Automating regression verification of pointer programs by predicate abstraction

Regression verification is an approach complementing regression testing with formal verification. The goal is to formally prove that two versions of a program behave either equally or differently in a precisely specified way. In this paper, we present a novel automated approach for regression verification that reduces the equivalence of two related imperative pointer programs to constrained Horn clauses over uninterpreted predicates. Subsequently, state-of-the-art SMT solvers are used to solve the clauses. We have implemented the approach, and our experiments show that non-trivial programs with integer and pointer arithmetic can now be proved equivalent without further user input.

[1]  Benjamin Grégoire,et al.  Computer-Aided Cryptographic Proofs , 2012, SAS.

[2]  Shuvendu K. Lahiri,et al.  Towards Modularly Comparing Programs Using Automated Theorem Provers , 2013, CADE.

[3]  Arnd Poetzsch-Heffter,et al.  Verifying backwards compatibility of object-oriented libraries using Boogie , 2012, FTfJP@ECOOP.

[4]  Gerda Janssens,et al.  Experience with Widening Based Equivalence Checking in Realistic Multimedia Systems , 2010, J. Electron. Test..

[5]  Deepak Kapur,et al.  Termination Analysis of Imperative Programs Using Bitvector Arithmetic , 2012, VSTTE.

[6]  Sophia Drossopoulou,et al.  Modular Verification of Procedure Equivalence in the Presence of Memory Allocation , 2017, ESOP.

[7]  Suzette Person,et al.  Regression Verification Using Impact Summaries , 2013, SPIN.

[8]  Ofer Strichman,et al.  Regression verification , 2009, 2009 46th ACM/IEEE Design Automation Conference.

[9]  Reiner Hähnle,et al.  A Theorem Proving Approach to Analysis of Secure Information Flow , 2005, SPC.

[10]  Bernhard Beckert,et al.  Information Flow in Object-Oriented Software , 2013, LOPSTR.

[11]  Shuvendu K. Lahiri,et al.  Mutual Summaries: Unifying Program Comparison Techniques , 2011 .

[12]  Pedro R. D'Argenio,et al.  Secure information flow by self-composition , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[13]  Ofer Strichman,et al.  Regression verification: proving the equivalence of similar programs , 2013, Softw. Test. Verification Reliab..

[14]  A. Jefferson Offutt,et al.  Introduction to Software Testing , 2008 .

[15]  John McCarthy,et al.  Towards a Mathematical Science of Computation , 1962, IFIP Congress.

[16]  Andrey Rybalchenko,et al.  Synthesizing software verifiers from proof rules , 2012, PLDI.

[17]  Carsten Sinz,et al.  Proving Functional Equivalence of Two AES Implementations Using Bounded Model Checking , 2009, 2009 International Conference on Software Testing Verification and Validation.

[18]  Nikolaj Bjørner,et al.  On Solving Universally Quantified Horn Clauses , 2013, SAS.

[19]  C. A. J. van Eijk,et al.  Sequential Equivalence Checking Based on Structural Similarities , 2000 .

[20]  Nikolaj Bjørner,et al.  Generalized Property Directed Reachability , 2012, SAT.

[21]  Vladimir Klebanov,et al.  Automating regression verification , 2014, Software Engineering & Management.

[22]  Anindya Banerjee,et al.  Ownership confinement ensures representation independence for object-oriented programs , 2002, JACM.

[23]  Gilles Barthe,et al.  Relational Verification Using Product Programs , 2011, FM.

[24]  John Harrison,et al.  Handbook of Practical Logic and Automated Reasoning , 2009 .

[25]  Gerda Janssens,et al.  Equivalence checking of static affine programs using widening to handle recurrences , 2008, TOPL.

[26]  Shuvendu K. Lahiri,et al.  SYMDIFF: A Language-Agnostic Semantic Diff Tool for Imperative Programs , 2012, CAV.

[27]  Christoph Scheben,et al.  Efficient Self-composition for Weakest Precondition Calculi , 2014, FM.

[28]  Stephanie Thalberg Formal Equivalence Checking And Design Debugging , 2016 .

[29]  Anindya Banerjee,et al.  State Based Ownership, Reentrance, and Encapsulation , 2005, ECOOP.

[30]  David Detlefs,et al.  Simplify: a theorem prover for program checking , 2005, JACM.

[31]  Jürgen Giesl,et al.  Automated Termination Proofs with AProVE , 2004, RTA.

[32]  Viktor Kuncak,et al.  Disjunctive Interpolants for Horn-Clause Verification , 2013, CAV.

[33]  Shuvendu K. Lahiri,et al.  Differential assertion checking , 2013, ESEC/FSE 2013.

[34]  Torben Amtoft,et al.  A logic for information flow in object-oriented programs , 2006, POPL '06.

[35]  Manuel Barbosa,et al.  Verifying Cryptographic Software Correctness with Respect to Reference Implementations , 2009, FMICS.

[36]  Philipp Rümmer,et al.  Guiding Craig interpolation with domain-specific abstractions , 2015, Acta Informatica.

[37]  Edsger W. Dijkstra,et al.  Guarded commands, nondeterminacy and formal derivation of programs , 1975, Commun. ACM.