采用CPAChecker的动态程序验证

doi:10.19665/j.issn1001-2400.2019.01.006

Abstract

Abstract:

To overcome the state space explosion problem in model checking, a CPAChecker based dynamic program verification approach is proposed. The proposed approach first verifies the program statically by unwinding the control flow chart. In the process, dynamic execution is applied to accelerate the verification on the basis of the determinism of branch statements. Specifically, abstract verification effectively reduces the size of the system models, while dynamic detection not only effectively reduces false positives, but also guides the construction of more accurate system models. As a result, the proposed approach makes counterexample-guided abstraction refinement more efficient and accurate in practice.

Key words: model checking, abstract refinement, dynamic execution, program verification, state space explosion

CLC Number:

TP302.7

DUAN Zhao, LIU Kunlong. Dynamic program verification via a CPAChecker[J].Journal of Xidian University, 2019, 46(1): 33-38.

Figures/Tables 2

References 16

[1]	CIMATTI A, CLARKE E, GIUNCHIGLIA F , et al. NUSMV: a New Symbolic Model Checker[J]. International Journal on Software Tools for Technology Transfer, 2000,2(4):410-425. doi: 10.1007/s100090050046
[2]	逄涛, 段振华, 刘晓芳 . Verilog程序的命题投影时序逻辑符号模型检测[J]. 西安电子科技大学学报, 2014,41(2):79-84. doi: 10.3969/j.issn.1001-2400.2014.02.013
	PANG Tao, DUAN Zhenhua, LIU Xiaofang . Symbolic Model Checking of Verilog Programs with the Propositional Projection Temporal Logic[J]. Journal of Xidian University, 2014,41(2):79-84. doi: 10.3969/j.issn.1001-2400.2014.02.013
[3]	ABDULLA P A, ARONIS S, ATIG M F , et al. Stateless Model Checking for TSO and PSO[J]. Acta Informatica, 2017,54(8):789-818. doi: 10.1007/978-3-662-46681-0_28
[4]	GODEFROID P, SEN K . Combining Model Checking and Testing[M]. Cham: Springer, 2018: 613-649.
[5]	KOMURAVELLI A, GURFINKEL A, CHAKI S . SMT-based Model Checking for Recursive Programs[J]. Formal Methods in System Design, 2016,48(3):175-205. doi: 10.1007/978-3-319-08867-9_2
[6]	LOMUSCIO A, QU H, RAIMONDI F . MCMAS: an Open-source Model Checker for the Verification of Multi-agent Systems[J]. International Journal on Software Tools for Technology Transfer, 2017,19(1):9-30. doi: 10.1007/s10009-015-0378-x
[7]	TIAN C, DUAN Z. Detecting Spurious Counterexamples Efficiently in Abstract Model Checking [C]//Proceedings of the 2013 International Conference on Software Engineering. Washington: IEEE Computer Society, 2013: 202-211.
[8]	BATTISTA P, MERCALDO F, NARDONE V, et al. Identification of Android Malware Families with Model Checking [C]// Proceedings of the 2016 2nd International Conference on Information Systems Security and Privacy. Setúbal: SciTePress, 2016: 542-547.
[9]	BEYER D, STAHLBAUER A . BDD-based Software Verification[J]. International Journal on Software Tools for Technology Transfer, 2014,16(5):507-518. doi: 10.1007/s10009-014-0334-1
[10]	TIAN C, DUAN Z, DUAN Z, et al. More Effective Interpolations in Software Model Checking [C]//Proceedings of the 2017 32nd IEEE/ACM International Conference on Automated Software Engineering. Piscataway: IEEE, 2017: 183-193.
[11]	BALL T, MAJUMDAR R, MILLSTEIN T, et al. Automatic Predicate Abstraction of C Programs [C]//Proceedings of the 2001 ACM SIGPLAN Conference on Programming Language Design and Implementation. New York: ACM, 2001: 203-213.
[12]	BALL T, PODELSKI A, RAJAMANI S K. Boolean and Cartesian Abstraction for Model Checking C Programs [C]//Lecture Notes in Computer Science: 2031. Heidelberg: Springer Verlag, 2001: 268-283.
[13]	BEYER D, LEMBERGER T. Symbolic Execution with CEGAR [C]//Lecture Notes in Computer Science: 9952. Heidelberg: Springer Verlag, 2016: 195-211.
[14]	TIAN C, DUAN Z, DUAN Z . Making CEGAR More Efficient in Software Model Checking[J]. IEEE Transactions on Software Engineering, 2014,40(12):1206-1223. doi: 10.1109/TSE.2014.2357442
[15]	BEYER D, JAKOBS M C, LEMBERGER T, et al. Reducer-based Construction of Conditional Verifiers [C]//Proceedings of the 2018 International Conference on Software Engineering. Washington: IEEE Computer Society, 2018: 1182-1193.
[16]	BEYER D, LÖWE S. Explicit-state Software Model Checking Based on CEGAR and Interpolation [C]//Lecture Notes in Computer Science: 7793. Heidelberg: Springer Verlag, 2013: 146-162.

