,et al.  CBMC - C Bounded Model Checker - (Competition Contribution) , 2014, TACAS.

[2]  Cormac Flanagan,et al.  Predicate abstraction for software verification , 2002, POPL '02.

[3]  P. Cochat,et al.  Et al , 2008, Archives de pediatrie : organe officiel de la Societe francaise de pediatrie.

[4]  Patrick Cousot,et al.  Fixpoint-Guided Abstraction Refinements , 2007, SAS.

[5]  Alexander Aiken,et al.  From invariant checking to invariant inference using randomized search , 2014, Formal Methods Syst. Des..

[6]  Patrick Cousot,et al.  The ASTR ´ EE Analyzer , 2005 .

[7]  Sarfraz Khurshid,et al.  Feedback-driven dynamic invariant discovery , 2014, ISSTA 2014.

[8]  Christof Löding,et al.  ICE: A Robust Framework for Learning Invariants , 2014, CAV.

[9]  Patrick Cousot,et al.  Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints , 1977, POPL.

[10]  Mark Lillibridge,et al.  Extended static checking for Java , 2002, PLDI '02.

[11]  Michael D. Ernst,et al.  Verification games: making verification fun , 2012, FTfJP@ECOOP.

[12]  Patrick Cousot,et al.  The ASTREÉ Analyzer , 2005, ESOP.

[13]  Thomas Wies,et al.  Learning Invariants using Decision Trees , 2015, ArXiv.

[14]  Zhongpeng Lin,et al.  Software verification games: Designing Xylem, The Code of Plants , 2014, FDG.

[15]  Supratik Chakraborty,et al.  Automatically Refining Abstract Interpretations , 2008, TACAS.

[16]  Stephen McCamant,et al.  The Daikon system for dynamic detection of likely invariants , 2007, Sci. Comput. Program..

[17]  Alexander Aiken,et al.  Interpolants as Classifiers , 2012, CAV.

[18]  Nikolai Kosmatov,et al.  Frama-C - A Software Analysis Perspective , 2012, SEFM.

[19]  Hassen Saïdi,et al.  Construction of Abstract State Graphs with PVS , 1997, CAV.

[20]  Alexander Aiken,et al.  Verification as Learning Geometric Concepts , 2013, SAS.