Abstract
Software verification aims to prove that a program satisfies some given properties for all its possible executions. Software evolved incredibly fast during the last century, exposing several challenges to this scientific discipline. The goal of the “Challenges of Software Verification Symposium” is to monitor the state-of-the-art in this field. In this article, we will present the evolution of software from its inception in the 1940s to today’s applications, how this exposed new challenges to software verification, and what this discipline achieved. We will then discuss how this chapter covers most of the current open challenges, the possible future software developments, and what challenges this will raise in software verification.
Article PDF
Similar content being viewed by others
Avoid common mistakes on your manuscript.
References
Allen, F.E.: Control flow analysis. ACM SIGPLAN Not. 5(7), 1–19 (1970)
Andersen, L.O.: Program analysis and specialization for the C programming language. PhD thesis, Datalogisk Institut, Københavns Universitet (1994)
Arceri, V., Cortesi, A., Ferrara, P., Olliaro, M. (eds.): Challenges of Software Verification 2022. Intelligent Systems Reference Library, vol. 238. Springer, Berlin (2023)
Arzt, S., Rasthofer, S., Fritz, C., Bodden, E., Bartel, A., Klein, J., Le Traon, Y., Octeau, D., McDaniel, P.: Flowdroid: precise context, flow, field, object-sensitive and lifecycle-aware taint analysis for Android apps. ACM SIGPLAN Not. 49(6), 259–269 (2014)
Barnett, M., Leino, K.R.M., Schulte, W.: The spec# programming system: an overview. In: International Workshop on Construction and Analysis of Safe, Secure, and Interoperable Smart Devices, pp. 49–69. Springer, Berlin (2004)
Bodei, C., De Vincenzi, M., Matteucci, I.: Formal analysis of an AUTOSAR-based basic software module. Int. J. Softw. Tools Technol. Transf. (2024, in press)
Brodo, L., Bruni, R., Falaschi, M., Gori, R., Milazzo, P., Montagna, V., Pulieri, P.: Causal analysis of positive reaction systems. Int. J. Softw. Tools Technol. Transf. (2024, in press)
Clarke, E.M., Emerson, E.A.: Design and synthesis of synchronization skeletons using branching time temporal logic. In: Workshop on Logic of Programs, pp. 52–71. Springer, Berlin (1981)
Clarke, E.M., Emerson, E.A., Sistla, A.P.: Automatic verification of finite-state concurrent systems using temporal logic specifications. ACM Trans. Program. Lang. Syst. 8(2), 244–263 (1986)
Clause, J., Li, W., Orso, A.: Dytan: a generic dynamic taint analysis framework. In: Proceedings of the 2007 International Symposium on Software Testing and Analysis, pp. 196–206 (2007)
Cousot, P.: Principles of Abstract Interpretation. MIT Press, Cambridge (2021)
Cousot, P., Cousot, R.: Abstract interpretation: a unified lattice model for static analysis of programs by construction or approximation of fixpoints. In: Proceedings of the 4th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 238–252 (1977)
Cousot, P., Cousot, R.: Systematic design of program analysis frameworks. In: Proceedings of the 6th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 269–282 (1979)
Cousot, P., Cousot, R., Feret, J., Mauborgne, L., Miné, A., Monniaux, D., Rival, X.: The astrée analyzer. In: Proceedings of the 14th European Symposium on Programming (ESOP 2005), pp. 21–30. Springer, Berlin (2005)
Dijkstra, E.W.: Guarded commands, nondeterminacy and formal derivation of programs. Commun. ACM 18(8), 453–457 (1975)
Emerson, E.A., Clarke, E.M.: Characterizing correctness properties of parallel programs using fixpoints. In: Automata, Languages and Programming: Seventh Colloquium, Noordwijkerhout, the Netherlands, July 14–18, 1980, Proceedings 7, pp. 169–181. Springer, Berlin (1980)
Filinski, A., Larsen, K.F., Jensen, T.: Axiomatising an information flow logic based on partial equivalence relations. Int. J. Softw. Tools Technol. Transf. (2024, in press)
