Powering the static driver verifier using corral

@article{Lal2014PoweringTS,
  title={Powering the static driver verifier using corral},
  author={Akash Lal and Shaz Qadeer},
  journal={Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering},
  year={2014}
}
  • A. Lal, S. Qadeer
  • Published 11 November 2014
  • Computer Science
  • Proceedings of the 22nd ACM SIGSOFT International Symposium on Foundations of Software Engineering
The application of software-verification technology towards building realistic bug-finding tools requires working through several precision-scalability tradeoffs. For instance, a critical aspect while dealing with C programs is to formally define the treatment of pointers and the heap. A machine-level modeling is often intractable, whereas one that leverages high-level information (such as types) can be inaccurate. Another tradeoff is modeling integer arithmetic. Ideally, all arithmetic should… 
Angelic Checking within Static Driver Verifier: Towards high-precision defects without (modeling) cost
TLDR
The experience designing and shipping a new class of checks known as angelic checks through SDV with the aid of angelic verification (AV) technology, over a period of 4 years, considerably increases the reach of SDV, both in terms of drivers as well as rules that it can support effectively.
Counterexample-Guided Bit-Precision Selection
TLDR
This paper presents the approach to diagnose the spurious counterexamples caused by this trade-off, and leverages the learned information to lazily and gradually refine the precision of reasoning about bitwise operations in the whole program.
Simple and precise static analysis of untrusted Linux kernel extensions
TLDR
A static analyzer for eBPF is designed within the framework of abstract interpretation, using the Zone domain, a simple domain that tracks differences between pairs of registers and offsets, to achieve precise and scalable analysis.
Static Assertion Checking of Production Software with Angelic Verification
TLDR
This talk describes the experience with the angelic verification (AV) tool for statically finding assertion violations in real-world software, and focuses on design choices required to find high-quality violations of memory-safety violations with low false alarms.
Scalable techniques for analysing and testing asynchronous software systems
TLDR
A novel symbolic lockset analysis that can detect all potential data races in a device driver and a sound partial-order reduction that significantly accelerates Corral, an industrial-strength bug-finder for concurrent programs are achieved.
Precise Null Pointer Analysis Through Global Value Numbering
TLDR
A semantics-preserving program transformation is presented that drastically improves the precision of existing analyses when deciding if a pointer can alias Null and allows even a flow-insensitive analysis to make use of branch conditions such as checking if apointer is Null and gain precision.
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers (T)
TLDR
A new automated approach that statically analyzes drivers for data races, empowered by symbolic pairwise lockset analysis, that achieves a sound partial-order reduction that significantly accelerates Corral, an industrial-strength bug-finder for concurrent programs.
Fast and Precise Symbolic Analysis of Concurrency Bugs in Device Drivers
Concurrency errors, such as data races, make device drivers notoriously hard to develop and debug without automated tool support. We present WHOOP, a new automated approach that statically analyzes
Verification Coverage
TLDR
This work proposes a definition for a broad family of verification techniques: those based on Abstract Reachability Trees, and discusses a general approach to computing an under-approximation of such metric and a specific heuristic to improve the performance.
Verification of Operating System Monolithic Kernels Without Extensions
TLDR
A new method based on the software verification technique that enables thorough checking and finding hard-to-detect faults in various versions of monolithic kernels is presented and implemented within software verification framework Klever and evaluated on subsystems of the Linux monolithic kernel.
...
1
2
3
4
...

References

SHOWING 1-10 OF 23 REFERENCES
Under-Approximating Loops in C Programs for Fast Counterexample Detection
TLDR
This work proposes a technique that aims at eliminating loop under-approximation by constructing auxiliary paths that represent the effect of a range of loop iterations, and paired its techniques with lazy abstraction and bounded model checking, and evaluated the resulting tool on a number of buffer overflow benchmarks.
A Reachability Predicate for Analyzing Low-Level Software
TLDR
An annotation language for C programs that makes use of the reachability predicate in the presence of internal pointers and pointer arithmetic is designed and preliminary experience with a prototype verifier is presented.
SPEED: precise and efficient static estimation of program computational complexity
TLDR
An inter-procedural technique for computing symbolic bounds on the number of statements a procedure executes in terms of its scalar inputs and user-defined quantitative functions of input data-structures and an algorithm for automating this proof methodology is introduced.
A Tool for Checking ANSI-C Programs
TLDR
The tool supports almost all ANSI-C language features, including pointer constructs, dynamic memory allocation, recursion, and the float and double data types, and is integrated into a graphical user interface.
Compositional may-must program analysis: unleashing the power of alternation
TLDR
The fine-grained coupling and alternation of may (universal) and must (existential) summaries allows SMASH to easily navigate through these code fragments while traditional may-only, must-only or non-compositional may-must algorithms are stuck in their specific analyses.
The worst-case execution-time problem—overview of methods and survey of tools
TLDR
Different approaches to the determination of upper bounds on execution times are described and several commercially available tools1 and research prototypes are surveyed.
Unifying type checking and property checking for low-level code
TLDR
A unified approach to type checking and property checking for low-level code is presented, which is flexible enough to support a combination of nominal and structural subtyping for C, on a per-structure basis.
SLAM2: Static driver verification with under 4% false alarms
TLDR
Advances in the SLAM analysis engine, which implements CEGAR for C programs using predicate abstraction, that greatly reduce the false alarm rate are reported on.
Corral: A Solver for Reachability Modulo Theories
TLDR
The architecture of Corral is described, a semi-algorithm for the reachability-modulo-theories problem, which uses novel algorithms for inlining procedures on demand and abstraction refinement and consistently outperforms its competitors on most benchmarks.
A Solver for Reachability Modulo Theories
TLDR
The architecture of Corral is described, a semi-algorithm for the reachability-modulo-theories problem, thatuses novel algorithms for inlining procedures on demand and abstraction refinement and consistently outperforms its competitors on most benchmarks.
...
1
2
3
...