JBMC: A Bounded Model Checking Tool for Verifying Java Bytecode. Lucas Cordeiro Pascal Kesseli Daniel Kroening Peter Schrammel Marek Trtik
|
|
|
- Joleen Ross
- 5 years ago
- Views:
Transcription
1 : A Bounded Model Checking Tool for Verifying Java Bytecode Lucas Cordeiro Pascal Kesseli Daniel Kroening Peter Schrammel Marek Trtik Computer Aided Verification 2018
2 Why? Java and JVM languages: Most widely used Established software development culture Only few model checking tools available: Symbolic JPF (Anand et al, TACAS 07) JayHorn (Kahsai et al, CAV 16) Many applications of BMC: Bug finding Program synthesis Test generation... 2 / 15
3 JVM vs Java bytecode program Java runtime +native+os JVM execution 3 / 15
4 JVM vs Java bytecode program Java operational model safe wrt 4 / 15
5 CBMC Clarke, Kroening & Lerda, TACAS 04 C program with properties C built-in library CBMC parse C code convert to GOTO static analysis symbolic execution SMT solver safe wrt 5 / 15
6 CBMC Clarke, Kroening & Lerda, TACAS 04 C program with properties C built-in library CBMC assert runtime errors parse C code convert to GOTO static analysis symbolic execution SMT solver safe wrt 5 / 15
7 CBMC Clarke, Kroening & Lerda, TACAS 04 C program with properties C built-in library CBMC assert runtime errors parse C code convert to GOTO static analysis symbolic execution stdlib stdio pthreads... SMT solver safe wrt 5 / 15
8 CBMC Clarke, Kroening & Lerda, TACAS 04 C program with properties C built-in library CBMC assert runtime errors parse C code convert to GOTO static analysis symbolic execution stdlib stdio pthreads... unwind SMT solver safe wrt 5 / 15
9 CBMC Clarke, Kroening & Lerda, TACAS 04 C program with properties C built-in library CBMC assert runtime errors multi-path parse C code convert to GOTO static analysis symbolic execution stdlib stdio pthreads... unwind SMT solver safe wrt 5 / 15
10 CBMC Clarke, Kroening & Lerda, TACAS 04 C program with properties C built-in library CBMC assert runtime errors multi-path parse C code convert to GOTO static analysis symbolic execution stdlib stdio pthreads... unwind SMT solver QF ABVFP safe wrt 5 / 15
11 Java program with properties Java operational model parse bytecode convert to GOTO static analysis symbolic execution SMT solver safe wrt 6 / 15
12 Java program with properties Java operational model assert runtime exceptions uncaught exceptions parse bytecode convert to GOTO static analysis symbolic execution SMT solver safe wrt 6 / 15
13 Java program with properties Java operational model assert runtime exceptions uncaught exceptions parse bytecode convert to GOTO static analysis data structures,... symbolic execution SMT solver safe wrt 6 / 15
14 Java program with properties Java operational model assert runtime exceptions uncaught exceptions parse bytecode convert to GOTO static analysis unwind data structures,... symbolic execution SMT solver safe wrt 6 / 15
15 Java program with properties Java operational model assert runtime exceptions uncaught exceptions parse bytecode convert to GOTO static analysis symbolic execution unwind data structures,... polymorphism, exceptions,... SMT solver safe wrt 6 / 15
16 Java program with properties Java operational model assert runtime exceptions uncaught exceptions multi-path parse bytecode convert to GOTO static analysis symbolic execution unwind data structures,... polymorphism, exceptions,... SMT solver safe wrt 6 / 15
17 Java program with properties Java operational model assert runtime exceptions uncaught exceptions multi-path parse bytecode convert to GOTO static analysis symbolic execution unwind data structures,... polymorphism, exceptions,... safe wrt SMT solver QF ABVFP+Strings (Li & Ghosh, HVC 13) 6 / 15
18 Java program with properties Java operational model assert runtime exceptions uncaught exceptions multi-path parse bytecode convert to GOTO static analysis symbolic execution unwind data structures,... polymorphism, exceptions,... Further challenges concurrency lambdas reflection,. safe.. wrt SMT solver QF ABVFP+Strings (Li & Ghosh, HVC 13) 6 / 15
19 in Action 7 / 15
20 in Action $ jbmc Calculator.class --classpath core-models.jar:. --trace --throw-runtime-exceptions... Runtime decision procedure: 0.980s... dynamic_object4={ -, 0, 4 } // args[0].data... dynamic_object6={ / } // args[1].data... dynamic_object8={ 0 } // args[2].data... Calculator.java line 17 function Calculator.main dynamic_object36={....@class_identifier="java.lang.arithmeticexception"...}... uncaught_exception=&dynamic_object36 Violated property: file Calculator.java line 3 function Calculator.main no uncaught exception uncaught_exception == null 8 / 15
