Augmenting Counterexample-Guided Abstraction Refinement with Proof Templates

Buffer overflow vulnerabilities are the result of programing errors that allow out-of-bounds writes to arrays. Verifying the safety of array writes is thus vital to ensuring program security. However, existing software model checkers based on abstraction-refinement perform poorly at this task, resulting in analyses which often depend on array size. We observe that many of these analyses can be made efficient by providing proof templates, which specify a modular proof strategy with predicates and assumptions to use and then discharge. Our proof tem-plates, which are associated with common programming idioms, guide the model checker towards proofs that are independent of array size. We have integrated this technique into our software model checker, PTYASM, and have evaluated our approach on a set of testcases derived from the Verisec suite, demonstrating that our technique enables verification of the safety of array accesses independently of array size.