counter examples
play

COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas - PowerPoint PPT Presentation

Oct 09, 2022 •446 likes •992 views

FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas

  1. FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira Rocha, Raimundo Barreto, Lucas Cordeiro and Arilo Dias Netto

  2. Agenda 1. Introduction 2. Background 3. Proposed Method 4. Experimental Results 5. Related Work 6. Conclusions and Future Work UFAM/IComp/PPGI iFM'2012 2

  3. Introduction Software Applications UFAM/IComp/PPGI iFM'2012 3

  4. Introduction Model Checking  In the last few years, we can observe a trend towards the application of formal verification techniques to the implementation level ;  BMCs have gained popularity due to their ability to handle the full semantics of actual programming languages, and to support the verification of a rich set of properties . UFAM/IComp/PPGI iFM'2012 4

  5. Introduction And what are we proposing? The EZProofC Method  To apply a software bounded model checker , in this case ESBMC (Efficient SMT-Based Context-Bounded Model Checker);  To verify critical parts of a software written in the C programming language;  To gather data to show the evidence that failures might happen. UFAM/IComp/PPGI iFM'2012 5

  6. Introduction The motivation of this work - EZProofC  Data collected by verification tools is usually not trivial to be understood:  Amount of variables;  Values involved in the counter-example;  The lack of a standard output to represent the counter-example;  Our techniques can also be applied to other programming languages like C++ and Java UFAM/IComp/PPGI iFM'2012 6

  7. Agenda 1. Introduction 2. Background 3. Proposed Method 4. Experimental Results 5. Related Work 6. Conclusions and Future Work UFAM/IComp/PPGI iFM'2012 7

  8. Introduction -> Background Bounded Model Checking  The basic idea of BMC is to check ( the negation of ) a given property at a given depth.  Transition system 𝑁 unrolled 𝑙 times  for programs: unroll loops, unfold arrays, …  Translated into verification condition 𝝎 such that  𝝎 satisfiable iff 𝝌 has counterexample of max. depth 𝒍 . UFAM/IComp/PPGI iFM'2012 8

  9. Introduction -> Background Context-Bounded Model Checking with ESBMC ESBMC is a bounded model checker for embedded ANSI-C software based on SMT (Satisfiability Modulo Theories) solvers, which allows:  Data races;  Out-of-bounds array indexing;  Deadlocks;  Division by zero;  Underflow e Overflow;  Pointers safety  Dynamic memory allocation; UFAM/IComp/PPGI iFM'2012 9

  10. Introduction -> Background Counter-Example  A counter-example is a trace that shows that a given property does not hold in the model;  Counter-examples allow the user: i. to analyze the failure; ii. to understand the root of the error; iii. to correct either the specification or the model, in this case, from the property and the program that has been analyzed respectively. UFAM/IComp/PPGI iFM'2012 10

  11. Agenda 1. Introduction 2. Background 3. Proposed Method 4. Experimental Results 5. Related Work 6. Conclusions and Future Work UFAM/IComp/PPGI iFM'2012 11

  12. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 1 UFAM/IComp/PPGI iFM'2012 12

  13. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 2 1 UFAM/IComp/PPGI iFM'2012 13

  14. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 2 1 3 UFAM/IComp/PPGI iFM'2012 14

  15. Introduction -> Background -> Proposed Method EZProofC “ An easy way to demonstrate and verify errors in C code ” 2 4 1 3 UFAM/IComp/PPGI iFM'2012 15

  16. Introduction -> Background -> Proposed Method First Step: Code Preprocessing 1. # define INSIZE 14 UNCRUSTIFY 2. int main (void){ 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { 7. i=0; 8. idx_in++; 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; tTflag_arr_two_loops_bad.c 15. c = in[idx_in]; from Verisec benchmark 16. } 17. } 18. } UFAM/IComp/PPGI iFM'2012 16

  17. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC UFAM/IComp/PPGI iFM'2012 17

  18. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number UFAM/IComp/PPGI iFM'2012 18

  19. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number The variables involved UFAM/IComp/PPGI iFM'2012 19

  20. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number The variables involved The specific value for variable UFAM/IComp/PPGI iFM'2012 20

  21. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC The line number The variables involved The specific value for variable Violated Property UFAM/IComp/PPGI iFM'2012 21

  22. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC 1. # define INSIZE 14 2. int main (void){ 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { 7. i=0; 8. idx_in++; 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; 15. c = in[idx_in]; 16. } Property “ idx_in < 15 ” that has 17. } been violated 18. } UFAM/IComp/PPGI iFM'2012 22

  23. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC 1. # define INSIZE 14 Define the BOUND 2. int main (void){ [0 .. 14] 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { 7. i=0; 8. idx_in++; 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; 15. c = in[idx_in]; 16. } Property “ idx_in < 15 ” that has 17. } been violated 18. } UFAM/IComp/PPGI iFM'2012 23

  24. Introduction -> Background -> Proposed Method Second Step: Model Checking with ESBMC 1. # define INSIZE 14 Define the BOUND 2. int main (void){ [0 .. 14] 3. unsigned char in[INSIZE+1]; 4. ... 5. if (c == `-') 6. { Loop doesn't 7. i=0; control the value of 8. idx_in++; the variable 9. c = in[idx_in]; 10. while ((`0' <= c) && (c <= `9')) 11. { 12. j = c - `0'; 13. i = i * 10 + j; 14. idx_in++; 15. c = in[idx_in]; 16. } Property “ idx_in < 15 ” that has 17. } been violated 18. } UFAM/IComp/PPGI iFM'2012 24

  25. Introduction -> Background -> Proposed Method Third Step: Code Instantiation 1. Input : Code, CE_Out The runtime complexity is 2. Output : New_instanced_code.c 𝑷(𝒐 + 𝒏) 3. 4. BEGIN 5. Analysis The counter-example (CE_Out) and C program to collect several 6. pieces of information 7. FOREACH line from the C program 8. IF the line number identified (counter-example) is equal to the line 9. number of the C program 10. IF the violated property is in a set of specific cases 11. Apply a Trigger for a specific case 12. Generate and write a new line using variable values from 13. counter-example 14. ELSE Generate and write a new line using variable values from 15. counter-example 16. ELSE Write the line from the C program 17. END UFAM/IComp/PPGI iFM'2012 25

  26. Introduction -> Background -> Proposed Method Third Step: Code Instantiation 1. Input : Code, CE_Out FIRST PHASE: Collect several pieces of 2. Output : New_instanced_code.c information 3. 4. BEGIN 5. Analysis The counter-example (CE_Out) and C program to collect several 6. pieces of information 7. FOREACH line from the C program 8. IF the line number identified (counter-example) is equal to the line line = 14, var =idx_in and 9. number of the C program 10. IF the violated property is in a set of specific cases value = 15 11. Apply a Trigger for a specific case 12. Generate and write a new line using variable values from 13. counter-example 14. ELSE Generate and write a new line using variable values from 15. counter-example 16. ELSE Write the line from the C program 17. END UFAM/IComp/PPGI iFM'2012 26

  27. Introduction -> Background -> Proposed Method Third Step: Code Instantiation 1. Input : Code, CE_Out SECOND PHASE: Generate a new 2. Output : New_instanced_code.c instanced code 3. 4. BEGIN 5. Analysis The counter-example (CE_Out) and C program to collect several 6. pieces of information 7. FOREACH line from the C program 8. IF the line number identified (counter-example) is equal to the line 9. number of the C program 10. IF the violated property is in a set of specific cases 11. Apply a Trigger for a specific case 12. Generate and write a new line using variable values from 13. counter-example 14. ELSE Generate and write a new line using variable values from 15. counter-example 16. ELSE Write the line from the C program 17. END UFAM/IComp/PPGI iFM'2012 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Does COUNTER tell the whole story? Case-by-case examples demonstrating the limitations of

Does COUNTER tell the whole story? Case-by-case examples demonstrating the limitations of

Does COUNTER tell the whole story? Case-by-case examples demonstrating the limitations of COUNTER, and suggestions for alternative evaluation metrics CARLI Spring Forum on Collections Data Analysis and Maintenance Governors State University,

467 views • 23 slides
Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples

Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples

Portrait of the intuitionist as an Opponent in Dialogues. Embedding brouwerian counter-examples within classical plays Clment Lion. University of Lille, France clement.lion@univ-lille.fr Brouwer (1881-1966) explicitly rejected axiomatic

566 views • 23 slides
Preliminaries Counter-examples to the color-based approach A two-stage approach Discussion

Preliminaries Counter-examples to the color-based approach A two-stage approach Discussion

Outline Preliminaries Counter-examples to the color-based approach A two-stage approach Discussion Interpolation systems for non-ground proofs 1 Maria Paola Bonacina Dipartimento di Informatica Universit` a degli Studi di Verona Verona,

999 views • 44 slides
Counter-examples to the Hirsch conjecture arXiv:1006.2814 Francisco Santos

Counter-examples to the Hirsch conjecture arXiv:1006.2814 Francisco Santos

The conjecture Motivation: LP Why n d ? The construction (I) The construction(s) (II) Its limitations Conclusion Counter-examples to the Hirsch conjecture arXiv:1006.2814 Francisco Santos http://personales.unican.es/santosf/Hirsch

2.18k views • 161 slides
8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim (cj@coe.psu.ac.th) 8051 Timer/Counter Two internal Timers/Counters 16-bit timer/counter Timer uses system clock as source of input pulses Counter uses external

273 views • 8 slides
Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford

Counter Braids: A novel counter architecture Balaji Prabhakar Balaji Prabhakar Stanford University Joint work with: Yi Lu, Andrea Montanari , Sarang Dharmapurikar and Abdul Kabbani Overview Counter Braids Background: current

601 views • 30 slides
Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C

Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C

C.1 C.2 Counter/Timers Overview ATmega328P has two 8-bit and one 16-bit counter/timers. Unit C Timers and Counters Can count at some rate up to a value, generate an interrupt and start over counting from 0. Useful for performing

402 views • 5 slides
Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do

Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do

Can We Understand Performance Counter Results? Vince Weaver ICL Lunch Talk 23 July 2010 How Do We Know if Counters are Working? Three common failures: Wrong counter (PAPI, Kernel, User) Counter works but gives wrong values Counter

376 views • 36 slides
LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

LETS PLAY! 100 99 98 97 96 O o p s , S o Salty just got a little u r P s u s

How to play: Each player puts their counter on the space that says 'START'. Take it in turns to roll the dice. Move your counter forward the number of spaces shown on the dice. If your counter lands at the bottom of a ladder, you can move up to

390 views • 5 slides
For Loops and Arrays November 13, 2008 Counting Initialize counter Test counter against limit

For Loops and Arrays November 13, 2008 Counting Initialize counter Test counter against limit

For Loops and Arrays November 13, 2008 Counting Initialize counter Test counter against limit int fireworkCount = 0; while (fireworkCount &lt; NUM_IN_FINALE) { new Firework (...); Repeating Task fireworkCount++; } Increment counter

527 views • 4 slides
Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 1 Introduction to Counter Systems St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA ESSLLI 2010, Copenhagen, August 2010 What is in the course? Analysis of Counter Systems

778 views • 65 slides
Verilog HDL:Digital Design and Modeling Chapter 11 Additional Design Examples Chapter 11

Verilog HDL:Digital Design and Modeling Chapter 11 Additional Design Examples Chapter 11

Chapter 11 Additional Design Examples 1 Verilog HDL:Digital Design and Modeling Chapter 11 Additional Design Examples Chapter 11 Additional Design Examples 2 Page 604 //structural 3-bit johnson counter module ctr_johnson3

1.05k views • 104 slides
Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata

Decidability and complexity issues for subclasses of counter systems Lecture 4 Counter automata with finite monoid property and flatness St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA Course 2.9 MPRI

921 views • 56 slides
8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim

8051 Serial Port and Timer/Counter Serial Port Timer Counter Chatchai Jantaraprim (cj@coe.psu.ac.th) 8051 Serial Port Serial communications High speed CMOS signal levels Full duplex No modem status/control signals Registers SBUF Two

661 views • 7 slides
Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri

Decidable Problems for Counter Systems Day 5 Model-Checking Counter Systems St ephane Demri demri@lsv.ens-cachan.fr LSV, ENS Cachan, CNRS, INRIA ESSLLI 2010, Copenhagen, August 2010 Plan of the talk Previous lectures: CS,

823 views • 59 slides
Amortized Analysis The n-bit Counter 1 1 Problem of the Day Rob has a startup. Each time he

Amortized Analysis The n-bit Counter 1 1 Problem of the Day Rob has a startup. Each time he

Amortized Analysis The n-bit Counter 1 1 Problem of the Day Rob has a startup. Each time he gets a new user, he increments a giant stone counter his investors (VC) erected in downtown San Francisco that's a sequence of 6 stone tablets

1.05k views • 83 slides
CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats

CBEFF CBEFF Common Biometric Exchange Formats Framework Common Biometric Exchange Formats Framework 6 March 2009 Catherine Tilton W3C Workshop on SIV What is a CBEFF? CBEFF describes a structure and set of metadata elements necessary to

173 views • 13 slides
CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall

CMPSC 311- Introduction to Systems Programming Module: Signals Professor Patrick McDaniel Fall 2014 CMPSC 311 - Introduction to Systems Programming UNIX Signals A signal is a special message sent through the OS to tell a process (or

389 views • 14 slides
ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002

ANSI X9.44 and IETF TLS Russ Housley and Burt Kaliski RSA Laboratories November 2002 Introduction ANSI X9.44 specifies key establishment schemes based on the RSA algorithm currently in draft form Schemes selected to reflect and

571 views • 11 slides
REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm

REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm

REPORT OF BREAKOUT SESSION 2(b) Management System Standards June 25, 2009 2:00 pm to 3:30 pm ANSI Workshop: Generating U.S. Input on the ISO Strategic Plan 20112015 June 2526, 2009 1 Management Systems Standards Key

1.02k views • 4 slides
Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and Information

Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and Information

Transaction Processing in ANSI SQL file:///Users/jrg/235-2020-SPRING/SLIDES/WEEK06/13transactionsinsql/13transactionsinsql.html#1 CSCI235 Database Systems Transaction Processing in ANSI SQL Dr Janusz R. Getta School of Computing and

545 views • 19 slides
How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You

How to manipulate standards Daniel J. Bernstein Verizon Communications Inc. LICENSE: You understand and hereby agree that the audio, video, and text of this presentation are provided as is, without warranty of any kind, whether expressed

961 views • 68 slides
The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh

The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh

The CBMC bounded model checker for C Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2017 Sources CBMC: Bounded Model Checking for ANSI-C Introductory slides on CBMC from CProver website. V1.0, 2010.

500 views • 5 slides
C to assembly / C 1 last time AT&amp;T syntax destination last jmp * lea condition codes

C to assembly / C 1 last time AT&amp;T syntax destination last jmp * lea condition codes

C to assembly / C 1 last time AT&amp;T syntax destination last jmp * lea condition codes ZF, SF, CF, OF set by last arithmetic instruction ZF = result was zero SF = result was negative (sign bit set) CF = overfmow if treating

1.98k views • 160 slides

More recommend