Software defect detection by combining bounded model checking and approximations of functions
- 57 Downloads
In recent years, the study of a software quality assurance technique called bounded model checking (BMC) has been increasingly intensified, because it makes it possible to successfully detect both functional and nonfunctional defects in real software. In this paper, we propose an original approach to the implementation of BMC based on combining the results of several recent studies in this field, namely, the use of the LLVM compiler infrastructure for parsing and transformation of the source code, the use of SMT-solver Z3 for the verification of the correctness of the properties, and the improvement of the analysis efficiency using the approximation of functions. The experimental results show that the approach can be applied to real projects.
Keywordsbounded model checking code contracts Craig interpolation SMT error detection
Unable to display preview. Download preview PDF.
- 3.Cordeiro, L., Fischer, B., and Marques-Silva, J., SMT-based bounded model checking for embedded ANSI-C software, Proc. ASE, 2009, pp. 137–148.Google Scholar
- 4.Merz, F., Falke, S., and Sinz, C., The low-level bounded model checker: Bounded model checking of C and C++ programs using a compiler IR, Compt. Sci., 2012, vol. 7152, pp. 146–161.Google Scholar
- 5.Itsykson, V.M., and Glukhikh, M.I., Language of specifications of program component behavior, Nauchno-tehnicheskie vedomosti St. Pb. Gos. Politekh. Univ. Informatika. Telekommunikacii. Upravlenie, 2010, vol. 3, no. 101, pp. 63–70.Google Scholar
- 6.Itsykson, V.M. and Zozulya, A.V., Automated program transformation for migration to new libraries, Proc. CEE-SECR-11; Program. Inzhener., 2012, no. 6, pp. 8–14.Google Scholar
- 8.Sery, O., Fedyukovich, G., and Sharygina, N., Interpolation-based function summaries in bounded model checking, Proc. Haifa Verification Conf. (HVC-11), 2011, pp. 160–175.Google Scholar
- 10.Barrett, C., Sebastiani, R., Seshia, S.A., and Tinelli, C., Satisfiability modulo theories, in Handbook of Satisfiability. Frontiers in Artificial Intelligence and Applications, 2009, pp. 825–885.Google Scholar
- 11.Lattner, C. and Adve, V., Low-level virtual machine (LLVM): A compilation framework for lifelong program analysis and transformation, Proc. Int. Symp. on Code Generation and Optimization (CGO’04), 2004, pp. 75–86.Google Scholar
- 12.Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., and Zadeck, F.K., Efficiently computing static single assignment form and the control dependence graph, Association for Computing Machinery: Transactions on Programming Languages and Systems (ACM TOPLAS), 1991, vol. 13, pp. 451–490.Google Scholar
- 16.Barrett, C., de Moura, L., and Stump, A., Satisfiability Modulo Theories Competition (SMT-Comp.), CAV’05, 2005, pp. 503–516.Google Scholar
- 18.Coverity. Open Source Report 2011. http://www.coverity.com/library/pdf/coverity-scan-2011-open-sourceintegrity-report.pdf
- 19.NEC Laboratories. NECLA Static Analysis Benchmarks. 2013. http://www.nec-labs.com/research/system/systems-SAV-website/benchmarks.php Google Scholar