21 in Action 9 / 15
22 in Action $ jbmc MyTranslator.class --classpath core-models.jar:. --trace --max-nondet-string-length Runtime decision procedure: 0.786s... dynamic_object4={ C, h, i, n, e, s, e } // args[0].data... dynamic_object6={ \u0010, \u0017, w, e, w, E, L, C, O, M, E,, T, o,, o, x, f, o, r, D, x, x, x, x, x, x, x, x, x, x, x, x,, } // args[1].data... Violated property: assertion at file MyTranslator.java line 31 function MyTranslator.main 10 / 15
23 Comparison with JayHorn JayHorn (time in seconds) faster timeout JayHorn faster (time in seconds) timeout Safe Unsafe timeout 300s, 15GB 11 / 15
24 Comparison with JPF v32 JPF (time in seconds) faster JPF faster timeout timeout Safe Unsafe (time in seconds) timeout 300s, 15GB 12 / 15
25 Comparison correct safe correct unsafe incorrect safe incorrect unsafe timeout error JayHorn JPF Number of benchmarks 13 / 15
26 Comparison correct safe correct unsafe incorrect safe incorrect unsafe timeout error JayHorn JPF Number of benchmarks 13 / 15
27 TACAS SV-COMP 2019 Objectives: More languages in SV-COMP Standard benchmark set Comparability Reproducibility Re-use existing benchmarking infrastructure 3 tools already integrated: JPF, Jayhorn, Timeline: September 2018: Contribution of benchmarks October 2018: Tool submission Watch out on sv-comp.sosy-lab.org Subscribe to sv-comp@googlegroups.com 14 / 15
28 Download and contribute! TACAS SV-COMP 2019 Contribute and participate! sv-comp.sosy-lab.org Jobs in program analysis, verification and machine learning! 15 / 15
Benchmarking of Java Verification Tools at the Software Verification Competition (SV-COMP) Lucas Cordeiro Daniel Kroening Peter Schrammel
Benchmarking of Java Verification Tools at the Software Verification Competition (SV-COMP) Lucas Cordeiro Daniel Kroening Peter Schrammel JPF Workshop 2018 What is SV-COMP? https://sv-comp.sosy-lab.org
C Code Verification based on the Extended Labeled Transition System Model
C Code Verification based on the Extended Labeled Transition System Model Dexi Wang, Chao Zhang, Guang Chen, Ming Gu, and Jiaguang Sun School of Software, TNLIST, Tsinghua University, China {dx-wang12,zhang-chao13,chenguan14}@mails.tsinghua.edu.cn
MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING Herbert Rocha, Raimundo Barreto,
More on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
F-Soft: Software Verification Platform
F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com
Model Checking and Its Applications
Model Checking and Its Applications Orna Grumberg Technion, Israel Verification and Deduction Mentoring Workshop July 13, 2018 1 Personal data Ph.d. in (non-automated) verification Postdoc in Model Checking
Counter-Example Guided Program Verification
Counter-Example Guided Program Verification Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Bui Phi Diep Uppsala University, Sweden {parosh,mohamed faouzi.atig,bui.phi-diep}@it.uu.se Abstract. This paper
Handling Loops in Bounded Model Checking of C Programs via k-induction
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Handling Loops in Bounded Model Checking of C Programs via k-induction Mikhail Y. R. Gadelha, Hussama I. Ismail, and
Model Checking Embedded C Software using k-induction and Invariants
FEDERAL UNIVERSITY OF RORAIMA and FEDERAL UNIVESITY OF AMAZONAS Model Checking Embedded C Software using k-induction and Invariants Herbert Rocha, Hussama Ismail, Lucas Cordeiro and Raimundo Barreto Agenda
DSVerifier: A Bounded Model Checking Tool for Digital Systems
DSVerifier: A Bounded Model Checking Tool for Digital Systems Hussama I. Ismail, Iury V. Bessa, Lucas C. Cordeiro, Eddie B. de Lima Filho and João E. Chaves Filho Electronic and Information Research Center
Software Model Checking. Xiangyu Zhang
Software Model Checking Xiangyu Zhang Symbolic Software Model Checking CS510 S o f t w a r e E n g i n e e r i n g Symbolic analysis explicitly explores individual paths, encodes and resolves path conditions
SMT-Based Bounded Model Checking for Embedded ANSI-C Software. Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva
SMT-Based Bounded Model Checking for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given
: A Bounded Model Checking Tool to Verify Qt Applications
23 rd International SPIN symposium on Model Checking of Software : A Bounded Model Checking Tool to Verify Qt Applications Mário A. P. Garcia, Felipe R. Monteiro, Lucas C. Cordeiro, and Eddie B. de Lima
Seminar in Software Engineering Presented by Dima Pavlov, November 2010
Seminar in Software Engineering-236800 Presented by Dima Pavlov, November 2010 1. Introduction 2. Overview CBMC and SAT 3. CBMC Loop Unwinding 4. Running CBMC 5. Lets Compare 6. How does it work? 7. Conclusions
Interpolation-based Software Verification with Wolverine
Interpolation-based Software Verification with Wolverine Daniel Kroening 1 and Georg Weissenbacher 2 1 Computer Science Department, Oxford University 2 Department of Electrical Engineering, Princeton University
Duet: Static Analysis for Unbounded Parallelism
Duet: Static Analysis for Unbounded Parallelism Azadeh Farzan and Zachary Kincaid University of Toronto Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing
A Bounded Model Checker for SPARK Programs
A Bounded Model Checker for SPARK Programs Cláudio Belo Lourenço, Maria João Frade, and Jorge Sousa Pinto HASLab/INESC TEC & Universidade do Minho, Portugal Abstract. This paper discusses the design and
Encoding floating-point numbers using the SMT theory in ESBMC: An empirical evaluation over the SV-COMP benchmarks
Encoding floating-point numbers using the SMT theory in ESBMC: An empirical evaluation over the SV-COMP benchmarks 1 Mikhail Y. R. Gadelha 1, Lucas C. Cordeiro 2, and Denis A. Nicole 1 1 Electronics and
Encoding floating-point numbers using the SMT theory in ESBMC: An empirical evaluation over the SV-COMP benchmarks
Encoding floating-point numbers using the SMT theory in ESBMC: An empirical evaluation over the SV-COMP benchmarks 1 Mikhail Y. R. Gadelha 1, Lucas C. Cordeiro 2, and Denis A. Nicole 1 1 Electronics and
Introduction to CBMC. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel December 5, 2011
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 December 5, 2011 based on slides by Daniel Kroening Bug Catching with SAT-Solvers Main Idea: Given a program and a claim use
Danger Invariants. 1 Introduction. Cristina David 1, Pascal Kesseli 1, Daniel Kroening 1, Matt Lewis 1,2
Danger Invariants Cristina David 1, Pascal Kesseli 1, Daniel Kroening 1, Matt Lewis 1,2 1 University of Oxford, 2 Improbable Abstract. Static analysers search for overapproximating proofs of safety commonly
Verifying Recursive Programs using Intra-procedural Analyzers
Verifying Recursive Programs using Intra-procedural Analyzers Yu-Fang Chen, Academia Sinica, Taiwan joint work with Chiao Hsieh, Ming-Hsien Tsai, Bow-Yaw Wang and Farn Wang First of all Thanks for the
Verifying Concurrent Programs
Verifying Concurrent Programs Daniel Kroening 8 May 1 June 01 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs
Bounded Model Checking Of C Programs: CBMC Tool Overview
Workshop on Formal Verification and Analysis Tools, CFDVS, IIT-Bombay - Feb 21,2017 Bounded Model Checking Of C Programs: CBMC Tool Overview Prateek Saxena CBMC Developed and Maintained by Dr Daniel Kröning
Verifying C & C++ with ESBMC
Verifying C & C++ with ESBMC Denis A Nicole dan@ecs.soton.ac.uk CyberSecuritySoton.org [w] @CybSecSoton [fb & tw] ESBMC ESBMC, the Efficient SMT-Based Context-Bounded Model Checker was originally developed
Proving Properties of non-array Programs
Proving Properties of non-array Programs Thanks to Priyanka Darke Tata Research Development and Design Centre, Pune, India December 13, 2017 Copyright 2012 Tata Consultancy Services Limited 1 Background
Verification Tests for MCAPI
2011 12th International Workshop on Microprocessor Test and Verification Verification Tests for MCAPI Alper Sen Department of Computer Engineering Bogazici University Istanbul, Turkey Email: alper.sen@boun.edu.tr
King s Research Portal
King s Research Portal DOI: 10.1007/978-3-662-54580-5_12 Link to publication record in King's Research Portal Citation for published version (APA): Alt, L., Asadi, S., Chockler, H., Even Mendoza, K., Fedyukovich,
JPF SE: A Symbolic Execution Extension to Java PathFinder
JPF SE: A Symbolic Execution Extension to Java PathFinder Saswat Anand 1,CorinaS.Păsăreanu 2, and Willem Visser 2 1 College of Computing, Georgia Institute of Technology saswat@cc.gatech.edu 2 QSS and
Sliced Path Prefixes: An Effective Method to Enable Refinement Selection
FORTE '15 Sliced Path Prefixes: An Effective Method to Enable Refinement Selection Dirk Beyer, Stefan Löwe, Philipp Wendler SoSy-Lab Software Systems We want Refinement Selection!!! Because straight-forward
Verifying Concurrent Programs by Memory Unwinding?
