Automatic Control and Computer Sciences

, Volume 48, Issue 7, pp 389–397 | Cite as

Software defect detection by combining bounded model checking and approximations of functions

Article

Abstract

In recent years, the study of a software quality assurance technique called bounded model checking (BMC) has been increasingly intensified, because it makes it possible to successfully detect both functional and nonfunctional defects in real software. In this paper, we propose an original approach to the implementation of BMC based on combining the results of several recent studies in this field, namely, the use of the LLVM compiler infrastructure for parsing and transformation of the source code, the use of SMT-solver Z3 for the verification of the correctness of the properties, and the improvement of the analysis efficiency using the approximation of functions. The experimental results show that the approach can be applied to real projects.

Keywords

bounded model checking code contracts Craig interpolation SMT error detection 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Clarke, E., Kroening, D., and Lerda, F.A., Tool for checking ANSI-C programs, Proc. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04), 2004, pp. 168–176.CrossRefGoogle Scholar
  2. 2.
    Armando, A., Mantovani, J., and Platania, L., Bounded model checking of software using SMT solvers instead of SAT solvers, Int. J. Soft. Tools Technol. Transf., 2009, vol. 11, pp. 69–83.CrossRefGoogle Scholar
  3. 3.
    Cordeiro, L., Fischer, B., and Marques-Silva, J., SMT-based bounded model checking for embedded ANSI-C software, Proc. ASE, 2009, pp. 137–148.Google Scholar
  4. 4.
    Merz, F., Falke, S., and Sinz, C., The low-level bounded model checker: Bounded model checking of C and C++ programs using a compiler IR, Compt. Sci., 2012, vol. 7152, pp. 146–161.Google Scholar
  5. 5.
    Itsykson, V.M., and Glukhikh, M.I., Language of specifications of program component behavior, Nauchno-tehnicheskie vedomosti St. Pb. Gos. Politekh. Univ. Informatika. Telekommunikacii. Upravlenie, 2010, vol. 3, no. 101, pp. 63–70.Google Scholar
  6. 6.
    Itsykson, V.M. and Zozulya, A.V., Automated program transformation for migration to new libraries, Proc. CEE-SECR-11; Program. Inzhener., 2012, no. 6, pp. 8–14.Google Scholar
  7. 7.
    Baudin, P., Filliatre, J.C., Hubert, T., Marché, C., Monate, B., Moy, Y., and Prevosto, V., ACSL: ANSI/ISO C Specification Language. Preliminary Design, Version 1.4, 2008. http://www.frama-c.cea.fr/download/acsl-1.4.pdf Google Scholar
  8. 8.
    Sery, O., Fedyukovich, G., and Sharygina, N., Interpolation-based function summaries in bounded model checking, Proc. Haifa Verification Conf. (HVC-11), 2011, pp. 160–175.Google Scholar
  9. 9.
    Biere, A., Cimatti, A., Clarke, E. M., and Zhu, Y., Symbolic model checking without BDDs, Proc. 5th Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’99), 1999, pp. 193–207.CrossRefGoogle Scholar
  10. 10.
    Barrett, C., Sebastiani, R., Seshia, S.A., and Tinelli, C., Satisfiability modulo theories, in Handbook of Satisfiability. Frontiers in Artificial Intelligence and Applications, 2009, pp. 825–885.Google Scholar
  11. 11.
    Lattner, C. and Adve, V., Low-level virtual machine (LLVM): A compilation framework for lifelong program analysis and transformation, Proc. Int. Symp. on Code Generation and Optimization (CGO’04), 2004, pp. 75–86.Google Scholar
  12. 12.
    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., and Zadeck, F.K., Efficiently computing static single assignment form and the control dependence graph, Association for Computing Machinery: Transactions on Programming Languages and Systems (ACM TOPLAS), 1991, vol. 13, pp. 451–490.Google Scholar
  13. 13.
    McMillan, K.L., Applications of Craig interpolants in model checking, Proc. Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’05), 2005, pp. 1–12.CrossRefGoogle Scholar
  14. 14.
    Craig, W., Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory, The J. Symbol. Logic, 1957, vol. 22, pp. 269–285.CrossRefMATHMathSciNetGoogle Scholar
  15. 15.
    de Moura, L. and Bjørner, N., Z3: An efficient SMT solver, Proc. Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’08), 2008, pp. 337–340.CrossRefGoogle Scholar
  16. 16.
    Barrett, C., de Moura, L., and Stump, A., Satisfiability Modulo Theories Competition (SMT-Comp.), CAV’05, 2005, pp. 503–516.Google Scholar
  17. 17.
    Cok, D.R., Griggio, A., and Bruttomesso, R., The 2012 SMT Competition. 2012. http://smtcomp.sourceforge.net/2012/ Google Scholar
  18. 18.
  19. 19.
    NEC Laboratories. NECLA Static Analysis Benchmarks. 2013. http://www.nec-labs.com/research/system/systems-SAV-website/benchmarks.php Google Scholar

Copyright information

© Allerton Press, Inc. 2014

Authors and Affiliations

  • M. Kh. Akhin
    • 1
  • M. A. Belyaev
    • 1
  • V. M. Itsykson
    • 1
  1. 1.St. Petersburg State Polytechnic UniversitySt. PetersburgRussia

Personalised recommendations