Search Results

There exist different semantics for Linear Temporal Logic (LTL) in terms of finiteness of the considered traces. Although several ones can be useful depending on the verification context, no verification framework handle their diversity in a ...

Hyperproperties extend trace properties to express properties of sets of traces, and thus, they are increasingly popular in specifying various security and performance-related properties in domains such as autonomous, cyber-physical, and robotic ...$\mathrm{}$$\mathrm{}$

This paper introduces a tool for verifying Python programs, which, using type annotation and front-end processing, can harness the capabilities of a bounded model-checking (BMC) pipeline. It transforms an input program into an abstract syntax tree to ...

Witness validation is a formal verification method to independently verify software verification tool results, with two main categories: violation and correctness witness validators. Validators for violation witnesses in Java include Wit4Java and GWIT, ...

Rust has gained popularity as a safer alternative to C/C++ for low-level programming due to its memory-safety features and minimal runtime overhead. However, the use of the “unsafe” keyword allows developers to bypass safety guarantees, posing ...

We propose a novel lazy bounded model checking (BMC) algorithm, Trace Inlining, that identifies relevant behaviors of the program to compute partial proofs as procedural summaries. Whenever procedures are reused in other contexts, Trace Inlining ...$$$$$$

Developing reliable reactive software is notoriously difficult – particularly when that software reacts by changing its behavior. Some of this difficulty is inherent; software that must respond to external events as they arrive tends to end up in ...

Formal verification of Petri nets is well studied and there are existing state-of-the-art verification tools such as KREACH [5], Petrinizer [6], QCOVER [2] and ICOVER [7]. Several communication protocols, services and applications are unbounded ...

The cooperative verification of Bounded Model Checking and Fuzzing has proved to be one of the most effective techniques when testing C programs. FuSeBMC is a test-generation tool that employs BMC and Fuzzing to produce test cases. In Test-Comp ...

Assertion Based Verification is a design methodology that integrates Formal Methods as part of the design process. As each module is designed, the designer expresses the functional, structural and interface requirements of the module as logical formulas ...

There is a wide variety of message-passing communication models, ranging from synchronous "rendez-vous" communications to fully asynchronous/out-of-order communications. For large-scale distributed systems, the communication model is determined by the ...

Dynamic program analysis tools such as Eraser, TaintCheck, or ThreadSanitizer abstract the contents of individual memory locations and store the abstraction results in a separate data structure called shadow memory. They then use this meta-information ...

We present VeriFuzz 1.2 with two new enhancements: (1) unroll the given program to a short depth and use BMC to produce incomplete test inputs, which are extended into complete inputs, and (2) if BMC fails for this short unrolling, automatically ...

FuSeBMC is a test generator for finding security vulnerabilities in C programs. In Test-Comp 2021, we described a previous version that incrementally injected labels to guide Bounded Model Checking (BMC) and Evolutionary Fuzzing engines to produce ...

We describe and evaluate a novel white-box fuzzer for C programs named FuSeBMC, which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. FuSeBMC explores and analyzes C ...

ESBMC is an SMT-based bounded model checker for real-world C programs. Such programs often represent real numbers using the floating-points, most commonly, the IEEE floating-point standard (IEEE 754-2008). Thus, ESBMC now includes a new floating-...

Software testing is a time consuming and error prone activity, mostly manual in most industries. One approach to increase productivity is to automatically generate tests. In this paper, we focus on automatic generation of structural unit tests of ...

Recently, the k-induction algorithm has proven to be a successful approach for both finding bugs and proving correctness. However, since the algorithm is an incremental approach, it might waste resources trying to prove incorrect programs. In this paper,...

In this paper, we present SAFEPROVER, a formal verification tool based on bounded model checking (BMC) and which uses a set of algorithms derived from the K-Induction principle [1] for invariant satisfaction and lemma generation. The main novelty ...

We investigate a SAT-based bounded model checking (BMC) method for EMTLK (the existential fragment of the metric temporal logic with knowledge) that is interpreted over timed models generated by timed interpreted systems. In particular, we translate the ...