skip to main content
10.1145/2635868.2635894acmconferencesArticle/Chapter ViewAbstractPublication PagesfseConference Proceedingsconference-collections
research-article

Powering the static driver verifier using corral

Published: 11 November 2014 Publication History

Abstract

The application of software-verification technology towards building realistic bug-finding tools requires working through several precision-scalability tradeoffs. For instance, a critical aspect while dealing with C programs is to formally define the treatment of pointers and the heap. A machine-level modeling is often intractable, whereas one that leverages high-level information (such as types) can be inaccurate. Another tradeoff is modeling integer arithmetic. Ideally, all arithmetic should be performed over bitvector representations whereas the current practice in most tools is to use mathematical integers for scalability. A third tradeoff, in the context of bounded program exploration, is to choose a bound that ensures high coverage without overwhelming the analysis. This paper works through these three tradeoffs when we applied Corral, an SMT-based verifier, inside Microsoft's Static Driver Verifier (SDV). Our decisions were guided by experimentation on a large set of drivers; the total verification time exceeded well over a month. We justify that each of our decisions were crucial in getting value out of Corral and led to Corral being accepted as the engine that powers SDV in the Windows 8.1 release, replacing the SLAM engine that had been used inside SDV for the past decade.

References

[1]
T. Ball, E. Bounimova, R. Kumar, and V. Levin. SLAM2: Static driver verification with under 4% false alarms. In Formal Methods in Computer Aided Design, pages 35–42, 2010.
[2]
T. Ball, V. Levin, and S. K. Rajamani. A decade of software model checking with SLAM. Commun. ACM, 54(7):68–76, 2011.
[3]
M. Barnett, B.-Y. E. Chang, R. DeLine, B. Jacobs, and K. R. M. Leino. Boogie: A modular reusable verifier for object-oriented programs. In Formal Methods for Components and Objects, pages 364–387, 2005.
[4]
D. Beyer, editor. 1st International Competition on Software Verification, co-located with TACAS 2012, Tallinn, Estonia, 2012.
[5]
CBMC: Bounded Model Checking for ANSI-C. http://www.cprover.org/cbmc/.
[6]
S. Chatterjee, S. K. Lahiri, S. Qadeer, and Z. Rakamaric. A reachability predicate for analyzing low-level software. In Tools and Algorithms for the Construction and Analysis of Systems, pages 19–33, 2007.
[7]
E. M. Clarke, D. Kroening, and F. Lerda. A tool for checking ANSI-C programs. In Tools and Algorithms for the Construction and Analysis of Systems, pages 168–176, 2004.
[8]
J. Condit, B. Hackett, S. Lahiri, and S. Qadeer. Unifying type checking and property checking for low-level code. In Principles of Programming Languages, 2009.
[9]
L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In Tools and Algorithms for the Construction and Analysis of Systems, pages 337–340, 2008.
[10]
J. S. Foster. Type Qualifiers: Lightweight Specifications to Improve Software Quality. PhD thesis, University of California, Berkeley, Dec. 2002.
[11]
P. Godefroid, A. V. Nori, S. K. Rajamani, and S. Tetali. Compositional may-must program analysis: unleashing the power of alternation. In Principles of Programming Languages, pages 43–56, 2010.
[12]
S. Gulwani, K. K. Mehra, and T. M. Chilimbi. Speed: precise and efficient static estimation of program computational complexity. In Principles of Programming Languages, pages 127–139, 2009.
[13]
D. Kroening, M. Lewis, and G. Weissenbacher. Under-approximating loops in c programs for fast counterexample detection. In Computer Aided Verification, pages 381–396, 2013.
[14]
A. Lal, S. Qadeer, and S. Lahiri. Corral: A solver for reachability modulo theories. In Computer Aided Verification, 2012.
[15]
Microsoft. DDI compliance rules. http://msdn.microsoft.com/en-us/library/ windows/hardware/ff552840(v=vs.85).aspx.
[16]
Microsoft. Static driver verifier. http://msdn.microsoft.com/en-us/library/ windows/hardware/ff552808(v=vs.85).aspx.
[17]
Z. Rakamaric and M. Emmi. SMACK: Static Modular Assertion ChecKer. http://smackers.github.io/smack.
[18]
R. Wilhelm, J. Engblom, A. Ermedahl, N. Holsti, S. Thesing, D. Whalley, G. Bernat, C. Ferdinand, R. Heckmann, T. Mitra, F. Mueller, I. Puaut, P. Puschner, J. Staschulat, and P. Stenström. The worst-case execution-time problem: overview of methods and survey of tools. ACM Trans. Embed. Comput. Syst., 7(3):36:1–36:53, May 2008.