Floyd, R.W.: Assigning meanings to programs. In: Proceedings of the American Mathematical Society Symposia on Applied Mathematics, vol. 19, pp. 19–31. Springer, Berlin (1967)
Haber, S., Stornetta, W.S.: How to Time-Stamp a Digital Document. Springer, Berlin (1991)
Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Software verification with blast. In: Model Checking Software: 10th International SPIN Workshop, Portland, OR, USA, May 9–10, 2003. Proceedings 10, pp. 235–239. Springer, Berlin (2003)
Hoare, C.A.R.: An axiomatic basis for computer programming. Commun. ACM 12(10), 576–580 (1969)
Hoare, T.: The verifying compiler: a grand challenge for computing research. J. ACM 50(1), 63–69 (2003)
Hoofnagle, C.J., Van Der Sloot, B., Borgesius, F.Z.: The European Union general data protection regulation: what it is and what it means. Information & Communications Technology Law 28(1), 65–98 (2019)
Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. ACM Trans. Program. Lang. Syst. 12(1), 26–60 (1990)
Jensen, S.H., Møller, A., Thiemann, P.: Type analysis for javascript. In: Static Analysis: 16th International Symposium, SAS 2009. Los Angeles, CA, USA, August 9–11, 2009, Proceedings 16, pp. 238–255. Springer, Berlin (2009)
Jhala, R., Majumdar, R.: Software model checking. ACM Computing Surveys (CSUR) 41(4), 1–54 (2009)
Kernighan, B.W., Ritchie, D.M.: The C Programming Language. Prentice Hall, New York (1988)
Kildall, G.A.: A unified approach to global program optimization. In: Proceedings of the 1st Annual ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages, pp. 194–206 (1973)
Knoop, J., Steffen, B.: The interprocedural coincidence theorem. In: Compiler Construction: 4th International Conference, CC’92. Paderborn, FRG, October 5–7, 1992, Proceedings 4, pp. 125–140. Springer, Berlin (1992)
Knoop, J., Rüthing, O., Steffen, B.: Lazy code motion. In: Proceedings of the ACM SIGPLAN 1992 Conference on Programming Language Design and Implementation, pp. 224–234 (1992)
Knoop, J., Rüthing, O., Steffen, B.: Optimal code motion: theory and practice. ACM Trans. Program. Lang. Syst. 16(4), 1117–1155 (1994)
Knoop, J., Steffen, B., Vollmer, J.: Parallelism for free: efficient and optimal bitvector analyses for parallel programs. ACM Trans. Program. Lang. Syst. 18(3), 268–299 (1996)
Leroy, X.: A formally verified compiler back-end. J. Autom. Reason. 43, 363–446 (2009)
Livshits, B., Sridharan, M., Smaragdakis, Y., Lhoták, O., Amaral, J.N., Chang, B.Y.E., Guyer, S.Z., Khedker, U.P., Møller, A., Vardoulakis, D.: In defense of soundiness: a manifesto. Commun. ACM 58(2), 44–46 (2015)
McCarthy, J.: A basis for a mathematical theory of computation. In: Braffort, P., Hirschberg, D. (eds.) Computer Programming and Formal Systems, Studies in Logic and the Foundations of Mathematics, vol. 26, pp. 33–70. Elsevier, Amsterdam (1959). https://doi.org/10.1016/S0049-237X(09)70099-0
McCarthy, J.: Recursive functions of symbolic expressions and their computation by machine, part I. Commun. ACM 3(4), 184–195 (1960)
Monniaux, D.: Pragmatics of formally verified yet efficient static analysis, in particular for formally verified compilers. Int. J. Softw. Tools Technol. Transf. (2024, in press)
Olivieri, L., Spoto, F.: Software verification challenges in the blockchain ecosystem. Int. J. Softw. Tools Technol. Transf. (2024, in press)
Queille, J.P., Sifakis, J.: Specification and verification of concurrent systems in CESAR. In: International Symposium on Programming, pp. 337–351. Springer, Berlin (1982)
Richards, M., Ford, N.: Fundamentals of Software Architecture: An Engineering Approach. O’Reilly Media (2020)
Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Sel. Areas Commun. 21(1), 5–19 (2003)
