Advertisement

Formal Aspects of Computing

, Volume 30, Issue 1, pp 107–131 | Cite as

Cut branches before looking for bugs: certifiably sound verification on relaxed slices

  • Jean-Christophe LéchenetEmail author
  • Nikolai Kosmatov
  • Pascale Le Gall
Original Article
  • 46 Downloads

Abstract

Program slicing can be used to reduce a given initial program to a smaller one (a slice) that preserves the behavior of the initial program with respect to a chosen criterion. Verification and validation (V&V) of software can become easier on slices, but require particular care in the presence of errors or non-termination in order to avoid unsound results or a poor level of code reduction in slices with respect to the initial program. This article proposes a theoretical foundation for conducting V&V activities on a slice instead of the initial program. We introduce the notion of relaxed slicing that is still capable of producing small slices, even in the presence of errors or non-termination, and establish an appropriate soundness property. It allows us to give a precise interpretation of verification results (absence or presence of errors) obtained for a slice in terms of the initial program. The implementation of these results in the Coq proof assistant is presented and some of its difficult points are discussed.

Keywords

Program slicing Trajectory-based semantics Verification Run-time errors Non-terminating loops Coq formalization 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. ADS93.
    Agrawal H, DeMillo RA, Spafford EH (1993) Debugging with dynamic slicing and backtracking. Softw Pract Exper 23(6): 589–616CrossRefGoogle Scholar
  2. AH03.
    Allen M, Horwitz S (2003) Slicing Java programs that throw and catch exceptions. In: PEPM 2003, pp 44–54Google Scholar
  3. Amt08.
    Amtoft T (2008) Slicing for modern program structures: a theory for eliminating irrelevant loops. Inf Process Lett 106(2): 45–51MathSciNetCrossRefzbMATHGoogle Scholar
  4. BBD+10.
    Barraclough RW, Binkley D, Danicic S, Harman M, Hierons RM, Kiss A, Laurence M, Ouarbya L (2010) A trajectory-based strict semantics for program slicing. Theor Comp Sci 411(11–13): 1372–1386MathSciNetCrossRefzbMATHGoogle Scholar
  5. BBD+10.
    Bertot Y, Castéran P (2004) Interactive theorem proving and program development. Springer, BerlinCrossRefzbMATHGoogle Scholar
  6. BdCHP12.
    Barros JB, da Cruz DC, Henriques PR, Pinto JS (2012) Assertion-based slicing and slice graphs. Formal Asp Comput 24(2): 217–248MathSciNetCrossRefzbMATHGoogle Scholar
  7. BDG+06.
    Binkley D, Danicic S, Gyimóthy T, Harman M, Kiss Á, Korel B (2006) Theoretical foundations of dynamic program slicing. Theor Comput Sci 360(1–3): 23–41MathSciNetCrossRefzbMATHGoogle Scholar
  8. BH93.
    Ball T, Horwitz S (1993) Slicing programs with arbitrary control-flow. In: AADEBUG 1993Google Scholar
  9. BH04.
    Binkley D, Harman M (2004) A survey of empirical results on program slicing. Adv Comput 62: 105–178CrossRefGoogle Scholar
  10. BMP15.
    Blazy S, Maroneze A, Pichardie D (2015) Verified validation of program slicing. In: CPP 2015, pp 109–117Google Scholar
  11. CCK+14.
    Chebaro O, Cuoq P, Kosmatov N, Marre B, Pacalet A, Williams N, Yakobowski B (2014) Behind the scenes in SANTE: a combination of static and dynamic analyses. Autom Softw Eng 21(1): 107–143CrossRefGoogle Scholar
  12. CF89.
    Cartwright R, Felleisen M (1989) The semantics of program dependence. In: PLDI 1989Google Scholar
  13. CKGJ11.
    Chebaro O, Kosmatov N, Giorgetti A, Julliand J (2011) The SANTE tool: value analysis, program slicing and test generation for C program debugging. In: TAP 2011Google Scholar
  14. CKGJ12.
    Chebaro O, Kosmatov N, Giorgetti A, Julliand J (2012) Program slicing enhances a verification technique combining static and dynamic analysis. In: SAC 2012Google Scholar
  15. DBH+11.
    Danicic S, Barraclough RW, Harman M, Howroyd J, Kiss Á, Laurence MR (2011) A unifying theory of control dependence and its application to arbitrary program structures. Theor Comput Sci 412(49): 6809–6842MathSciNetCrossRefzbMATHGoogle Scholar
  16. GM03.