Dynamic program verification via a CPAChecker

RichHTML

PDF (PC)

Like

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 2

References 16

Related Articles 11

Metrics

Comments

Recommended 10

程序包名	程序数	P_dn	P_an	N_T/包	Refine		通过率/(%)		正确率/(%)
程序包名	程序数	P_dn	P_an	N_T/包	新算法	原工具	新算法	原工具	新算法	原工具
bitvector-regression	10	10	0	-10	0	1	100	100	90	40
loop-lit	16	16	0	-5	0	29	94	88	94	88
loop-new	8	8	0	8	0	13	100	50	100	38
floats-cbmc-regression	31	26	5	-19	5	25	87	87	77	65
loop-invgen	18	18	0	7	0	123	89	83	78	50
loop-acceleration	36	30	6	29	10	334	94	39	83	22
bitvector-loops	3	3	0	1	0	65	100	100	66	33

[1]	SHEN Lixiang,MU Dejun,CAO Guo,XIE Guangqian,SHU Fangyong. Constructing formal verification models for hardware Trojans [J]. Journal of Xidian University, 2021, 48(3): 146-153.
[2]	SHU Xinfeng,WANG Changtai,WANG Yan,ZHANG Lili. Propositional projection temporal logic based distributed model checking method [J]. Journal of Xidian University, 2020, 47(4): 39-47.
[3]	DING Ming,ZHANG Shuling,ZHANG Chen,Zhang Jun. Method for the verification of safety requirements of avionics systems [J]. Journal of Xidian University, 2019, 46(3): 66-73.
[4]	PANG Tao;DUAN Zhenhua;LIU Xiaofang. Symbolic model checking of Verilog programs with the propositional projection temporal logic [J]. J4, 2014, 41(2): 79-84.
[5]	YANG Yuanyuan;MA Wenping;LIU Weibo;YU You;GU Jian. Automatic detection of security protocols with XOR [J]. J4, 2012, 39(4): 120-125+183.
[6]	YANG Chen;DUAN Zhenhua. Stutter-invariant propositional interval temporal logic [J]. J4, 2011, 38(2): 151-156.
[7]	ZHANG Hai-bin;DUAN Zhen-hua. Model checking interval temporal logic [J]. J4, 2009, 36(2): 338-342.
[8]	ZHANG Hai-bin;DUANG Zhen-hua. Model checking multirate hybrid systems [J]. J4, 2008, 35(1): 60-648.
[9]	GUO Jian1;JIN Nai-yong2. Vacuity detection in computation temperal logic [J]. J4, 2007, 34(5): 794-799.
[10]	ZHANG Hai-bin;DUAN Zhen-hua. Decidability of the dense timed interval temporal logic [J]. J4, 2007, 34(3): 463-467.
[11]	LIU Xiu-ying1;2;ZHANG Yu-qing2;YANG Bo1;XING Ge2. An approach to the formal analysis of the TMN protocol [J]. J4, 2004, 31(5): 785-790.