Efficient Symbolic Execution of Value-Based Data Structures for Critical Systems

  • Jason Belt
  • Robby
  • Patrice Chalin
  • John Hatcliff
  • Xianghua Deng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7226)

Abstract

Symbolic execution shows promise for increasing the automation of verification tasks in certified safety/security-critical systems, where use of statically allocated value-based data structures is mandated. In fact Spark/Ada, a subset of Ada designed for verification and used for building critical systems, only permits data structures that are statically allocated. This paper describes a novel and efficient graph-based representation for programs making use of value-based data structures and procedure contracts. We show that our graph-based representation offers performance superior to a logic-based representation that is used in many approaches that delegate array reasoning to a decision procedure.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ahrendt, W., Baar, T., Beckert, B., Bubel, R., Giese, M., Hähnle, R., Menzel, W., Mostowski, W., Roth, A., Schlager, S., Schmitt, P.H.: The KeY tool. Software and Systems Modeling 4, 32–54 (2005)CrossRefGoogle Scholar
  2. 2.
    Barnes, J.: High Integrity Software—the SPARK Approach to Safety and Security. AW (2003)Google Scholar
  3. 3.
    Belt, J., Hatcliff, J., Robby, Chalin, P., Hardin, D., Deng, X.: Bakar Kiasan: Flexible Contract Checking for Critical Systems Using Symbolic Execution. In: Bobaru, M., Havelund, K., Holzmann, G.J., Joshi, R. (eds.) NFM 2011. LNCS, vol. 6617, pp. 58–72. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  4. 4.
    Belt, J., Robby, Chalin, P., Hatcliff, J., Deng, X.: Efficient symbolic execution of programs for critical systems. Technical Report SAnToS-TR2011-01-10, Kansas State University (2011), http://people.cis.ksu.edu/~belt/SAnToS-TR2011-01-10.pdf
  5. 5.
    Belt, J., Robby, Deng, X.: Sireum/Topi LDP: A lightweight semi-decision procedure for optimizing symbolic execution-based analyses. In: Symposium on the Foundations of Software Engineering (ESEC/FSE), pp. 355–364 (2009)Google Scholar
  6. 6.
    Berdine, J., Calcagno, C., O’Hearn, P.W.: Symbolic Execution with Separation Logic. In: Yi, K. (ed.) APLAS 2005. LNCS, vol. 3780, pp. 52–68. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  7. 7.
    Bradley, A.R., Manna, Z., Sipma, H.B.: What’s Decidable About Arrays? In: Emerson, E.A., Namjoshi, K.S. (eds.) VMCAI 2006. LNCS, vol. 3855, pp. 427–442. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Cadar, C., Dunbar, D., Engler, D.R.: Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In: USENIX Symposium on Operating Systems Design and Implementation (OSDI), pp. 209–224. USENIX Association (2008)Google Scholar
  9. 9.
    de Moura, L., Bjørner, N.: Z3: An Efficient SMT Solver. In: Ramakrishnan, C.R., Rehof, J. (eds.) TACAS 2008. LNCS, vol. 4963, pp. 337–340. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Deng, X., Lee, J., Robby: Efficient and formal generalized symbolic execution. Automated Software Engineering, 1–69 Online First: 10.1007/s10515-011-0089-9 (to appear, 2012)Google Scholar
  11. 11.
    Distefano, D., Parkinson, M.J.: Jstar: towards practical verification for Java. In: Proceedings of the 23rd ACM SIGPLAN Conference on Object-Oriented Programming Systems Languages and Applications (OOPSLA 2008), pp. 213–226 (2008)Google Scholar
  12. 12.
    Dutertre, B., de Moura, L.: The Yices SMT solver. Tool paper (August 2006), http://yices.csl.sri.com/tool-paper.pdf
  13. 13.
    Godefroid, P., Klarlund, N., Sen, K.: DART: Directed automated random testing. In: ACM SIGPLAN 2005 Conference on Programming Language Design and Implementation (PLDI), pp. 213–223. ACM Press (2005)Google Scholar
  14. 14.
    Grieskamp, W., Tillmann, N., Schulte, W.: XRT - exploring runtime for.NET - architecture and applications. In: Workshop on Software Model Checking (2005)Google Scholar
  15. 15.
    Jacobs, B., Smans, J., Piessens, F.: A Quick Tour of the VeriFast Program Verifier. In: Ueda, K. (ed.) APLAS 2010. LNCS, vol. 6461, pp. 304–311. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  16. 16.
    Khurshid, S., Păsăreanu, C.S., Visser, W.: Generalized Symbolic Execution for Model Checking and Testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Lev-Ami, T., Sagiv, M.: TVLA: A System for Implementing Static Analyses. In: SAS 2000. LNCS, vol. 1824, pp. 280–302. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  18. 18.
    Rossebo, B., Oman, P., Alves-Foss, J., Blue, R., Jaszkowiak, P.: Using SPARK-Ada to model and verify a MILS message router. In: Proceedings of the International Symposium on Secure Software Engineering (2006)Google Scholar
  19. 19.
    Rushby, J.: The design and verification of secure systems. In: 8th ACM Symposium on Operating Systems Principles, vol. 15(5), pp. 12–21 (1981)Google Scholar
  20. 20.
    Sen, K., Agha, G.: CUTE: A concolic unit testing engine for C. In: ACM SIGSOFT Symposium on the Foundations of Software Engineering (FSE), pp. 263–272 (2005)Google Scholar
  21. 21.
    Sen, K., Agha, G.: CUTE and jCUTE: Concolic Unit Testing and Explicit Path Model-Checking Tools. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 419–423. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  22. 22.
    Staats, M., Pasareanu, C.S.: Parallel symbolic execution for structural test generation. In: ISSTA, pp. 183–194 (2010)Google Scholar
  23. 23.
    Tillmann, N., de Halleux, J.: Pex–White Box Test Generation for.NET. In: Beckert, B., Hähnle, R. (eds.) TAP 2008. LNCS, vol. 4966, pp. 134–153. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  24. 24.
  25. 25.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Jason Belt
    • 1
  • Robby
    • 1
  • Patrice Chalin
    • 1
  • John Hatcliff
    • 1
  • Xianghua Deng
    • 2
  1. 1.Kansas State UniversityUnited States
  2. 2.Google Inc.United States

Personalised recommendations