196 research outputs found
On the Concept of Variable Roles and its Use in Software Analysis
Human written source code in imperative programming languages exhibits
typical patterns for variable use such as flags, loop iterators, counters,
indices, bitvectors etc. Although it is widely understood by practitioners that
these variable roles are important for automated software analysis tools, they
are not systematically studied by the formal methods community, and not well
documented in the research literature. In this paper, we study the notion of
variable roles on the example of basic types (int, float, char) in C. We
propose a classification of the variables in a program by variable roles, and
demonstrate that classical data flow analysis lends itself naturally both as a
specification formalism and an analysis paradigm for this classification
problem. We demonstrate the practical applicability of our method by predicting
membership of source files to the different categories of the software
verification competition SVCOMP 2013
A Survey of Satisfiability Modulo Theory
International audienceSatisfiability modulo theory (SMT) consists in testing the satisfiability of first-order formulas over linear integer or real arithmetic, or other theories. In this survey, we explain the combination of propositional satisfiability and decision procedures for conjunctions known as DPLL(T), and the alternative "natural domain" approaches. We also cover quantifiers, Craig interpolants, polynomial arithmetic, and how SMT solvers are used in automated software analysis
The Future of Software Certification - A Roadmap
We present some thoughts on how automated software analysis tools can support the certification of safety-critical software
Automated Security Analysis of IoT Software Updates
IoT devices often operate unsupervised in ever-changing environments for several years. Therefore, they need to be updated on a regular basis. Current approaches for software updates on IoT, like the recent SUIT proposal, focus on granting integrity and confidentiality but do not analyze the content of the software update, especially the IoT application which is deployed to IoT devices. To this aim, in this paper, we present IoTAV, an automated software analysis framework for systematically verifying the security of the applications contained in software updates w.r.t. a given security policy. Our proposal can be adopted transparently by current IoT software updates workflows. We prove the viability of IoTAV by testing our methodology on a set of actual RIOT OS applications. Experimental results indicate that the approach is viable in terms of both reliability and performance, leading to the identification of 26 security policy violations in 31 real-world RIOT applications
Abstraction refinement for games with incomplete information
Counterexample-guided abstraction refinement (CEGAR) is used in automated software analysis to find suitable finite-state abstractions of infinite-state systems. In this paper, we extend CEGAR to games with incomplete information, as they commonly occur in controller synthesis and modular verification. The challenge is that, under incomplete information, one must carefully account for the knowledge available to the player: the strategy must not depend on information the player cannot see. We propose an abstraction mechanism for games under incomplete information that incorporates the approximation of the players\' moves into a knowledge-based subset construction on the abstract state space. This abstraction results in a perfect-information game over a finite graph. The concretizability of abstract strategies can be encoded as the satisfiability of strategy-tree formulas. Based on this encoding, we present an interpolation-based approach for selecting new predicates and provide sufficient conditions for the termination of the resulting refinement loop
Automated Game Design Learning
While general game playing is an active field of research, the learning of
game design has tended to be either a secondary goal of such research or it has
been solely the domain of humans. We propose a field of research, Automated
Game Design Learning (AGDL), with the direct purpose of learning game designs
directly through interaction with games in the mode that most people experience
games: via play. We detail existing work that touches the edges of this field,
describe current successful projects in AGDL and the theoretical foundations
that enable them, point to promising applications enabled by AGDL, and discuss
next steps for this exciting area of study. The key moves of AGDL are to use
game programs as the ultimate source of truth about their own design, and to
make these design properties available to other systems and avenues of inquiry.Comment: 8 pages, 2 figures. Accepted for CIG 201
Performance Evaluation of Automated Static Analysis Tools
Automated static analysis tools can perform efficient thorough checking of important properties of, and extract and summarize critical information about, a source program. This paper evaluates three open-source static analysis tools; Flawfinder, Cppcheck and Yasca. Each tool is analyzed with regards to usability, IDE integration, performance, and accuracy. Special emphasis is placed on the integration of these tools into the development environment to enable analysis during all phases of development as well as to enable extension of rules and other improvements within the tools. It is shown that Flawfinder be the easiest to modify and extend, Cppcheck be inviting to novices, and Yasca be the most accurate and versatile
A Survey of Satisfiability Modulo Theory
Satisfiability modulo theory (SMT) consists in testing the satisfiability of
first-order formulas over linear integer or real arithmetic, or other theories.
In this survey, we explain the combination of propositional satisfiability and
decision procedures for conjunctions known as DPLL(T), and the alternative
"natural domain" approaches. We also cover quantifiers, Craig interpolants,
polynomial arithmetic, and how SMT solvers are used in automated software
analysis.Comment: Computer Algebra in Scientific Computing, Sep 2016, Bucharest,
Romania. 201
- …