SlideShare a Scribd company logo

Static Analysis and Verification of C Programs

New York City College of Technology Computer Systems Technology Colloquium
New York City College of Technology Computer Systems Technology Colloquium

Recent years have seen the emergence of several static analysis techniques for reasoning about programs. This talk presents several major classes of techniques and tools that implement these techniques. Part of the presentation will be a demonstration of the tools. Dr. Subash Shankar is an Associate Professor in the Computer Science department at Hunter College, CUNY. Prior to joining CUNY, he received a PhD from the University of Minnesota and was a postdoctoral fellow in the model checking group at Carnegie Mellon University. Dr. Shankar also has over 10 years of industrial experience, mostly in the areas of formal methods and tools for analyzing hardware and software systems.

1 of 29

Download presentation

Your download has started
Download to read offline
Static Analysis and Verification of C Programs Subash Shankar Hunter College (CUNY) September 17, 2015 Acknowledgements: This work was partially funded by a grant from Digiteo, and is based on the Frama-C tool developed at the CEA LIST Institute, Saclay, France. It includes contributions from Zachary Hutchinson (Hunter College) and Gilbert Pajela (CUNY Graduate Center).
What is V & V? Validation: The software specification does what the user wants. Verification: The software does what the specification says it does.
What is V & V? Validation: The software specification does what the user wants. Verification: The software does what the specification says it does. Verification = Testing Testing can be used to show the presence of bugs, but never their absence! (Dijkstra, 1970)
Why bother with V & V? Software failure ⇒ loss of $$$ or human life (for safety-critical systems) A few infamous examples: AT&T long-distance: network communication code bug ⇒ 60000 customers shut down Faulty guidance systems: Mariner spacecraft: punctuation error ⇒ craft exploded (by ground control) Ariane 5 rocket: overflow due to 64-to-16 bit conversion ⇒ craft exploded (self-destruct) Mars Climate Orbiter: Metric-English unit inconsistency (Newtons vs. pounds) ⇒ Lost orbiter Radiation therapy machines: Therac-25: buggy shield/filter code ⇒ 6 documented deaths, hundreds(?) with longer-term effects Multidata Systems Cobalt-60: undocumented data entry leads to improper shielding ⇒ dozens dead Toyota acceleration bug: firmware error ⇒ dead people (and we aren’t even including software susceptible to malicious bugs)
What is Static Analysis? The analysis of software based on information available at compile time, to prove its properties for all possible executions, preferably with [automatic or semi-automatic] tool support.
What is Static Analysis? The analysis of software based on information available at compile time, to prove its properties for all possible executions, preferably with [automatic or semi-automatic] tool support. 3 Common [Verification Oriented] Techniques: Abstract Interpretation and Symbolic Evaluation Deductive Verification (weakest preconditions) Model Checking
Abstract Interpretation (AI) A technique for approximation of program semantics based on mappings between concrete and abstract lattices (Cousot & Cousot, 1977) α: abstraction fct. γ: concretization fct.
Abstract Interpretation (AI) A technique for approximation of program semantics based on mappings between concrete and abstract lattices (Cousot & Cousot, 1977) α: abstraction fct. γ: concretization fct. Examples: evenx := ¬ evenx ⇑ α x := x+1 if xneg xzero := {T,F} else xzero := F (and similarly for xneg and xpos vars) ⇑ α x := x+1
Abstract Interpretation (AI) A technique for approximation of program semantics based on mappings between concrete and abstract lattices (Cousot & Cousot, 1977) α: abstraction fct. γ: concretization fct. Examples: evenx := ¬ evenx ⇑ α x := x+1 if xneg xzero := {T,F} else xzero := F (and similarly for xneg and xpos vars) ⇑ α x := x+1 Approach: Use theorem prover to identify effect of each program statement in abstract space. Compute over-approximation of variable values at each point of program, based on selected abstraction α Symbolically evaluate concrete program to attain values of all variables at all points.
Applying Abstract Interpretation How do we pick the abstraction function α (and induced concretization γ)? Ex: boolean lattices on neg-zero-pos, intervals, modulus fields Abstract program is non-deterministic and loses information. But this information loss may make semantics decidable (in abstract space). Simple for loop-free code Loops require a fixed point computation that may take too long or not terminate. Approximation: unroll loop a fixed number of times First major application: automatically analyze Ariane 5 rocket software (after crash) ⇒ data conversion error from 64-bit float to 16-bit integer Value analysis embodied in Frama-C tool for verification of C programs.
Deductive Verification What does it mean for a program (or statement) to be correct? The program enforces its contract; i.e., if the program is executed in a state where the precondition is true, the postcondition of the contract is true after execution.
Deductive Verification What does it mean for a program (or statement) to be correct? The program enforces its contract; i.e., if the program is executed in a state where the precondition is true, the postcondition of the contract is true after execution. Two notions: 1 Partial Correctness: Contract enforcement is conditional on program’s termination. 2 Total Correctness: Contract is enforced unconditionally
Automating Deductive Verification Theoretical Basis: Floyd-Hoare Logic (1969), Dijkstra (1975) Notation: The Hoare triple {P}S{Q} means if statement S is executed from a state in which predicate P is true and it terminates, predicate Q must be true on termination. Some valid triples: Assignment – {x > 2} y=x+1 {y > 3} Selection – {true} if x>0 then y=x else y=-x {y ≥ 0} Iteration – Identify loop invariant, and prove invariant preservation axioms: Invariant holds on loop entry The loop body preserves inv The invariant implies postcondition on loop termination No automated way to determine invariant!
Expressing Contracts Annotate programs with specifications written in ANSI/ISO C Specification Language (ACSL). Major features of ACSL: Function and statement contracts for pre/post conditions, with multiple named behaviors: /*@ requires n>0; ensures result == 5; */ Invariant specification: //@ loop invariant n>= 0; Support for both C and math types (e.g., Z and 32-bit ints) and data structures (pointer, array, struct, etc.), with typical C operators Logic (first order, higher-order, inductive) predicates Axiomatic definitions (types, functions, etc.) Ghost (i.e., auxiliary) and volatile variables Predefined functions for various real-world concerns (e.g., return values (result), pre-values (old), pointers and heap variables, separation)
Model Checking M (system being verified): Q P,Q Q Q Q Q Q P,Q Properties (in temporal logic): Q (’always Q’) ⇒ Yes P (’eventually P’) ⇒ Yes P ⇒ No! (with counterexample)
Model Checker Characteristics Completely automatic ’turnkey’ operation Counterexample (system trace) produced if property is false Scalable technology used widely in industry, especially chip manufacturers Mature (discovered independently by Clarke & Emerson and Queille & Sifakis in early 80s, Turing award 2007) Major problem: State space explosion One solution: Represent state space symbolically (McMillan etal, 1990) ⇒ can handle 10100 states and more in some cases.
Model Checking for Program Verification Program Translate Prove: assert(x==y) statement at line 3 of the program is valid i.e., (PC = 3 → (x = y))
Model Checking for Program Verification Program Translate Prove: assert(x==y) statement at line 3 of the program is valid i.e., (PC = 3 → (x = y)) But a program with v 32-bit variables and 2k points needs up to 232v+k states
Program Abstraction Partition concrete state space into abstract states γ(S) = {s|S = α(s)} where α(s) is the abstract state corresponding to s (note: α is not one-to-one) Determine transitions: A transition from abstract state a1 to a2 exists iff ∃s1 : α(s1) = a1, ∃s2 : α(s2) = a2, and there is a transition s1 → s2 in the concrete machine. Note: abstract machine is non-deterministic Resulting abstract state machine is a conservative approximation: If property is provable in abstract machine, it must be true in the concrete machine. If property is false in abstract machine, either it is also false in the concrete machine, or the abstraction is not fine enough.
Predicate Abstraction How do we pick the abstraction function α? One solution: ’Guess’ predicates that are likely to be sufficient to prove desired property Predicates selected based on property being verified, major predicates in program (e.g., conditions of loop, selection statements), arithmetic properties (e.g., {pos,zero,neg}, {odd,even}), control locations (e.g., {PC=4,PC=4}), various other heuristics Abstractions may be on control as well as data
Predicate Abstraction How do we pick the abstraction function α? One solution: ’Guess’ predicates that are likely to be sufficient to prove desired property Predicates selected based on property being verified, major predicates in program (e.g., conditions of loop, selection statements), arithmetic properties (e.g., {pos,zero,neg}, {odd,even}), control locations (e.g., {PC=4,PC=4}), various other heuristics Abstractions may be on control as well as data Ex (using an odd-even abstraction on y): y = 0; for (i=0; i<n; i++) y += 2; assert(y%2 == 0); ⇒ yeven ~yeven
Predicate Abstraction How do we pick the abstraction function α? One solution: ’Guess’ predicates that are likely to be sufficient to prove desired property Predicates selected based on property being verified, major predicates in program (e.g., conditions of loop, selection statements), arithmetic properties (e.g., {pos,zero,neg}, {odd,even}), control locations (e.g., {PC=4,PC=4}), various other heuristics Abstractions may be on control as well as data Ex (using an odd-even abstraction on y): y = 0; for (i=0; i<n; i++) y += 2; assert(y%2 == 0); ⇒ yeven ~yeven But . . . a pos-neg-zero abstraction on y (or any abstraction on i, n, PC ) would not have been helpful.
Counterexample Guided Abstraction Refinement CEGAR approach to prove that property P holds in program: Pick initial abstraction predicates α While true 1 Abstraction: Construct abstract machine M from concrete program using α 2 Verification: call model checker to check M |= P. If P was provable, abort(“P is verified”) 3 Validation: else simulate counterexample symbolically on [concrete] program If concrete trace is realizable, abort(“P is false”) Refinement: else (counterexample is spurious), add predicates to α heuristically based on predicates in counterexample
CEGAR Applications/Tools 2000 Concept introduced by Clarke/Grumberg/Jha/Lu/Veith 2000 Some similar concepts embodied in Java PathFinder (NASA) and Bandera 2001 SLAM tool developed at Microsoft Research and used to verify NT device drivers (part of Windows Driver Development Kit (WDK)) 2003 Part of Astr´ee Static Analyzer tool, used by Airbus (among others) 2005 BLAST tool improves on SLAM predicate identification and also introduces lazy abstraction; used to verify 50K line C program. 2005 SATABS tool for automatic verification of C programs 2011 BLAST extended and integrated into CPAchecker tool Our approach: interface SATABS and CPAchecker to Frama-C
Frama-C Architecture depends of registers in AST Manipulations Abstract Interpretation Lattices Utilities Memory States Extended Cil API Lexing, Parsing, Typing, Linking Extended Cil Kernel Extended Cil AST Project Plug−in 1 Plug−in nPlug−in 2 ...... Plug−in types m Plug−in types 1 Plug−in types 2 ...... Db Frama−C Plugins Frama−C Kernel Extended Cil Dynamic From Frama-C Plugin Manual
Frama-C Architecture depends of registers in AST Manipulations Abstract Interpretation Lattices Utilities Memory States Extended Cil API Lexing, Parsing, Typing, Linking Extended Cil Kernel Extended Cil AST Project Plug−in 1 Plug−in nPlug−in 2 ...... Plug−in types m Plug−in types 1 Plug−in types 2 ...... Db Frama−C Plugins Frama−C Kernel Extended Cil Dynamic From Frama-C Plugin Manual Plugins: Interfaces to abstract syntax tree (AST), C intermediate language (CIL), AI lattices, etc. provided by kernel Plugins used for either analysis (≥ 1 AST) or source-to-source transformation (> 1 AST) Kernel-integrated plugins include value and wp (statically linked) Extensible through user-written plugins, typically linked dynamically Common plugin interface allows for inter-plugin information sharing, along with a central mechanism for combining results. All programmed in OCAML
Combining Analyses Assumption: All analyses produce correct results Mark assertions with local status {True, False if reachable, False and reachable, Unknown} Frama-C kernel consolidation of statuses from different tools to {Not checked, Unknown (i.e., no analyzer succeeded), Valid, Valid under hyp, Invalid, Invalid under hyp, Invalid but dead, Inconsistent} (and some others covering real-world engineering issues)
Integrating AI, WP, and MC Loose coupling: Use abstract interpretation and deductive verification to improve model checking results. Examples: 1 AI to set initial values before model checking 2 Use WP/AI to pick “good”‘ initial abstractions? Use MC to improve WP results. Some examples: 1 Use MC to prove that inner loop preserves invariant of outer loop, and wp to prove outer loop 2 Use MC to determine loop invariant? Tight Coupling: Verify a progrram by using all 3 approaches in a tightly integrated manner. These are ongoing and future research projects!
Thank you. Questions? Frama-C: downloadable from www.frama-c.com MC Plugin: downloadable from http://www.compsci.hunter.cuny.edu/~sshankar/cmc.html

