research-article

Sireum/Topi LDP: a lightweight semi-decision procedure for optimizing symbolic execution-based analyses

Authors:

Xianghua DengAuthors Info & Claims

ESEC/FSE '09: Proceedings of the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering

Pages 355 - 364

https://doi.org/10.1145/1595696.1595762

Published: 24 August 2009 Publication History

Abstract

Automated theorem proving techniques such as Satisfiability Modulo Theory (SMT) solvers have seen significant advances in the past several years. These advancements, coupled with vast hardware improvements, have drastic impact on, for example, program verification techniques and tools. The general availability of robust general purpose solvers have reduced a significant engineering overhead when designing and developing program verifiers. However, most solver implementations are designed to be used as a black box, and due to their aim as general purpose solvers, they often miss optimization opportunities that can be done by leveraging domain-specific knowledge.

This paper presents our effort to leverage domain-specific knowledge for optimizing symbolic execution (SymExe)-based analyses; we present optimization techniques incorporated as a lightweight semi-decision procedure (LDP) that provides up to an order of magnitude faster analysis time when analyzing realistic programs and well-known algorithms. LDP sits in the middle between a SymExe-based analysis tool and an existing SMT solver; it aims to reduce the number of solver calls by intercepting them and attempting to solve constraints using its lightweight deductive engine.

References

[1]

S. Anand, C. S. Pasareanu, and W. Visser. JPF-SE: A symbolic execution extension to Java PathFinder. In Proceedings of the 13th International Conference on Tools and Algorithms for Construction and Analysis of Systems (TACAS), pages 134--138, 2007.

Digital Library

[2]

L. Baresi, C. Ghezzi, and L. Mottola. On accurate automatic verification of publish-subscribe architectures. In Proceedings of the 29th International Conference on Software Engineering (ICSE), pages 199--208. IEEE Computer Society, 2007.

Digital Library

[3]

C. Barrett, S. Ranise, A. Stump, and C. Tinelli. The Satisfiability Modulo Theories Library (SMT-LIB). www.SMT-LIB.org, 2008.

[4]

C. Barrett and C. Tinelli. CVC3. In Proceedings of the 19th International Conference on Computer Aided Verification (CAV), volume 4590 of Lecture Notes in Computer Science, pages 298--302. Springer-Verlag, 2007.

Digital Library

[5]

P. Baumgartner, A. Fuchs, and C. Tinelli. Lemma learning in the model evolution calculus. In Proceedings of the 13th International Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR), volume 4246 of Lecture Notes in Computer Science, pages 572--586. Springer, 2006.

Digital Library

[6]

J. Belt, Robby, and X. Deng. Sireum/Topi LDP: A lightweight semi-decision procedure for optimizing symbolic execution-based analyses. Technical Report SAnToS TR2009-03-16, Kansas State University, 2009.

[7]

C. Cadar, D. Dunbar, and D. R. Engler. Klee: Unassisted and automatic generation of high-coverage tests for complex systems programs. In Proceedings of the 8th USENIX Symposium on Operating Systems Design and Implementation (OSDI), pages 209--224. USENIX Association, 2008.

Digital Library

[8]

E. Clarke, O. Grumberg, and D. Peled. Model Checking. MIT Press, Jan. 2000.

Digital Library

[9]

M. B. Cohen, M. B. Dwyer, and J. Shi. Exploiting constraint solving history to construct interaction test suites. In Proceedings of the Testing: Academic and Industrial Conference Practice and Research Techniques (TAIC PART), pages 121--132. IEEE Computer Society, 2007.

Digital Library

[10]

P. Cousot and R. Cousot. Static determination of dynamic properties of programs. In Proceedings of the 2nd International Symposium on Programming, pages 106--130. Dunod, Paris, France, 1976.

[11]

L. de Moura. Personal communication, 2009.

[12]

L. M. de Moura and N. Bjørner. Z3: An efficient SMT solver. In 14th International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS 2008), volume 4963 of Lecture Notes in Computer Science, pages 337--340. Springer, 2008.

Digital Library

[13]

X. Deng, J. Lee, and Robby. Bogor/Kiasan: A k-bounded symbolic execution for checking strong heap properties of open systems. In Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering (ASE), pages 157--166, 2006.

Digital Library

[14]

X. Deng, Robby, and J. Hatcli. Kiasan/KUnit: Automatic test case generation and analysis feedback for open object-oriented systems. In Proceedings of the Testing: Academic and Industrial Conference - Practice and Research Techniques (TAIC PART), 2007.

Digital Library

[15]

X. Deng, Robby, and J. Hatcli. Towards a case-optimal symbolic execution algorithm for analyzing strong properties of ob ject-oriented programs. In Proceedings of the 5th IEEE International Conference on Software Engineering and Formal Methods (SEFM), pages 273--282. IEEE Computer Society, 2007.

Digital Library

[16]

N. Dershowitz and J.-P. Jouannaud. Rewrite systems. In Handbook of Theoretical Computer Science, Volume B: Formal Models and Sematics, pages 243--320, 1990.

Digital Library

[17]

B. Duterte. Personal communication, 2008.

[18]

B. Dutertre and L. de Moura. The Yices SMT solver. Tool paper at http://yices.csl.sri.com/tool-paper.pdf, August 2006.

[19]

M. B. Dwyer, J. Hatcli, Robby, and V. P. Ranganath. Exploiting object escape and locking information in partial-order reductions for concurrent object-oriented programs. Formal Methods in System Design (FMSD), 25(2-3):199--240, 2004.

Digital Library

[20]

J. C. King. Symbolic execution and program testing. Communications of the ACM, 19(7):385--394, 1976.

Digital Library

[21]

D. Kroening, O. Strichman, and R. E. Bryant. Decision Procedures: An Algorithmic Point of Views. Springer, jul 2008.

Digital Library

[22]

G. T. Leavens, A. L. Baker, and C. Ruby. JML: a Java modeling language. In Formal Underpinnings of Java Workshop (at OOPSLA'98), 1998.

[23]

R. Moore. Interval Analysis. Prentice Hall, 1966.

[24]

F. Nielson, H. R. Nielson, and C. Hankin. Principles of Program Analysis. Springer-Verlag New York, Inc., Secaucus, NJ, USA, 1999.

Digital Library

[25]

O. Rüthing, J. Knoop, and B. Steen. Detecting equalities of variables: Combining efficiency with precision. In Proceedings of the 6th International Symposium on Static Analysis (SAS), pages 232--247. Springer-Verlag, 1999.

Digital Library

[26]

K. Sen, D. Marinov, and G. Agha. CUTE: a concolic unit testing engine for c. In Proceedings of the 10th European Software Engineering Conference (ESEC) held jointly with 13th ACM SIGSOFT International Symposium on Foundations of Software Engineering (FSE), pages 263--272. ACM, 2005.

Digital Library

[27]

S. F. Siegel, A. Mironova, G. S. Avrunin, and L. A. Clarke. Using model checking with symbolic execution to verify parallel numerical programs. In Proceedings of the 2006 International Symposium on Software Testing and Analysis (ISSTA), pages 157--168. ACM, 2006.

Digital Library

[28]

C. Tinelli. A DPLL-based calculus for ground satisfiability modulo theories. In Proceedings of the European Conference on Logics in Artificial Intelligence (JELIA), pages 308--319. Springer-Verlag, 2002.

Digital Library

[29]

K. Waldén and J.-M. Nerson. Seamless object-oriented software architecture: analysis and design of reliable systems. Prentice-Hall, Inc., Upper Saddle River, NJ, USA, 1995.

Digital Library

[30]

Sireum website. http://www.sireum.org, 2009.

Cited By

Chen JHe F(2021)Leveraging Control Flow Knowledge in SMT Solving of Program VerificationACM Transactions on Software Engineering and Methodology10.1145/344621130:4(1-26)Online publication date: 10-May-2021
https://dl.acm.org/doi/10.1145/3446211
Robby Hatcliff J(2021)Slang: The Sireum Programming LanguageLeveraging Applications of Formal Methods, Verification and Validation10.1007/978-3-030-89159-6_17(253-273)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-89159-6_17
Ponzio PGodio ARosner NArroyo MAguirre NFrias M(2021)Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field BoundsFundamental Approaches to Software Engineering10.1007/978-3-030-71500-7_11(218-239)Online publication date: 27-Mar-2021
https://dl.acm.org/doi/10.1007/978-3-030-71500-7_11
Show More Cited By

Index Terms

Recommendations

Program analysis via satisfiability modulo path programs
POPL '10

Path-sensitivity is often a crucial requirement for verifying safety properties of programs. As it is infeasible to enumerate and analyze each path individually, analyses compromise by soundly merging information about executions along multiple paths. ...
Program analysis via satisfiability modulo path programs
POPL '10: Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages

Path-sensitivity is often a crucial requirement for verifying safety properties of programs. As it is infeasible to enumerate and analyze each path individually, analyses compromise by soundly merging information about executions along multiple paths. ...
Verified decision procedures for MSO on words based on derivatives of regular expressions
ICFP '13: Proceedings of the 18th ACM SIGPLAN international conference on Functional programming

Monadic second-order logic on finite words (MSO) is a decidable yet expressive logic into which many decision problems can be encoded. Since MSO formulas correspond to regular languages, equivalence of MSO formulas can be reduced to the equivalence of ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

ESEC/FSE '09: Proceedings of the 7th joint meeting of the European software engineering conference and the ACM SIGSOFT symposium on The foundations of software engineering

August 2009

408 pages

ISBN:9781605580012

DOI:10.1145/1595696

General Chair:
Hans van Vliet
VU University Amsterdam, The Netherlands
,
Program Chair:
Valerie Issarny
INRIA-Paris-Rocquencourt, France

Copyright © 2009 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 August 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ESEC/FSE09

Sponsor:

ESEC/FSE09: Joint 12th European Software Engineering Conference

August 24 - 28, 2009

Amsterdam, The Netherlands

Acceptance Rates

ESEC/FSE '09 Paper Acceptance Rate 32 of 217 submissions, 15%;

Overall Acceptance Rate 112 of 543 submissions, 21%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

23
Total Citations
View Citations
230
Total Downloads

Downloads (Last 12 months)2
Downloads (Last 6 weeks)0

Reflects downloads up to 20 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Chen JHe F(2021)Leveraging Control Flow Knowledge in SMT Solving of Program VerificationACM Transactions on Software Engineering and Methodology10.1145/344621130:4(1-26)Online publication date: 10-May-2021
https://dl.acm.org/doi/10.1145/3446211
Robby Hatcliff J(2021)Slang: The Sireum Programming LanguageLeveraging Applications of Formal Methods, Verification and Validation10.1007/978-3-030-89159-6_17(253-273)Online publication date: 17-Oct-2021
https://dl.acm.org/doi/10.1007/978-3-030-89159-6_17
Ponzio PGodio ARosner NArroyo MAguirre NFrias M(2021)Efficient Bounded Model Checking of Heap-Manipulating Programs using Tight Field BoundsFundamental Approaches to Software Engineering10.1007/978-3-030-71500-7_11(218-239)Online publication date: 27-Mar-2021
https://dl.acm.org/doi/10.1007/978-3-030-71500-7_11
Yao PShi QHuang HZhang CKhurshid SPăsăreanu C(2020)Fast bit-vector satisfiabilityProceedings of the 29th ACM SIGSOFT International Symposium on Software Testing and Analysis10.1145/3395363.3397378(38-50)Online publication date: 18-Jul-2020
https://dl.acm.org/doi/10.1145/3395363.3397378
Uva MPonzio PRegis GAguirre NFrias M(2018)Automated workarounds from Java program specifications based on SAT solvingInternational Journal on Software Tools for Technology Transfer (STTT)10.5555/3288063.328808320:6(665-688)Online publication date: 1-Nov-2018
https://dl.acm.org/doi/10.5555/3288063.3288083
Chen JHe FHuchard MKästner CFraser G(2018)Control flow-guided SMT solving for program verificationProceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering10.1145/3238147.3238218(351-361)Online publication date: 3-Sep-2018
https://dl.acm.org/doi/10.1145/3238147.3238218
Uva MPonzio PRegis GAguirre NFrias M(2018)Automated workarounds from Java program specifications based on SAT solvingInternational Journal on Software Tools for Technology Transfer10.1007/s10009-018-0503-820:6(665-688)Online publication date: 10-Aug-2018
https://doi.org/10.1007/s10009-018-0503-8
Uva MPonzio PRegis GAguirre NFrias M(2017)Automated Workarounds from Java Program Specifications Based on SAT SolvingProceedings of the 20th International Conference on Fundamental Approaches to Software Engineering - Volume 1020210.1007/978-3-662-54494-5_20(356-373)Online publication date: 22-Apr-2017
https://dl.acm.org/doi/10.1007/978-3-662-54494-5_20
Aquino ABianchi FChen MDenaro GPezzè MYoung MXie T(2015)Reusing constraint proofs in program analysisProceedings of the 2015 International Symposium on Software Testing and Analysis10.1145/2771783.2771802(305-315)Online publication date: 13-Jul-2015
https://dl.acm.org/doi/10.1145/2771783.2771802
Cuervo Parrino BGaleotti JGarbervetsky DFrias M(2015)TacoFlowSoftware and Systems Modeling (SoSyM)10.1007/s10270-014-0401-914:1(45-63)Online publication date: 1-Feb-2015
https://dl.acm.org/doi/10.1007/s10270-014-0401-9
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten