Beyer, Dirk; Henzinger, Thomas AISTA ; Jhala, Ranjit; Majumdar, Ritankar S
BLAST is an automatic verification tool for checking temporal safety properties of C programs. Given a C program and a temporal safety property, BLAST statically proves that either the program satisfies the safety property or the program has an execution trace that exhibits a violation of the property. BLAST constructs, explores, and refines abstractions of the program state space based on lazy predicate abstraction and interpolation-based predicate discovery. We show how BLAST can be used to statically prove memory safety for C programs. We take a two-step approach. First, we use Ccured, a type-based memory safety analyzer, to annotate with run-time checks all program points that cannot be proved memory safe by the type system. Second, we use BLAST to remove as many of the run-time checks as possible (by proving that these checks never fail), and to generate for the remaining run-time checks execution traces that witness them fail. Our experience shows that BLAST can remove many of the run-time checks added by Ccured and provide useful information to the programmer about many of the remaining checks.
This research was supported in part by the NSF grants CCR-0234690, CCR-0225610, and ITR-0326577.
2 - 18
FASE: Fundamental Approaches To Software Engineering
Beyer D, Henzinger TA, Jhala R, Majumdar R. Checking memory safety with BLAST. In: Vol 3442. Springer; 2005:2-18. doi:10.1007/978-3-540-31984-9_2
Beyer, D., Henzinger, T. A., Jhala, R., & Majumdar, R. (2005). Checking memory safety with BLAST (Vol. 3442, pp. 2–18). Presented at the FASE: Fundamental Approaches To Software Engineering, Springer. https://doi.org/10.1007/978-3-540-31984-9_2
Beyer, Dirk, Thomas A Henzinger, Ranjit Jhala, and Ritankar Majumdar. “Checking Memory Safety with BLAST,” 3442:2–18. Springer, 2005. https://doi.org/10.1007/978-3-540-31984-9_2.
D. Beyer, T. A. Henzinger, R. Jhala, and R. Majumdar, “Checking memory safety with BLAST,” presented at the FASE: Fundamental Approaches To Software Engineering, 2005, vol. 3442, pp. 2–18.
Beyer D, Henzinger TA, Jhala R, Majumdar R. 2005. Checking memory safety with BLAST. FASE: Fundamental Approaches To Software Engineering, LNCS, vol. 3442, 2–18.
Beyer, Dirk, et al. Checking Memory Safety with BLAST. Vol. 3442, Springer, 2005, pp. 2–18, doi:10.1007/978-3-540-31984-9_2.