Recommended

Safety Verification of Deep Neural Networks_.pdf
Safety Verification of Deep Neural Networks_.pdfSafety Verification of Deep Neural Networks_.pdf
Safety Verification of Deep Neural Networks_.pdf
larbaoui
 
Isorc18 keynote
Isorc18 keynoteIsorc18 keynote
Isorc18 keynote
Abhik Roychoudhury
 
Development of Multi-Level ROM
Development of Multi-Level ROMDevelopment of Multi-Level ROM
Development of Multi-Level ROM
Mohammad
 
ANSSummer2015
ANSSummer2015ANSSummer2015
ANSSummer2015
Mohammad Abdo
 
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Applying Model Checking Approach with Floating Point Arithmetic for Verificat...
Sergey Staroletov
 
Develop Embedded Software Module-Session 2
Develop Embedded Software Module-Session 2Develop Embedded Software Module-Session 2
Develop Embedded Software Module-Session 2
Naveen Kumar
 
Mobilesoft 2017 Keynote
Mobilesoft 2017 KeynoteMobilesoft 2017 Keynote
Mobilesoft 2017 Keynote
Abhik Roychoudhury
 
A calculus of mobile Real-Time processes
A calculus of mobile Real-Time processesA calculus of mobile Real-Time processes
A calculus of mobile Real-Time processes
larbaoui
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
Abhik Roychoudhury
 
Slicing of Object-Oriented Programs
Slicing of Object-Oriented ProgramsSlicing of Object-Oriented Programs
Slicing of Object-Oriented Programs
Praveen Penumathsa
 
Programing Slicing and Its applications
Programing Slicing and Its applicationsPrograming Slicing and Its applications
Programing Slicing and Its applications
Ankur Jain
 
Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer School
Abhik Roychoudhury
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhl
Abhik Roychoudhury
 
computer programming and utilization
computer programming and utilizationcomputer programming and utilization
computer programming and utilization
JAYDEV PATEL
 
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
Philippe Laborie
 
Soln dc05
Soln dc05Soln dc05
Soln dc05
khalil_superior
 
Bounded Model Checking
Bounded Model CheckingBounded Model Checking
Bounded Model Checking
Ilham Amezzane
 
Concurrent Bounded Model Checking
Concurrent Bounded Model CheckingConcurrent Bounded Model Checking
Concurrent Bounded Model Checking
Quoc-Sang Phan
 
Algorithm chapter 2
Algorithm chapter 2Algorithm chapter 2
Algorithm chapter 2
chidabdu
 
Model checker for NTCC
Model checker for NTCCModel checker for NTCC
Model checker for NTCC
Mauricio Toro-Bermudez, PhD
 
Daa unit 1
Daa unit 1Daa unit 1
Daa unit 1
Abhimanyu Mishra
 
Unit 3
Unit 3 Unit 3
Unit 3
GOWSIKRAJAP
 
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
Mathias Magdowski
 
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
Mathias Magdowski
 
Control Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, StructuresControl Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, Structures
indra Kishor
 
Daa notes 2
Daa notes 2Daa notes 2
Daa notes 2
smruti sarangi
 
Linear Convolution using Matlab Code
Linear Convolution using Matlab CodeLinear Convolution using Matlab Code
Linear Convolution using Matlab Code
Bharti Airtel Ltd.
 
conditional statements
conditional statementsconditional statements
conditional statements
James Brotsos
 
Test Dependencies and the Future of Build Acceleration
Test Dependencies and the Future of Build AccelerationTest Dependencies and the Future of Build Acceleration
Test Dependencies and the Future of Build Acceleration
New York City College of Technology Computer Systems Technology Colloquium
 
Android Apps the Right Way
Android Apps the Right WayAndroid Apps the Right Way
Android Apps the Right Way
New York City College of Technology Computer Systems Technology Colloquium
 

More Related Content

What's hot (20)

Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
Abhik Roychoudhury
 
Slicing of Object-Oriented Programs
Slicing of Object-Oriented ProgramsSlicing of Object-Oriented Programs
Slicing of Object-Oriented Programs
Praveen Penumathsa
 
Programing Slicing and Its applications
Programing Slicing and Its applicationsPrograming Slicing and Its applications
Programing Slicing and Its applications
Ankur Jain
 
Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer School
Abhik Roychoudhury
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhl
Abhik Roychoudhury
 
computer programming and utilization
computer programming and utilizationcomputer programming and utilization
computer programming and utilization
JAYDEV PATEL
 
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
Philippe Laborie
 
Soln dc05
Soln dc05Soln dc05
Soln dc05
khalil_superior
 
Bounded Model Checking
Bounded Model CheckingBounded Model Checking
Bounded Model Checking
Ilham Amezzane
 
Concurrent Bounded Model Checking
Concurrent Bounded Model CheckingConcurrent Bounded Model Checking
Concurrent Bounded Model Checking
Quoc-Sang Phan
 
Algorithm chapter 2
Algorithm chapter 2Algorithm chapter 2
Algorithm chapter 2
chidabdu
 
Model checker for NTCC
Model checker for NTCCModel checker for NTCC
Model checker for NTCC
Mauricio Toro-Bermudez, PhD
 
Daa unit 1
Daa unit 1Daa unit 1
Daa unit 1
Abhimanyu Mishra
 
Unit 3
Unit 3 Unit 3
Unit 3
GOWSIKRAJAP
 
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
Mathias Magdowski
 
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
Mathias Magdowski
 
Control Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, StructuresControl Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, Structures
indra Kishor
 
Daa notes 2
Daa notes 2Daa notes 2
Daa notes 2
smruti sarangi
 
Linear Convolution using Matlab Code
Linear Convolution using Matlab CodeLinear Convolution using Matlab Code
Linear Convolution using Matlab Code
Bharti Airtel Ltd.
 
conditional statements
conditional statementsconditional statements
conditional statements
James Brotsos
 
Repair dagstuhl jan2017
Repair dagstuhl jan2017Repair dagstuhl jan2017
Repair dagstuhl jan2017
Abhik Roychoudhury
 
Slicing of Object-Oriented Programs
Slicing of Object-Oriented ProgramsSlicing of Object-Oriented Programs
Slicing of Object-Oriented Programs
Praveen Penumathsa
 
Programing Slicing and Its applications
Programing Slicing and Its applicationsPrograming Slicing and Its applications
Programing Slicing and Its applications
Ankur Jain
 
Automated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer SchoolAutomated Repair - ISSTA Summer School
Automated Repair - ISSTA Summer School
Abhik Roychoudhury
 
Abhik-Satish-dagstuhl
Abhik-Satish-dagstuhlAbhik-Satish-dagstuhl
Abhik-Satish-dagstuhl
Abhik Roychoudhury
 
computer programming and utilization
computer programming and utilizationcomputer programming and utilization
computer programming and utilization
JAYDEV PATEL
 
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
An Optimal Iterative Algorithm for Extracting MUCs in a Black-box Constraint ...
Philippe Laborie
 
Soln dc05
Soln dc05Soln dc05
Soln dc05
khalil_superior
 
Bounded Model Checking
Bounded Model CheckingBounded Model Checking
Bounded Model Checking
Ilham Amezzane
 
Concurrent Bounded Model Checking
Concurrent Bounded Model CheckingConcurrent Bounded Model Checking
Concurrent Bounded Model Checking
Quoc-Sang Phan
 
Algorithm chapter 2
Algorithm chapter 2Algorithm chapter 2
Algorithm chapter 2
chidabdu
 
Model checker for NTCC
Model checker for NTCCModel checker for NTCC
Model checker for NTCC
Mauricio Toro-Bermudez, PhD
 
Daa unit 1
Daa unit 1Daa unit 1
Daa unit 1
Abhimanyu Mishra
 
Unit 3
Unit 3 Unit 3
Unit 3
GOWSIKRAJAP
 
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
Mathias Magdowski
 
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
How to Generate Personalized Tasks and Sample Solutions for Anonymous Peer Re...
Mathias Magdowski
 
Control Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, StructuresControl Statements, Array, Pointer, Structures
Control Statements, Array, Pointer, Structures
indra Kishor
 
Daa notes 2
Daa notes 2Daa notes 2
Daa notes 2
smruti sarangi
 
Linear Convolution using Matlab Code
Linear Convolution using Matlab CodeLinear Convolution using Matlab Code
Linear Convolution using Matlab Code
Bharti Airtel Ltd.
 
conditional statements
conditional statementsconditional statements
conditional statements
James Brotsos
 

Viewers also liked (20)

Test Dependencies and the Future of Build Acceleration
Test Dependencies and the Future of Build AccelerationTest Dependencies and the Future of Build Acceleration
Test Dependencies and the Future of Build Acceleration
New York City College of Technology Computer Systems Technology Colloquium
 
Android Apps the Right Way
Android Apps the Right WayAndroid Apps the Right Way
Android Apps the Right Way
New York City College of Technology Computer Systems Technology Colloquium
 
Concurrency Errors in Java
Concurrency Errors in JavaConcurrency Errors in Java
Concurrency Errors in Java
Coverity
 
Ontology-based Classification and Faceted Search Interface for APIs
Ontology-based Classification and Faceted Search Interface for APIsOntology-based Classification and Faceted Search Interface for APIs
Ontology-based Classification and Faceted Search Interface for APIs
New York City College of Technology Computer Systems Technology Colloquium
 
Android图形系统简介
Android图形系统简介Android图形系统简介
Android图形系统简介
zhucai1234
 
Render thead of hwui
Render thead of hwuiRender thead of hwui
Render thead of hwui
Rouyun Pan
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis Primer
Coverity
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depth
Chris Simmonds
 
Keynote derivatives daily report for 020512
Keynote derivatives daily report for 020512Keynote derivatives daily report for 020512
Keynote derivatives daily report for 020512
Keynote Capitals Ltd.
 
