Skip to main content
SpringerLink
Log in

Efficient Symbolic Execution of Value-Based Data Structures for Critical Systems

  • Conference paper
NASA Formal Methods (NFM 2012)

Part of the book series: Lecture Notes in Computer Science ((LNPSE,volume 7226))

Included in the following conference series:

  • 1174 Accesses

Abstract

Symbolic execution shows promise for increasing the automation of verification tasks in certified safety/security-critical systems, where use of statically allocated value-based data structures is mandated. In fact Spark/Ada, a subset of Ada designed for verification and used for building critical systems, only permits data structures that are statically allocated. This paper describes a novel and efficient graph-based representation for programs making use of value-based data structures and procedure contracts. We show that our graph-based representation offers performance superior to a logic-based representation that is used in many approaches that delegate array reasoning to a decision procedure.

Work supported in part by the US National Science Foundation (NSF) CAREER award 0644288, the US Air Force Office of Scientific Research (AFOSR), Rockwell Collins, and the Natural Sciences and Engineering Research Council (NSERC) of Canada grant 261573.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and Systems Modeling 4, 32–54 (2005)

    Article  Google Scholar 

  2. Barnes, J.: High Integrity Software—the SPARK Approach to Safety and Security. AW (2003)

    Google Scholar 

  3. Belt, J., Hatcliff, J., Robby, Chalin, P., Hardin, D., Deng, X.: Bakar Kiasan: Flexible Contract Checking for Critical Systems Using Symbolic Execution. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 58–72. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  4. Belt, J., Robby, Chalin, P., Hatcliff, J., Deng, X.: Efficient symbolic execution of programs for critical systems. Technical Report SAnToS-TR2011-01-10, Kansas State University (2011), http://people.cis.ksu.edu/~belt/SAnToS-TR2011-01-10.pdf

  5. Belt, J., Robby, Deng, X.: Sireum/Topi LDP: A lightweight semi-decision procedure for optimizing symbolic execution-based analyses. In: Symposium on the Foundations of Software Engineering (ESEC/FSE), pp. 355–364 (2009)

    Google Scholar 

  6. Berdine, J., Calcagno, C., O’Hearn, P.W.: Symbolic Execution with Separation Logic. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 52–68. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  7. Bradley, A.R., Manna, Z., Sipma, H.B.: What’s Decidable About Arrays? In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 427–442. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Cadar, C., Dunbar, D., Engler, D.R.: Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 209–224. USENIX Association (2008)

    Google Scholar 

  9. de Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Deng, X., Lee, J., Robby: Efficient and formal generalized symbolic execution. Automated Software Engineering, 1–69 Online First: 10.1007/s10515-011-0089-9 (to appear, 2012)

    Google Scholar 

  11. Distefano, D., Parkinson, M.J.: Jstar: towards practical verification for Java. In: Proceedings of the 23rd ACM SIGPLAN Conference on Object-Oriented Programming Systems Languages and Applications (OOPSLA 2008), pp. 213–226 (2008)

    Google Scholar 

  12. Dutertre, B., de Moura, L.: The Yices SMT solver. Tool paper (August 2006), http://yices.csl.sri.com/tool-paper.pdf

  13. Godefroid, P., Klarlund, N., Sen, K.: DART: Directed automated random testing. In: ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), pp. 213–223. ACM Press (2005)

    Google Scholar 

  14. Grieskamp, W., Tillmann, N., Schulte, W.: XRT - exploring runtime for.NET - architecture and applications. In: Workshop on Software Model Checking (2005)

    Google Scholar 

  15. Jacobs, B., Smans, J., Piessens, F.: A Quick Tour of the VeriFast Program Verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  16. Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized Symbolic Execution for Model Checking and Testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Lev-Ami, T., Sagiv, M.: TVLA: A System for Implementing Static Analyses. In: SAS 2000. LNCS, vol. 1824, pp. 280–302. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  18. Rossebo, B., Oman, P., Alves-Foss, J., Blue, R., Jaszkowiak, P.: Using SPARK-Ada to model and verify a MILS message router. In: Proceedings of the International Symposium on Secure Software Engineering (2006)

    Google Scholar 

  19. Rushby, J.: The design and verification of secure systems. In: 8th ACM Symposium on Operating Systems Principles, vol. 15(5), pp. 12–21 (1981)

    Google Scholar 

  20. Sen, K., Agha, G.: CUTE: A concolic unit testing engine for C. In: ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), pp. 263–272 (2005)

    Google Scholar 

  21. Sen, K., Agha, G.: CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  22. Staats, M., Pasareanu, C.S.: Parallel symbolic execution for structural test generation. In: ISSTA, pp. 183–194 (2010)

    Google Scholar 

  23. Tillmann, N., de Halleux, J.: Pex–White Box Test Generation for.NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  24. ACL2 arrays, http://www.cs.utexas.edu/~moore/acl2/current/ARRAYS.html .

  25. Benchmark example source, http://people.cis.ksu.edu/~belt/reports/SAnToS-TR2011-01-10_src/

Download references

Author information

Authors and Affiliations

  1. Kansas State University, United States

    Jason Belt,  Robby, Patrice Chalin & John Hatcliff

  2. Google Inc., United States

    Xianghua Deng

Authors
  1. Jason Belt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robby
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Patrice Chalin
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. John Hatcliff
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Xianghua Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. NASA Langley Research Center, MS 130, 23681, Hampton, VA, USA

    Alwyn E. Goodloe  & Suzette Person  & 

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Belt, J., Robby, Chalin, P., Hatcliff, J., Deng, X. (2012). Efficient Symbolic Execution of Value-Based Data Structures for Critical Systems. In: Goodloe, A.E., Person, S. (eds) NASA Formal Methods. NFM 2012. Lecture Notes in Computer Science, vol 7226. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28891-3_29

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28891-3_29

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28890-6

  • Online ISBN: 978-3-642-28891-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation