Improving static analyses of C programs with conditional predicates

Best paper awardInternational audienceStatic code analysis is increasingly used to guarantee the absence of undesirable behaviors in industrial programs. Designing sound analyses is a continuing trade-off between precision and complexity. Notably, dataflow analyses often perform overly wide approximations when two control-flow paths meet, by merging states from each path. This paper presents a generic abstract interpretation based framework to enhance the precision of such analyses on join points. It relies on predicated domains, that preserve and reuse information valid only inside some branches of the code. Our predicates are derived from conditionals statements, and postpone the loss of information. The work has been integrated into Frama-C, a C source code analysis platform. Experiments on real code show that our approach scales, and improves significantly the precision of the existing analyses of Frama-C

An all-in-one toolkit for automated white-box testing

Conference of 8th International Conference on Tests and Proofs, TAP 2014, Held as Part of the Software Technologies: Applications and Foundations, STAF 2014 ; Conference Date: 24 July 2014 Through 25 July 2014; Conference Code:106534International audienceAutomated white-box testing is a major issue in software engineering. Over the years, several tools have been proposed for supporting distinct parts of the testing process. Yet, these tools are mostly separated and most of them support only a fixed and restricted subset of testing criteria. We describe in this paper Frama-C/LTest, a generic and integrated toolkit for automated white-box testing of C programs. LTest provides a unified support of many different testing criteria as well as an easy integration of new criteria. Moreover, it is designed around three basic services (test coverage estimation, automatic test generation, detection of uncoverable objectives) covering most major aspects of white-box testing and taking benefit from a combination of static and dynamic analyses. Services can cooperate through a shared coverage database. Preliminary experiments demonstrate the possibilities and advantages of such cooperations

How Test Generation Helps Software Specification and Deductive Verification in Frama-C

International audienceThis paper describes an incremental methodology of deductive verification assisted by test generation and illustrates its benefits by a set of frequent verification scenarios. We present StaDy, a new integration of the concolic test generator PathCrawler within the software analysis platform FramaC. This new plugin treats a complete formal specification of a C program during test generation and provides the validation engineer with a helpful feedback at all stages of the specification and verification tasks

Frama-C

International Conference on Software Engineering and Formal Methods - 10th ,SEFM 2012: Software Engineering and Formal Methods, Thessaloniki, Greece, Oct 1-5, 2012 Submission DeadlineApr 19, 2012International audienceFrama-C is a source code analysis platform that aims at conducting verification of industrial-size C programs. It provides its users with a collection of plug-ins that perform static analysis, deductive verification, and testing, for safety-and security-critical software. Collaborative verification across cooperating plug-ins is enabled by their integration on top of a shared kernel and datastructures, and their compliance to a common specification language. This foundational article presents a synthetic view of the platform, its main and composite analyses, and some of its industrial achievements

Forwarding in attribute grammars for modular language design

Abstract. Forwarding is a technique for providing default attribute definitions in attribute grammars that is helpful in the modular implementation of programming languages. It complements existing techniques such as default copy rules. This paper introduces forwarding, and shows how it is but a small extension of standard higher-order attribute grammars. The usual tools for manipulating higher-order attribute grammars, including the circularity check (which tests for cyclic dependencies between attribute values), carry over without modification. The closure test (which checks that each attribute has a defining equation) needs modification, however, because the resulting higher-order attribute grammars may contain spurious attributes that are never evaluated, and indeed that need not be defined.

Static Analysis Of Binary Code With Memory Indirections Using Polyhedra

International audienceIn this paper we propose a new abstract domain for staticanalysis of binary code. Our motivation stems from the need to im-prove the precision of the estimation of the Worst-Case Execution Time(WCET) of safety-critical real-time code. WCET estimation requirescomputing information such as upper bounds on the number of loopiterations, unfeasible execution paths, etc. These estimations are usuallyperformed on binary code, mainly to avoid making assumptions on howthe compiler works. Our abstract domain, based on polyhedra and ontwo mapping functions that associate polyhedra variables with registersand memory, targets the precise computation of such information. Weprove the correctness of the method, and demonstrate its effectivenesson benchmarks and examples from typical embedded code

Runtime assertion checking and static verification: Collaborative partners

ISoLA 2018Verification 8th International Symposium on Leveraging Applications of Formal Methods, Verification and Validation., LImassol, Chypre, November 5-9, 2018International audienc

Witness validation and stepwise testification across software verifiers

It is commonly understood that a verification tool should provide a counterexample to witness a specification violation. Until recently, software verifiers dumped error witnesses in proprietary formats, which are often neither human- nor machine-readable, and an exchange of witnesses between dif-ferent verifiers was impossible. To close this gap in software-verification technology, we have defined an exchange format for error witnesses that is easy to write and read by verifica-tion tools (for further processing, e.g., witness validation) and that is easy to convert into visualizations that conveniently let developers inspect an error path. To eliminate manual inspection of false alarms, we develop the notion of stepwise testification: in a first step, a verifier finds a problematic pro-gram path and, in addition to the verification result false, constructs a witness for this path; in the next step, another verifier re-verifies that the witness indeed violates the speci-fication. This process can have more than two steps, each reducing the state space around the error path, making it easier to validate the witness in a later step. An obvious application for testification is the setting where we have two verifiers: one that is efficient but imprecise and another one that is precise but expensive. We have implemented the technique of error-witness-driven program analysis in two state-of-the-art verification tools, CPAchecker and Ultimate Automizer, and show by experimental evaluation that the approach is applicable to a large set of verification tasks

Exploiting pointer analysis in memory models for deductive verification

VMCAI 2019 - International Conference on Verification, Model Checking, and Abstract InterpretationInternational audienceCooperation between verification methods is crucial to tackle the challenging problem of software verification. The paper focuses on the verification of C programs using pointers and it formalizes a cooperation between static analyzers doing pointer analysis and a deductive verification tool based on first order logic. We propose a framework based on memory models that captures the partitioning of memory inferred by pointer analyses, and complies with the memory models used to generate verification conditions. The framework guided us to propose a pointer analysis that accommodates to various low-level operations on pointers while providing precise information about memory partitioning to the deductive verification. We implemented this cooperation inside the Frama-C platform and we show its effectiveness in reducing the task of deductive verification on a complex case study