    Giacobazzi Roberto, Mastroeni Isabella. (2003) Non-standard semantics for program slicing. Higher-Order and Symbolic Computation, 16(4): 297–339CrossRefzbMATHGoogle Scholar
  17. GTXT11.
    Ge X, Taneja K, Xie T, Tillmann N (2011) DyTa: dynamic symbolic execution guided with static verification results. In: The 33rd international conference on software engineering (ICSE 2011), pp 992–994. ACMGoogle Scholar
  18. HD95.
    Harman M, Danicic S (1995) Using program slicing to simplify testing. Softw Test Verif Reliab 5(3): 143–162CrossRefGoogle Scholar
  19. HHD99.
    Hierons RM, Harman M, Danicic S (1999) Using program slicing to assist in the detection of equivalent mutants. Softw Test Verif Reliab 9(4): 233–262CrossRefGoogle Scholar
  20. HRB88.
    Horwitz S, Reps T, Binkley D (1988) Interprocedural slicing using dependence graphs. In: PLDI 1988Google Scholar
  21. HSD96.
    Harman M, Simpson D, Danicic S (1996) Slicing programs in the presence of errors. Formal Asp Comput 8(4): 490–497CrossRefzbMATHGoogle Scholar
  22. KKP+15.
    Kirchner F, Kosmatov N, Prevosto V, Signoles J, Yakobowski B (2015) Frama-C: A software analysis perspective. Formal Asp Comput 27(3): 573–609MathSciNetCrossRefGoogle Scholar
  23. KKPP15.
    Kiss B, Kosmatov N, Pariente D, Puccetti A (2015) Combining static and dynamic analyses for vulnerability detection: illustration on Heartbleed. In: HVC 2015Google Scholar
  24. Léc16.
    Léchenet Jean-Christophe (2016) Formalization of relaxed slicing. http://perso.ecp.fr/~lechenetjc/slicing/.
  25. Ler09.
    Leroy X (2009) Formal verification of a realistic compiler. Commun ACM 52(7): 107–115CrossRefGoogle Scholar
  26. LKG16.
    Léchenet J-C, Kosmatov N, Gall PL (2016) Cut branches before looking for bugs: Sound verification on relaxed slices. In: FASE’16 (Part of ETAPS’16), pp 179–196Google Scholar
  27. Nes09.
    Nestra H (2009) Transfinite semantics in the form of greatest fixpoint. J Log Algebr Progr 78(7): 573–592MathSciNetCrossRefzbMATHGoogle Scholar
  28. PC90.
    Podgurski A, Clarke LA (1990) A formal model of program dependences and its implications for software testing, debugging, and maintenance. IEEE Trans Softw Eng 16(9): 965–979CrossRefGoogle Scholar
  29. PCG+15.
    Pierce BC, Casinghino C, Gaboardi M, Greenberg M, Hriţcu C, Sjöberg V, Yorgey B (2015) Software foundations 3.2, 2015. http://www.cis.upenn.edu/~bcpierce/sf/sf-3.2/index.html.
  30. RAB+07.
    Ranganath VP, Amtoft T, Banerjee A, Hatcliff J, Dwyer MB (2007) A new foundation for control dependence and slicing for modern program structures. ACM Trans Progr Lang Syst 29(5): 27CrossRefzbMATHGoogle Scholar
  31. RY88.
    Reps TW, Yang W (1988) The semantics of program slicing. Technical report, University of WisconsinGoogle Scholar
  32. RY89.
    Reps TW, Yang W (1989) The semantics of program slicing and program integration. In: TAPSOFT 1989Google Scholar
  33. Sil12.
    Silva J (2012) A vocabulary of program slicing-based techniques. ACM Comput Surv 44(3): 12CrossRefzbMATHGoogle Scholar
  34. Tip95.
    Tip F (1995) A survey of program slicing techniques. J Prog Lang 3(3)Google Scholar
  35. Was11.
    Wasserrab D (2011) From formal semantics to verified slicing: a modular framework with applications in language based security. Ph.D. thesis, Karlsruhe Institute of TechnologyGoogle Scholar
  36. Wei81.
    Weiser M (1981) Program slicing. In: ICSE 1981Google Scholar
  37. Wei82.
    Weiser M (1982) Programmers use slices when debugging. Commun ACM 25(7): 446–452CrossRefGoogle Scholar
  38. Wei84.
    Weiser M (1984) Program slicing. IEEE Trans Softw Eng 10(4): 352–357CrossRefzbMATHGoogle Scholar
  39. XQZ+05.
    Xu B, Qian J, Zhang X, Wu Z, Chen L (2005) A brief survey of program slicing. ACM SIGSOFT Softw Eng Notes 30(2): 1–36CrossRefGoogle Scholar

Copyright information

© British Computer Society 2017

Authors and Affiliations

  • Jean-Christophe Léchenet
    • 1
    • 2
    Email author
  • Nikolai Kosmatov
    • 1
  • Pascale Le Gall
    • 2
  1. 1.CEA, LIST, Software Reliability and Security LaboratoryGif-sur-YvetteFrance
  2. 2.Laboratoire de Mathématiques et Informatique pour la Complexité et les Systèmes,  CentraleSupélec, Université Paris-SaclayGif-sur-YvetteFrance

Personalised recommendations