Compositional Verification of Heap-Manipulating Programs through Property-Guided Learning

Analyzing and verifying heap-manipulating programs automatically is challenging. A key for fighting the complexity is to develop compositional methods. For instance, many existing verifiers for heap-manipulating programs require user-provided specification for each function in the program in order to decompose the verification problem. The requirement, however, often hinders the users from applying such tools. To overcome the issue, we propose to automatically learn heap-related program invariants in a property-guided way for each function call. The invariants are learned based on the memory graphs observed during test execution and improved through memory graph mutation. We implemented a prototype of our approach and integrated it with two existing program verifiers. The experimental results show that our approach enhances existing verifiers effectively in automatically verifying complex heap-manipulating programs with multiple function calls

S2TD: a Separation Logic Verifier that Supports Reasoning of the Absence and Presence of Bugs

Heap-manipulating programs are known to be challenging to reason about. We present a novel verifier for heap-manipulating programs called S2TD, which encodes programs systematically in the form of Constrained Horn Clauses (CHC) using a novel extension of separation logic (SL) with recursive predicates and dangling predicates. S2TD actively explores cyclic proofs to address the path explosion problem. S2TD differentiates itself from existing CHC-based verifiers by focusing on heap-manipulating programs and employing cyclic proof to efficiently verify or falsify them with counterexamples. Compared with existing SL-based verifiers, S2TD precisely specifies the heaps of de-allocated pointers to avoid false positives in reasoning about the presence of bugs. S2TD has been evaluated using a comprehensive set of benchmark programs from the SV-COMP repository. The results show that S2TD is more effective than state-of-art program verifiers and is more efficient than most of them.Comment: 24 page

Concolic Testing Heap-Manipulating Programs

Concolic testing is a test generation technique which works effectively by integrating random testing generation and symbolic execution. Existing concolic testing engines focus on numeric programs. Heap-manipulating programs make extensive use of complex heap objects like trees and lists. Testing such programs is challenging due to multiple reasons. Firstly, test inputs for such program are required to satisfy non-trivial constraints which must be specified precisely. Secondly, precisely encoding and solving path conditions in such programs are challenging and often expensive. In this work, we propose the first concolic testing engine called CSF for heap-manipulating programs based on separation logic. CSF effectively combines specification-based testing and concolic execution for test input generation. It is evaluated on a set of challenging heap-manipulating programs. The results show that CSF generates valid test inputs with high coverage efficiently. Furthermore, we show that CSF can be potentially used in combination with precondition inference tools to reduce the user effort

Learning likely invariants to explain why a program fails

Debugging is difficult. Recent studies show that automatic bug localization techniques have limited usefulness. One of the reasons is that programmers typically have to understand why the program fails before fixing it. In this work, we aim to help programmers understand a bug by automatically generating likely invariants which are violated in the failed tests. Given a program with an initial assertion and at least one test case failing the assertion, we first generate random test cases, identify potential bug locations through bug localization, and then generate program state mutation based on active learning techniques to identify a predicate "explaining" the cause of the bug. The predicate is a classifier for the passed test cases and failed test cases. Our main contribution is the application of invariant learning for bug explanation, as well as a novel approach to overcome the problem of lack of test cases in practice. We apply our method to real-world bugs and show the generated invariants are often correlated to the actual bug fixes.Comment: 10 page

sFuzz: An efficient adaptive fuzzer for solidity smart contracts

Ministry of Education, Singapore under its Academic Research Funding Tier

Carbon Border Adjustment Mechanism Impact Assessment Report for Vietnam

The EU’s Carbon Border Adjustment Mechanism (CBAM) is evolving rapidly, with many uncertainties remaining regarding its long-term scope, embedded emissions calculation, and reactions of EU-trade partners. In its current form, the CBAM can affect Vietnamese enterprises exporting to EU although its direct impacts on Vietnam’s GDP are unlikely significant. If the CBAM is expanded to other trade-intensive sectors of Vietnam or taken up by other key trading partners of Vietnam, the impacts may grow quickly. Therefore, Vietnam should engage proactively with the CBAM and prepare for mitigation of potential impacts. One of the pro-active approaches is to accelerate and deepen the adoption of carbon pricing. This will facilitate energy transition, support achievement of Vietnam’s climate change mitigation target (NDC) under the Paris Agreement and long-term net-zero targets and would allow to harness co-benefits. It is also advisable for Vietnam to engage in constructive dialogues with the EU in order to negotiate a fair implementation of CBAM that takes into account Vietnam’s efforts. A key demand here should be the use of emissions credits instead of having to buy CBAM certificates