Skip to main content
SpringerLink
Log in

Conflict-Directed Graph Coverage

  • Conference paper
  • First Online:
NASA Formal Methods (NFM 2015)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 9058))

Included in the following conference series:

Abstract

Many formal method tools for increasing software reliability apply Satisfiability Modulo Theories (SMT) solvers to enumerate feasible paths in a program subject to certain coverage criteria. Examples include inconsistent code detection tools and concolic test case generators. These tools have in common that they typically treat the SMT solver as a black box, relying on its ability to efficiently search through large search spaces. However, in practice the performance of SMT solvers often degrades significantly if the search involves reasoning about complex control-flow. In this paper, we open the black box and devise a new algorithm for this problem domain that we call conflict-directed graph coverage. Our algorithm relies on two core components of an SMT solver, namely conflict-directed learning and deduction by propagation, and applies domain-specific modifications for reasoning about control-flow graphs. We implemented conflict-directed coverage and used it for detecting code inconsistencies in several large Java open-source projects with over one million lines of code in total. The new algorithm yields significant performance gains on average compared to previous algorithms and reduces the running times on hard search instances from hours to seconds.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. The legion of the bouncy castle. https://www.bouncycastle.org/

  2. Arlt, S., Rubio-González, C., Rümmer, P., Schäf, M., Shankar, N.: The gradual verifier. In: Badger, J.M., Rozier, K.Y. (eds.) NFM 2014. LNCS, vol. 8430, pp. 313–327. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  3. Arlt, S., Rümmer, P., Schäf, M.: A theory for control-flow graph exploration. In: Van Hung, D., Ogawa, M. (eds.) ATVA 2013. LNCS, vol. 8172, pp. 506–515. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  4. Arlt, S., Schäf, M.: Joogie: infeasible code detection for java. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 767–773. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  5. Ball, T., Naik, M., Rajamani, S.K.: From symptom to cause: localizing errors in counterexample traces. SIGPLAN Not., 97–105 (2003)

    Google Scholar 

  6. Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. SIGSOFT Softw. Eng. Notes, 82–87 (2005)

    Google Scholar 

  7. Barnett, M., Leino, K.R.M.: Weakest-precondition of unstructured programs. ACM SIGSOFT Software Engineering Notes 31, 82–87 (2005)

    Google Scholar 

  8. Beer, I., Ben-David, S., Eisner, C., Rodeh, Y.: Efficient detection of vacuity in ACTL formulas. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 279–290. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  9. Bertolini, C., Schäf, M., Schweitzer, P.: Infeasible code detection. In: Joshi, R., Müller, P., Podelski, A. (eds.) VSTTE 2012. LNCS, vol. 7152, pp. 310–325. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  10. Bjørner, N., Dutertre, B., de Moura, L.: Accelerating lemma learning using joins-DPLL (join). In: Int. Conf. Logic for Programming, Artif. Intell. and Reasoning, LPAR (2008)

    Google Scholar 

  11. Chockler, H., Kupferman, O., Vardi, M.Y.: Coverage metrics for temporal logic model checking. In: Margaria, T., Yi, W. (eds.) TACAS 2001. LNCS, vol. 2031, pp. 528–542. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  12. Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. TOPLAS, 451–490 (1991)

    Google Scholar 

  13. de Moura, L., Bjørner, N.: Relevancy propagation. Technical Report MSR-TR-2007-140, Microsoft Research (2007)

    Google Scholar 

  14. de Moura, L., Bjørner, N.S.: Z3: An efficient SMT solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  15. Dillig, I., Dillig, T., Aiken, A.: Static error detection using semantic inconsistency inference. In: PLDI (2007)

    Google Scholar 

  16. Engler, D., Chen, D.Y., Hallem, S., Chou, A., Chelf, B.: Bugs as deviant behavior: A general approach to inferring errors in systems code. In: Proceedings of the Eighteenth ACM Symposium on Operating Systems Principles, SOSP 2001, pp. 57–72. ACM, New York (2001)

    Google Scholar 

  17. Gheorghiu, M., Gurfinkel, A.: Vaquot: A tool for vacuity detection. Technical report. In: Proceedings of Tool Track, FM 2006 (2005)

    Google Scholar 

  18. Hoenicke, J., Leino, K.R., Podelski, A., Schäf, M., Wies, T.: Doomed program points. Formal Methods in System Design (2010)

    Google Scholar 

  19. Hovemeyer, D., Pugh, W.: Finding bugs is easy. ACM Sigplan Notices 39(12), 92–106 (2004)

    Article  Google Scholar 

  20. Janota, M., Grigore, R., Moskal, M.: Reachability analysis for annotated code. In: SAVCBS (2007)

    Google Scholar 

  21. Karp, R.M.: Reducibility among combinatorial problems. In: Symposium on the Complexity of Computer Computations, The IBM Research Symposia Series, pp. 85–103. Plenum Press, New York (1972)

    Google Scholar 

  22. Leino, K.R.M., Millstein, T.D., Saxe, J.B.: Generating error traces from verification-condition counterexamples. Sci. Comput. Program. 55(1–3), 209–226 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  23. Leino, K.R.M., Rümmer, P.: A Polymorphic intermediate verification language: design and logical encoding. In: Esparza, J., Majumdar, R. (eds.) TACAS 2010. LNCS, vol. 6015, pp. 312–327. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  24. Rümmer, P.: A constraint sequent calculus for first-order logic with linear integer arithmetic. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS, vol. 5330, pp. 274–289. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  25. Schäf, M.: Bixie: Find contradictions in java code (2014). http://www.csl.sri.com/bixie-ws/

  26. Schäf, M.: Gravy website (2014). https://github.com/martinschaef/gravy

  27. Silva, J.P.M., Lynce, I., Malik, S.: Conflict-driven clause learning SAT solvers. In: Handbook of Satisfiability. Frontiers in Artificial Intelligence and Applications, vol. 185, pp. 131–153. IOS Press (2009)

    Google Scholar 

  28. Tomb, A., Flanagan, C.: Detecting inconsistencies via universal reachability analysis. In: ISSTA, pp. 287–297 (2012)

    Google Scholar 

  29. Wang, X., Zeldovich, N., Kaashoek, M.F., Solar-Lezama, A.: Towards optimization-safe systems: analyzing the impact of undefined behavior. In: SOSP, pp. 260–275. ACM (2013)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. New York University, New York, USA

    Daniel Schwartz-Narbonne & Thomas Wies

  2. SRI International, Menlo Park, USA

    Martin Schäf & Dejan Jovanović

  3. Uppsala University, Uppsala, Sweden

    Philipp Rümmer

Authors
  1. Daniel Schwartz-Narbonne
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Martin Schäf
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Dejan Jovanović
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Philipp Rümmer
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Thomas Wies
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Martin Schäf .

Editor information

Editors and Affiliations

  1. Jet Propulsion Laboratory, Pasadena, California, USA

    Klaus Havelund

  2. Jet Propulsion Laboratory, Pasadena, California, USA

    Gerard Holzmann

  3. Jet Propulsion Laboratory, Pasadena, California, USA

    Rajeev Joshi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Schwartz-Narbonne, D., Schäf, M., Jovanović, D., Rümmer, P., Wies, T. (2015). Conflict-Directed Graph Coverage. In: Havelund, K., Holzmann, G., Joshi, R. (eds) NASA Formal Methods. NFM 2015. Lecture Notes in Computer Science(), vol 9058. Springer, Cham. https://doi.org/10.1007/978-3-319-17524-9_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-17524-9_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-17523-2

  • Online ISBN: 978-3-319-17524-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation