Software defect detection by combining bounded model checking and approximations of functions

Abstract

In recent years, the study of a software quality assurance technique called bounded model checking (BMC) has been increasingly intensified, because it makes it possible to successfully detect both functional and nonfunctional defects in real software. In this paper, we propose an original approach to the implementation of BMC based on combining the results of several recent studies in this field, namely, the use of the LLVM compiler infrastructure for parsing and transformation of the source code, the use of SMT-solver Z3 for the verification of the correctness of the properties, and the improvement of the analysis efficiency using the approximation of functions. The experimental results show that the approach can be applied to real projects.

References

1. 1.

   Clarke, E., Kroening, D., and Lerda, F.A., Tool for checking ANSI-C programs, Proc. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04), 2004, pp. 168–176.

2. 2.

   Armando, A., Mantovani, J., and Platania, L., Bounded model checking of software using SMT solvers instead of SAT solvers, Int. J. Soft. Tools Technol. Transf., 2009, vol. 11, pp. 69–83.

3. 3.

   Cordeiro, L., Fischer, B., and Marques-Silva, J., SMT-based bounded model checking for embedded ANSI-C software, Proc. ASE, 2009, pp. 137–148.

4. 4.

   Merz, F., Falke, S., and Sinz, C., The low-level bounded model checker: Bounded model checking of C and C++ programs using a compiler IR, Compt. Sci., 2012, vol. 7152, pp. 146–161.

5. 5.

   Itsykson, V.M., and Glukhikh, M.I., Language of specifications of program component behavior, Nauchno-tehnicheskie vedomosti St. Pb. Gos. Politekh. Univ. Informatika. Telekommunikacii. Upravlenie, 2010, vol. 3, no. 101, pp. 63–70.

6. 6.

   Itsykson, V.M. and Zozulya, A.V., Automated program transformation for migration to new libraries, Proc. CEE-SECR-11; Program. Inzhener., 2012, no. 6, pp. 8–14.

7. 7.

   Baudin, P., Filliatre, J.C., Hubert, T., Marché, C., Monate, B., Moy, Y., and Prevosto, V., ACSL: ANSI/ISO C Specification Language. Preliminary Design, Version 1.4, 2008. http://www.frama-c.cea.fr/download/acsl-1.4.pdf

8. 8.

   Sery, O., Fedyukovich, G., and Sharygina, N., Interpolation-based function summaries in bounded model checking, Proc. Haifa Verification Conf. (HVC-11), 2011, pp. 160–175.

9. 9.

   Biere, A., Cimatti, A., Clarke, E. M., and Zhu, Y., Symbolic model checking without BDDs, Proc. 5th Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’99), 1999, pp. 193–207.

10. 10.

    Barrett, C., Sebastiani, R., Seshia, S.A., and Tinelli, C., Satisfiability modulo theories, in Handbook of Satisfiability. Frontiers in Artificial Intelligence and Applications, 2009, pp. 825–885.

11. 11.

    Lattner, C. and Adve, V., Low-level virtual machine (LLVM): A compilation framework for lifelong program analysis and transformation, Proc. Int. Symp. on Code Generation and Optimization (CGO’04), 2004, pp. 75–86.

12. 12.

    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., and Zadeck, F.K., Efficiently computing static single assignment form and the control dependence graph, Association for Computing Machinery: Transactions on Programming Languages and Systems (ACM TOPLAS), 1991, vol. 13, pp. 451–490.

13. 13.

    McMillan, K.L., Applications of Craig interpolants in model checking, Proc. Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’05), 2005, pp. 1–12.

14. 14.

    Craig, W., Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory, The J. Symbol. Logic, 1957, vol. 22, pp. 269–285.

15. 15.

    de Moura, L. and Bjørner, N., Z3: An efficient SMT solver, Proc. Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’08), 2008, pp. 337–340.

16. 16.

    Barrett, C., de Moura, L., and Stump, A., Satisfiability Modulo Theories Competition (SMT-Comp.), CAV’05, 2005, pp. 503–516.

17. 17.

    Cok, D.R., Griggio, A., and Bruttomesso, R., The 2012 SMT Competition. 2012. http://smtcomp.sourceforge.net/2012/

18. 18.

    Coverity. Open Source Report 2011. http://www.coverity.com/library/pdf/coverity-scan-2011-open-sourceintegrity-report.pdf

19. 19.

    NEC Laboratories. NECLA Static Analysis Benchmarks. 2013. http://www.nec-labs.com/research/system/systems-SAV-website/benchmarks.php