1,025 research outputs found
Fault Localization in Multi-Threaded C Programs using Bounded Model Checking (extended version)
Software debugging is a very time-consuming process, which is even worse for
multi-threaded programs, due to the non-deterministic behavior of
thread-scheduling algorithms. However, the debugging time may be greatly
reduced, if automatic methods are used for localizing faults. In this study, a
new method for fault localization, in multi-threaded C programs, is proposed.
It transforms a multi-threaded program into a corresponding sequential one and
then uses a fault-diagnosis method suitable for this type of program, in order
to localize faults. The code transformation is implemented with rules and
context switch information from counterexamples, which are typically generated
by bounded model checkers. Experimental results show that the proposed method
is effective, in such a way that sequential fault-localization methods can be
extended to multi-threaded programs.Comment: extended version of paper published at SBESC'1
Incremental bounded model checking for embedded software
Program analysis is on the brink of mainstream usage in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and test case generation are some of the most common applications of automated verification tools based on bounded model checking (BMC). Existing industrial tools for embedded software use an off-the-shelf bounded model checker and apply it iteratively to verify the program with an increasing number of unwindings. This approach unnecessarily wastes time repeating work that has already been done and fails to exploit the power of incremental SAT solving. This article reports on the extension of the software model checker CBMC to support incremental BMC and its successful integration with the industrial embedded software verification tool BTC EMBEDDED TESTER. We present an extensive evaluation over large industrial embedded programs, mainly from the automotive industry. We show that incremental BMC cuts runtimes by one order of magnitude in comparison to the standard non-incremental approach, enabling the application of formal verification to large and complex embedded software. We furthermore report promising results on analysing programs with arbitrary loop structure using incremental BMC, demonstrating its applicability and potential to verify general software beyond the embedded domain
Equivalence Checking a Floating-point Unit against a High-level C Model
Semiconductor companies have increasingly adopted a methodology that starts with a system-level design specification in C/C++/SystemC. This model is extensively simulated to ensure correct functionality and performance. Later, a Register Transfer Level (RTL) implementation is created in Verilog, either manually by a designer or automatically by a high-level synthesis tool. It is essential to check that the C and Verilog programs are consistent. In this paper, we present a two-step approach, embodied in two equivalence checking tools, VERIFOX and HW-CBMC, to validate designs at the software and RTL levels, respectively. VERIFOX is used for equivalence checking of an untimed software model in C against a high-level reference model in C. HW-CBMC verifies the equivalence of a Verilog RTL implementation against an untimed software model in C. To evaluate our tools, we applied them to a commercial floating-point arithmetic unit (FPU) from ARM and an open-source dual-path floating-point adder
Generating Non-Linear Interpolants by Semidefinite Programming
Interpolation-based techniques have been widely and successfully applied in
the verification of hardware and software, e.g., in bounded-model check- ing,
CEGAR, SMT, etc., whose hardest part is how to synthesize interpolants. Various
work for discovering interpolants for propositional logic, quantifier-free
fragments of first-order theories and their combinations have been proposed.
However, little work focuses on discovering polynomial interpolants in the
literature. In this paper, we provide an approach for constructing non-linear
interpolants based on semidefinite programming, and show how to apply such
results to the verification of programs by examples.Comment: 22 pages, 4 figure
The FormAI Dataset: Generative AI in Software Security Through the Lens of Formal Verification
This paper presents the FormAI dataset, a large collection of 112, 000
AI-generated compilable and independent C programs with vulnerability
classification. We introduce a dynamic zero-shot prompting technique
constructed to spawn diverse programs utilizing Large Language Models (LLMs).
The dataset is generated by GPT-3.5-turbo and comprises programs with varying
levels of complexity. Some programs handle complicated tasks like network
management, table games, or encryption, while others deal with simpler tasks
like string manipulation. Every program is labeled with the vulnerabilities
found within the source code, indicating the type, line number, and vulnerable
function name. This is accomplished by employing a formal verification method
using the Efficient SMT-based Bounded Model Checker (ESBMC), which uses model
checking, abstract interpretation, constraint programming, and satisfiability
modulo theories to reason over safety/security properties in programs. This
approach definitively detects vulnerabilities and offers a formal model known
as a counterexample, thus eliminating the possibility of generating false
positive reports. We have associated the identified vulnerabilities with Common
Weakness Enumeration (CWE) numbers. We make the source code available for the
112, 000 programs, accompanied by a separate file containing the
vulnerabilities detected in each program, making the dataset ideal for training
LLMs and machine learning algorithms. Our study unveiled that according to
ESBMC, 51.24% of the programs generated by GPT-3.5 contained vulnerabilities,
thereby presenting considerable risks to software safety and security.Comment: https://github.com/FormAI-Datase
- …