Guang Chen,Dexi Wang,Tianchi Li,Chao Zhang,Ming Gu,Jiaguang Sun

DOI: https://doi.org/10.1109/apsec.2018.00027

2018-01-01

Abstract:Software verification has been well applied in safety critical areas and has shown the ability to provide better quality assurance for modern software. However, as lines of code and complexity of software systems increase, the scalability of verification becomes a challenge. In this paper, we present an automatic software verification framework TSV to address the scalability issues: (i) the extended structural abstraction and property-guided program slicing to solve large-scale program verification problem, saving time and memory without losing accuracy; (ii) automatically select different verification methods according to the program and property context to improve the verification efficiency. For evaluation, we compare TSV's different configurations with existing C program verifiers based on open benchmarks. We found that TSV with auto-selection performs better than with bounded model checking only or with extended structural abstraction only. Compared to existing tools such as CMBC and CPAChecker, it acquires 10%-20% improvement of accuracy and 50%-90% improvement of memory consumption.

Dexi Wang,Chao Zhang,Guang Chen,Ming Gu,Jiaguang Sun

2016-01-01

Abstract:The C programming language is widely used in safety-critical software systems. With its large appliance and increasing complexity, the need of ensuring the correctness of C codes emerged. This paper presents Ceagle , a fully automated program verifier for finding assertion violations in C programs. It is decent in both accuracy and efficiency by using a semantically equivalent program model language that is specifically designed for C program, together with various optimizations that make the satisfiability checking faster and memoryfriendly. More specifically, Ceagle uses LLVM clang as front-end parser, an extended labeled transition system as program model, and Z3 SMT solver as the back-end satisfiability checker. Ceagle is designed to be fully automatic and requires no user interaction as long as the assertions are provided. For evaluation, we compare Ceagle with existing C program verifiers based on open benchmarks. Ceagle outperforms others in terms of accuracy, and time and memory consumption.

Junyan Qian,Baowen Xu

DOI: https://doi.org/10.15388/informatica.2007.178

2007-01-01

Informatica

Abstract:Iterative abstraction refinement has emerged in the last few years as the leading approach to software model checking. We present an approach for automatically verifying C programs against safety specifications based on finite state machine. The approach eliminates unneeded variables using program slicing technique, and then automatically extracts an initial abstract model from C source code using predicate abstraction and theorem proving. In order to reduce time complexities, we partition the set of candidate predicates into subsets, and construct abstract model independently. On the basis of a counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Our methods can be extended to verifying concurrency C programs by parallel composition.

Jingyuan Cao,Ming Fu,Xinyu Feng

DOI: https://doi.org/10.1145/2676724.2693162

2015-01-01

Abstract:Proof automation is essential for large scale proof development such as OS kernel verification. An effective approach is to develop tactics and SMT solvers to automatically prove verification conditions. However, for complex systems, it is almost impossible to achieve fully automated verification and human interactions are unavoidable. So the key challenge here is, on the one hand, to reduce manual proofs as much as possible, and on the other hand, to provide user-friendly error messages when the automated verification fails, so that users could adjust specifications or the code accordingly, or to do part of the proofs manually.In this paper we propose a set of practical tactics for verifying C programs in Coq, including both tactics for automatically proving separation logic assertions and ones for automatic verification condition generation. In particular, we develop special tactics for verifying programs manipulating singly-linked lists. Using our tactics we are able to verify several C programs with one-line proof script. Another key feature of our tactics is that, if the tactics fail, they allow users to easily locate problems causing the failure by looking into the remaining subgoals, which greatly improves the usability when human interaction is necessary.

Xiang Du,Liangze Yin,Haining Feng,Wei Dong

DOI: https://doi.org/10.1109/apsec53868.2021.00033

2021-01-01

Abstract:Due to the non-deterministic occurring of interrupt service routines, vulnerabilities of interrupt-driven programs, such as data race and atomicity violation, are usually hard to discover. Static analysis is an effective method for vulnerability analysis of interrupt-driven programs. However, existing techniques usually produce a large number of false alarms, which limits the application of static analysis in practice. To achieve high precision in vulnerability analysis of interrupt-driven programs, this paper proposes a program verification enhanced precise analysis method. For each potential vulnerability detected by static analysis, we propose a vulnerability validation approach which employs program verification to further automatically verify its feasibility. We have implemented a prototype of our method on top of CBMC. Experimental results on both an academic benchmark and 24 real-world programs show that our method can successfully identify true vulnerabilities and achieve a high precise analysis.

