Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds
- Autores
- Ponzio, Pablo Daniel; Godio, Ariel; Rosner, Nicolás; Arroyo, Marcelo; Aguirre, Nazareno Matías; Frias, Marcelo F.
- Año de publicación
- 2021
- Idioma
- español castellano
- Tipo de recurso
- documento de conferencia
- Estado
- versión publicada
- Descripción
- Software model checkers are able to exhaustively explore different bounded program executions arising from various sources of nondeterminism. These tools provide statements to produce non-determinis- tic values for certain variables, thus forcing the corresponding model checker to consider all possible values for these during verification. While these statements offer an effective way of verifying programs handling basic data types and simple structured types, they are inappropriate as a mechanism for nondeterministic generation of pointers, favoring the use of insertion routines to produce dynamic data structures when verifying, via model checking, programs handling such data types. We present a technique to improve model checking of programs handling heap-allocated data types, by taming the explosion of candidate structures that can be built when non-deterministically initializing heap object fields. The technique exploits precomputed relational bounds, that disregard values deemed invalid by the structure’s type invariant, thus reducing the state space to be explored by the model checker. Precomputing the relational bounds is a challenging costly task too, for which we also present an efficient algorithm, based on incremental SAT solving. We implement our approach on top of the CBMC bounded model checker, and show that, for a number of data structures implementations, we can handle significantly larger input structures and detect faults that CBMC is unable to detect.
Sociedad Argentina de Informática e Investigación Operativa - Materia
-
Ciencias Informáticas
Model checking of programs
Relational bounds - Nivel de accesibilidad
- acceso abierto
- Condiciones de uso
- http://creativecommons.org/licenses/by-nc-sa/4.0/
- Repositorio
.jpg)
- Institución
- Universidad Nacional de La Plata
- OAI Identificador
- oai:sedici.unlp.edu.ar:10915/140433
Ver los metadatos del registro completo
| id |
SEDICI_800fe385af895524a552ae1823163af5 |
|---|---|
| oai_identifier_str |
oai:sedici.unlp.edu.ar:10915/140433 |
| network_acronym_str |
SEDICI |
| repository_id_str |
1329 |
| network_name_str |
SEDICI (UNLP) |
| spelling |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field BoundsPonzio, Pablo DanielGodio, ArielRosner, NicolásArroyo, MarceloAguirre, Nazareno MatíasFrias, Marcelo F.Ciencias InformáticasModel checking of programsRelational boundsSoftware model checkers are able to exhaustively explore different bounded program executions arising from various sources of nondeterminism. These tools provide statements to produce non-determinis- tic values for certain variables, thus forcing the corresponding model checker to consider all possible values for these during verification. While these statements offer an effective way of verifying programs handling basic data types and simple structured types, they are inappropriate as a mechanism for nondeterministic generation of pointers, favoring the use of insertion routines to produce dynamic data structures when verifying, via model checking, programs handling such data types. We present a technique to improve model checking of programs handling heap-allocated data types, by taming the explosion of candidate structures that can be built when non-deterministically initializing heap object fields. The technique exploits precomputed relational bounds, that disregard values deemed invalid by the structure’s type invariant, thus reducing the state space to be explored by the model checker. Precomputing the relational bounds is a challenging costly task too, for which we also present an efficient algorithm, based on incremental SAT solving. We implement our approach on top of the CBMC bounded model checker, and show that, for a number of data structures implementations, we can handle significantly larger input structures and detect faults that CBMC is unable to detect.Sociedad Argentina de Informática e Investigación Operativa2021-10info:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/publishedVersionObjeto de conferenciahttp://purl.org/coar/resource_type/c_5794info:ar-repo/semantics/documentoDeConferenciaapplication/pdf110-131http://sedici.unlp.edu.ar/handle/10915/140433spainfo:eu-repo/semantics/altIdentifier/url/http://50jaiio.sadio.org.ar/pdfs/asse/ASSE-12.pdfinfo:eu-repo/semantics/altIdentifier/issn/2451-7593info:eu-repo/semantics/openAccesshttp://creativecommons.org/licenses/by-nc-sa/4.0/Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0)reponame:SEDICI (UNLP)instname:Universidad Nacional de La Platainstacron:UNLP2025-09-03T11:07:43Zoai:sedici.unlp.edu.ar:10915/140433Institucionalhttp://sedici.unlp.edu.ar/Universidad públicaNo correspondehttp://sedici.unlp.edu.ar/oai/snrdalira@sedici.unlp.edu.arArgentinaNo correspondeNo correspondeNo correspondeopendoar:13292025-09-03 11:07:43.519SEDICI (UNLP) - Universidad Nacional de La Platafalse |
| dc.title.none.fl_str_mv |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds |
| title |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds |
| spellingShingle |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds Ponzio, Pablo Daniel Ciencias Informáticas Model checking of programs Relational bounds |
| title_short |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds |
| title_full |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds |
| title_fullStr |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds |
| title_full_unstemmed |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds |
| title_sort |
Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field Bounds |
| dc.creator.none.fl_str_mv |
Ponzio, Pablo Daniel Godio, Ariel Rosner, Nicolás Arroyo, Marcelo Aguirre, Nazareno Matías Frias, Marcelo F. |
| author |
Ponzio, Pablo Daniel |
| author_facet |
Ponzio, Pablo Daniel Godio, Ariel Rosner, Nicolás Arroyo, Marcelo Aguirre, Nazareno Matías Frias, Marcelo F. |
| author_role |
author |
| author2 |
Godio, Ariel Rosner, Nicolás Arroyo, Marcelo Aguirre, Nazareno Matías Frias, Marcelo F. |
| author2_role |
author author author author author |
| dc.subject.none.fl_str_mv |
Ciencias Informáticas Model checking of programs Relational bounds |
| topic |
Ciencias Informáticas Model checking of programs Relational bounds |
| dc.description.none.fl_txt_mv |
Software model checkers are able to exhaustively explore different bounded program executions arising from various sources of nondeterminism. These tools provide statements to produce non-determinis- tic values for certain variables, thus forcing the corresponding model checker to consider all possible values for these during verification. While these statements offer an effective way of verifying programs handling basic data types and simple structured types, they are inappropriate as a mechanism for nondeterministic generation of pointers, favoring the use of insertion routines to produce dynamic data structures when verifying, via model checking, programs handling such data types. We present a technique to improve model checking of programs handling heap-allocated data types, by taming the explosion of candidate structures that can be built when non-deterministically initializing heap object fields. The technique exploits precomputed relational bounds, that disregard values deemed invalid by the structure’s type invariant, thus reducing the state space to be explored by the model checker. Precomputing the relational bounds is a challenging costly task too, for which we also present an efficient algorithm, based on incremental SAT solving. We implement our approach on top of the CBMC bounded model checker, and show that, for a number of data structures implementations, we can handle significantly larger input structures and detect faults that CBMC is unable to detect. Sociedad Argentina de Informática e Investigación Operativa |
| description |
Software model checkers are able to exhaustively explore different bounded program executions arising from various sources of nondeterminism. These tools provide statements to produce non-determinis- tic values for certain variables, thus forcing the corresponding model checker to consider all possible values for these during verification. While these statements offer an effective way of verifying programs handling basic data types and simple structured types, they are inappropriate as a mechanism for nondeterministic generation of pointers, favoring the use of insertion routines to produce dynamic data structures when verifying, via model checking, programs handling such data types. We present a technique to improve model checking of programs handling heap-allocated data types, by taming the explosion of candidate structures that can be built when non-deterministically initializing heap object fields. The technique exploits precomputed relational bounds, that disregard values deemed invalid by the structure’s type invariant, thus reducing the state space to be explored by the model checker. Precomputing the relational bounds is a challenging costly task too, for which we also present an efficient algorithm, based on incremental SAT solving. We implement our approach on top of the CBMC bounded model checker, and show that, for a number of data structures implementations, we can handle significantly larger input structures and detect faults that CBMC is unable to detect. |
| publishDate |
2021 |
| dc.date.none.fl_str_mv |
2021-10 |
| dc.type.none.fl_str_mv |
info:eu-repo/semantics/conferenceObject info:eu-repo/semantics/publishedVersion Objeto de conferencia http://purl.org/coar/resource_type/c_5794 info:ar-repo/semantics/documentoDeConferencia |
| format |
conferenceObject |
| status_str |
publishedVersion |
| dc.identifier.none.fl_str_mv |
http://sedici.unlp.edu.ar/handle/10915/140433 |
| url |
http://sedici.unlp.edu.ar/handle/10915/140433 |
| dc.language.none.fl_str_mv |
spa |
| language |
spa |
| dc.relation.none.fl_str_mv |
info:eu-repo/semantics/altIdentifier/url/http://50jaiio.sadio.org.ar/pdfs/asse/ASSE-12.pdf info:eu-repo/semantics/altIdentifier/issn/2451-7593 |
| dc.rights.none.fl_str_mv |
info:eu-repo/semantics/openAccess http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) |
| eu_rights_str_mv |
openAccess |
| rights_invalid_str_mv |
http://creativecommons.org/licenses/by-nc-sa/4.0/ Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International (CC BY-NC-SA 4.0) |
| dc.format.none.fl_str_mv |
application/pdf 110-131 |
| dc.source.none.fl_str_mv |
reponame:SEDICI (UNLP) instname:Universidad Nacional de La Plata instacron:UNLP |
| reponame_str |
SEDICI (UNLP) |
| collection |
SEDICI (UNLP) |
| instname_str |
Universidad Nacional de La Plata |
| instacron_str |
UNLP |
| institution |
UNLP |
| repository.name.fl_str_mv |
SEDICI (UNLP) - Universidad Nacional de La Plata |
| repository.mail.fl_str_mv |
alira@sedici.unlp.edu.ar |
| _version_ |
1842260580922032128 |
| score |
13.13397 |