Innovations in Systems and Software Engineering

, Volume 6, Issue 3, pp 233–242

Software model checking without source code

Original Paper

Abstract

We present a framework, called air, for verifying safety properties of assembly language programs via software model checking. air extends the applicability of predicate abstraction and counterexample guided abstraction refinement to the automated verification of low-level software. By working at the assembly level, air allows verification of programs for which source code is unavailable—such as legacy and COTS software—and programs that use features—such as pointers, structures, and object-orientation—that are problematic for source-level software verification tools. In addition, air makes no assumptions about the underlying compiler technology. We have implemented a prototype of air and present encouraging results on several non-trivial examples.

Keywords

Software verification Model checking Assembly programs Abstraction Iterative refinement 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Andrews T, Qadeer S, Rajamani S, Rehof J, Xie Y (2004) Zing: A model checker for concurrent software. In: Alur R, Peled D (eds) Proceedings of the 16th international conference on computer aided verification (CAV ’04). Lecture notes in computer science, vol 3114. Springer, Berlin, pp 484–487Google Scholar
  2. 2.
    Balakrishnan G, Reps T (2008) Analyzing stripped device-driver executables. In: Ramakrishnan CR, Rehof J (eds) Proceedings of the 14th international conference on tools and algorithms for the construction and analysis of systems (TACAS ’08). Lecture notes in computer science, vol 4963. Springer, Berlin, pp 124–140Google Scholar
  3. 3.
    Ball T, Rajamani SK (2001) Automatically validating temporal safety properties of interfaces. In: Dwyer MB (ed) Proceedings of the 8th international SPIN workshop on model checking of software (SPIN ’01). Lecture notes in computer science, vol 2057. Springer, Berlin, pp 103–122Google Scholar
  4. 4.
    BEHAVE! website (2009) http://research.microsoft.com/behave
  5. 5.
    Boyer RS, Yu Y (1996) Automated proofs of object code for a widely used microprocessor. J ACM (JACM) 43(1): 166–192MATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Breuer PT, Bowen JP (1998) Generating Decompilers. RUCS Technical Report RUCS/1998/TR/010/A, Department of Computing, The University of ReadingGoogle Scholar
  7. 7.
    CBMC website (2009) http://www.cprover.org/cbmc
  8. 8.
    Chaki S (2006) SAT-Based Software Certification. In: Hermanns H, Palsberg J (eds) Proceedings of the 12th international conference on tools and algorithms for the construction and analysis of systems (TACAS ’06). Lecture notes in computer science, vol 3920. Springer, Berlin, pp 151–166Google Scholar
  9. 9.
    Chaki S, Clarke E, Groce A, Jha S, Veith H (2003) Modular verification of software components in C. In: Proceedings of the 25th international conference on software engineering (ICSE ’03). IEEE Computer Society, pp 385–395Google Scholar
  10. 10.
    Clarke E, Kroening D, Lerda F (2004) A tool for checking ANSI-C programs. In: Jensen K, Podelski A (eds) Proceedings of the 10th international conference on tools and algorithms for the construction and analysis of systems (TACAS ’04). Lecture notes in computer science, vol 2988. Springer, Berlin, pp 168–176Google Scholar
  11. 11.
    Clarke EM, Grumberg O, Jha S, Lu Y, Veith H (2003) Counterexample-guided abstraction refinement for symbolic model checking. J ACM (JACM) 50(5): 752–794CrossRefMathSciNetGoogle Scholar
  12. 12.
    Clutterbuck DL, Carre BA (1988) The verification of low-level code. Softw Eng J (SEJ) 3(3): 97–111CrossRefGoogle Scholar
  13. 13.
  14. 14.
    Curzon P (1991) A Structured Approach to the Verification of Low Level Microcode. Ph.D. thesis, University of Cambridge, Computer Laboratory Tech report no. 215Google Scholar
  15. 15.
    CVC Lite website (2009) http://verify.stanford.edu/CVCL
  16. 16.
    Dwyer MB, Hatcliff J, Hoosier M, Robby (2005) Building your own software model checker using the bogor extensible model checking framework. In: Etessami K, Rajamani SK (eds) Proceedings of the 17th international conference on computer aided verification (CAV ’05). Lecture notes in computer science, vol 3576. Springer, Berlin, pp 148–152Google Scholar
  17. 17.