Sagiv, M., Reps, T., Horwitz, S.: Precise interprocedural dataflow analysis with applications to constant propagation. Theor. Comput. Sci. 167(1–2), 131–170 (1996)
Sagiv, M., Reps, T., Wilhelm, R.: Parametric shape analysis via 3-valued logic. ACM Trans. Program. Lang. Syst. 24(3), 217–298 (2002)
Seidl, H., Erhard, J., Tilscher, S., Schwarz, M.: Non-numerical weakly relational domains. Int. J. Softw. Tools Technol. Transf. (2024, in press)
Steffen, B.: Data flow analysis as model checking. In: International Symposium on Theoretical Aspects of Computer Software, pp. 346–364. Springer, Berlin (1991)
Steffen, B.: Property-oriented expansion. In: Static Analysis: Third International Symposium, SAS’96, Aachen, Germany, September 24–26, 1996, Proceedings 3, pp. 22–41. Springer, Berlin (1996)
Steffen, B., Claßen, A., Klein, M., Knoop, J., Margaria, T.: The fixpoint-analysis machine. In: CONCUR’95: Concurrency Theory: 6th International Conference, Philadelphia, PA, USA, August 21–24, 1995, Proceedings 6, pp. 72–87. Springer, Berlin (1995)
Tip, F., Palsberg, J.: Scalable propagation-based call graph construction algorithms. In: Proceedings of the 15th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, pp. 281–293 (2000)
Tolmach, P., Li, Y., Lin, S.W., Liu, Y., Li, Z.: A survey of smart contract formal specification and verification. ACM Computing Surveys (CSUR) 54(7), 1–38 (2021)
Tripp, O., Pistoia, M., Fink, S.J., Sridharan, M., Weisman, O.: Taj: effective taint analysis of web applications. ACM SIGPLAN Not. 44(6), 87–97 (2009)
Turing, A.M.: Checking a large routine. In: Report of a Conference on High Speed Automatic Calculating Machines, pp. 67–69. Univ. Math. Lab, Cambridge (1949)
Turing, A.M., et al.: On computable numbers, with an application to the entscheidungsproblem. J. Math. 58(345–363), Article ID 5 (1936)
Vallée-Rai, R., Co, P., Gagnon, E., Hendren, L., Lam, P., Sundaresan, V.: Soot – a Java bytecode optimization framework. In: Proceedings of CASCON’99, p. 13. IBM Press, Raleigh (1999)
Van Emden, M.H., Kowalski, R.A.: The semantics of predicate logic as a programming language. J. ACM 23(4), 733–742 (1976)
von Neumann, J.: First draft of a report on the EDVAC. IEEE Ann. Hist. Comput. 15(4), 27–75 (1993)
Sitography
Antoine Mine: MOPSA - Modular Open Platform for Static Analysis. https://mopsa.lip6.fr/ (2024). [Online; accessed 05-July-2024]
Ca’ Foscari University of Venice: The Software and System Verification group. https://ssv.dais.unive.it (2024). [Online; accessed 05-July-2024]
Gartner: Gartner Hype Cycle Shows AI Practices and Platform Engineering Will Reach Mainstream Adoption in Software Engineering in Two to Five Years. https://www.gartner.com/en/newsroom/press-releases/2023-11-28-gartner-hype-cycle-shows-ai-practices-and-platform-engineering-will-reach-mainstream-adoption-in-software-engineering-in-two-to-five-yearsl (2024). [Online; accessed 05-July-2024]
ISO: 26262-6 Road vehicles - Functional safety. https://www.iso.org/standard/68388.html (2024). [Online; accessed 05-July-2024]
ISO: IEC 62304 Medical device software — Software life cycle processes. https://www.iso.org/standard/38421.html (2024). [Online; accessed 05-July-2024]
Luca Negrini: LiSA - A Library for Static Analysis. https://lisa-analyzer.github.io/ (2024). [Online; accessed 05-July-2024]
The Software and System Verification group at Ca’ Foscari University of Venice: 1st Challenges of Software Verification Symposium (CSV 22). https://unive-ssv.github.io/events/2022/05/20/csv.html ((2022)). [Online; accessed 05-July-2024]
The Software and System Verification group at Ca’ Foscari University of Venice: 2nd Challenges of Software Verification Symposium (CSV 23). https://unive-ssv.github.io/events/2023/05/25/csv.html ((2023)). [Online; accessed 05-July-2024]
WALA: T. J. Watson Libraries for Analysis. https://github.com/wala/WALA (2024). [Online; accessed 05-July-2024]
