45 research outputs found
Model Checker Execution Reports
Software model checking constitutes an undecidable problem and, as such, even
an ideal tool will in some cases fail to give a conclusive answer. In practice,
software model checkers fail often and usually do not provide any information
on what was effectively checked. The purpose of this work is to provide a
conceptual framing to extend software model checkers in a way that allows users
to access information about incomplete checks. We characterize the information
that model checkers themselves can provide, in terms of analyzed traces, i.e.
sequences of statements, and safe cones, and present the notion of execution
reports, which we also formalize. We instantiate these concepts for a family of
techniques based on Abstract Reachability Trees and implement the approach
using the software model checker CPAchecker. We evaluate our approach
empirically and provide examples to illustrate the execution reports produced
and the information that can be extracted
Differentially Testing Soundness and Precision of Program Analyzers
In the last decades, numerous program analyzers have been developed both by
academia and industry. Despite their abundance however, there is currently no
systematic way of comparing the effectiveness of different analyzers on
arbitrary code. In this paper, we present the first automated technique for
differentially testing soundness and precision of program analyzers. We used
our technique to compare six mature, state-of-the art analyzers on tens of
thousands of automatically generated benchmarks. Our technique detected
soundness and precision issues in most analyzers, and we evaluated the
implications of these issues to both designers and users of program analyzers
Model checker execution reports
Software model checking constitutes an undecidable problem and, as such, even an ideal tool will in some cases fail to give a conclusive answer. In practice, software model checkers fail often and usually do not provide any information on what was effectively checked. The purpose of this work is to provide a conceptual framing to extend software model checkers in a way that allows users to access information about incomplete checks. We characterize the information that model checkers themselves can provide, in terms of analyzed traces, i.e. sequences of statements, and safe canes, and present the notion of execution reports (ERs), which we also formalize. We instantiate these concepts for a family of techniques based on Abstract Reachability Trees and implement the approach using the software model checker CPAchecker. We evaluate our approach empirically and provide examples to illustrate the ERs produced and the information that can be extracted