Verifying LTL Properties of Bytecode with Symbolic Execution} (original) (raw)

A local approach for temporal model checking of Java bytecode

Journal of Computer and System Sciences, 2005

Modern computing applications require highly reliable software systems, but current validation techniques, like testing, fail to assure an adequate level of correctness. We present a model checking procedure to verify a subset of the Java virtual machine language (JVML) with respect to properties expressed by a temporal logic. A tableau-based method is developed to prove the satisfaction of a formula: by this local approach a program computation is checked only if involved in the goal of the property verification. A special symbol ⊥ is introduced to represent "unknown'' values, and computations are performed in a symbolic way exploiting the set of guards present in the formulae to refine possible unknown values. This kind of abstraction cuts the state explosion of the programs and it is applicable to check arbitrary formulae, but the result of the verification has an imprecision degree depending on the number of unknown values manipulated during each symbolic computation.

found at the ENTCS Macro Home Page. Verifying LTL Properties of Bytecode with Symbolic Execution 1

2015

Bytecode languages are at a very desirable degree of abstraction for performing formal analysis of programs, but at the same time pose new challenges when compared with traditional languages. This paper proposes a methodology for bytecode analysis which harmonizes two well-known formal verification techniques, model checking and symbolic execution. Model checking is a property-guided exploration of the system state space until the property is proved or disproved, producing in the latter case a counterexample execution trace. Symbolic execution emulates program execution by replacing concrete variable values with symbolic ones, so that the symbolic execution along a path represents the potentially infinite numeric executions that may occur along that path. We propose an approach where symbolic execution is used for building a possibly partial model of the program state space, and on-the-fly model checking is exploited for verifying temporal properties on it. The synergy of the two techniques yields considerable potential advantages: symbolic execution allows for modeling the state space of infinite-state software systems, limits the state explosion, and fosters modular verification; model checking provides fully automated verification of reachability properties of a program. To assess these potential advantages, we report our preliminary experience with the analysis of a safety-critical software system.

Using symbolic execution for verifying safety-critical systems

ACM Sigsoft Software Engineering Notes, 2001

Safety critical systems require to be highly reliable and thus special care is taken when verifying them in order to increase the confidence in their behavior. This paper addresses the problem of formal verification of safety critical systems by providing empirical evidence of the practical applicability of symbolic execution and of its usefulness for checking safety-related properties. In this paper, symbolic execution is used for building an operational model of the software on which safety properties, expressed by means of a Path Description Language (PDL), can be assessed.

Formal Program Verification Using Symbolic Execution

IEEE Transactions on Software Engineering, 2000

Symbolic execution provides a mechanism for formally proving programs correct. A notation is introduced which allows a concise presentation of rules of inference based on symbolic execution. Using this notation, rules of inference are developed to handle a number of language features, including loops and procedures with multiple exits. An attribute grammar is used to formally describe symbolic expression evaluation, and the treatment of function calls with side effects is shown to be straightforward. Because symbolic execution is related to program interpretation, it is an easy-to-comprehend, yet powerful technique. The rules of inference are useful in expressing the semantics of a language and form the basis of a mechanical verification condition generator.

Model checking LTL properties over ANSI-C programs with bounded traces

Software & Systems Modeling, 2013

Context-bounded model checking has been used successfully to verify safety properties in multi-threaded systems automatically, even if they are implemented in low-level programming languages such as C. In this paper, we describe and experiment with an approach to extend context-bounded software model checking to safety and liveness properties expressed in linear-time temporal logic (LTL). Our approach checks the actual C program, rather than an extracted abstract model. It converts the LTL formulas into Büchi automata for the corresponding never claims and then further into C monitor threads that are interleaved with the execution of the program under analysis. This combined system is then checked using the ESBMC model checker. We use an extended, fourvalued LTL semantics to handle the finite traces that bounded model checking explores; we thus check the combined system several times with different acceptance criteria to derive the correct truth value. In order to mitigate the state space Communicated by Dr.

Formula-based abstractions and symbolic execution for model checking programs

Microprocessors and Microsystems, 2004

We define a model checking technique that applies to a finite state representation of sequential programs. This representation is built by means of an abstraction method which cuts the state explosion by introducing a special symbol, ' , to model 'unknown' variable values. Program properties are expressed by means of a temporal logic, which allow a further abstraction on the basis of the structure of the formulae. The satisfaction of the formulae is checked through a sort of symbolic execution of the programs which may produce a number of false results depending on the number of ' values associated to the variables. Each abstraction produces a different level of incompleteness of the verification result. q

Temporal property verification as a program analysis task

2011

We describe a reduction from temporal property verification to a program analysis problem. We produce an encoding which, with the use of recursion and nondeterminism, enables off-the-shelf program analysis tools to naturally perform the reasoning necessary for proving temporal properties (eg backtracking, eventuality checking, tree counterexamples for branching-time properties, abstraction refinement, etc.).

Automatic generation of executable assertions for runtime checking temporal requirements

2005

Checking various temporal requirements is a key dependability concern in safety-critical systems. As modelchecking approaches do not scale well to systems of high complexity the runtime verification of temporal requirements has received a growing attention recently. This paper presents a code-generation based method for runtime evaluation of linear temporal logic formulae over program execution traces. The processing-power requirements of our solution are much lower than in case of previous approaches enabling its application even in resourcerestricted embedded environments.