Verifying Concurrent Programs by Memory Unwinding? Ermenegildo Tomasco 1, Omar Inverso 1,BerndFischer 2, Salvatore La Torre 3, and Gennaro Parlato 1 1 Electronics and Computer Science, University of Southampton,
Model Checking: Back and Forth Between Hardware and Software
Model Checking: Back and Forth Between Hardware and Software Edmund Clarke 1, Anubhav Gupta 1, Himanshu Jain 1, and Helmut Veith 2 1 School of Computer Science, Carnegie Mellon University {emc, anubhav,
Bounded Model Checking of Concurrent Programs
Bounded Model Checking of Concurrent Programs Ishai Rabinovitz 1, and Orna Grumberg 1 1 Technion - Israel Institute of Technology IBM Haifa Research Laboratory, Haifa, Israel ishai@il.ibm.com orna@cs.technion.ac.il
Introduction to CBMC: Part 1
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel, Sagar Chaki October 2, 2007 Many slides are courtesy of Daniel Kroening Bug Catching with SAT Solvers Main
System LAV and Its Applications
Progress in Decision Procedures: From Formalizations to Applications Belgrade, March 30, 2013. Overview, Viktor Kuncak Development and Evaluation of : an SMT-Based Error Finding Platform. Verified Software:
SMT-Based Bounded Model Checking of C++ Programs
SMT-Based Bounded Model Checking of C++ Programs Mikhail Ramalho 1, Mauro Freitas 1, Felipe Sousa 1, Hendrio Marques 1, Lucas Cordeiro 1, and Bernd Fischer 2,3 1 Electronic and Information Research Center,
Semantics-Based Program Verifiers for All Languages
Language-independent Semantics-Based Program Verifiers for All Languages Andrei Stefanescu Daejun Park Shijiao Yuwen Yilong Li Grigore Rosu Nov 2, 2016 @ OOPSLA 16 Problems with state-of-the-art verifiers
Synthesizing Ranking Functions from Bits and Pieces
Synthesizing Ranking Functions from Bits and Pieces Caterina Urban 1,2, Arie Gurfinkel 2, and Temesghen Kahsai 2,3 1 ETH Zürich, Switzerland 2 Carnegie Mellon University, USA 3 NASA Ames Research Center,
Synthesizing Ranking Functions from Bits and Pieces
Synthesizing Ranking Functions from Bits and Pieces Caterina Urban 1,2, Arie Gurfinkel 2, and Temesghen Kahsai 2,3 1 ETH Zürich, Switzerland 2 Carnegie Mellon University, USA 3 NASA Ames Research Center,
ESBMC 1.22 (Competition Contribution) Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer
ESBMC 1.22 (Competition Contribution) Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer ESBMC: SMT-based BMC of single- and multi-threaded software exploits SMT solvers and their
Verification of Tree-Based Hierarchical Read-Copy Update in the Linux Kernel
Verification of Tree-Based Hierarchical Read-Copy Update in the Linux Kernel Paul E. McKenney, IBM Linux Technology Center Joint work with Lihao Liang*, Daniel Kroening, and Tom Melham, University of Oxford
CSE 403: Software Engineering, Fall courses.cs.washington.edu/courses/cse403/16au/ Static Analysis. Emina Torlak
CSE 403: Software Engineering, Fall 2016 courses.cs.washington.edu/courses/cse403/16au/ Static Analysis Emina Torlak emina@cs.washington.edu Outline What is static analysis? How does it work? Free and
Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification
Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification Aws Albarghouthi 1, Yi Li 1, Arie Gurfinkel 2, and Marsha Chechik 1 1 Department of Computer Science, University of Toronto,
Applications of Logic in Software Engineering. CS402, Spring 2016 Shin Yoo
Applications of Logic in Software Engineering CS402, Spring 2016 Shin Yoo Acknowledgements I borrow slides from: Moonzoo Kim Theo C. Ruys (http://spinroot.com/spin/doc/ SpinTutorial.pdf) CBMC & Daniel
Building Program Verifiers from Compilers and Theorem Provers
Building Program Verifiers from Compilers and Theorem Provers Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel based on joint work with Teme Kahsai, Jorge A.