When Data Gets Up Close and Personal
When Data Gets Up Close and PersonalWhen Data Gets Up Close and Personal
When Data Gets Up Close and Personal
Stephen Anderson
 
Turkey Moody's downgrade statements
Turkey Moody's downgrade statementsTurkey Moody's downgrade statements
Turkey Moody's downgrade statements
Cyril Widdershoven
 
Mapa conceptual
Mapa conceptualMapa conceptual
Mapa conceptual
mariazuluagaorozco
 
Pharmasave.gr πως λειτουργει
Pharmasave.gr πως λειτουργειPharmasave.gr πως λειτουργει
Pharmasave.gr πως λειτουργει
pharmasavegr
 
dave
davedave
dave
Ashley Wlodarek
 
solo una prueba
solo una pruebasolo una prueba
solo una prueba
guest173bbb
 
To B or Not To B
To B or Not To BTo B or Not To B
To B or Not To B
pedroRICART, Soluciones Creativas
 
Indicadores de desempeño 2°do periodo
Indicadores de desempeño 2°do periodoIndicadores de desempeño 2°do periodo
Indicadores de desempeño 2°do periodo
ANTONIA SANIN JIMENEZ
 
Portaleducamadrid 1
Portaleducamadrid 1Portaleducamadrid 1
Portaleducamadrid 1
mariajosg
 
Donor voice pretest tool webinar deck_final
Donor voice pretest tool webinar deck_finalDonor voice pretest tool webinar deck_final
Donor voice pretest tool webinar deck_final
DonorVoice
 
EverTrue Near You! Pomfret Fall 2013
EverTrue Near You! Pomfret Fall 2013EverTrue Near You! Pomfret Fall 2013
EverTrue Near You! Pomfret Fall 2013
EverTrue
 
Test Dependencies and the Future of Build Acceleration
Test Dependencies and the Future of Build AccelerationTest Dependencies and the Future of Build Acceleration
Test Dependencies and the Future of Build Acceleration
New York City College of Technology Computer Systems Technology Colloquium
 
Android Apps the Right Way
Android Apps the Right WayAndroid Apps the Right Way
Android Apps the Right Way
New York City College of Technology Computer Systems Technology Colloquium
 
Concurrency Errors in Java
Concurrency Errors in JavaConcurrency Errors in Java
Concurrency Errors in Java
Coverity
 
Ontology-based Classification and Faceted Search Interface for APIs
Ontology-based Classification and Faceted Search Interface for APIsOntology-based Classification and Faceted Search Interface for APIs
Ontology-based Classification and Faceted Search Interface for APIs
New York City College of Technology Computer Systems Technology Colloquium
 
Android图形系统简介
Android图形系统简介Android图形系统简介
Android图形系统简介
zhucai1234
 
Render thead of hwui
Render thead of hwuiRender thead of hwui
Render thead of hwui
Rouyun Pan
 
Static Analysis Primer
Static Analysis PrimerStatic Analysis Primer
Static Analysis Primer
Coverity
 
The Android graphics path, in depth
The Android graphics path, in depthThe Android graphics path, in depth
The Android graphics path, in depth
Chris Simmonds
 
Keynote derivatives daily report for 020512
Keynote derivatives daily report for 020512Keynote derivatives daily report for 020512
Keynote derivatives daily report for 020512
Keynote Capitals Ltd.
 
When Data Gets Up Close and Personal
When Data Gets Up Close and PersonalWhen Data Gets Up Close and Personal
When Data Gets Up Close and Personal
Stephen Anderson
 
Turkey Moody's downgrade statements
Turkey Moody's downgrade statementsTurkey Moody's downgrade statements
Turkey Moody's downgrade statements
Cyril Widdershoven
 
Mapa conceptual
Mapa conceptualMapa conceptual
Mapa conceptual
mariazuluagaorozco
 
Pharmasave.gr πως λειτουργει
Pharmasave.gr πως λειτουργειPharmasave.gr πως λειτουργει
Pharmasave.gr πως λειτουργει
pharmasavegr
 
dave
davedave
dave
Ashley Wlodarek
 
solo una prueba
solo una pruebasolo una prueba
solo una prueba
guest173bbb
 
To B or Not To B
To B or Not To BTo B or Not To B
To B or Not To B
pedroRICART, Soluciones Creativas
 
Indicadores de desempeño 2°do periodo
Indicadores de desempeño 2°do periodoIndicadores de desempeño 2°do periodo
Indicadores de desempeño 2°do periodo
ANTONIA SANIN JIMENEZ
 
Portaleducamadrid 1
Portaleducamadrid 1Portaleducamadrid 1
Portaleducamadrid 1
mariajosg
 
Donor voice pretest tool webinar deck_final
Donor voice pretest tool webinar deck_finalDonor voice pretest tool webinar deck_final
Donor voice pretest tool webinar deck_final
DonorVoice
 
EverTrue Near You! Pomfret Fall 2013
EverTrue Near You! Pomfret Fall 2013EverTrue Near You! Pomfret Fall 2013
EverTrue Near You! Pomfret Fall 2013
EverTrue
 

Similar to Static Analysis and Verification of C Programs (20)

EXTENT-2016: Industry Practices of Advanced Program Analysis
EXTENT-2016: Industry Practices of Advanced Program AnalysisEXTENT-2016: Industry Practices of Advanced Program Analysis
EXTENT-2016: Industry Practices of Advanced Program Analysis
Iosif Itkin
 
Software Verification with Abstraction-Based Methods
Software Verification with Abstraction-Based MethodsSoftware Verification with Abstraction-Based Methods
Software Verification with Abstraction-Based Methods
Akos Hajdu
 
Formal Verification
Formal VerificationFormal Verification
Formal Verification
Ilia Levin
 
Staroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systemsStaroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systems
Sergey Staroletov
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)
SQALab
 
Modularity for Accurate Static Analysis of Smart Contracts
Modularity for Accurate Static Analysis of Smart ContractsModularity for Accurate Static Analysis of Smart Contracts
Modularity for Accurate Static Analysis of Smart Contracts
Facultad de Informática UCM
 
Avoiding state-space explosion in Model-Checker.pdf
Avoiding state-space explosion in Model-Checker.pdfAvoiding state-space explosion in Model-Checker.pdf
Avoiding state-space explosion in Model-Checker.pdf
NuioKila
 
The Pragmatic Programmer
The Pragmatic ProgrammerThe Pragmatic Programmer
The Pragmatic Programmer
Sena Uzun
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-Presentation
Heather Harton
 
Yoyak ScalaDays 2015
Yoyak ScalaDays 2015Yoyak ScalaDays 2015
Yoyak ScalaDays 2015
ihji
 
lec7-program-verification.pdf
lec7-program-verification.pdflec7-program-verification.pdf
lec7-program-verification.pdf
farouqalfuhidi
 
Pontificating quantification
Pontificating quantificationPontificating quantification
Pontificating quantification
Aaron Bedra
 
Abstracting Strings For Model Checking Of C Programs
Abstracting Strings For Model Checking Of C ProgramsAbstracting Strings For Model Checking Of C Programs
Abstracting Strings For Model Checking Of C Programs
Martha Brown
 
A Configurable CEGAR Framework with Interpolation-Based Refinements
A Configurable CEGAR Framework with Interpolation-Based RefinementsA Configurable CEGAR Framework with Interpolation-Based Refinements
A Configurable CEGAR Framework with Interpolation-Based Refinements
Akos Hajdu
 
Unified Programming Theory
Unified Programming TheoryUnified Programming Theory
Unified Programming Theory
Crazy Mathematician
 
20100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture0220100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture02
Computer Science Club
 
Specification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete ProgramsSpecification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete Programs
IDES Editor
 
Interactive Verification of Safety-Critical Systems
Interactive Verification of Safety-Critical SystemsInteractive Verification of Safety-Critical Systems
Interactive Verification of Safety-Critical Systems
Daniela Da Cruz
 
Automated Debugging: Are We There Yet?
Automated Debugging: Are We There Yet?Automated Debugging: Are We There Yet?
Automated Debugging: Are We There Yet?
Alex Orso
 
programacion funcional.pdf
programacion funcional.pdfprogramacion funcional.pdf
programacion funcional.pdf
FranciscoJavierAcost31
 
EXTENT-2016: Industry Practices of Advanced Program Analysis
EXTENT-2016: Industry Practices of Advanced Program AnalysisEXTENT-2016: Industry Practices of Advanced Program Analysis
EXTENT-2016: Industry Practices of Advanced Program Analysis
Iosif Itkin
 
Software Verification with Abstraction-Based Methods
Software Verification with Abstraction-Based MethodsSoftware Verification with Abstraction-Based Methods
Software Verification with Abstraction-Based Methods
Akos Hajdu
 
Formal Verification
Formal VerificationFormal Verification
Formal Verification
Ilia Levin
 
Staroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systemsStaroletov Design by Contract, verification of Cyber-physical systems
Staroletov Design by Contract, verification of Cyber-physical systems
Sergey Staroletov
 
Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)Формальная верификация как средство тестирования (в Java)
Формальная верификация как средство тестирования (в Java)
SQALab
 
Modularity for Accurate Static Analysis of Smart Contracts
Modularity for Accurate Static Analysis of Smart ContractsModularity for Accurate Static Analysis of Smart Contracts
Modularity for Accurate Static Analysis of Smart Contracts
Facultad de Informática UCM
 
Avoiding state-space explosion in Model-Checker.pdf
Avoiding state-space explosion in Model-Checker.pdfAvoiding state-space explosion in Model-Checker.pdf
Avoiding state-space explosion in Model-Checker.pdf
NuioKila
 
The Pragmatic Programmer
The Pragmatic ProgrammerThe Pragmatic Programmer
The Pragmatic Programmer
Sena Uzun
 
Harton-Presentation
Harton-PresentationHarton-Presentation
Harton-Presentation
Heather Harton
 
Yoyak ScalaDays 2015
Yoyak ScalaDays 2015Yoyak ScalaDays 2015
Yoyak ScalaDays 2015
ihji
 
lec7-program-verification.pdf
lec7-program-verification.pdflec7-program-verification.pdf
lec7-program-verification.pdf
farouqalfuhidi
 
Pontificating quantification
Pontificating quantificationPontificating quantification
Pontificating quantification
Aaron Bedra
 
Abstracting Strings For Model Checking Of C Programs
Abstracting Strings For Model Checking Of C ProgramsAbstracting Strings For Model Checking Of C Programs
Abstracting Strings For Model Checking Of C Programs
Martha Brown
 
A Configurable CEGAR Framework with Interpolation-Based Refinements
A Configurable CEGAR Framework with Interpolation-Based RefinementsA Configurable CEGAR Framework with Interpolation-Based Refinements
A Configurable CEGAR Framework with Interpolation-Based Refinements
Akos Hajdu
 
Unified Programming Theory
Unified Programming TheoryUnified Programming Theory
Unified Programming Theory
Crazy Mathematician
 
20100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture0220100522 software verification_sharygina_lecture02
20100522 software verification_sharygina_lecture02
Computer Science Club
 
Specification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete ProgramsSpecification-based Verification of Incomplete Programs
Specification-based Verification of Incomplete Programs
IDES Editor
 
Interactive Verification of Safety-Critical Systems
Interactive Verification of Safety-Critical SystemsInteractive Verification of Safety-Critical Systems
Interactive Verification of Safety-Critical Systems
Daniela Da Cruz
 
Automated Debugging: Are We There Yet?
Automated Debugging: Are We There Yet?Automated Debugging: Are We There Yet?
Automated Debugging: Are We There Yet?
Alex Orso
 
programacion funcional.pdf
programacion funcional.pdfprogramacion funcional.pdf
programacion funcional.pdf
FranciscoJavierAcost31
 

More from New York City College of Technology Computer Systems Technology Colloquium (9)

Towards Improving Interface Modularity in Legacy Java Software Through Automa...
Towards Improving Interface Modularity in Legacy Java Software Through Automa...Towards Improving Interface Modularity in Legacy Java Software Through Automa...
Towards Improving Interface Modularity in Legacy Java Software Through Automa...
New York City College of Technology Computer Systems Technology Colloquium
 
Data-driven, Interactive Scientific Articles in a Collaborative Environment w...
Data-driven, Interactive Scientific Articles in a Collaborative Environment w...Data-driven, Interactive Scientific Articles in a Collaborative Environment w...
Data-driven, Interactive Scientific Articles in a Collaborative Environment w...
New York City College of Technology Computer Systems Technology Colloquium
 
Cloud Technology: Virtualization
Cloud Technology: VirtualizationCloud Technology: Virtualization
Cloud Technology: Virtualization
New York City College of Technology Computer Systems Technology Colloquium
 
Google BigTable
Google BigTableGoogle BigTable
Google BigTable
New York City College of Technology Computer Systems Technology Colloquium
 
Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...
Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...
Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...
New York City College of Technology Computer Systems Technology Colloquium
 
How We Use Functional Programming to Find the Bad Guys
How We Use Functional Programming to Find the Bad GuysHow We Use Functional Programming to Find the Bad Guys
How We Use Functional Programming to Find the Bad Guys
New York City College of Technology Computer Systems Technology Colloquium
 
Big Data Challenges and Solutions
Big Data Challenges and SolutionsBig Data Challenges and Solutions
Big Data Challenges and Solutions
New York City College of Technology Computer Systems Technology Colloquium
 
Introduction to new features in java 8
Introduction to new features in java 8Introduction to new features in java 8
Introduction to new features in java 8
New York City College of Technology Computer Systems Technology Colloquium
 
More than Words: Advancing Prosodic Analysis
More than Words: Advancing Prosodic AnalysisMore than Words: Advancing Prosodic Analysis
More than Words: Advancing Prosodic Analysis
New York City College of Technology Computer Systems Technology Colloquium
 