    Dwyer MB, Hatcliff J, Joehanes R, Laubach S, Păsăreanu C, Zheng H, Visser W (2001) Tool-supported program abstraction for finite-state verification. In: Proceedings of the 23rd international conference on software engineering (ICSE ’01). IEEE Computer Society, pp 177–187Google Scholar
  18. 18.
    Graf S, Saïdi H (1997) Construction of abstract state graphs with PVS. In: Grumberg O (ed) Proceedings of the 9th international conference on computer aided verification (CAV ’97). Lecture notes in computer science, vol 1254. Springer, Berlin, pp 72–83Google Scholar
  19. 19.
    Henzinger TA, Jhala R, Majumdar R, Sutre G (2002) Lazy abstraction. In: Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on principles of programming langauges (POPL ’02). SIGPLAN Notices, vol 37(1). Association for Computing Machinery, pp 58–70. URL http://citeseer.nj.nec.com/524901.html
  20. 20.
    Holzmann G (2003) The SPIN model checker: primer and reference manual. Addison-Wesley, ReadingGoogle Scholar
  21. 21.
    Ivancic F, Yang Z, Ganai MK, Gupta A, Shlyakhter I, Ashar P (2005) F-Soft: software verification platform. In: Etessami K, Rajamani SK (eds) Proceedings of the 17th international conference on computer aided verification (CAV ’05). Lecture notes in computer science, vol 3576. Springer, Berlin, pp 301–306Google Scholar
  22. 22.
    Kroening D (2002) Application specific higher order logic theorem proving. In: Autexier S, Mantel H (eds) Proceedings of the verification workshop (VERIFY’02), pp 5–15Google Scholar
  23. 23.
    Moskewicz M, Madigan CF, Zhao Y, Zhang L, Malik S (2001) Chaff: engineering an efficient SAT solver. In: Proceedings of the 38th ACM IEEE design automation conference (DAC ’01), pp 530–535. Association for Computing Machinery. URL http://doi.acm.org/10.1145/378239.379017
  24. 24.
    Namjoshi KS (2001) Certifying Model Checkers. In: Berry G, Comon H, Finkel A (eds) Proceedings of the 13th international conference on computer aided verification (CAV ’01). Lecture notes in computer science, vol 2102. Springer, Berlin, pp 2–13Google Scholar
  25. 25.
    Namjoshi KS (2003) Lifting temporal proofs through abstractions. In: Zuck LD, Attie PC, Cortesi A, Mukhopadhyay S (eds) Proceedings of the 4th international conference on verification, model checking, and abstract interpretation (VMCAI ’03). Lecture notes in computer science, vol 2575. Springer, Berlin, pp 174–188Google Scholar
  26. 26.
    Necula GC (1997) Proof-carrying code. In: Proceedings of the 24th ACM SIGPLAN-SIGACT symposium on principles of programming langauges (POPL ’97). Association for Computing Machinery, pp 106–119Google Scholar
  27. 27.
    Nelson G (1980) Techniques for program verification. Ph.D. thesis, Stanford UniversityGoogle Scholar
  28. 28.
    O’Neill IM, Clutterbuck DL, Farrow PF, Summers PG, Dolman WC (1988) The formal verification of safety-critical assembly code. In: Proceedings of the international federation of automatic control safety of computer control systems conference (SAFECOMP ’88), IFAC Proceedings Series, vol 16, pp 115–120Google Scholar
  29. 29.
    Pnueli A, Siegel M, Singerman E (1998) Translation validation. In: Steffen B (ed) Proceedings of the 4th international conference on tools and algorithms for the construction and analysis of systems (TACAS ’98). Lecture notes in computer science, vol 1384. Springer, Berlin, pp 151–166Google Scholar
  30. 30.
  31. 31.
    Reps T, Balakrishnan G, Lim J, Teitelbaum T (2005) A next-generation platform for analyzing executables. In: Yi K (ed) Proceedings of the third asian symposium on programming languages and systems (APLAS ’05). Lecture notes in computer science, vol 3780. Springer, Berlin, pp 212–229Google Scholar
  32. 32.
  33. 33.
    Visser W, Havelund K, Brat GP, Park S (2000) Model checking programs. In: Proceedings of the 15th international conference on automated software engineering (ASE ’00). IEEE Computer Society, pp 3–12Google Scholar
  34. 34.
    Yu D (2004) Safety verification of low-level code. Ph.D. thesis, Graduate School of Yale UniversityGoogle Scholar
  35. 35.
    Yu D, Shao Z (2004) Verification of safety properties for concurrent assembly code. In: Okasaki C, Fisher K (eds) Proceedings of the 2004 international conference on functional programming (ICFP ’04). Association for Computing Machinery, pp 175–188Google Scholar

Copyright information

© Springer-Verlag London Limited 2010

Authors and Affiliations

  1. 1.Software Engineering InstitutePittsburghUSA

Personalised recommendations