ECBS SMT-Bounded Model Checking of C++ Programs. Mikhail Ramalho, Mauro Freitas, Felipe Sousa, Hendrio Marques, Lucas Cordeiro, Bernd Fischer
EBS 2013 SMT-Bounded Model hecking of Programs Mikhail Ramalho, Mauro Freitas, Felipe Sousa, Hendrio Marques, Lucas ordeiro, Bernd Fischer Bounded Model hecking (BM) Idea: check negation of given property
PANDA: Simultaneous Predicate Abstraction and Concrete Execution
PANDA: Simultaneous Predicate Abstraction and Concrete Execution Jakub Daniel and Pavel Parízek Charles University in Prague, Faculty of Mathematics and Physics, Department of Distributed and Dependable
Verifying Periodic Programs with Priority Inheritance Locks
Verifying Periodic Programs with Priority Inheritance Locks Sagar Chaki, Arie Gurfinkel, Ofer Strichman FMCAD, October, 03 Software Engineering Institute, CMU Technion, Israel Institute of Technology Copyright
Synthesis of Synchronization using Uninterpreted Functions
Synthesis of Synchronization using Uninterpreted Functions Roderick Bloem, Georg Hofferek, Bettina Könighofer, Robert Könighofer, Simon Außerlechner, and Raphael Spörk Institute for Applied Information
Incremental bounded model checking for embedded software
DOI 10.1007/s00165-017-019-1 The Author(s) 017. This article is published with open access at Springerlink.com Formal Aspects of Computing (017) 9: 911 91 Formal Aspects of Computing Incremental bounded
Lazy Sequentialization for TSO and PSO via Shared Memory Abstractions
Lazy Sequentialization for TSO and PSO via Shared Memory Abstractions Ermenegildo Tomasco, Truc L. Nguyen, Omar Inverso, Bernd Fischer, Salvatore La Torre and Gennaro Parlato {et1m11,tnl2g10,gennaro}@ecs.soton.ac.uk,
Software Model Checking via Large-Block Encoding
Software Model Checking via Large-Block Encoding Dirk Beyer Simon Fraser University Alessandro Cimatti FBK-irst, Trento Alberto Griggio University of Trento & Simon Fraser University M. Erkan Keremoglu
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS
AP COMPUTER SCIENCE JAVA CONCEPTS IV: RESERVED WORDS PAUL L. BAILEY Abstract. This documents amalgamates various descriptions found on the internet, mostly from Oracle or Wikipedia. Very little of this
Program Correctness and Efficiency. Chapter 2
Program Correctness and Efficiency Chapter 2 Chapter Objectives To understand the differences between the three categories of program errors To understand the effect of an uncaught exception and why you
Bug Finding with Under-approximating Static Analyses. Daniel Kroening, Matt Lewis, Georg Weissenbacher
Bug Finding with Under-approximating Static Analyses Daniel Kroening, Matt Lewis, Georg Weissenbacher Overview Over- vs. underapproximating static analysis Path-based symbolic simulation Path merging Acceleration
Bounded Model Checking of C++ Programs based on the Qt Cross-Platform Framework (Journal-First Abstract)
Bounded Model Checking of C++ Programs based on the Qt Cross-Platform Framework (Journal-First Abstract) Felipe R. Monteiro Mário A. P. Garcia Lucas C. Cordeiro Eddie B. de Lima Filho 33 rd IEEE/ACM International
UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira
PLDI 2016 Tutorial Automata-Based String Analysis
PLDI 2016 Tutorial Automata-Based String Analysis Tevfik Bultan, Abdulbaki Aydin, Lucas Bang Verification Laboratory http://vlab.cs.ucsb.edu Department of Computer Science Common Usages of Strings } Input
Lazy Sequentialization for TSO and PSO via Shared Memory Abstractions
Lazy Sequentialization for TSO and PSO via Shared Memory Abstractions Ermenegildo Tomasco, Truc L. Nguyen, Omar Inverso, Bernd Fischer, Salvatore La Torre and Gennaro Parlato {et1m11,tnl2g10,gennaro}@ecs.soton.ac.uk,
OptCE: A Counterexample-Guided Inductive Optimization Solver
