Computer-aided verification of coordinating processes: the automata-theoretic approach
Computer-aided verification of coordinating processes: the automata-theoretic approach
Automatic predicate abstraction of C programs
Proceedings of the ACM SIGPLAN 2001 conference on Programming language design and implementation
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Extended static checking for Java
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
POPL '77 Proceedings of the 4th ACM SIGACT-SIGPLAN symposium on Principles of programming languages
Symbolic Model Checking without BDDs
TACAS '99 Proceedings of the 5th International Conference on Tools and Algorithms for Construction and Analysis of Systems
Counterexample-Guided Abstraction Refinement
CAV '00 Proceedings of the 12th International Conference on Computer Aided Verification
CSSV: towards a realistic tool for statically detecting all buffer overflows in C
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
A static analyzer for large safety-critical software
PLDI '03 Proceedings of the ACM SIGPLAN 2003 conference on Programming language design and implementation
Precise and efficient static array bound checking for large embedded C programs
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Testing static analysis tools using exploitable buffer overflows from open source code
Proceedings of the 12th ACM SIGSOFT twelfth international symposium on Foundations of software engineering
Synthesis of interface specifications for Java classes
Proceedings of the 32nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Modular checking for buffer overflows in the large
Proceedings of the 28th international conference on Software engineering
Inferring specifications to detect errors in code
Automated Software Engineering
Verifying dereference safety via expanding-scope analysis
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
ACM Computing Surveys (CSUR)
VCC: A Practical System for Verifying Concurrent C
TPHOLs '09 Proceedings of the 22nd International Conference on Theorem Proving in Higher Order Logics
An Incremental Approach to Scope-Bounded Checking Using a Lightweight Formal Method
FM '09 Proceedings of the 2nd World Congress on Formal Methods
Structural abstraction of software verification conditions
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Modular inference of subprogram contracts for safety checking
Journal of Symbolic Computation
Precondition inference from intermittent assertions and application to contracts on collections
VMCAI'11 Proceedings of the 12th international conference on Verification, model checking, and abstract interpretation
SLAM2: static driver verification with under 4% false alarms
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
Efficient state merging in symbolic execution
Proceedings of the 33rd ACM SIGPLAN conference on Programming Language Design and Implementation
A solver for reachability modulo theories
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Alternate and learn: finding witnesses without looking all over
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Modeling and analyzing the interaction of C and C++ strings
FoVeOOS'11 Proceedings of the 2011 international conference on Formal Verification of Object-Oriented Software
| Hi-index | 0.00 |
Software model checking and static analysis have matured over the last decade, enabling their use in automated software verification. However, lack of scalability makes these tools hard to apply. Furthermore, approximations in the models of program and environment lead to a profusion of false alarms. This paper proposes DC2, a verification framework using scope-bounding to bridge these gaps. DC2 splits the analysis problem into manageable parts, relying on a combination of three automated techniques: (a) techniques to infer useful specifications for functions in the form of pre- and post-conditions; (b) stub inference techniques that infer abstractions to replace function calls beyond the verification scope; and (c) automatic refinement of pre- and post-conditions from false alarms identified by a user. DC2 enables iterative reasoning over the calling environment, to help in finding non-trivial bugs and fewer false alarms. We present an experimental evaluation that demonstrates the effectiveness of DC2 on several open-source and industrial software projects.