Proving LTL Properties of Bitvector Programs and Decompiled Binaries

@inproceedings{Liu2021ProvingLP,
  title={Proving LTL Properties of Bitvector Programs and Decompiled Binaries},
  author={Yuandong Cyrus Liu and Chengbin Pang and Daniel Dietsch and Eric Koskinen and Ton Chanh Le and Georgios Portokalidis and Jun Xu Stevens Institute of Technology and University of Freiburg},
  booktitle={APLAS},
  year={2021}
}
There is increasing interest in applying verification tools to programs that have bitvector operations. SMT solvers, which serve as a foundation for these tools, have thus increased support for bitvector reasoning through bit-blasting and linear arithmetic approximations. In this paper we show that similar linear arithmetic approximation of bitvector operations can be done at the source level through transformations. Specifically, we introduce new paths that over-approximate bitvector… 

References

SHOWING 1-10 OF 48 REFERENCES

Efficiently solving quantified bit-vector formulas

TLDR
This work presents a new approach based on a set of effective word-level simplifications that are traditionally employed in automated theorem proving, heuristic quantifier instantiation methods used in SMT solvers, and model finding techniques based on skeletons/templates that outperforms the traditional flattening approach.

Towards Bit-Width-Independent Proofs in SMT Solvers

TLDR
This work proposes a translation from bit-vector formulas of non-fixed bit-width to formulas in a logic supported by SMT solvers that includes non-linear integer arithmetic, uninterpreted functions, and universal quantification, while this logic is undecidable.

Counterexample-Guided Bit-Precision Selection

TLDR
This paper presents the approach to diagnose the spurious counterexamples caused by this trade-off, and leverages the learned information to lazily and gradually refine the precision of reasoning about bitwise operations in the whole program.

Encoding RTL Constructs for MathSAT: a Preliminary Report

Termination Analysis of Imperative Programs Using Bitvector Arithmetic

TLDR
This paper proposes a novel method for encoding the wrap-around behavior of bitvector arithmetic within integer arithmetic, and shows the practicality and effectiveness of the proposed method.

Deciding Bit-Vector Arithmetic with Abstraction

TLDR
Experimental results suggest that this abstraction-based approach can be considerably more efficient than directly invoking the SAT solver on the original formula as well as other competing decision procedures.

BinRec: dynamic binary lifting and recompilation

TLDR
Binary lifting is addressed with BinRec, a new approach to heuristic-free binary recompilation which lifts dynamic traces of a binary to a compiler-level intermediate representation (IR) and lowers the IR back to a "recovered" binary.

A non-convex abstract domain for the value analysis of binaries

TLDR
A non-convex abstract domain, suitable for the analysis of binary executables, based on binary decision diagrams and integrated with the binary analysis framework Jakstab, that computes abstract bitwise and arithmetic operations precisely and looses precision only for division and multiplication.

Synthesising Interprocedural Bit-Precise Termination Proofs (T)

TLDR
The experimental results show that the tool 2LS outperforms state-of-the-art alternatives, and demonstrate the clear advantage of interprocedural reasoning over monolithic analysis in terms of efficiency, while retaining comparable precision.

Approximating Predicate Images for Bit-Vector Logic

TLDR
A proof-based algorithm is described that computes an over-approximation of the predicate image but in turn allows a rich set of axioms and can be used to compute images of predicates using a combination of bit-vector logic, the theory of arrays, and pointer arithmetic.