Software defect detection by combining bounded model checking and approximations of functions

Abstract

In recent years, the study of a software quality assurance technique called bounded model checking (BMC) has been increasingly intensified, because it makes it possible to successfully detect both functional and nonfunctional defects in real software. In this paper, we propose an original approach to the implementation of BMC based on combining the results of several recent studies in this field, namely, the use of the LLVM compiler infrastructure for parsing and transformation of the source code, the use of SMT-solver Z3 for the verification of the correctness of the properties, and the improvement of the analysis efficiency using the approximation of functions. The experimental results show that the approach can be applied to real projects.

This is a preview of subscription content, access via your institution.

References

  1. 1.

    Clarke, E., Kroening, D., and Lerda, F.A., Tool for checking ANSI-C programs, Proc. Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’04), 2004, pp. 168–176.

    Google Scholar 

  2. 2.

    Armando, A., Mantovani, J., and Platania, L., Bounded model checking of software using SMT solvers instead of SAT solvers, Int. J. Soft. Tools Technol. Transf., 2009, vol. 11, pp. 69–83.

    Article  Google Scholar 

  3. 3.

    Cordeiro, L., Fischer, B., and Marques-Silva, J., SMT-based bounded model checking for embedded ANSI-C software, Proc. ASE, 2009, pp. 137–148.

    Google Scholar 

  4. 4.

    Merz, F., Falke, S., and Sinz, C., The low-level bounded model checker: Bounded model checking of C and C++ programs using a compiler IR, Compt. Sci., 2012, vol. 7152, pp. 146–161.

    Google Scholar 

  5. 5.

    Itsykson, V.M., and Glukhikh, M.I., Language of specifications of program component behavior, Nauchno-tehnicheskie vedomosti St. Pb. Gos. Politekh. Univ. Informatika. Telekommunikacii. Upravlenie, 2010, vol. 3, no. 101, pp. 63–70.

    Google Scholar 

  6. 6.

    Itsykson, V.M. and Zozulya, A.V., Automated program transformation for migration to new libraries, Proc. CEE-SECR-11; Program. Inzhener., 2012, no. 6, pp. 8–14.

    Google Scholar 

  7. 7.

    Baudin, P., Filliatre, J.C., Hubert, T., Marché, C., Monate, B., Moy, Y., and Prevosto, V., ACSL: ANSI/ISO C Specification Language. Preliminary Design, Version 1.4, 2008. http://www.frama-c.cea.fr/download/acsl-1.4.pdf

    Google Scholar 

  8. 8.

    Sery, O., Fedyukovich, G., and Sharygina, N., Interpolation-based function summaries in bounded model checking, Proc. Haifa Verification Conf. (HVC-11), 2011, pp. 160–175.

    Google Scholar 

  9. 9.

    Biere, A., Cimatti, A., Clarke, E. M., and Zhu, Y., Symbolic model checking without BDDs, Proc. 5th Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’99), 1999, pp. 193–207.

    Google Scholar 

  10. 10.

    Barrett, C., Sebastiani, R., Seshia, S.A., and Tinelli, C., Satisfiability modulo theories, in Handbook of Satisfiability. Frontiers in Artificial Intelligence and Applications, 2009, pp. 825–885.

    Google Scholar 

  11. 11.

    Lattner, C. and Adve, V., Low-level virtual machine (LLVM): A compilation framework for lifelong program analysis and transformation, Proc. Int. Symp. on Code Generation and Optimization (CGO’04), 2004, pp. 75–86.

    Google Scholar 

  12. 12.

    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., and Zadeck, F.K., Efficiently computing static single assignment form and the control dependence graph, Association for Computing Machinery: Transactions on Programming Languages and Systems (ACM TOPLAS), 1991, vol. 13, pp. 451–490.

    Google Scholar 

  13. 13.

    McMillan, K.L., Applications of Craig interpolants in model checking, Proc. Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’05), 2005, pp. 1–12.

    Google Scholar 

  14. 14.

    Craig, W., Three uses of the Herbrand-Gentzen theorem in relating model theory and proof theory, The J. Symbol. Logic, 1957, vol. 22, pp. 269–285.

    Article  MATH  MathSciNet  Google Scholar 

  15. 15.

    de Moura, L. and Bjørner, N., Z3: An efficient SMT solver, Proc. Int. Conf. on Tools and Algorithms for Construction and Analysis of Systems, (TACAS’08), 2008, pp. 337–340.

    Google Scholar 

  16. 16.

    Barrett, C., de Moura, L., and Stump, A., Satisfiability Modulo Theories Competition (SMT-Comp.), CAV’05, 2005, pp. 503–516.

    Google Scholar 

  17. 17.

    Cok, D.R., Griggio, A., and Bruttomesso, R., The 2012 SMT Competition. 2012. http://smtcomp.sourceforge.net/2012/

    Google Scholar 

  18. 18.

    Coverity. Open Source Report 2011. http://www.coverity.com/library/pdf/coverity-scan-2011-open-sourceintegrity-report.pdf

  19. 19.

    NEC Laboratories. NECLA Static Analysis Benchmarks. 2013. http://www.nec-labs.com/research/system/systems-SAV-website/benchmarks.php

    Google Scholar 

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to M. Kh. Akhin.

Additional information

Original Russian Text © M.Kh. Akhin, M.A. Belyaev, V.M. Itsykson, 2013, published in Modelirovanie i Analiz Informatsionnykh Sistem, 2013, No. 6, pp. 22–35.

About this article

Verify currency and authenticity via CrossMark

Cite this article

Akhin, M.K., Belyaev, M.A. & Itsykson, V.M. Software defect detection by combining bounded model checking and approximations of functions. Aut. Control Comp. Sci. 48, 389–397 (2014). https://doi.org/10.3103/S0146411614070025

Download citation

Keywords

  • bounded model checking
  • code contracts
  • Craig interpolation
  • SMT
  • error detection