Federal University of Amazonas (UFAM) Postgraduate Program in Electrical Engineering (PPGEE) OptCE: A Counterexample-Guided Inductive Optimization Solver Higo Albuquerque, Rodrigo Araújo, Iury Bessa, Lucas
Automata-based Model Counting for String Constraints. Abdulbaki Aydin, Lucas Bang, Tevfik Bultan
Automata-based Model Counting for String Constraints Abdulbaki Aydin, Lucas Bang, Tevfik Bultan https://vlab.cs.ucsb.edu Model Counting for String Constraints Automata-Based model Counter (ABC) 2 Can you
Configurable Software Model Checking
Configurable Software Model Checking CPAchecker Dirk Beyer Dirk Beyer 1 / 26 Software Verification C Program int main() { int a = foo(); int b = bar(a); } assert(a == b); Verification Tool TRUE i.e., specification
Abstraction techniques for Floating-Point Arithmetic
Abstraction techniques for Floating-Point Arithmetic Angelo Brillout 1, Daniel Kroening 2 and Thomas Wahl 2 1 ETH Zurich, 2 Oxford University ETH Zürich Floating-Point Arithmetic (FPA) Used for embedded
CSE507. Practical Applications of SAT. Computer-Aided Reasoning for Software. Emina Torlak
Computer-Aided Reasoning for Software CSE507 Practical Applications of SAT courses.cs.washington.edu/courses/cse507/18sp/ Emina Torlak emina@cs.washington.edu Today Past 2 lectures The theory and mechanics
arxiv: v2 [cs.pl] 3 Apr 2018
![arxiv: v2 [cs.pl] 3 Apr 2018](/thumbs/89/98539697.jpg "arxiv: v2 [cs.pl] 3 Apr 2018")
1 Scheduling Constraint Based Abstraction Refinement for Multi-Threaded Program Verification arxiv:1708.08323v2 [cs.pl] 3 Apr 2018 LIANGZE YIN, School of Computer, National University of Defense Technology,
LLVMVF: A Generic Approach for Verification of Multicore Software
J Electron Test (2013) 29:635 646 DOI 10.1007/s10836-013-5405-9 LLVMVF: A Generic Approach for Verification of Multicore Software Marcelo Sousa Alper Sen Received: 26 March 2013 / Accepted: 21 August 2013
SystemC-based ESL Verification Flow Integrating Property Checking and Automatic Debugging
SystemC-based ESL Verification Flow Integrating Property Checking and Automatic Debugging Hoang M. Le 1 Daniel Große 1 Rolf Drechsler 1,2 1 University of Bremen, Germany 2 DFKI Bremen, Germany {hle, grosse,
Software Speculative Multithreading for Java
Software Speculative Multithreading for Java Christopher J.F. Pickett and Clark Verbrugge School of Computer Science, McGill University {cpicke,clump}@sable.mcgill.ca Allan Kielstra IBM Toronto Lab kielstra@ca.ibm.com
Source Code Formal Verification. Riccardo Sisto, Politecnico di Torino
Source Code Formal Verification Riccardo Sisto, Politecnico di Torino Formal Verification: Not Just High-Level Models How to improve correctness up to the coding phase? Possible solutions: Automatic code
RATCOP: Relational Analysis Tool for Concurrent Programs
RATCOP: Relational Analysis Tool for Concurrent Programs Suvam Mukherjee 1, Oded Padon 2, Sharon Shoham 2, Deepak D Souza 1, and Noam Rinetzky 2 1 Indian Institute of Science, India 2 Tel Aviv University,
SeaHorn: Software Model Checking with SMT and AI
SeaHorn: Software Model Checking with SMT and AI Arie Gurfinkel Department of Electrical and Computer Engineering University of Waterloo Waterloo, Ontario, Canada http://ece.uwaterloo.ca/~agurfink based
Applying Multi-Core Model Checking to Hardware- Software Partitioning in Embedded Systems (extended version)
Applying Multi-Core Model Checking to Hardware- Software Partitioning in Embedded Systems (extended version) Alessandro Trindade, Hussama Ismail, and Lucas Cordeiro Federal University of Amazonas - Manaus,
Counterexample Guided Inductive Optimization Applied to Mobile Robot Path Planning SBR/LARS 2017