Yu Tan,Dianfu Ma,Lei Qiao

DOI: https://doi.org/10.1155/2021/8352267

2021-01-01

Wireless Communications and Mobile Computing

Abstract:With the rapid increase in the number of wireless terminals and the openness of wireless networks, the security of wireless communication is facing serious challenges. The safety and security of computer communication have always been a research hotspot, especially the wireless communication that still has a more complex architecture which leads to more safety problems in the communication system development. In recent years, more and more wireless communication systems are applied in the safety-critical field which tends to need high safety guarantees. A compiler is an important tool for system development, and its safety and reliability have an important impact on the development of safety-critical software. As the strictest method, formal verification methods have been widely paid attention to in compiler verification, but the current formal verification methods have some problems, such as high proof complexity, weak verification ability, and low algorithm efficiency. In this paper, a compiler formal verification method based on safety C subsets is proposed. By abstracting the concept of C grammar units from safety C subsets, the formal verification of the compiler is transformed into the verification of limited C grammar units. In this paper, an axiom system of first-order logic and special axioms are introduced. On this axiom system, the semantic consistency verification of C grammar unit and target code pattern is completed by means of theorem proving, and the formal verification of the compiler is completed.

Yonghua Xiong,Ke Li,Zhentao Liu,Jinhua She

DOI: https://doi.org/10.20965/jaciii.2021.p0248

2021-01-01

Journal of Advanced Computational Intelligence and Intelligent Informatics

Abstract:In recent years, there have been several breakthroughs in the theoretical research of servo control algorithms. However most of these control algorithms remain in the simulation stage. They are difficult to be applied directly to practical platforms or complex industrial sites because of the lack of an experimental system suitable for the verification of their effectiveness. To address this problem, we designed a multi-function servo control algorithm verification experiment system (MVES) within the MATLAB/Simulink theoretical simulation model directly to communicate with the TwinCAT 3 PLC master program to perform different servo control experiments. The MVES supports various Simulink models. However, its and the operation is simple and convenient, which greatly reduces the workload of the algorithm test and has important practical value. Two sets of comparative experiments were used to verify the versatility and superiority of MVES.

zhang yu,dong yunwei,feng wenlong,huang mengxing

DOI: https://doi.org/10.13328/j.cnki.jos.005214

2017-01-01

Abstract:Cyber-Physical System(CPS) tightly integrates control software and embedded components, incorporating software with control domains. CPSs are pervasive and often mission-critical, therefore, they must have high level of security. With the extensive use of information technology, embedded control software plays a greater role in such systems. The close interactions between control software and embedded components demand co-verification. In this paper, an automata-theoretic approach is presented to co-verification. Co-verification, which verifies control software and embedded components together, is essential to establish the correctness of a complete system. The foundation of this approach is a unified model for co-verification and reachability analysis of the model. The LTL formula is converted into a Büchi automata, which is interleaved with the execution of the unified model under analysis. An online-capture offline-replay approach is proposed to improve the usefulness for formal verification. Case studies on a suite of realistic examples show that the presented approach has major potential in verifying system level properties, therefore improving the high-assurance of system.

David Sanan,Liu Yang,Zhao Yongwang,Xing Zhenchang,Mike Hinchey

DOI: https://doi.org/10.1109/iceccs.2015.23

2015-01-01

Abstract:In order to facilitate proof of correctness, micro-kernels are based on simplicity, providing an application only with the minimal set of features it needs in order to to work. However, simplicity alone does not guarantee the absence of bugs and software errors, and the complexity of an OS often makes such problems difficult to find and fix. In this work, we prove the functional correctness of an abstract model for the C implementation of the cyclic linked list in the real-time micro-kernel FreeRTOS, which is used in the FreeRTOS scheduler, its correctness being of critical importance for the real-time properties of FreeRTOS. The formal specification of the functional properties of FreeRTOS also provides a guide for a correct use of the functions that the implementation provides, since it lacks checks on the data. Additionally, we prove the correctness of the machine code resulting from compiling the implementation targeting the ARM architecture. Following a verification approach based on refinement, we first construct the abstract model of the implementation, where we prove both the cyclic linked list invariant and the correctness of the implementation behaviour for any list in the heap using separation logic. Second, we leverage existing machine code verification frameworks to get a HOL model of the FreeRTOS linked list compiled machine code, and we apply forward simulation to prove that such a machine code model refines the abstract model, and therefore satisfies the properties already proven over the specification.

Meng Wang,Cong Tian,Nan Zhang,Zhenhua Duan,Hongwei Du

DOI: https://doi.org/10.1007/s10878-018-0343-1

2018-01-01

Journal of Combinatorial Optimization

Abstract:It is of great importance to ensure safety and reliability of the scheduling protocol of safety-critical systems since the failure will cause serious damage. This paper analyzes a real-time scheduling protocol of a safety-critical system and models it using a Modeling, Simulation and Verification Language program. Further, the schedulability and other desired properties are specified using Propositional Projection Temporal Logic formulas. As a result, these properties are proved with theorem proving and further verified using the runtime verification approach at code level.

