TRACER: A Symbolic Execution Tool for Verification

نویسندگان

  • Joxan Jaffar
  • Vijayaraghavan Murali
  • Jorge A. Navas
  • Andrew E. Santosa
چکیده

Recently symbolic execution (SE) [15] has been successfully proven to be an alternative to CEGAR for program verification offering the following benefits among others [12, 18]: (1) it does not explore infeasible paths avoiding expensive refinements, (2) it avoids expensive predicate image computations (e.g., Cartesian and Boolean abstractions [2]), and (3) it can recover from too-specific abstractions as opposed to monotonic refinement schemes often used. Unfortunately, it poses its own challenges: (C1) exponential number of paths, and (C2) infinite-length paths in presence of unbounded loops. We present TRACER, a SE-based verification tool for finite-state safety properties of sequential C programs. Informally, TRACER attempts at building a finite symbolic execution tree which overapproximates the set of all concrete reachable states. If the error location cannot be reached from any symbolic path then the program is reported as safe. Otherwise, either the program may contain a bug or it may not terminate. The most innovative features of TRACER stem from how it tackles (C1) and (C2). In this paper, we describe the main ideas behind TRACER and its implementation as well as our experience in running real benchmarks.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Infeasible Paths Elimination by Symbolic Execution Techniques - Proof of Correctness and Preservation of Paths

TRACER [1] is a tool for verifying safety properties of sequential C programs. TRACER attempts at building a finite symbolic execution graph which over-approximates the set of all concrete reachable states and the set of feasible paths. We present an abstract framework for TRACER and similar CEGAR-like systems [2, 3, 4, 5, 6]. The framework provides 1) a graphtransformation based method for red...

متن کامل

Viper: A Verification Infrastructure for Permission-Based Reasoning

The automation of verification techniques based on firstorder logic specifications has benefited greatly from verification infrastructures such as Boogie and Why. These offer an intermediate language that can express diverse language features and verification techniques, as well as back-end tools such as verification condition generators. However, these infrastructures are not well suited for v...

متن کامل

Higher-order symbolic execution for contract verification and refutation

We present a new approach to automated reasoning about higher-order programs by endowing symbolic execution with a notion of higher-order, symbolic values. To validate our approach, we use it to develop and evaluate a system for verifying and refuting behavioral software contracts of components in a functional language, which we call soft contract verification. In doing so, we discover a mutual...

متن کامل

The Symbolic Execution Debugger: a Productivity Tool for Java Based on Eclipse and KeY

We present the Symbolic Execution Debugger (SED), an extension of the Eclipse debug platform for interactive symbolic execution. Being based on symbolic execution, its functionality goes beyond that of traditional interactive debuggers. For instance, debugging can start directly at any method or statement and all program execution paths are explored simultaneously. To support program comprehens...

متن کامل

VeriFast: Imperative Programs as Proofs

We propose an approach for the verification of imperative programs based on the tool-supported, interactive insertion of annotations into the source code. Annotations include routine preconditions and postconditions and loop invariants in a form of separation logic, as well as inductive datatype definitions and recursive function and predicate definitions to enable rich specifications. To enabl...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2012