Abstract
Map2Check is a software verification tool that combines fuzzing, symbolic execution, and inductive invariants. It automatically checks safety properties in C programs by adopting source code instrumentation to monitor data (e.g., memory pointers) from the program’s executions using LLVM compiler infrastructure. For SV-COMP 2020, we extended Map2Check to exploit an iterative deepening approach using LibFuzzer and Klee to check for safety properties. We also use Crab-LLVM to infer program invariants based on reachability analysis. Experimental results show that Map2Check can handle a wide variety of safety properties in several intricate verification tasks from SV-COMP 2020.
H. Rocha—Jury member.
Chapter PDF
Similar content being viewed by others
References
Baldoni, R., Coppa, E., D’Elia, D.C., Demetrescu, C., Finocchi, I.: A Survey of Symbolic Execution Techniques. ACM Comput. Surv. 51(3) (2018)
Brummayer, R., Biere, A.: Boolector: An Efficient SMT Solver for Bit-Vectors and Arrays. In: TACAS. pp. 174–177. Springer (2009)
Cadar, C., Dunbar, D., Engler, D.: KLEE: Unassisted and Automatic Generation of High-Coverage Tests for Complex Systems Programs. In: OSDI. pp. 209–224. USENIX (2008)
Dutertre, B.: Yices 2.2. In: Biere, A., Bloem, R. (eds.) CAV. pp. 737–744. Springer (2014)
Fandrey, D.: Clang/LLVM Maturity Report. In: Computer Science Dept., University of Applied Sciences Karlsruhe (2010), See http://www.iwi.hs-karlsruhe.de
Haedicke, F., Frehse, S., Fey, G., Große, D., Drechsler, R.: metaSMT: Focus on Your Application not on Solver Integration. In: Intl. Workshop on DIFTS. CEUR-WS.org (2011)
LibFuzzer: A library for coverage-guided fuzz testing. https://llvm.org/docs/LibFuzzer.html (2019), [Online; accessed September-2019]
Menezes, R., Rocha, H., Cordeiro, L., Barreto, R.: Map2Check using LLVM and KLEE. In: TACAS. pp. 437–441. Springer (2018)
Palikareva, H., Cadar, C.: Multi-solver Support in Symbolic Execution. In: Intl. Workshop on SMT. p. 15. CEUR-WS.org (2014)
Rocha, H., Menezes, R., Cordeiro, L.C., Barreto, R.: Map2Check Tool: UsingSymbolic Execution and Fuzzing. Zenodo. (Feb 2020), https://doi.org/10.5281/zenodo.3678748
SeaHorn: Crab-LLVM: Abstract Interpretation of LLVM bitcode. https://github.com/seahorn/crab-llvm (2019), [Online; accessed November-2019]
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.
Copyright information
© 2020 The Author(s)
About this paper
Cite this paper
Rocha, H., Menezes, R., Cordeiro, L.C., Barreto, R. (2020). Map2Check: Using Symbolic Execution and Fuzzing. In: Biere, A., Parker, D. (eds) Tools and Algorithms for the Construction and Analysis of Systems. TACAS 2020. Lecture Notes in Computer Science(), vol 12079. Springer, Cham. https://doi.org/10.1007/978-3-030-45237-7_29
Download citation
DOI: https://doi.org/10.1007/978-3-030-45237-7_29
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-45236-0
Online ISBN: 978-3-030-45237-7
eBook Packages: Computer ScienceComputer Science (R0)