Kuanjiu Zhou,Jiawei Yong,Xiaolong Wang,Longtao Ren,Gang Hou,Junwang Chang

DOI: https://doi.org/10.1007/978-3-642-45293-2_26

2013-01-01

Abstract:Model checking technique has been gradually applied to verify the reliability of software systems. However, as to software with large scale and complex structure, the verification procedure suffers from the state space explosion, thus leading to a low efficiency or resource exhaustion. In this paper, we propose a method of accelerating software model checking based on program backbone to verify the properties in ANSI-C source codes. We prune the program with respect to the assertion property, and compress the circular paths by maximal strongly connected components to extract the program backbone. Subsequently, the Hoare theory is used to generate an invariant from the compressed circular nodes, which reduces the length of path encoding. The assertion property is finally translated into a quantifier-free formula and checked for satisfiability by the SMT solver Z3. The experiments show that this method substantially improves the efficiency of program verification.

Tao CHEN,M WANG

DOI: https://doi.org/10.3969/j.issn.1673-629X.2019.02.006

2019-01-01

Abstract:Runtime verification is a new lightweight automatic verification technique.The verification software used in this technology is composed of two parts:one part is the monitored target program;the other is the monitor.The main idea of the runtime verification method based on formalized language is to input a formal specification syntax that represents events and properties and target program, and output a new program.The new program with inserting pile will execute the corresponding function to judge whether it satisfies the formal specification grammar when it meets the point that needs to be monitored.However, when the traditional single thread runtime verification monitor has many properties that the target program needs to monitor, the regenerated program may slow down the performance of the program because of the more specified nature.In this paper, we optimize the prototype tool Movec by using multi-core parallel technology.Through the way of serial program monitor assigned to multithreading, Clang compiler's piling technology and multi-core task allocation method have realized the optimization of Movec prototype tools.The optimized Movec is compared with the experimental data without the improved tools, which shows that the multithread operation method has a better effect.

Yanhong Huang,Yongxin Zhao,Longfei Zhu,Qin Li,Huibiao Zhu,Jianqi Shi

DOI: https://doi.org/10.1109/tase.2011.11

2011-01-01

Abstract:As an automotive industry standard of operating system specification, OSEK/VDX is widely applied in the process of designing and implementing the static operating system and the corresponding interfaces for automotive electronics. It is challenging to explore an effective method to support large-scale correctness verification of OSEK/VDX specification. In this paper, we employ process algebra CSP to describe and reason about a real code-level OSEK/VDX operating system. Thus the whole system is formally modeled as a CSP process which is encoded and implemented in process analysis toolkit (PAT). Furthermore, the expected properties are described and expressed in terms of the first-order logic. The properties are also established and verified in our framework. The result indicates that the whole system is deadlock-free and the scheduling scheme is sound with respect to the specification.

Yu Zhang,Yunwei Dong,Huo Hong,Fan Zhang

DOI: https://doi.org/10.5815/ijcnis.2010.02.02

2010-01-01

International Journal of Computer Network and Information Security

Abstract:with the increasing pressure on non-function attributes (security, safety and reliability) requirements of an operation system, high-confidence operation system is becoming more important.Formal verification is the only known way to guarantee that a system is free of programming errors.We research on formal verification of operation system kernel in system code level and take theorem proving and model checking as the main technical methods to resolve the key techniques of verifying operation system kernel in C code level.We present a case study to the verification of real-world C systems code derived from an implementation of μC/OS -II in the end.

Yongchao Xing,Zhenbang Chen,Shibo Xu,Yufeng Zhang

DOI: https://doi.org/10.1007/978-3-031-44267-4_18

2023-01-01

Abstract:Runtime verification (RV) is an effective lightweight formal method for improving software’s reliability at runtime. There exist no RV tools specially designed for C++ programs. This paper introduces the first one, i.e. , CCMOP, which implements an AOP-based RV approach and supports the RV of general properties for C/C++ program. CCMOP provides an AOP language specially designed for C++ program to define the events in RV. The instrumentation of RV monitor is done at AST-level, which improves the efficiency of compilation and the accuracy of RV. CCMOP is implemented based on JavaMOP and an industrial-strength compiler. The results of extensive experiments on 100 real-world C/C++ programs (5584.3K LOCs in total) indicate that CCMOP is robust and supports the RV of real-world C/C++ programs.

Shan Zhou,Jinbo Wang,Jiao Jia,Chi Zhang,Ruixue Wang

DOI: https://doi.org/10.1109/tr.2022.3166548

IF: 5.883

2022-01-01

IEEE Transactions on Reliability

Abstract:System on programmable chip (SOPC) is a kind of system on a programmable chip. The system architecture is superior to the traditional design pattern. The system has an on-chip bus between the processor and the programmable logic, which forms a high bandwidth, low latency, connection, and has rich flexible customization of IP. It also has advantages of low power consumption and high performance. The application in the field of high reliable proportion rising year by year. However, the change of system architecture and the expansion of software scale have brought great impact on the simulation test method and the physical test method. The existing dynamic testing methods are based on limited testing scenarios to investigate the system. It is difficult to find hidden errors in the design of complex connection segments, such as the errors in the on-chip bus transmission, the errors in the hardware and software coupling, and so on. Due to system scale of the state-space explosion problem and various forms IP, SOPC cannot apply formal verification techniques. In this article, we propose a SOPC formalized validation framework. It is based on polymorphous IP abstraction modeling, common formal properties analysis, and modeling methods in system architecture and other high-risk areas. The experimental results show that the proposed algorithm and the established SOPC formal verification framework can introduce the formal verification technique to SOPC high-risk area verification, and it can be used as the guidance of SOPC formal verification.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Zhenjiang Qian,Hao Huang,Fangmin Song

DOI: https://doi.org/10.1007/978-3-319-02726-5_2

2013-01-01

Abstract:The correctness of the operating systems is difficult to be described with the quantitative methods, because of the complexity. Using the rigorous formal methods to verify the correctness of the operating systems is a recognized method. The existing projects of formal design and verification focus on the validation of code level. In this paper, we present a \"light-weight\" formal method of design and verification for OS. We propose an OS state automaton model (OSSA) as a link between the system design and verification, and describe the correctness specifications of the system based on this model. We implement the trusted operating system (verified trusted operating system, VTOS) as a prototype, to illustrate the method of consistency verification of system design and safety requirements with formalized theorem prover Isabelle/HOL. The result shows that this approach is feasible.

YU Yin-Bo,LIU Jia-Jia,MU De-Jun

DOI: https://doi.org/10.21655/ijsi.1673-7288.00286

2022-01-01

International Journal of Software and Informatics

Abstract:Software verification has always been a popular research topic to ensure the correctness and security of software.However, due to the complex semantics and syntax of programming languages, the formal methods for verifying the correctness of programs have the problems of low accuracy and low efficiency.In particular, the state change in address space caused by pointer operations makes it difficult to guarantee the verification accuracy of existing model checking methods.By combining model checking and sparse value-flow analysis, this paper designs a spatial flow model to effectively describe the state behavior of C code at the symbolic-variable level and address-space level and proposes a model checking algorithm of CounterExample-Guided Abstraction refinement and Sparse value-flow strong update (CEGAS), which enables points-to-sensitive formal verification for C code.This paper establishes a C-code benchmark containing a variety of pointer operations and conducts comparative experiments on the basis of this benchmark.These experiments indicate that in the task of analyzing multi-class C code features, the model checking algorithm CEGAS proposed in this paper can achieve outstanding results compared with the existing model checking tools.The verification accuracy of CEGAS is 92.9%, and the average verification time of each line of code is 2.58 ms, both of which are better than those of existing verification tools.

Junyan Qian,Baowen Xu

2007-01-01

Abstract:we present a methodology for automatically verifying programs against safety specifications based on finite state machine. Firstly, computing the abstract transition between abstract states is done by calling a theorem prover, and then an initial abstract model automatically is extracted from concrete program using predicate abstraction. However, the process of abstraction can be exponential in the number of predicates used. Program slicing, predicate inference and partitioning the set of candidate predicates into subsets make abstract model construction effective. By counterexample-guided abstraction refinement scheme, the abstraction refines incrementally until the specification is either satisfied or refuted. Finally, our methods can be extended to verifying concurrency programs by parallel composition.

Zhang Zhongqiu,Dong Yunwei,Zhang Yu,Zhang Fan

DOI: https://doi.org/10.16526/j.cnki.11-4762/tp.2011.08.043

2011-01-01

Abstract:The credibility verification for airborne embedded software is a software quality problem which is drawing more and more attention.Program verification based on theorem proving is a reliable and rigorous method.Combined with the analysis of microkernel operating system,the paper takes Hoare logic as rationale to carry out the study of verification for airborne embedded software core code to verify programs.Based on Hoare logic we give the formal description of some inference rules in Coq,then give a case study to the verification of real-world systems code derived from airborne operating system.The result shows that theorem proving approach can complete program verification and provide high degree of assurance of airborne embedded software.