Abstract
An approach to the static verification of the program source code for correct memory usage is considered. The method is based on the use of symbolic graphs for representing the program memory. An extension of symbolic memory graphs that makes it possible to use predicates over symbolic values to improve the precision of analysis is proposed. These predicates cut off the unreachable paths thus reducing the number of false positives and detect new bugs due to adding new checks of symbolic values. The method is implemented on the basis of the CPAchecker tool. The practical usefulness demonstrated on drivers of the Linux kernel.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Explore related subjects
Discover the latest articles, news and stories from top researchers in related subjects.REFERENCES
Klein, G., Elphinstone, K., et al., sel4: Formal verification of an OS kernel, Proc. of the ACM SIGOPS 22nd Symposium on Operating Systems Principles, 2009, pp. 207–220.
Stewart, G., Beringer, L., Cuellar, S., and Appel, A.W., Compositional CompCert, Proc. of the 42nd Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, 2005, pp. 275–287.
Beyer, D. and Keremoglu, M.E., CPAchecker: A tool for configurable software verification, Lect. Notes Comput. Sci., 2011, vol. 6806, pp. 184-190.
Donaldson, A.F., Haller, L., Kroening, D., and Rümmer P., Software verification using k-induction, Lect. Notes Comput. Sci., 2011, vol. 6887, pp. 351–368.
Clarke, E., Grumberg, O., Jha, S., Lu, Y., and Veith, H., Counterexample-guided abstraction refinement, Lect. Notes Comput. Sci., 2000, vol. 1855, pp. 154–169.
Beyer, D., Keremoglu, M.E., and Wendler, P., Predicate abstraction with adjustable-block encoding, Proc. of the 10th International Conference on Formal Methods in Computer-Aided Design, 2010, pp. 189–197.
Beyer, D., Henzinger, T., and Théoduloz, G., Program analysis with dynamic precision adjustment, Proc. of the 23rd IEEE/ACM International Conference on Automated Software Engineering, 2008, pp. 29–38.
Beyer, D. and Löwe, S., Explicit-state software model checking based on CEGAR and interpolation, Lecture Notes in Computer Science, 2013, vol. 7793, pp. 146–162.
Biere, A., Cimatti, A., Clarke, E.M., and Zhu, Y., Symbolic model checking without bdds, Lect. Notes Comput. Sci., 1999, vol. 1579, pp. 193–207.
Graf, S. and Saidi, H., Construction of abstract state graphs with PVS, Lect. Notes Comput. Sci., 1997, vol. 1254, pp. 72–83.
Andrianov, P., Friedberger, K., Mandrykin, M., Mutilin, V., and Volkov, A., CPA-BAM-BnB: Block-abstraction memoization and region-based memory models for predicate abstractions, Lect. Notes Comput. Sci.,2017, vol. 10206, pp. 355–359.
Yang, H., Lee, O., Berdine, J., Calcagno, C., Cook, B., Distefano, D., and O’Hearn, P., Scalable shape analysis for systems code, Lect. Notes Comput. Sci., 2008, vol. 5123, pp. 385–398.
Volkov, A. and Mandrykin, M., Predicate abstractions memory modeling method with separation into disjoint regions, Trudy ISP RAS, 2017, vol. 29, no. 4, pp. 203216. https://doi.org/10.15514/ISPRAS-2017-29(4)-13
Beyer, D., Henzinger, T., Jhala, R., and Majumdar, R., The software model checker BLAST, Int. J. Software Tools Techn. Transfer, 2007, vol. 9, no. 5–6, pp. 505–525.
Shved, P., Mandrykin, M., and Mutilin, V., Predicate analysis with BLAST 2.7, Lect. Notes Comput. Sci., 2012, vol. 7214, pp. 525–527.
Ball, T., Bounimova, E., Kumar, R., and Levin, V., SLAM2: Static driver verification with under 4% false alarms, Proc. of the 10th International Conference on Formal Methods in Computer-Aided Design, 2010, pp. 35–42.
Sagiv, M., Reps, T.W., and Wilhelm, R., Parametric shape analysis via 3-valued logic, ACM Trans. Program. Lang. Syst., 2002, vol. 24, no. 3, pp. 217–298.
Beyer, D., Henzinger, T.A., and Théoduloz, G., Lazy shape analysis, Lect. Notes Comput. Sci., 2006, vol. 4144, pp. 532–546.
Reynolds, J.C., Separation logic: A logic for shared mutable data structures, Proc. of the 17th Annual IEEE Symposium on Logic in Computer Science, 2002, pp. 55–74.
Berdine, J., Cook, B., and Ishtiaq, S., Slayer memory safety for systems-level code, Lect. Notes Comput. Sci., 2011, vol. 6806, pp. 178–183.
Jacobs, B., Smans, J., and Piessens, F., A quick tour of the verifast program verifier, Lect. Notes Comput. Sci., 2010, vol. 6461, pp. 304–311.
Volkov A. and Mandrykin, M., Predicate abstractions memory modeling method with separation into disjoint regions, Trudy ISP RAN, 2017, vol. 29, no. 4, pp. 203–216. https://doi.org/10.15514/ISPRAS-2017-29(4)-13
Calcagno, C., Distefano, D., et al., Moving fast with software verification, Lect. Notes Comput. Sci., 2015, vol. 9058, pp. 3–11.
Beyerm D.m Automatic verification of C and Java Programs, SV-COMP 2019, Lect. Notes Comput. Sci., 2019, vol. 11429, pp. 133–155.
Dudka, K., Peringer, P., and Vojnar, T., Byte-precise verification of low-level list manipulation, Lect. Notes Comput. Sci., 2013, vol. 7935, pp. 215–237.
Vasilyev, A.A., Static verification for memory safety of Linux kernel drivers, Trudy ISP RAN, 2018, vol. 30, no. 6, pp. 143–160. https://doi.org/10.15514/ISPRAS-2018-30(6)-8
Novikov, E. and Zakharov, I., Towards automated static verification of GNU C programs, Lect. Notes Comput. Sci., 2018, vol. 10742, pp. 402–416.
Funding
This work was supported by the Russian Foundation for Basic Research, project no. 18-01-00426.
Author information
Authors and Affiliations
Corresponding authors
Additional information
Translated by A. Klimontovich
Rights and permissions
About this article
Cite this article
Vasilyev, A.A., Mutilin, V.S. Predicate Extension of Symbolic Memory Graphs for the Analysis of Memory Safety Correctness. Program Comput Soft 46, 747–754 (2020). https://doi.org/10.1134/S0361768820080071
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1134/S0361768820080071