Skip to main content
SpringerLink
Log in

Cut branches before looking for bugs: certifiably sound verification on relaxed slices

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

Program slicing can be used to reduce a given initial program to a smaller one (a slice) that preserves the behavior of the initial program with respect to a chosen criterion. Verification and validation (V&V) of software can become easier on slices, but require particular care in the presence of errors or non-termination in order to avoid unsound results or a poor level of code reduction in slices with respect to the initial program. This article proposes a theoretical foundation for conducting V&V activities on a slice instead of the initial program. We introduce the notion of relaxed slicing that is still capable of producing small slices, even in the presence of errors or non-termination, and establish an appropriate soundness property. It allows us to give a precise interpretation of verification results (absence or presence of errors) obtained for a slice in terms of the initial program. The implementation of these results in the Coq proof assistant is presented and some of its difficult points are discussed.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal H, DeMillo RA, Spafford EH (1993) Debugging with dynamic slicing and backtracking. Softw Pract Exper 23(6): 589–616

    Article  Google Scholar 

  2. Allen M, Horwitz S (2003) Slicing Java programs that throw and catch exceptions. In: PEPM 2003, pp 44–54

  3. Amtoft T (2008) Slicing for modern program structures: a theory for eliminating irrelevant loops. Inf Process Lett 106(2): 45–51

    Article  MathSciNet  MATH  Google Scholar 

  4. Barraclough RW, Binkley D, Danicic S, Harman M, Hierons RM, Kiss A, Laurence M, Ouarbya L (2010) A trajectory-based strict semantics for program slicing. Theor Comp Sci 411(11–13): 1372–1386

    Article  MathSciNet  MATH  Google Scholar 

  5. Bertot Y, Castéran P (2004) Interactive theorem proving and program development. Springer, Berlin

    Book  MATH  Google Scholar 

  6. Barros JB, da Cruz DC, Henriques PR, Pinto JS (2012) Assertion-based slicing and slice graphs. Formal Asp Comput 24(2): 217–248

    Article  MathSciNet  MATH  Google Scholar 

  7. Binkley D, Danicic S, Gyimóthy T, Harman M, Kiss Á, Korel B (2006) Theoretical foundations of dynamic program slicing. Theor Comput Sci 360(1–3): 23–41

    Article  MathSciNet  MATH  Google Scholar 

  8. Ball T, Horwitz S (1993) Slicing programs with arbitrary control-flow. In: AADEBUG 1993

  9. Binkley D, Harman M (2004) A survey of empirical results on program slicing. Adv Comput 62: 105–178

    Article  Google Scholar 

  10. Blazy S, Maroneze A, Pichardie D (2015) Verified validation of program slicing. In: CPP 2015, pp 109–117

  11. Chebaro O, Cuoq P, Kosmatov N, Marre B, Pacalet A, Williams N, Yakobowski B (2014) Behind the scenes in SANTE: a combination of static and dynamic analyses. Autom Softw Eng 21(1): 107–143

    Article  Google Scholar 

  12. Cartwright R, Felleisen M (1989) The semantics of program dependence. In: PLDI 1989

  13. Chebaro O, Kosmatov N, Giorgetti A, Julliand J (2011) The SANTE tool: value analysis, program slicing and test generation for C program debugging. In: TAP 2011

  14. Chebaro O, Kosmatov N, Giorgetti A, Julliand J (2012) Program slicing enhances a verification technique combining static and dynamic analysis. In: SAC 2012

  15. Danicic S, Barraclough RW, Harman M, Howroyd J, Kiss Á, Laurence MR (2011) A unifying theory of control dependence and its application to arbitrary program structures. Theor Comput Sci 412(49): 6809–6842

    Article  MathSciNet  MATH  Google Scholar 

  16. Giacobazzi Roberto, Mastroeni Isabella. (2003) Non-standard semantics for program slicing. Higher-Order and Symbolic Computation, 16(4): 297–339

    Article  MATH  Google Scholar 

  17. Ge X, Taneja K, Xie T, Tillmann N (2011) DyTa: dynamic symbolic execution guided with static verification results. In: The 33rd international conference on software engineering (ICSE 2011), pp 992–994. ACM

  18. Harman M, Danicic S (1995) Using program slicing to simplify testing. Softw Test Verif Reliab 5(3): 143–162

    Article  Google Scholar 

  19. Hierons RM, Harman M, Danicic S (1999) Using program slicing to assist in the detection of equivalent mutants. Softw Test Verif Reliab 9(4): 233–262

    Article  Google Scholar 

  20. Horwitz S, Reps T, Binkley D (1988) Interprocedural slicing using dependence graphs. In: PLDI 1988

  21. Harman M, Simpson D, Danicic S (1996) Slicing programs in the presence of errors. Formal Asp Comput 8(4): 490–497

    Article  MATH  Google Scholar 

  22. Kirchner F, Kosmatov N, Prevosto V, Signoles J, Yakobowski B (2015) Frama-C: A software analysis perspective. Formal Asp Comput 27(3): 573–609

    Article  MathSciNet  Google Scholar 

  23. Kiss B, Kosmatov N, Pariente D, Puccetti A (2015) Combining static and dynamic analyses for vulnerability detection: illustration on Heartbleed. In: HVC 2015

  24. Léchenet Jean-Christophe (2016) Formalization of relaxed slicing. http://perso.ecp.fr/~lechenetjc/slicing/.

  25. Leroy X (2009) Formal verification of a realistic compiler. Commun ACM 52(7): 107–115

    Article  Google Scholar 

  26. Léchenet J-C, Kosmatov N, Gall PL (2016) Cut branches before looking for bugs: Sound verification on relaxed slices. In: FASE’16 (Part of ETAPS’16), pp 179–196

  27. Nestra H (2009) Transfinite semantics in the form of greatest fixpoint. J Log Algebr Progr 78(7): 573–592

    Article  MathSciNet  MATH  Google Scholar 

  28. Podgurski A, Clarke LA (1990) A formal model of program dependences and its implications for software testing, debugging, and maintenance. IEEE Trans Softw Eng 16(9): 965–979

    Article  Google Scholar 

  29. Pierce BC, Casinghino C, Gaboardi M, Greenberg M, Hriţcu C, Sjöberg V, Yorgey B (2015) Software foundations 3.2, 2015. http://www.cis.upenn.edu/~bcpierce/sf/sf-3.2/index.html.

  30. Ranganath VP, Amtoft T, Banerjee A, Hatcliff J, Dwyer MB (2007) A new foundation for control dependence and slicing for modern program structures. ACM Trans Progr Lang Syst 29(5): 27

    Article  MATH  Google Scholar 

  31. Reps TW, Yang W (1988) The semantics of program slicing. Technical report, University of Wisconsin

  32. Reps TW, Yang W (1989) The semantics of program slicing and program integration. In: TAPSOFT 1989

  33. Silva J (2012) A vocabulary of program slicing-based techniques. ACM Comput Surv 44(3): 12

    Article  MATH  Google Scholar 

  34. Tip F (1995) A survey of program slicing techniques. J Prog Lang 3(3)

  35. Wasserrab D (2011) From formal semantics to verified slicing: a modular framework with applications in language based security. Ph.D. thesis, Karlsruhe Institute of Technology

  36. Weiser M (1981) Program slicing. In: ICSE 1981

  37. Weiser M (1982) Programmers use slices when debugging. Commun ACM 25(7): 446–452

    Article  Google Scholar 

  38. Weiser M (1984) Program slicing. IEEE Trans Softw Eng 10(4): 352–357

    Article  MATH  Google Scholar 

  39. Xu B, Qian J, Zhang X, Wu Z, Chen L (2005) A brief survey of program slicing. ACM SIGSOFT Softw Eng Notes 30(2): 1–36

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CEA, LIST, Software Reliability and Security Laboratory, PC 174, 91191, Gif-sur-Yvette, France

    Jean-Christophe Léchenet & Nikolai Kosmatov

  2. Laboratoire de Mathématiques et Informatique pour la Complexité et les Systèmes,  CentraleSupélec, Université Paris-Saclay, 91190, Gif-sur-Yvette, France

    Jean-Christophe Léchenet & Pascale Le Gall

Authors
  1. Jean-Christophe Léchenet
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nikolai Kosmatov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pascale Le Gall
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jean-Christophe Léchenet.

Additional information

Perdita Stevens, Andrzej Wasowski, and Ewen Denney

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Léchenet, JC., Kosmatov, N. & Le Gall, P. Cut branches before looking for bugs: certifiably sound verification on relaxed slices. Form Asp Comp 30, 107–131 (2018). https://doi.org/10.1007/s00165-017-0439-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-017-0439-x

Keywords

Search

Navigation