Cited By

View all
  • (2024)Towards Trustworthy Automated Program Verifiers: Formally Validating Translations into an Intermediate Verification LanguageProceedings of the ACM on Programming Languages10.1145/36564388:PLDI(1510-1534)Online publication date: 20-Jun-2024
  • (2024)ConjunCT: Learning Inductive Invariants to Prove Unbounded Instruction Safety Against Microarchitectural Timing Attacks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00180(3735-3753)Online publication date: 19-May-2024
  • (2024)SmartInv: Multimodal Learning for Smart Contract Invariant Inference2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00126(2217-2235)Online publication date: 19-May-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
FSE 2014: Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering
November 2014
856 pages
ISBN:9781450330565
DOI:10.1145/2635868
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 11 November 2014

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Bitvector Reasoning
  2. Device Drivers
  3. Language Semantics
  4. Loop Coverage
  5. SMT
  6. Software Verification

Qualifiers

  • Research-article

Conference

SIGSOFT/FSE'14
Sponsor:

Acceptance Rates

Overall Acceptance Rate 17 of 128 submissions, 13%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)17
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2024)Towards Trustworthy Automated Program Verifiers: Formally Validating Translations into an Intermediate Verification LanguageProceedings of the ACM on Programming Languages10.1145/36564388:PLDI(1510-1534)Online publication date: 20-Jun-2024
  • (2024)ConjunCT: Learning Inductive Invariants to Prove Unbounded Instruction Safety Against Microarchitectural Timing Attacks2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00180(3735-3753)Online publication date: 19-May-2024
  • (2024)SmartInv: Multimodal Learning for Smart Contract Invariant Inference2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00126(2217-2235)Online publication date: 19-May-2024
  • (2024)eBPF: Pioneering Kernel Programmability and System Observability - Past, Present, and Future Insights2024 3rd International Conference on Artificial Intelligence and Computer Information Technology (AICIT)10.1109/AICIT62434.2024.10730620(1-10)Online publication date: 20-Sep-2024
  • (2024)Verification Algorithms for Automated Separation Logic VerifiersComputer Aided Verification10.1007/978-3-031-65627-9_18(362-386)Online publication date: 26-Jul-2024
  • (2024)Accelerated Bounded Model Checking Using Interpolation Based SummariesTools and Algorithms for the Construction and Analysis of Systems10.1007/978-3-031-57249-4_8(155-174)Online publication date: 5-Apr-2024
  • (2023)Verification-Preserving Inlining in Automatic Separation Logic VerifiersProceedings of the ACM on Programming Languages10.1145/35860547:OOPSLA1(789-818)Online publication date: 6-Apr-2023
  • (2022)Verifying verified codeInnovations in Systems and Software Engineering10.1007/s11334-022-00443-918:3(335-346)Online publication date: 30-Mar-2022
  • (2022)Distributed bounded model checkingFormal Methods in System Design10.1007/s10703-021-00385-164:1-3(50-72)Online publication date: 5-Jan-2022
  • (2022)Proof-Guided Underapproximation Widening for Bounded Model CheckingComputer Aided Verification10.1007/978-3-031-13185-1_15(304-324)Online publication date: 7-Aug-2022
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media