A Reachability Predicate for Analyzing Low-Level Software

نویسندگان

  • Shaunak Chatterjee
  • Shuvendu K. Lahiri
  • Shaz Qadeer
  • Zvonimir Rakamaric
چکیده

Reasoning about heap-allocated data structures such as linked lists and arrays is challenging. The reachability predicate has proved to be useful for reasoning about the heap in type-safe languages where memory is manipulated by dereferencing object fields. Sound and precise analysis for such data structures becomes significantly more challenging in the presence of low-level pointer manipulation that is prevalent in systems software. In this paper, we give a novel formalization of the reachability predicate in the presence of internal pointers and pointer arithmetic. We have designed an annotation language for C programs that makes use of the new predicate. This language enables us to specify properties of many interesting data structures present in the Windows kernel. We present preliminary experience with a prototype verifier on a set of illustrative C benchmarks.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Using the Karp-Miller Tree Construction to Analyse Concurrent Finite-State Programs

The formal analysis of multi-threaded programs is among the grand challenges of software verification research. In this dissertation, we consider non-recursive multi-threaded Boolean programs, the principal ingredient in predicate abstraction. We introduced a exact and complete solution for thread-state reachability analysis of concurrent Boolean programs with unbounded thread creation. We pres...

متن کامل

The Blast Query Language for Software Verification

Blast is an automatic verification tool for checking temporal safety properties of C programs. Blast is based on lazy predicate abstraction driven by interpolation-based predicate discovery. In this paper, we present the Blast specification language. The language specifies program properties at two levels of precision. At the lower level, monitor automata are used to specify temporal safety pro...

متن کامل

Reachability Analysis of Hybrid Systems using Counter-Example Guided Predicate Abstraction∗

Predicate abstraction has emerged to be a powerful technique for extracting finite-state models from infinite-state discrete programs. This report presents algorithms and tools for reachability analysis of hybrid systems by combining the notion of counter-example guided predicate abstraction with recent techniques for approximating the set of reachable states of linear systems using polyhedra. ...

متن کامل

Dynamic Cutoff Detection in Parameterized Concurrent Programs

We consider the class of finite-state programs executed by an unbounded number of replicated threads communicating via shared variables. The thread-state reachability problem for this class is essential in software verification using predicate abstraction. While this problem is decidable via Petri net coverability analysis, techniques solely based on coverability suffer from the problem’s expon...

متن کامل

Verification of Component-Based Systems via Predicate Abstraction and Simultaneous Set Reduction

This paper presents a novel safety property verification approach for component-based systems modelled in BIP (Behaviour, Interaction and Priority), encompassing multiparty synchronisation with data transfer and priority. Our contributions consist of: (1) an on-the-fly lazy predicate abstraction technique for BIP; (2) a novel explicit state reduction technique, called simultaneous set reduction...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2007