Cargando…
Under-approximating loops in C programs for fast counterexample detection
Many software model checkers only detect counterexamples with deep loops after exploring numerous spurious and increasingly longer counterexamples. We propose a technique that aims at eliminating this weakness by constructing auxiliary paths that represent the effect of a range of loop iterations. U...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer US
2015
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4750468/ https://www.ncbi.nlm.nih.gov/pubmed/26900259 http://dx.doi.org/10.1007/s10703-015-0228-1 |
| _version_ | 1782415440487645184 |
|---|---|
| author | Kroening, Daniel Lewis, Matt Weissenbacher, Georg |
| author_facet | Kroening, Daniel Lewis, Matt Weissenbacher, Georg |
| author_sort | Kroening, Daniel |
| collection | PubMed |
| description | Many software model checkers only detect counterexamples with deep loops after exploring numerous spurious and increasingly longer counterexamples. We propose a technique that aims at eliminating this weakness by constructing auxiliary paths that represent the effect of a range of loop iterations. Unlike acceleration, which captures the exact effect of arbitrarily many loop iterations, these auxiliary paths may under-approximate the behaviour of the loops. In return, the approximation is sound with respect to the bit-vector semantics of programs. Our approach supports arbitrary conditions and assignments to arrays in the loop body, but may as a result introduce quantified conditionals. To reduce the resulting performance penalty, we present two quantifier elimination techniques specially geared towards our application. Loop under-approximation can be combined with a broad range of verification techniques. We paired our techniques with lazy abstraction and bounded model checking, and evaluated the resulting tool on a number of buffer overflow benchmarks, demonstrating its ability to efficiently detect deep counterexamples in C programs that manipulate arrays. |
| format | Online Article Text |
| id | pubmed-4750468 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2015 |
| publisher | Springer US |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-47504682016-02-19 Under-approximating loops in C programs for fast counterexample detection Kroening, Daniel Lewis, Matt Weissenbacher, Georg Form Methods Syst Des Article Many software model checkers only detect counterexamples with deep loops after exploring numerous spurious and increasingly longer counterexamples. We propose a technique that aims at eliminating this weakness by constructing auxiliary paths that represent the effect of a range of loop iterations. Unlike acceleration, which captures the exact effect of arbitrarily many loop iterations, these auxiliary paths may under-approximate the behaviour of the loops. In return, the approximation is sound with respect to the bit-vector semantics of programs. Our approach supports arbitrary conditions and assignments to arrays in the loop body, but may as a result introduce quantified conditionals. To reduce the resulting performance penalty, we present two quantifier elimination techniques specially geared towards our application. Loop under-approximation can be combined with a broad range of verification techniques. We paired our techniques with lazy abstraction and bounded model checking, and evaluated the resulting tool on a number of buffer overflow benchmarks, demonstrating its ability to efficiently detect deep counterexamples in C programs that manipulate arrays. Springer US 2015-04-17 2015 /pmc/articles/PMC4750468/ /pubmed/26900259 http://dx.doi.org/10.1007/s10703-015-0228-1 Text en © The Author(s) 2015 Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. |
| spellingShingle | Article Kroening, Daniel Lewis, Matt Weissenbacher, Georg Under-approximating loops in C programs for fast counterexample detection |
| title | Under-approximating loops in C programs for fast counterexample
detection |
| title_full | Under-approximating loops in C programs for fast counterexample
detection |
| title_fullStr | Under-approximating loops in C programs for fast counterexample
detection |
| title_full_unstemmed | Under-approximating loops in C programs for fast counterexample
detection |
| title_short | Under-approximating loops in C programs for fast counterexample
detection |
| title_sort | under-approximating loops in c programs for fast counterexample
detection |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4750468/ https://www.ncbi.nlm.nih.gov/pubmed/26900259 http://dx.doi.org/10.1007/s10703-015-0228-1 |
| work_keys_str_mv | AT kroeningdaniel underapproximatingloopsincprogramsforfastcounterexampledetection AT lewismatt underapproximatingloopsincprogramsforfastcounterexampledetection AT weissenbachergeorg underapproximatingloopsincprogramsforfastcounterexampledetection |