Towards Improving Interface Modularity in Legacy Java Software Through Automa...
Towards Improving Interface Modularity in Legacy Java Software Through Automa...Towards Improving Interface Modularity in Legacy Java Software Through Automa...
Towards Improving Interface Modularity in Legacy Java Software Through Automa...
New York City College of Technology Computer Systems Technology Colloquium
 
Data-driven, Interactive Scientific Articles in a Collaborative Environment w...
Data-driven, Interactive Scientific Articles in a Collaborative Environment w...Data-driven, Interactive Scientific Articles in a Collaborative Environment w...
Data-driven, Interactive Scientific Articles in a Collaborative Environment w...
New York City College of Technology Computer Systems Technology Colloquium
 
Cloud Technology: Virtualization
Cloud Technology: VirtualizationCloud Technology: Virtualization
Cloud Technology: Virtualization
New York City College of Technology Computer Systems Technology Colloquium
 
Google BigTable
Google BigTableGoogle BigTable
Google BigTable
New York City College of Technology Computer Systems Technology Colloquium
 
Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...
Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...
Pharmacology Powered by Computational Analysis: Predicting Cardiotoxicity of ...
New York City College of Technology Computer Systems Technology Colloquium
 
How We Use Functional Programming to Find the Bad Guys
How We Use Functional Programming to Find the Bad GuysHow We Use Functional Programming to Find the Bad Guys
How We Use Functional Programming to Find the Bad Guys
New York City College of Technology Computer Systems Technology Colloquium
 
Big Data Challenges and Solutions
Big Data Challenges and SolutionsBig Data Challenges and Solutions
Big Data Challenges and Solutions
New York City College of Technology Computer Systems Technology Colloquium
 
Introduction to new features in java 8
Introduction to new features in java 8Introduction to new features in java 8
Introduction to new features in java 8
New York City College of Technology Computer Systems Technology Colloquium
 
More than Words: Advancing Prosodic Analysis
More than Words: Advancing Prosodic AnalysisMore than Words: Advancing Prosodic Analysis
More than Words: Advancing Prosodic Analysis
New York City College of Technology Computer Systems Technology Colloquium
 

Recently uploaded (20)

What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!
cryptouniversityoffi
 
Iobit Driver Booster Pro Crack Free Download [Latest] 2025
Iobit Driver Booster Pro Crack Free Download [Latest] 2025Iobit Driver Booster Pro Crack Free Download [Latest] 2025
Iobit Driver Booster Pro Crack Free Download [Latest] 2025
Mudasir
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk Leadership Forum Wien - 20.05.2025Splunk Leadership Forum Wien - 20.05.2025
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
James Anderson
 
With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...
With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...
With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...
SOFTTECHHUB
 
Security Operations and the Defense Analyst - Splunk Certificate
Security Operations and the Defense Analyst - Splunk CertificateSecurity Operations and the Defense Analyst - Splunk Certificate
Security Operations and the Defense Analyst - Splunk Certificate
VICTOR MAESTRE RAMIREZ
 
"AI in the browser: predicting user actions in real time with TensorflowJS", ...
"AI in the browser: predicting user actions in real time with TensorflowJS", ..."AI in the browser: predicting user actions in real time with TensorflowJS", ...
"AI in the browser: predicting user actions in real time with TensorflowJS", ...
Fwdays
 
UiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build PipelinesUiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build Pipelines
UiPathCommunity
 
John Carmack’s Notes From His Upper Bound 2025 Talk
John Carmack’s Notes From His Upper Bound 2025 TalkJohn Carmack’s Notes From His Upper Bound 2025 Talk
John Carmack’s Notes From His Upper Bound 2025 Talk
Razin Mustafiz
 
Introducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and ARIntroducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and AR
Safe Software
 
Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure ModesCognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Dr. Tathagat Varma
 
SDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhereSDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhere
Adtran
 
A Comprehensive Guide on Integrating Monoova Payment Gateway
A Comprehensive Guide on Integrating Monoova Payment GatewayA Comprehensive Guide on Integrating Monoova Payment Gateway
A Comprehensive Guide on Integrating Monoova Payment Gateway
danielle hunter
 
Content and eLearning Standards: Finding the Best Fit for Your-Training
Content and eLearning Standards: Finding the Best Fit for Your-TrainingContent and eLearning Standards: Finding the Best Fit for Your-Training
Content and eLearning Standards: Finding the Best Fit for Your-Training
Rustici Software
 
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk TechniciansOffshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
john823664
 
Talk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya WeersTalk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya Weers
Kaya Weers
 
Introducing Ensemble Cloudlet vRouter
Introducing Ensemble Cloudlet vRouterIntroducing Ensemble Cloudlet vRouter
Introducing Ensemble Cloudlet vRouter
Adtran
 
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Lorenzo Miniero
 
Wondershare Filmora 14.3.2 Crack + License Key Free for Windows PC
Wondershare Filmora 14.3.2 Crack + License Key Free for Windows PCWondershare Filmora 14.3.2 Crack + License Key Free for Windows PC
Wondershare Filmora 14.3.2 Crack + License Key Free for Windows PC
Mudasir
 
Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...
pranavbodhak
 
What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!What is DePIN? The Hottest Trend in Web3 Right Now!
What is DePIN? The Hottest Trend in Web3 Right Now!
cryptouniversityoffi
 
Iobit Driver Booster Pro Crack Free Download [Latest] 2025
Iobit Driver Booster Pro Crack Free Download [Latest] 2025Iobit Driver Booster Pro Crack Free Download [Latest] 2025
Iobit Driver Booster Pro Crack Free Download [Latest] 2025
Mudasir
 
Splunk Leadership Forum Wien - 20.05.2025
Splunk Leadership Forum Wien - 20.05.2025Splunk Leadership Forum Wien - 20.05.2025
Splunk Leadership Forum Wien - 20.05.2025
Splunk
 
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
GDG Cloud Southlake #43: Tommy Todd: The Quantum Apocalypse: A Looming Threat...
James Anderson
 
With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...
With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...
With Claude 4, Anthropic redefines AI capabilities, effectively unleashing a ...
SOFTTECHHUB
 
Security Operations and the Defense Analyst - Splunk Certificate
Security Operations and the Defense Analyst - Splunk CertificateSecurity Operations and the Defense Analyst - Splunk Certificate
Security Operations and the Defense Analyst - Splunk Certificate
VICTOR MAESTRE RAMIREZ
 
"AI in the browser: predicting user actions in real time with TensorflowJS", ...
"AI in the browser: predicting user actions in real time with TensorflowJS", ..."AI in the browser: predicting user actions in real time with TensorflowJS", ...
"AI in the browser: predicting user actions in real time with TensorflowJS", ...
Fwdays
 
UiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build PipelinesUiPath Community Zurich: Release Management and Build Pipelines
UiPath Community Zurich: Release Management and Build Pipelines
UiPathCommunity
 
John Carmack’s Notes From His Upper Bound 2025 Talk
John Carmack’s Notes From His Upper Bound 2025 TalkJohn Carmack’s Notes From His Upper Bound 2025 Talk
John Carmack’s Notes From His Upper Bound 2025 Talk
Razin Mustafiz
 
Introducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and ARIntroducing FME Realize: A New Era of Spatial Computing and AR
Introducing FME Realize: A New Era of Spatial Computing and AR
Safe Software
 
Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure ModesCognitive Chasms - A Typology of GenAI Failure Failure Modes
Cognitive Chasms - A Typology of GenAI Failure Failure Modes
Dr. Tathagat Varma
 
SDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhereSDG 9000 Series: Unleashing multigigabit everywhere
SDG 9000 Series: Unleashing multigigabit everywhere
Adtran
 
A Comprehensive Guide on Integrating Monoova Payment Gateway
A Comprehensive Guide on Integrating Monoova Payment GatewayA Comprehensive Guide on Integrating Monoova Payment Gateway
A Comprehensive Guide on Integrating Monoova Payment Gateway
danielle hunter
 
Content and eLearning Standards: Finding the Best Fit for Your-Training
Content and eLearning Standards: Finding the Best Fit for Your-TrainingContent and eLearning Standards: Finding the Best Fit for Your-Training
Content and eLearning Standards: Finding the Best Fit for Your-Training
Rustici Software
 
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk TechniciansOffshore IT Support: Balancing In-House and Offshore Help Desk Technicians
Offshore IT Support: Balancing In-House and Offshore Help Desk Technicians
john823664
 
Talk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya WeersTalk: On an adventure into the depths of Maven - Kaya Weers
Talk: On an adventure into the depths of Maven - Kaya Weers
Kaya Weers
 
Introducing Ensemble Cloudlet vRouter
Introducing Ensemble Cloudlet vRouterIntroducing Ensemble Cloudlet vRouter
Introducing Ensemble Cloudlet vRouter
Adtran
 
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Multistream in SIP and NoSIP @ OpenSIPS Summit 2025
Lorenzo Miniero
 
Wondershare Filmora 14.3.2 Crack + License Key Free for Windows PC
Wondershare Filmora 14.3.2 Crack + License Key Free for Windows PCWondershare Filmora 14.3.2 Crack + License Key Free for Windows PC
Wondershare Filmora 14.3.2 Crack + License Key Free for Windows PC
Mudasir
 
Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...Cyber security cyber security cyber security cyber security cyber security cy...
Cyber security cyber security cyber security cyber security cyber security cy...
pranavbodhak
 

