Cut Branches Before Looking for Bugs: Sound Verification on Relaxed Slices

  • Jean-Christophe LéchenetEmail author
  • Nikolai Kosmatov
  • Pascale Le Gall
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9633)


Program slicing can be used to reduce a given initial program to a smaller one (a slice) which preserves the behavior of the initial program with respect to a chosen criterion. Verification and validation (V&V) of software can become easier on slices, but require particular care in presence of errors or non-termination in order to avoid unsound results or a poor level of reduction in slices.

This article proposes a theoretical foundation for conducting V&V activities on a slice instead of the initial program. We introduce the notion of relaxed slicing that remains efficient even in presence of errors or non-termination, and establish an appropriate soundness property. It allows us to give a precise interpretation of verification results (absence or presence of errors) obtained for a slice in terms of the initial program. Our results have been proved in Coq.


Threatening Statement Runtime Error Control Dependence Initial Program Additional Dependency 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.



Part of the research work leading to these results has received funding for DEWI project ( from the ARTEMIS Joint Undertaking under grant agreement No. 621353. The authors thank Omar Chebaro, Alain Giorgetti and Jacques Julliand for many fruitful discussions and earlier work that lead to the initial ideas of this paper. Many thanks to the anonymous reviewers for lots of very helpful suggestions.


  1. 1.
    Formalization of relaxed slicing (2016).
  2. 2.
    Agrawal, H., DeMillo, R.A., Spafford, E.H.: Debugging with dynamic slicing and backtracking. Softw. Pract. Exper. 23(6), 589–616 (1993)CrossRefGoogle Scholar
  3. 3.
    Allen, M., Horwitz, S.: Slicing java programs that throw and catch exceptions. In: PEPM 2003, pp. 44–54 (2003)Google Scholar
  4. 4.
    Amtoft, T.: Slicing for modern program structures: a theory for eliminating irrelevant loops. Inf. Process. Lett. 106(2), 45–51 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Ball, T., Horwitz, S.: Slicing programs with arbitrary control-flow. In: Fritzson, P.A. (ed.) AADEBUG 1993. LNCS, vol. 749, pp. 206–222. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  6. 6.
    Barraclough, R.W., Binkley, D., Danicic, S., Harman, M., Hierons, R.M., Kiss, A., Laurence, M., Ouarbya, L.: A trajectory-based strict semantics for program slicing. Theor. Comp. Sci. 411(11–13), 1372–1386 (2010)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Bertot, Y., Castéran, P.: Interactive Theorem Proving and Program Development. Springer, Heidelberg (2004)CrossRefzbMATHGoogle Scholar
  8. 8.
    Binkley, D., Danicic, S., Gyimóthy, T., Harman, M., Kiss, Á., Korel, B.: Theoretical foundations of dynamic program slicing. Theor. Comput. Sci. 360(1–3), 23–41 (2006)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Binkley, D., Harman, M.: A survey of empirical results on program slicing. Adv. Comput. 62, 105–178 (2004)CrossRefGoogle Scholar
  10. 10.
    Blazy, S., Maroneze, A., Pichardie, D.: Verified validation of program slicing. CPP 2015, 109–117 (2015)Google Scholar
  11. 11.
    Cartwright, R., Felleisen, M.: The semantics of program dependence. In: PLDI (1989)Google Scholar
  12. 12.
    Chebaro, O., Cuoq, P., Kosmatov, N., Marre, B., Pacalet, A., Williams, N., Yakobowski, B.: Behind the scenes in SANTE: a combination of static and dynamic analyses. Autom. Softw. Eng. 21(1), 107–143 (2014)CrossRefGoogle Scholar
  13. 13.
    Chebaro, O., Kosmatov, N., Giorgetti, A., Julliand, J.: Program slicing enhances a verification technique combining static and dynamic analysis. In: SAC (2012)Google Scholar
  14. 14.
    Danicic, S., Barraclough, R.W., Harman, M., Howroyd, J., Kiss, Á., Laurence, M.R.: A unifying theory of control dependence and its application to arbitrary program structures. Theor. Comput. Sci. 412(49), 6809–6842 (2011)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Ge, X., Taneja, K., Xie, T., Tillmann, N.: DyTa: dynamic symbolic execution guided with static verification results. In: the 33rd International Conference on Software Engineering (ICSE 2011), pp. 992–994. ACM (2011)Google Scholar
  16. 16.
    Giacobazzi, R., Mastroeni, I.: Non-standard semantics for program slicing. High. Order Symbolic Comput. 16(4), 297–339 (2003)CrossRefzbMATHGoogle Scholar
  17. 17.
    Harman, M., Danicic, S.: Using program slicing to simplify testing. Softw. Test. Verif. Reliab. 5(3), 143–162 (1995)CrossRefGoogle Scholar
  18. 18.
    Harman, M., Simpson, D., Danicic, S.: Slicing programs in the presence of errors. Formal Aspects Comput. 8(4), 490–497 (1996)CrossRefzbMATHGoogle Scholar
  19. 19.
    Hierons, R.M., Harman, M., Danicic, S.: Using program slicing to assist in the detection of equivalent mutants. Softw. Test. Verif. Reliab. 9(4), 233–262 (1999)CrossRefGoogle Scholar
  20. 20.
    Horwitz, S., Reps, T., Binkley, D.: Interprocedural slicing using dependence graphs. In: PLDI (1988)Google Scholar
  21. 21.
    Kirchner, F., Kosmatov, N., Prevosto, V., Signoles, J., Yakobowski, B.: Frama-C: a software analysis perspective. Formal Asp. Comput. 27(3), 573–609 (2015)MathSciNetCrossRefGoogle Scholar
  22. 22.
    Kiss, B., Kosmatov, N., Pariente, D., Puccetti, A.: Combining static and dynamic analyses for vulnerability detection: illustration on heartbleed. In: Piterman, N., et al. (eds.) HVC 2015. LNCS, vol. 9434, pp. 39–50. Springer, Heidelberg (2015). doi: 10.1007/978-3-319-26287-1_3 CrossRefGoogle Scholar
  23. 23.
    Leroy, X.: Formal verification of a realistic compiler. Commun. ACM 52(7), 107–115 (2009)CrossRefGoogle Scholar
  24. 24.
    Nestra, H.: Transfinite semantics in the form of greatest fixpoint. J. Log. Algebr. Program. 78(7), 573–592 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Podgurski, A., Clarke, L.A.: A formal model of program dependences and its implications for software testing, debugging, and maintenance. IEEE Trans. Softw. Eng. 16(9), 965–979 (1990)CrossRefGoogle Scholar
  26. 26.
    Ranganath, V.P., Amtoft, T., Banerjee, A., Hatcliff, J., Dwyer, M.B.: A new foundation for control dependence and slicing for modern program structures. ACM Trans. Program. Lang. Syst. 29(5) (2007). Article number (27)Google Scholar
  27. 27.
    Reps, T.W., Yang, W.: The semantics of program slicing and program integration. In: TAPSOFT (1989)Google Scholar
  28. 28.
    Reps, T.W., Yang, W.: The semantics of program slicing. Technical report, University of Wisconsin (1988)Google Scholar
  29. 29.
    Silva, J.: A vocabulary of program slicing-based techniques. ACM Comput. Surv. 44(3), 12 (2012)CrossRefzbMATHGoogle Scholar
  30. 30.
    Tip, F.: A survey of program slicing techniques. J. Prog. Lang. 3(3), 121–189 (1995)Google Scholar
  31. 31.
    Wasserrab, D.: From formal semantics to verified slicing: a modular framework with applications in language based security. Ph.D. thesis, Karlsruhe Inst. of Techn (2011)Google Scholar
  32. 32.
    Weiser, M.: Program slicing. In: ICSE (1981)Google Scholar
  33. 33.
    Weiser, M.: Programmers use slices when debugging. Commun. ACM 25(7), 446–452 (1982)CrossRefGoogle Scholar
  34. 34.
    Weiser, M.: Program slicing. IEEE Trans. Softw. Eng. 10(4), 352–357 (1984)CrossRefzbMATHGoogle Scholar
  35. 35.
    Xu, B., Qian, J., Zhang, X., Wu, Z., Chen, L.: A brief survey of program slicing. ACM SIGSOFT Softw. Eng. Notes 30(2), 1–36 (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Jean-Christophe Léchenet
    • 1
    • 2
    Email author
  • Nikolai Kosmatov
    • 1
  • Pascale Le Gall
    • 2
  1. 1.CEA, LIST, Software Reliability and Security LaboratoryGif-sur-YvetteFrance
  2. 2.Laboratoire de Mathématiques et Informatique pour la Complexité et les SystèmesCentraleSupélec, Université Paris-SaclayChâtenay-MalabryFrance

Personalised recommendations