Skip to main content
SpringerLink
Log in
SpringerLink
Log in

Towards Scalable Modular Checking of User-Defined Properties

  • Conference paper
Verified Software: Theories, Tools, Experiments (VSTTE 2010)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 6217))

Abstract

Theorem-prover based modular checkers have the potential to perform scalable and precise checking of user-defined properties by combining pathsensitive intraprocedural reasoning with user-defined procedure abstractions. However, such tools have seldom been deployed on large software applications of industrial relevance due to the annotation burden required to provide the procedure abstractions.

In this work, we present two case studies of applying a modular checker HAVOC to check properties on large modules in the Microsoft Windows operating system. The first detailed case study describes checking the synchronization protocol of a core Microsoft Windows component with more than 300 thousand lines of code and 1500 procedures. The effort found 45 serious bugs in the component with modest annotation effort and low false alarms; most of these bugs have since been fixed by the developers of the module. The second case study reports preliminary user experience in using the tool for checking security related properties in several Windows components. We describe our experience in using a modular checker to create various property checkers for finding errors in a welltested applications of this scale, and our design decisions to find them with low false alarms, modest annotation burden and high coverage.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aiken, A., Bugrara, S., Dillig, I., Dillig, T., Hackett, B., Hawkins, P.: An overview of the Saturn project. In: Workshop on Program Analysis for Software Tools and Engineering (PASTE 2007), pp. 43–48 (2007)

    Google Scholar 

  2. Babic, D., Hu, A.J.: Structural abstraction of software verification conditions. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 366–378. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  3. Ball, T., Majumdar, R., Millstein, T., Rajamani, S.K.: Automatic predicate abstraction of C programs. In: Programming Language Design and Implementation (PLDI 2001), pp. 203–213 (2001)

    Google Scholar 

  4. Barnett, M., Leino, K.R.M., Schulte, W.: The Spec# programming system: An overview. In: Barthe, G., Burdy, L., Huisman, M., Lanet, J.-L., Muntean, T. (eds.) CASSIS 2004. LNCS, vol. 3362, pp. 49–69. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  5. Chatterjee, S., Lahiri, S.K., Qadeer, S., Rakamarić, Z.: A reachability predicate for analyzing low-level software. In: Grumberg, O., Huth, M. (eds.) TACAS 2007. LNCS, vol. 4424, pp. 19–33. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  6. Condit, J., Hackett, B., Lahiri, S.K., Qadeer, S.: Unifying type checking and property checking for low-level code. In: Principles of Programming Languages (POPL 2009), pp. 302–314 (2009)

    Google Scholar 

  7. Cousot, P., Cousot, R.: Abstract interpretation: A Unified Lattice Model for the Static Analysis of Programs by Construction or Approximation of Fixpoints. In: Principles of Programming Languages (POPL 1977), pp. 238–252 (1977)

    Google Scholar 

  8. Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The ASTREÉ Analyzer. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 21–30. Springer, Heidelberg (2005)

    Google Scholar 

  9. Dahlweid, M., Moskal, M., Santen, T., Tobies, S., Schulte, W.: Vcc: Contract-based modular verification of concurrent c. In: International Conference on Software Engineering (ICSE 2009), Companion Volume, pp. 429–430 (2009)

    Google Scholar 

  10. Das, M., Lerner, S., Seigle, M.: ESP: Path-Sensitive Program Verification in Polynomial Time. In: Programming Language Design and Implementation (PLDI 2002), pp. 57–68 (2002)

    Google Scholar 

  11. de Moura, L., Bjorner, N.: Efficient Incremental E-matching for SMT Solvers. In: Pfenning, F. (ed.) CADE 2007. LNCS (LNAI), vol. 4603, pp. 183–198. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  12. DeLine, R., Leino, K.R.M.: BoogiePL: A typed procedural language for checking object-oriented programs. Technical Report MSR-TR-2005-70, Microsoft Research (2005)

    Google Scholar 

  13. Engler, D.R., Ashcraft, K.: RacerX: effective, static detection of race conditions and deadlocks. In: Symposium on Operating Systems Principles (SOSP 2003), pp. 237–252 (2003)

    Google Scholar 

  14. Engler, D.R., Chelf, B., Chou, A., Hallem, S.: Checking system rules using system-specific, programmer-written compiler extensions. In: Operating Systems Design And Implementation (OSDI 2000), pp. 1–16 (2000)

    Google Scholar 

  15. Flanagan, C., Freund, S.N.: Type-based race detection for java. In: PLDI, pp. 219–232 (2000)

    Google Scholar 

  16. Flanagan, C., Leino, K.R.M.: Houdini, an annotation assistant for ESC/Java. In: Oliveira, J.N., Zave, P. (eds.) FME 2001. LNCS, vol. 2021, pp. 500–517. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  17. Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Programming Language Design and Implementation (PLDI 2002), pp. 234–245 (2002)

    Google Scholar 

  18. Hackett, B., Das, M., Wang, D., Yang, Z.: Modular checking for buffer overflows in the large. In: International Conference on Software Engineering (ICSE 2006), pp. 232–241 (2006)

    Google Scholar 

  19. Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Principles of Programming Languages (POPL 2002), pp. 58–70 (2002)

    Google Scholar 

  20. Lahiri, S.K., Qadeer, S.: Back to the future: revisiting precise program verification using SMT solvers. In: Principles of Programming Languages (POPL 2008), pp. 171–182 (2008)

    Google Scholar 

  21. Lahiri, S.K., Qadeer, S., Galeotti, J.P., Voung, J.W., Wies, T.: Intra-module inference. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 493–508. Springer, Heidelberg (2009)

    Google Scholar 

  22. Pratikakis, P., Foster, J.S., Hicks, M.W.: LOCKSMITH: context-sensitive correlation analysis for race detection. In: Programming Language Design and Implementation (PLDI 2006), pp. 320–331 (2006)

    Google Scholar 

  23. Vanegue, J.: Zero-sized heap allocations vulnerability analysis

    Google Scholar 

  24. Voung, J.W., Jhala, R., Lerner, S.: RELAY: static race detection on millions of lines of code. In: Foundations of Software Engineering (FSE 2007), pp. 205–214 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Microsoft,  

    Thomas Ball, Shuvendu K. Lahiri, Shaz Qadeer & Julien Vanegue

  2. Stanford University,  

    Brian Hackett

Authors
  1. Thomas Ball
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Brian Hackett
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Shuvendu K. Lahiri
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shaz Qadeer
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Julien Vanegue
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Electrical Engineering and Computer Science, 439C Harris Center, University of Central Florida, Building 116, 4000 Central Florida Boulevard, 32816-2362, Orlando, FL, USA

    Gary T. Leavens

  2. School of Electronic Engineering and Computer Science, Queen Mary University, Mile End Road, E1 NS, London, UK

    Peter O’Hearn

  3. Microsoft Research India, "Scientia", 196/36 2nd Main, Sadashivnagar, 560 080, Bangalore, India

    Sriram K. Rajamani

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ball, T., Hackett, B., Lahiri, S.K., Qadeer, S., Vanegue, J. (2010). Towards Scalable Modular Checking of User-Defined Properties. In: Leavens, G.T., O’Hearn, P., Rajamani, S.K. (eds) Verified Software: Theories, Tools, Experiments. VSTTE 2010. Lecture Notes in Computer Science, vol 6217. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15057-9_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15057-9_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15056-2

  • Online ISBN: 978-3-642-15057-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation