Abstract
Modularization is a widespread approach to tackle software complexity, not only in development but also in verification. Most approaches are either based on manual specifications, which are labor-intensive for large-scale projects, or on program abstractions that have the potential to create false positives. In this paper, we propose an approach for modular bounded model checking extended by refined modularization based on program abstractions and learning of preconditions. Modules, which consist of subsets of a program’s functions, are extended by including increasingly larger calling contexts. Potentially under-approximated preconditions are generated by enumerating relevant information from bounded model checking generated counterexamples, including memory assignments. These preconditions are then extended through a tree-based learning approach that generalizes the generated data-points. Through substitution of function calls, preconditions are iteratively pushed through the program to eliminate potential false positives. We evaluate our approach on three real-world software projects demonstrating a significant increase in precision.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
We assume memory accesses occur only to allocated memory.
- 2.
Instructions to replicate the bmi160 results and experiment with QPR Verify and the precondition-learner in a prepared VM can be found under https://baldur.iti.kit.edu/qpr/QPR_Verify-2021-info.txt.
- 3.
We slightly adapted the source code to overcome current technical limits of our tool, e.g. by removing irrelevant function pointers in structs.
- 4.
Due to licensing, 2017b was the latest available version of Polyspace for evaluation.
References
Astorga, A., Madhusudan, P., Saha, S., Wang, S., Xie, T.: Learning stateful preconditions modulo a test generator. In: Proceedings of the 40th ACM SIGPLAN Conference on Programming Language Design and Implementation, pp. 775–787. ACM (2019)
Bertrane, J., et al.: Static analysis and verification of aerospace software by abstract interpretation. In: AIAA Infotech@ Aerospace 2010, p. 3385 (2010)
Bosch. Bosch Sensortec Sensor Driver (2020)
Calcagno, C., Distefano, D., O’Hearn, P.W., Yang, H.: Footprint analysis: a shape analysis that discovers preconditions. In: Nielson, H.R., Filé, G. (eds.) SAS 2007. LNCS, vol. 4634, pp. 402–418. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74061-2_25
Cho, C. Y., D’Silva, V., Song, D.: Blitz: compositional bounded model checking for real-world programs. In: 2013 28th IEEE/ACM International Conference on Automated Software Engineering (ASE), pp. 136–146. IEEE (2013)
Cousot, P., Cousot, R.: Modular static program analysis. In: Horspool, R.N. (ed.) CC 2002. LNCS, vol. 2304, pp. 159–179. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45937-5_13
Cousot, P., Cousot, R., Logozzo, F.: Contract precondition inference from intermittent assertions on collections. In: VMCAI, pp. 150–168 (2011)
Deutsch, A.: Static verification of dynamic properties. In: ACM SIGAda 2003 Conference (2003)
Garg, P., Löding, C., Madhusudan, P., Neider, D.: ICE: a robust framework for learning invariants. In: Biere, A., Bloem, R. (eds.) CAV 2014. LNCS, vol. 8559, pp. 69–87. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9_5
Gurfinkel, A., Kahsai, T., Navas, J.A.: SeaHorn: a framework for verifying C programs (competition contribution). In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 447–450. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46681-0_41
Jang, J.S., Liccardo, D.: Automation of small UAVs using a low cost mems sensor and embedded computing platform. In: 2006 IEEE/AIAA 25TH Digital Avionics Systems Conference, pp. 1–9. IEEE (2006)
Kleine Büning, M., Sinz, C.: Automatic modularization of large programs for bounded model checking. In: Ait-Ameur, Y., Qin, S. (eds.) ICFEM 2019. LNCS, vol. 11852, pp. 186–202. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-32409-4_12
Kleine Büning, M., Sinz, C., Faragó, D.: QPR verify: a static analysis tool for embedded software based on bounded model checking. In: Christakis, M., Polikarpova, N., Duggirala, P.S., Schrammel, P. (eds.) NSV/VSTTE -2020. LNCS, vol. 12549, pp. 21–32. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-63618-0_2
Kroening, D., Tautschnig, M.: CBMC – c bounded model checker. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 389–391. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_26
Lattner, C., Adve, V.: LLVM: a compilation framework for lifelong program analysis & transformation. In: International Symposium on Code Generation and Optimization, 2004. CGO 2004, pp. 75–86. IEEE (2004)
Merz, F., Falke, S., Sinz, C.: Bounded model checking of C and C++ programs using a compiler IR. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, pp. 146–161. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-27705-4_12
Meyer, B.: Applying ‘design by contract’. Computer 25(10), 40–51 (1992)
Micro NAV autopilot software. http://sourceforge.net/projects/micronav/. Accessed 14-oct-2021
Morse, J., Ramalho, M., Cordeiro, L., Nicole, D., Fischer, B.: ESBMC 1.22. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 405–407. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_31
Moy, Y.: Sufficient preconditions for modular assertion checking. In: Logozzo, F., Peled, D.A., Zuck, L.D. (eds.) VMCAI 2008. LNCS, vol. 4905, pp. 188–202. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78163-9_18
Müller, P. (ed.): : Modular specification and verification of frame properties. In: Modular Specification and Verification of Object-Oriented Programs. LNCS, vol. 2262, pp. 143–194. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45651-1_5
Padhi, S., Sharma, R., Millstein, T.: Data-driven precondition inference with learned features. ACM SIGPLAN Notices 51(6), 42–56 (2016)
Podelski, A., Rybalchenko, A., Wies, T.: Heap assumptions on demand. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 314–327. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-70545-1_31
Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1986). https://doi.org/10.1007/BF00116251
Sankaranarayanan, S., Chaudhuri, S., Ivančić, F., Gupta, A.: Dynamic inference of likely data preconditions over predicates by tree learning. In: Proceedings of the 2008 International Symposium on Software Testing and Analysis, pp. 295–306. ACM (2008)
SQLite. http://sqlite.org. Accessed: 14 oct 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Kleine Büning, M., Meuer, J., Sinz, C. (2022). Refined Modularization for Bounded Model Checking Through Precondition Generation. In: Riesco, A., Zhang, M. (eds) Formal Methods and Software Engineering. ICFEM 2022. Lecture Notes in Computer Science, vol 13478. Springer, Cham. https://doi.org/10.1007/978-3-031-17244-1_13
Download citation
DOI: https://doi.org/10.1007/978-3-031-17244-1_13
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-17243-4
Online ISBN: 978-3-031-17244-1
eBook Packages: Computer ScienceComputer Science (R0)