Software Verification And Analysis

“The situation is good, but not hopeless” (Polish folk wisdom) The text is devoted to the Software Analysis and Testing (SAT) methods and s- porting tools for assessing and, if possible, improving software quality, specifically its correctness. The term quality assurance is avoided for it is this author’s firm belief that in the current state of the art that goal is unattainable, a plethora of “gu- anteed” solutions to the problem notwithstanding. Therefore, the rather awkward phrase “improving correctness” is to be understood as an effort to minimize the number of residual programming faults (“bugs”) and their impact on the software’s behavior, that is, to make the faults tolerable. It is clear that such a minimalist approach is a result of frustration. Indeed, having spent years developing software and teaching (preaching?) “How to do it right,” I still do not know how to go about it with any degree of certainty! It appears then I probably should stop right now, for who with a modicum of common sense would reach for a text that does not offer salvation but (as will be seen) hard work and misery? If I intend to continue, it is only that I suspect there are many professionals out there who have similar doubts. And they are the intended audience of this project. The philosophical underpinning of the text is the importance of sound engine- ing practices in software development.

This book discusses automated string-analysis techniques, focusing particularly on automata-based static string analysis. It covers the following topics: automata-bases string analysis, computing pre and post-conditions of basic string operations using automata, symbolic representation of automata, forward and backward string analysis using symbolic automata representation, constraint-based string analysis, string constraint solvers, relational string analysis, vulnerability detection using string analysis, string abstractions, differential string analysis, and automated sanitization synthesis using string analysis. String manipulation is a crucial part of modern software systems; for example, it is used extensively in input validation and sanitization and in dynamic code and query generation. The goal of string-analysis techniques and this book is to determine the set of values that string expressions can take during program execution. String analysis can be used to solve many problems in modern software systems that relate to string manipulation, such as: (1) Identifying security vulnerabilities by checking if a security sensitive function can receive an input string that contains an exploit; (2) Identifying possible behaviors of a program by identifying possible values for dynamically generated code; (3) Identifying html generation errors by computing the html code generated by web applications; (4) Identifying the set of queries that are sent to back-end database by analyzing the code that generates the SQL queries; (5) Patching input validation and sanitization functions by automatically synthesizing repairs illustrated in this book. Like many other program-analysis problems, it is not possible to solve the string analysis problem precisely (i.e., it is not possible to precisely determine the set of string values that can reach a program point). However, one can compute over- or under-approximations of possible string values. If the approximations are precise enough, they can enable developers to demonstrate existence or absence of bugs in string manipulating code. String analysis has been an active research area in the last decade, resulting in a wide variety of string-analysis techniques. This book will primarily target researchers and professionals working in computer security, software verification, formal methods, software engineering and program analysis. Advanced level students or instructors teaching or studying courses in computer security, software verification or program analysis will find this book useful as a secondary text.

This book fills the critical need for an in-depth technical reference providing the methods and techniques for building and maintaining confidence in many varities of system software. The intent is to help develop reliable answers to such critical questions as: 1) Are we building the right software for the need? and 2) Are we building the software right? Software Verification and Validation: An Engineering and Scientific Approach is structured for research scientists and practitioners in industry. The book is also suitable as a secondary textbook for advanced-level students in computer science and engineering.

Static analysis of software with deductive methods is a highly dynamic field of research on the verge of becoming a mainstream technology in software engineering. It consists of a large portfolio of - mostly fully automated - analyses: formal verification, test generation, security analysis, visualization, and debugging. All of them are realized in the state-of-art deductive verification framework KeY. This book is the definitive guide to KeY that lets you explore the full potential of deductive software verification in practice. It contains the complete theory behind KeY for active researchers who want to understand it in depth or use it in their own work. But the book also features fully self-contained chapters on the Java Modeling Language and on Using KeY that require nothing else than familiarity with Java. All other chapters are accessible for graduate students (M.Sc. level and beyond). The KeY framework is free and open software, downloadable from the book companion website which contains also all code examples mentioned in this book.

Teaches readers how to test and analyze software to achieve an acceptable level of quality at an acceptable cost Readers will be able to minimize software failures, increase quality, and effectively manage costs Covers techniques that are suitable for near-term application, with sufficient technical background to indicate how and when to apply them Provides balanced coverage of software testing & analysis approaches By incorporating modern topics and strategies, this book will be the standard software-testing textbook

“The main thrust of the book is to describe verification and validation approaches that have been used successfully on contemporary large—scale software projects” -- Preface.

This book constitutes the refereed proceedings of the 19th International Conference on Computer Aided Verification. Thirty-three state-of-the-technology papers are presented, together with fourteen tool papers, three invited papers, and four invited tutorials. All the current issues in computer aided verification and model checking—from foundational and methodological issues to the evaluation of major tools and systems—are addressed.