patrice godefroid, aditya v. nori, sriram k. rajamani sai...
TRANSCRIPT
QuestionDoestheassertionholdforallpossibleinputs?
Mustanalysis:findsbugs,butcan’tprovetheirabsenceMayanalysis:canprovetheabsenceofbugs,butcanresultinfalseerrors
Mayanalysis=predicateabstraction(SLAM)
Mustanalysis=symbolicexecution+tests(DART)
CompositionalMay‐Mustanalysis: Interproceduralanalysis Memoizeandre‐usemay/mustsummaries Allowsfine‐grainedcouplingandalternation
SMASH ≫ Compositional-May || Compositional-Must!
TheSMASHimplementationisadeterministicrealizationofthedeclarativerules
InputCprogramisfirstabstractlyinterpreted Nopointerarithmetic‐‐*(p+i) istreatedas*p Logicencoding‐‐propositionallogic,lineararithmeticanduninterpretedfunctions
Theoremprover:Z3
Wehaveunleashedthepowerofalternation!
Statistics Dash
SMASH
0 39
0 12
Numberofproofs 2176 2228
Numberofbugs 64 64 Time‐outs 61 9 Time(hours) 117 44
69 drivers(342000LOC)and85properties
SMASHisaunifiedframeworkforcompositionalmay‐mustprogramanalysis
WehaveexplainedSMASHinthecontextofexistinganalyses(SLAM,DART,Synergy/Dash…)inthearea
EmpiricalevaluationshowsthatSMASH cansignificantlyoutperformmay‐only,must‐onlyandnon‐compositionalmay‐mustalgorithms