Cnterexample Guided Inductive Optimization Applied to Mobile Robot Path Planning SBR/LARS 2017 Rodrigo Araújo, Alexandre Ribeiro, Iury Bessa, Lucas Cordeiro, and João Edgar Chaves Filho Federal University
arxiv: v2 [cs.se] 13 Jul 2009
![arxiv: v2 [cs.se] 13 Jul 2009](/thumbs/74/71463110.jpg "arxiv: v2 [cs.se] 13 Jul 2009")
SMT-Based Bounded Model Checking for Embedded ANSI-C Software Lucas Cordeiro University of Southampton lcc08r@ecs.soton.ac.uk Bernd Fischer University of Southampton b.fischer@ecs.soton.ac.uk Joao Marques-Silva
Program Analysis and Code Verification
Program Analysis and Code Verification http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics Language Lectures: English Labs: English Homework: Czech/English
Incremental Bounded Model Checking for Embedded Software 1
Formal Aspects of Computing (017) 0: 1 0 c 017 BCS Formal Aspects of Computing Incremental Bounded Model Checking for Embedded Software 1 Peter Schrammel 1,, Daniel Kroening, Martin Brain, Ruben Martins,,
Maximal Causality Reduction for TSO and PSO. Shiyou Huang Jeff Huang Parasol Lab, Texas A&M University
Maximal Causality Reduction for TSO and PSO Shiyou Huang Jeff Huang huangsy@tamu.edu Parasol Lab, Texas A&M University 1 A Real PSO Bug $12 million loss of equipment curpos = new Point(1,2); class Point
Overview AEG Conclusion CS 6V Automatic Exploit Generation (AEG) Matthew Stephen. Department of Computer Science University of Texas at Dallas
CS 6V81.005 Automatic Exploit Generation (AEG) Matthew Stephen Department of Computer Science University of Texas at Dallas February 20 th, 2012 Outline 1 Overview Introduction Considerations 2 AEG Challenges
SAT-based Bounded Software Model Checking for Embedded Software: A Case Study
2014 21st Asia-Pacific Software Engineering Conference SAT-based Bounded Software Model Checking for Embedded Software: A Case Study Yunho Kim and Moonzoo Kim CS Dept. KAIST, Daejeon, South Korea kimyunho@kaist.ac.kr,
BDD-Based Software Model Checking with CPAchecker
BDD-Based Software Model Checking with CPAchecker Dirk Beyer and Andreas Stahlbauer University of Passau, Germany Abstract. In symbolic software model checking, most approaches use predicates as symbolic
Predicate Refinement Heuristics in Program Verification with CEGAR
Predicate Refinement Heuristics in Program Verification with CEGAR Tachio Terauchi (JAIST) Part of this is joint work with Hiroshi Unno (U. Tsukuba) 1 Predicate Abstraction with CEGAR Iteratively generate
CSC2108: Automated Verification Assignment 3. Due: November 14, classtime.
CSC2108: Automated Verification Assignment 3. Due: November 14, classtime. 1. Recall the notion of alternation depth in µ-calculus formulas. An alternation depth of a formula is one if results of a least
Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance
Test-Case Generation for Runtime Analysis and Vice-Versa: Verification of Aircraft Separation Assurance Marko Dimjašević University of Utah Dimitra Giannakopoulou NASA Ames Research Center ISSTA 2015,
Assoc. Prof. Marenglen Biba. (C) 2010 Pearson Education, Inc. All rights reserved.
Assoc. Prof. Marenglen Biba Exception handling Exception an indication of a problem that occurs during a program s execution. The name exception implies that the problem occurs infrequently. With exception
Active Testing for Concurrent Programs
Active Testing for Concurrent Programs Pallavi Joshi Mayur Naik Chang-Seo Park Koushik Sen 1/8/2009 ParLab Retreat ParLab, UC Berkeley Intel Research Overview Checking correctness of concurrent programs
The JML Tool. Faculty of Engineering Pontificia Universidad Javeriana. The JML Tool p.1/23
The JML Tool Néstor Cataño ncatano@puj.edu.co Faculty of Engineering Pontificia Universidad Javeriana The JML Tool p.1/23 Tools for JML 1. Parsing and type-checking 2. Checking assertions at runtime 3.
