2,214 research outputs found
Compositional Verification of Heap-Manipulating Programs through Property-Guided Learning
Analyzing and verifying heap-manipulating programs automatically is
challenging. A key for fighting the complexity is to develop compositional
methods. For instance, many existing verifiers for heap-manipulating programs
require user-provided specification for each function in the program in order
to decompose the verification problem. The requirement, however, often hinders
the users from applying such tools. To overcome the issue, we propose to
automatically learn heap-related program invariants in a property-guided way
for each function call. The invariants are learned based on the memory graphs
observed during test execution and improved through memory graph mutation. We
implemented a prototype of our approach and integrated it with two existing
program verifiers. The experimental results show that our approach enhances
existing verifiers effectively in automatically verifying complex
heap-manipulating programs with multiple function calls
S2TD: a Separation Logic Verifier that Supports Reasoning of the Absence and Presence of Bugs
Heap-manipulating programs are known to be challenging to reason about. We
present a novel verifier for heap-manipulating programs called S2TD, which
encodes programs systematically in the form of Constrained Horn Clauses (CHC)
using a novel extension of separation logic (SL) with recursive predicates and
dangling predicates. S2TD actively explores cyclic proofs to address the path
explosion problem. S2TD differentiates itself from existing CHC-based verifiers
by focusing on heap-manipulating programs and employing cyclic proof to
efficiently verify or falsify them with counterexamples. Compared with existing
SL-based verifiers, S2TD precisely specifies the heaps of de-allocated pointers
to avoid false positives in reasoning about the presence of bugs. S2TD has been
evaluated using a comprehensive set of benchmark programs from the SV-COMP
repository. The results show that S2TD is more effective than state-of-art
program verifiers and is more efficient than most of them.Comment: 24 page
Concolic Testing Heap-Manipulating Programs
Concolic testing is a test generation technique which works effectively by
integrating random testing generation and symbolic execution. Existing concolic
testing engines focus on numeric programs. Heap-manipulating programs make
extensive use of complex heap objects like trees and lists. Testing such
programs is challenging due to multiple reasons. Firstly, test inputs for such
program are required to satisfy non-trivial constraints which must be specified
precisely. Secondly, precisely encoding and solving path conditions in such
programs are challenging and often expensive. In this work, we propose the
first concolic testing engine called CSF for heap-manipulating programs based
on separation logic. CSF effectively combines specification-based testing and
concolic execution for test input generation. It is evaluated on a set of
challenging heap-manipulating programs. The results show that CSF generates
valid test inputs with high coverage efficiently. Furthermore, we show that CSF
can be potentially used in combination with precondition inference tools to
reduce the user effort
Learning likely invariants to explain why a program fails
Debugging is difficult. Recent studies show that automatic bug localization
techniques have limited usefulness. One of the reasons is that programmers
typically have to understand why the program fails before fixing it. In this
work, we aim to help programmers understand a bug by automatically generating
likely invariants which are violated in the failed tests. Given a program with
an initial assertion and at least one test case failing the assertion, we first
generate random test cases, identify potential bug locations through bug
localization, and then generate program state mutation based on active learning
techniques to identify a predicate "explaining" the cause of the bug. The
predicate is a classifier for the passed test cases and failed test cases. Our
main contribution is the application of invariant learning for bug explanation,
as well as a novel approach to overcome the problem of lack of test cases in
practice. We apply our method to real-world bugs and show the generated
invariants are often correlated to the actual bug fixes.Comment: 10 page
sFuzz: An efficient adaptive fuzzer for solidity smart contracts
Ministry of Education, Singapore under its Academic Research Funding Tier
Carbon Border Adjustment Mechanism Impact Assessment Report for Vietnam
The EU’s Carbon Border Adjustment Mechanism (CBAM) is evolving rapidly, with many uncertainties remaining regarding its long-term scope, embedded emissions calculation, and reactions of EU-trade partners. In its current form, the CBAM can affect Vietnamese enterprises exporting to EU although its direct impacts on Vietnam’s GDP are unlikely significant. If the CBAM is expanded to other trade-intensive sectors of Vietnam or taken up by other key trading partners of Vietnam, the impacts may grow quickly. Therefore, Vietnam should engage proactively with the CBAM and prepare for mitigation of potential impacts. One of the pro-active approaches is to accelerate and deepen the adoption of carbon pricing. This will facilitate energy transition, support achievement of Vietnam’s climate change mitigation target (NDC) under the Paris Agreement and long-term net-zero targets and would allow to harness co-benefits. It is also advisable for Vietnam to engage in constructive dialogues with the EU in order to negotiate a fair implementation of CBAM that takes into account Vietnam’s efforts. A key demand here should be the use of emissions credits instead of having to buy CBAM certificates
- …