43 research outputs found
Time-Staging Enhancement of Hybrid System Falsification
Optimization-based falsification employs stochastic optimization algorithms
to search for error input of hybrid systems. In this paper we introduce a
simple idea to enhance falsification, namely time staging, that allows the
time-causal structure of time-dependent signals to be exploited by the
optimizers. Time staging consists of running a falsification solver multiple
times, from one interval to another, incrementally constructing an input signal
candidate. Our experiments show that time staging can dramatically increase
performance in some realistic examples. We also present theoretical results
that suggest the kinds of models and specifications for which time staging is
likely to be effective
Compositional Vulnerability Detection with Insecurity Separation Logic
Memory-safety issues and information leakage are known to be depressingly
common. We consider the compositional static detection of these kinds of
vulnerabilities in first-order C-like programs. Existing methods often treat
one type of vulnerability (e.g. memory-safety) but not the other (e.g.
information leakage). Indeed the latter are hyper-safety violations, making
them more challenging to detect than the former. Existing leakage detection
methods like Relational Symbolic Execution treat only non-interactive programs,
avoiding the challenges raised by nondeterminism for reasoning about
information leakage. Their implementations also do not treat non-trivial
leakage policies like value-dependent classification, which are becoming
increasingly common. Finally, being whole-program analyses they cannot be
applied compositionally -- to deduce the presence of vulnerabilities in a
program by analysing each of its parts -- thereby ruling out the possibility of
incremental analysis.
In this paper we remedy these shortcomings by presenting Insecurity
Separation Logic (InsecSL), an under-approximate relational program logic for
soundly detecting information leakage and memory-safety issues in interactive
programs. We show how InsecSL can be soundly automated by bi-abduction based
symbolic execution. Based on this, we design and implement a top-down,
contextual, compositional, inter-procedural analysis for vulnerability
detection. We implement our approach in a proof-of-concept tool, Underflow, for
analysing C programs, which we demonstrate by applying it to various case
studies
A Hoare Logic with Regular Behavioral Specifications
We present a Hoare logic that extends program specifications with regular
expressions that capture behaviors in terms of sequences of events that arise
during the execution. The idea is similar to session types or process-like
behavioral contracts, two currently popular research directions. The approach
presented here strikes a particular balance between expressiveness and proof
automation, notably, it can capture interesting sequential behavior across
multiple iterations of loops. The approach is modular and integrates well with
autoactive deductive verification tools. We describe and demonstrate our
prototype implementation in SecC using two case studies: A matcher for E-Mail
addresses and a specification of the game steps in the VerifyThis Casino
challenge
Compositional Verification of a Lock-Free Stack with RGITL
This paper describes a compositional verification approach for concurrentalgorithms based on the logic Rely-Guarantee Interval Temporal Logic (RGITL),which is implemented in the interactive theorem prover KIV. The logic makes itpossible to mechanically derive and apply decomposition theorems for safety andliveness properties. Decomposition theorems for rely-guarantee reasoning, linearizability and lock-freedom are described and applied on a non-trivial running example,a lock-free data stack implementation that uses an explicit allocator stack for memory reuse. To deal with the heap, a lightweight approach that combines ownershipannotations and separation logic is taken
IC0701 verification competition 2011
Abstract. This paper reports on the experiences with the program verification competition held during the FoVeOOS conference in October 2011. There were 6 teams participating in this competition. We discuss the three different challenges that were posed and the solutions developed by the teams. We conclude with a discussion about the value of such competitions and lessons that can be learned from them.