Static Analysis and Verification of C Programs

  • 1. Static Analysis and Verification of C Programs Subash Shankar Hunter College (CUNY) September 17, 2015 Acknowledgements: This work was partially funded by a grant from Digiteo, and is based on the Frama-C tool developed at the CEA LIST Institute, Saclay, France. It includes contributions from Zachary Hutchinson (Hunter College) and Gilbert Pajela (CUNY Graduate Center).
  • 2. What is V & V? Validation: The software specification does what the user wants. Verification: The software does what the specification says it does.
  • 3. What is V & V? Validation: The software specification does what the user wants. Verification: The software does what the specification says it does. Verification = Testing Testing can be used to show the presence of bugs, but never their absence! (Dijkstra, 1970)
  • 4. Why bother with V & V? Software failure ⇒ loss of $$$ or human life (for safety-critical systems) A few infamous examples: AT&T long-distance: network communication code bug ⇒ 60000 customers shut down Faulty guidance systems: Mariner spacecraft: punctuation error ⇒ craft exploded (by ground control) Ariane 5 rocket: overflow due to 64-to-16 bit conversion ⇒ craft exploded (self-destruct) Mars Climate Orbiter: Metric-English unit inconsistency (Newtons vs. pounds) ⇒ Lost orbiter Radiation therapy machines: Therac-25: buggy shield/filter code ⇒ 6 documented deaths, hundreds(?) with longer-term effects Multidata Systems Cobalt-60: undocumented data entry leads to improper shielding ⇒ dozens dead Toyota acceleration bug: firmware error ⇒ dead people (and we aren’t even including software susceptible to malicious bugs)
  • 5. What is Static Analysis? The analysis of software based on information available at compile time, to prove its properties for all possible executions, preferably with [automatic or semi-automatic] tool support.
  • 6. What is Static Analysis? The analysis of software based on information available at compile time, to prove its properties for all possible executions, preferably with [automatic or semi-automatic] tool support. 3 Common [Verification Oriented] Techniques: Abstract Interpretation and Symbolic Evaluation Deductive Verification (weakest preconditions) Model Checking
  • 7. Abstract Interpretation (AI) A technique for approximation of program semantics based on mappings between concrete and abstract lattices (Cousot & Cousot, 1977) α: abstraction fct. γ: concretization fct.
  • 8. Abstract Interpretation (AI) A technique for approximation of program semantics based on mappings between concrete and abstract lattices (Cousot & Cousot, 1977) α: abstraction fct. γ: concretization fct. Examples: evenx := ¬ evenx ⇑ α x := x+1 if xneg xzero := {T,F} else xzero := F (and similarly for xneg and xpos vars) ⇑ α x := x+1
  • 9. Abstract Interpretation (AI) A technique for approximation of program semantics based on mappings between concrete and abstract lattices (Cousot & Cousot, 1977) α: abstraction fct. γ: concretization fct. Examples: evenx := ¬ evenx ⇑ α x := x+1 if xneg xzero := {T,F} else xzero := F (and similarly for xneg and xpos vars) ⇑ α x := x+1 Approach: Use theorem prover to identify effect of each program statement in abstract space. Compute over-approximation of variable values at each point of program, based on selected abstraction α Symbolically evaluate concrete program to attain values of all variables at all points.
  • 10. Applying Abstract Interpretation How do we pick the abstraction function α (and induced concretization γ)? Ex: boolean lattices on neg-zero-pos, intervals, modulus fields Abstract program is non-deterministic and loses information. But this information loss may make semantics decidable (in abstract space). Simple for loop-free code Loops require a fixed point computation that may take too long or not terminate. Approximation: unroll loop a fixed number of times First major application: automatically analyze Ariane 5 rocket software (after crash) ⇒ data conversion error from 64-bit float to 16-bit integer Value analysis embodied in Frama-C tool for verification of C programs.
  • 11. Deductive Verification What does it mean for a program (or statement) to be correct? The program enforces its contract; i.e., if the program is executed in a state where the precondition is true, the postcondition of the contract is true after execution.
  • 12. Deductive Verification What does it mean for a program (or statement) to be correct? The program enforces its contract; i.e., if the program is executed in a state where the precondition is true, the postcondition of the contract is true after execution. Two notions: 1 Partial Correctness: Contract enforcement is conditional on program’s termination. 2 Total Correctness: Contract is enforced unconditionally
  • 13. Automating Deductive Verification Theoretical Basis: Floyd-Hoare Logic (1969), Dijkstra (1975) Notation: The Hoare triple {P}S{Q} means if statement S is executed from a state in which predicate P is true and it terminates, predicate Q must be true on termination. Some valid triples: Assignment – {x > 2} y=x+1 {y > 3} Selection – {true} if x>0 then y=x else y=-x {y ≥ 0} Iteration – Identify loop invariant, and prove invariant preservation axioms: Invariant holds on loop entry The loop body preserves inv The invariant implies postcondition on loop termination No automated way to determine invariant!
  • 14. Expressing Contracts Annotate programs with specifications written in ANSI/ISO C Specification Language (ACSL). Major features of ACSL: Function and statement contracts for pre/post conditions, with multiple named behaviors: /*@ requires n>0; ensures result == 5; */ Invariant specification: //@ loop invariant n>= 0; Support for both C and math types (e.g., Z and 32-bit ints) and data structures (pointer, array, struct, etc.), with typical C operators Logic (first order, higher-order, inductive) predicates Axiomatic definitions (types, functions, etc.) Ghost (i.e., auxiliary) and volatile variables Predefined functions for various real-world concerns (e.g., return values (result), pre-values (old), pointers and heap variables, separation)
  • 15. Model Checking M (system being verified): Q P,Q Q Q Q Q Q P,Q Properties (in temporal logic): Q (’always Q’) ⇒ Yes P (’eventually P’) ⇒ Yes P ⇒ No! (with counterexample)
  • 16. Model Checker Characteristics Completely automatic ’turnkey’ operation Counterexample (system trace) produced if property is false Scalable technology used widely in industry, especially chip manufacturers Mature (discovered independently by Clarke & Emerson and Queille & Sifakis in early 80s, Turing award 2007) Major problem: State space explosion One solution: Represent state space symbolically (McMillan etal, 1990) ⇒ can handle 10100 states and more in some cases.
  • 17. Model Checking for Program Verification Program Translate Prove: assert(x==y) statement at line 3 of the program is valid i.e., (PC = 3 → (x = y))
  • 18. Model Checking for Program Verification Program Translate Prove: assert(x==y) statement at line 3 of the program is valid i.e., (PC = 3 → (x = y)) But a program with v 32-bit variables and 2k points needs up to 232v+k states
  • 19. Program Abstraction Partition concrete state space into abstract states γ(S) = {s|S = α(s)} where α(s) is the abstract state corresponding to s (note: α is not one-to-one) Determine transitions: A transition from abstract state a1 to a2 exists iff ∃s1 : α(s1) = a1, ∃s2 : α(s2) = a2, and there is a transition s1 → s2 in the concrete machine. Note: abstract machine is non-deterministic Resulting abstract state machine is a conservative approximation: If property is provable in abstract machine, it must be true in the concrete machine. If property is false in abstract machine, either it is also false in the concrete machine, or the abstraction is not fine enough.
  • 20. Predicate Abstraction How do we pick the abstraction function α? One solution: ’Guess’ predicates that are likely to be sufficient to prove desired property Predicates selected based on property being verified, major predicates in program (e.g., conditions of loop, selection statements), arithmetic properties (e.g., {pos,zero,neg}, {odd,even}), control locations (e.g., {PC=4,PC=4}), various other heuristics Abstractions may be on control as well as data
  • 21. Predicate Abstraction How do we pick the abstraction function α? One solution: ’Guess’ predicates that are likely to be sufficient to prove desired property Predicates selected based on property being verified, major predicates in program (e.g., conditions of loop, selection statements), arithmetic properties (e.g., {pos,zero,neg}, {odd,even}), control locations (e.g., {PC=4,PC=4}), various other heuristics Abstractions may be on control as well as data Ex (using an odd-even abstraction on y): y = 0; for (i=0; i<n; i++) y += 2; assert(y%2 == 0); ⇒ yeven ~yeven
  • 22. Predicate Abstraction How do we pick the abstraction function α? One solution: ’Guess’ predicates that are likely to be sufficient to prove desired property Predicates selected based on property being verified, major predicates in program (e.g., conditions of loop, selection statements), arithmetic properties (e.g., {pos,zero,neg}, {odd,even}), control locations (e.g., {PC=4,PC=4}), various other heuristics Abstractions may be on control as well as data Ex (using an odd-even abstraction on y): y = 0; for (i=0; i<n; i++) y += 2; assert(y%2 == 0); ⇒ yeven ~yeven But . . . a pos-neg-zero abstraction on y (or any abstraction on i, n, PC ) would not have been helpful.
  • 23. Counterexample Guided Abstraction Refinement CEGAR approach to prove that property P holds in program: Pick initial abstraction predicates α While true 1 Abstraction: Construct abstract machine M from concrete program using α 2 Verification: call model checker to check M |= P. If P was provable, abort(“P is verified”) 3 Validation: else simulate counterexample symbolically on [concrete] program If concrete trace is realizable, abort(“P is false”) Refinement: else (counterexample is spurious), add predicates to α heuristically based on predicates in counterexample
  • 24. CEGAR Applications/Tools 2000 Concept introduced by Clarke/Grumberg/Jha/Lu/Veith 2000 Some similar concepts embodied in Java PathFinder (NASA) and Bandera 2001 SLAM tool developed at Microsoft Research and used to verify NT device drivers (part of Windows Driver Development Kit (WDK)) 2003 Part of Astr´ee Static Analyzer tool, used by Airbus (among others) 2005 BLAST tool improves on SLAM predicate identification and also introduces lazy abstraction; used to verify 50K line C program. 2005 SATABS tool for automatic verification of C programs 2011 BLAST extended and integrated into CPAchecker tool Our approach: interface SATABS and CPAchecker to Frama-C
  • 25. Frama-C Architecture depends of registers in AST Manipulations Abstract Interpretation Lattices Utilities Memory States Extended Cil API Lexing, Parsing, Typing, Linking Extended Cil Kernel Extended Cil AST Project Plug−in 1 Plug−in nPlug−in 2 ...... Plug−in types m Plug−in types 1 Plug−in types 2 ...... Db Frama−C Plugins Frama−C Kernel Extended Cil Dynamic From Frama-C Plugin Manual
  • 26. Frama-C Architecture depends of registers in AST Manipulations Abstract Interpretation Lattices Utilities Memory States Extended Cil API Lexing, Parsing, Typing, Linking Extended Cil Kernel Extended Cil AST Project Plug−in 1 Plug−in nPlug−in 2 ...... Plug−in types m Plug−in types 1 Plug−in types 2 ...... Db Frama−C Plugins Frama−C Kernel Extended Cil Dynamic From Frama-C Plugin Manual Plugins: Interfaces to abstract syntax tree (AST), C intermediate language (CIL), AI lattices, etc. provided by kernel Plugins used for either analysis (≥ 1 AST) or source-to-source transformation (> 1 AST) Kernel-integrated plugins include value and wp (statically linked) Extensible through user-written plugins, typically linked dynamically Common plugin interface allows for inter-plugin information sharing, along with a central mechanism for combining results. All programmed in OCAML
  • 27. Combining Analyses Assumption: All analyses produce correct results Mark assertions with local status {True, False if reachable, False and reachable, Unknown} Frama-C kernel consolidation of statuses from different tools to {Not checked, Unknown (i.e., no analyzer succeeded), Valid, Valid under hyp, Invalid, Invalid under hyp, Invalid but dead, Inconsistent} (and some others covering real-world engineering issues)
  • 28. Integrating AI, WP, and MC Loose coupling: Use abstract interpretation and deductive verification to improve model checking results. Examples: 1 AI to set initial values before model checking 2 Use WP/AI to pick “good”‘ initial abstractions? Use MC to improve WP results. Some examples: 1 Use MC to prove that inner loop preserves invariant of outer loop, and wp to prove outer loop 2 Use MC to determine loop invariant? Tight Coupling: Verify a progrram by using all 3 approaches in a tightly integrated manner. These are ongoing and future research projects!
  • 29. Thank you. Questions? Frama-C: downloadable from www.frama-c.com MC Plugin: downloadable from http://www.compsci.hunter.cuny.edu/~sshankar/cmc.html

Download presentation

Your download has started