Precise interprocedural dataflow analysis via graph reachability
POPL '95 Proceedings of the 22nd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
OOPSLA '04 Companion to the 19th annual ACM SIGPLAN conference on Object-oriented programming systems, languages, and applications
DART: directed automated random testing
Proceedings of the 2005 ACM SIGPLAN conference on Programming language design and implementation
Constructing efficient formal models from high-level descriptions using symbolic simulation
International Journal of Parallel Programming
Program verification as probabilistic inference
Proceedings of the 34th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Inferring specifications to detect errors in code
Automated Software Engineering
Verifying dereference safety via expanding-scope analysis
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
Symbolic program analysis using term rewriting and generalization
Proceedings of the 2008 International Conference on Formal Methods in Computer-Aided Design
Snugglebug: a powerful approach to weakest preconditions
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Compositional may-must program analysis: unleashing the power of alternation
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Generalized symbolic execution for model checking and testing
TACAS'03 Proceedings of the 9th international conference on Tools and algorithms for the construction and analysis of systems
CAV'07 Proceedings of the 19th international conference on Computer aided verification
Structural abstraction of software verification conditions
CAV'07 Proceedings of the 19th international conference on Computer aided verification
NFM'11 Proceedings of the Third international conference on NASA Formal methods
Modular bug detection with inertial refinement
Proceedings of the 2010 Conference on Formal Methods in Computer-Aided Design
CPACHECKER: a tool for configurable software verification
CAV'11 Proceedings of the 23rd international conference on Computer aided verification
SAS'11 Proceedings of the 18th international conference on Static analysis
Lazy annotation for program testing and verification
CAV'10 Proceedings of the 22nd international conference on Computer Aided Verification
DC2: A framework for scalable, scope-bounded software verification
ASE '11 Proceedings of the 2011 26th IEEE/ACM International Conference on Automated Software Engineering
A solver for reachability modulo theories
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
eVolCheck: incremental upgrade checker for C
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
| Hi-index | 0.00 |
Most symbolic bug detection techniques perform search over the program control flow graph based on either forward symbolic execution or backward weakest preconditions computation. The complexity of determining inter-procedural all-path feasibility makes it difficult for such analysis to judge up-front whether the behavior of a particular caller or callee procedure is relevant to a given property violation. Consequently, these methods analyze several program fragments irrelevant to the property, often repeatedly, before arriving at a goal location or an entrypoint, thus wasting resources and diminishing their scalability. This paper presents a systematic and scalable technique for focused bug detection which, starting from the goal function, employs alternating backward and forward exploration on the program call graph to lazily infer a small scope of program fragments, sufficient to detect the bug or show its absence. The method learns caller and callee invariants for procedures from failed exploration attempts and uses them to direct future exploration towards a scope pertinent to the violation.