ExpliSAT: Guiding SAT-Based Software Verification with Explicit States
ExpliSAT: Guiding SAT-Based Software Verification with Explicit States Sharon Barner 1, Cindy Eisner 1,ZivGlazberg 1, Daniel Kroening 2, and Ishai Rabinovitz 3, 1 IBM Haifa Research Lab {sharon,eisner,glazberg}@il.ibm.com
Tree Interpolation in Vampire
Tree Interpolation in Vampire Régis Blanc 1, Ashutosh Gupta 2, Laura Kovács 3, and Bernhard Kragl 4 1 EPFL 2 IST Austria 3 Chalmers 4 TU Vienna Abstract. We describe new extensions of the Vampire theorem
DIPARTIMENTO DI INGEGNERIA E SCIENZA DELL INFORMAZIONE Povo Trento (Italy), Via Sommarive 14
UNIVERSITY OF TRENTO DIPARTIMENTO DI INGEGNERIA E SCIENZA DELL INFORMAZIONE 38050 Povo Trento (Italy), Via Sommarive 14 http://www.disi.unitn.it SOFTWARE MODEL CHECKING VIA LARGE-BLOCK ENCODING Dirk Beyer,
Functional Equivalence Verification Tools in High-Level Synthesis Flows
High-Level Synthesis Functional Equivalence Verification Tools in High-Level Synthesis Flows Anmol Mathur Calypto Design Systems Masahiro Fujita University of Tokyo Edmund Clarke Carnegie Mellon University
Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives
Leveraging Test Generation and Specification Mining for Automated Bug Detection without False Positives Michael Pradel and Thomas R. Gross Department of Computer Science ETH Zurich 1 Motivation API usage
Static Analysis in C/C++ code with Polyspace
1 Static Analysis in C/C++ code with Polyspace Yongchool Ryu Application Engineer gary.ryu@mathworks.com 2016 The MathWorks, Inc. 2 Agenda Efficient way to find problems in Software Category of Static
Partitioned Memory Models for Program Analysis
Partitioned Memory Models for Program Analysis Wei Wang 1, Clark Barrett 2, and Thomas Wies 1 1 New York University 2 Stanford University Abstract. Scalability is a key challenge in static analysis. For
Turbo-Charging Lemmas on Demand with Don t Care Reasoning
Turbo-Charging Lemmas on Demand with Don t Care Reasoning Aina Niemetz, Mathias Preiner and Armin Biere Institute for Formal Models and Verification (FMV) Johannes Kepler University, Linz, Austria http://fmv.jku.at/
Efficient Hierarchical System Debugging for Property Checking
Efficient Hierarchical System Debugging for Property Checking Görschwin Fey Rolf Drechsler Institute of Computer Science, University of Bremen, 28359 Bremen, Germany {fey,drechsle}@informatik.uni-bremen.de
Smten: Automatic Translation of High-level Symbolic Computations into SMT Queries
Smten: Automatic Translation of High-level Symbolic Computations into SMT Queries Richard Uhler 1 and Nirav Dave 2 1 Massachusetts Institute of Technology, Computer Science and Artificial Intelligence
KRATOS A Software Model Checker for SystemC
KRATOS A Software Model Checker for SystemC A. Cimatti, A. Griggio, A. Micheli, I. Narasamdya, and M. Roveri Fondazione Bruno Kessler Irst {cimatti,griggio,amicheli,narasamdya,roveri}@fbk.eu Abstract.
IJIT: An API for Boolean Program Analysis with Just-in-Time Translation 1
IJIT: An API for Boolean Program Analysis with Just-in-Time Translation 1 Peizun Liu and Thomas Wahl Northeastern University, Boston, USA SEFM 2017, Trento, Italy September 06, 2017 1 This work is supported
Incremental Upgrade Checking by Means of Interpolation-based Function Summaries
Incremental Upgrade Checking by Means of Interpolation-based Function Summaries Ondrej Sery Grigory Fedyukovich Natasha Sharygina Formal Verification Lab, University of Lugano, Switzerland D3S, Faculty
Slice n Dice Algorithm Implementation in JPF
Brigham Young University BYU ScholarsArchive All Theses and Dissertations 2014-07-01 Slice n Dice Algorithm Implementation in JPF Eric S. Noonan Brigham Young University - Provo Follow this and additional