Weavworks: Sock Shop : A Microservice Demo Application. https://github.com/microservices-demo (2024). [Online; accessed 05-July-2024]
Wikipedia: C — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/C_(programming_language) (2024). [Online; accessed 05-July-2024]
Wikipedia: C++ — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/C%2B%2B (2024). [Online; accessed 05-July-2024]
Wikipedia: C Sharp — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/C_Sharp_(programming_language) (2024). [Online; accessed 05-July-2024]
Wikipedia: COBOL — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/COBOL (2024). [Online; accessed 05-July-2024]
Wikipedia: ENIAC — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/ENIAC (2024). [Online; accessed 05-July-2024]
Wikipedia: Fortran — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Fortran (2024). [Online; accessed 05-July-2024]
Wikipedia: GrammaTech — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/GrammaTech (2024). [Online; accessed 05-July-2024]
Wikipedia: History of software — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/History_of_software (2024). [Online; accessed 05-July-2024]
Wikipedia: Java — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Java_(programming_language) (2024). [Online; accessed 05-July-2024]
Wikipedia: JavaScript — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/JavaScript (2024). [Online; accessed 05-July-2024]
Wikipedia: LISP — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/LISP (2024). [Online; accessed 05-July-2024]
Wikipedia: PHP — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/PHP (2024). [Online; accessed 05-July-2024]
Wikipedia: Polyspace — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Polyspace (2024). [Online; accessed 05-July-2024]
Wikipedia: Smalltalk — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Smalltalk (2024). [Online; accessed 05-July-2024]
Wikipedia: Smart Contract — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Smart_contract (2024). [Online; accessed 05-July-2024]
Wikipedia: Solidity — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/Solidity (2024). [Online; accessed 05-July-2024]
Wikipedia: The DAO — Wikipedia, the free encyclopedia. https://en.wikipedia.org/wiki/The_DAO (2024). [Online; accessed 05-July-2024]
Acknowledgement
Work partially supported by SERICS (PE00000014 – CUP H73C2200089001) under the NRRP MUR program funded by the EU – NGEU, and by iNEST – Interconnected NordEst Innovation Ecosystem funded by PNRR (Mission 4.2, Investment 49 1.5) NextGeneration EU (ECS_00000043 – CUP H43C22000540006).
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher’s Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Open Access This article is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License, which permits any non-commercial use, sharing, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons licence, and indicate if you modified the licensed material. You do not have permission under this licence to share adapted material derived from this article or parts of it. The images or other third party material in this article are included in the article’s Creative Commons licence, unless indicated otherwise in a credit line to the material. If material is not included in the article’s Creative Commons licence and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder. To view a copy of this licence, visit http://creativecommons.org/licenses/by-nc-nd/4.0/.
About this article
Cite this article
Ferrara, P., Arceri, V. & Cortesi, A. Challenges of software verification: the past, the present, the future. Int J Softw Tools Technol Transfer 26, 421–430 (2024). https://doi.org/10.1007/s10009-024-00765-y
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10009-024-00765-y