Vadim S. Mutilin

Predicate analysis with BLAST 2.7

We present the software verification tool BLAST 2.7, which we submitted for the Competition on Software Verification. The tool is an improvement over BLAST 2.5, and its development is mostly targeted at its performance and usability in the Linux Driver Verification project. The paper overviews the tool and outlines our contribution to it.

Establishing linux driver verification process

This paper presents an initiative program aimed at enhancing Linux device driver designing and maintenance by launching a long-term process that will attend the OS kernel development. This process includes two adjacent lines of activity: 1) creation and replenishment of a repository of potential faults and errors that may occur in Linux device drivers, and 2) development and improvement of special-purpose verification tools for automatic detection of all errors specified in repository. We describe in some details both lines of activity, present an architecture of a perspective verification toolset, compare our project with similar work, and finally discuss the current state of art in Linux device driver verification.

Towards an open framework for c verification tools benchmarking

The paper presents a twofold verification system that aimes to be an open platform for experimentation with various verification techniques as well as an industrial-ready domain specific verification tool for Linux device drivers. We describe the architecture of the verification system and discuss a perspective to build an open benchmarking suite on top of it.

Configurable toolset for static verification of operating systems kernel modules

An operating system (OS) kernel is a critical software regarding to reliability and efficiency. Quality of modern OS kernels is already high enough. However, this is not the case for kernel modules, like, for example, device drivers that, due to various reasons, have a significantly lower level of quality. One of the most critical and widespread bugs in kernel modules are violations of rules for correct usage of a kernel API. One can find all such violations in modules or can prove their correctness using static verification tools that need contract specifications describing obligations of a kernel and modules relative to each other. This paper considers present methods and toolsets for static verification of kernel modules for different OSs. A new method for static verification of Linux kernel modules is proposed. This method allows one to configure the verification process at all its stages. It is shown how it can be adapted for checking kernel components of other OSs. An architecture of a configurable toolset for static verification of Linux kernel modules that implements the proposed method is described, and results of its practical application are presented. Directions for further development of the proposed method are discussed in conclusion.

Using linux device drivers for static verification tools benchmarking

The Linux Driver Verification system is designed for static analysis of the source code of Linux kernel space device drivers. In this paper, we describe the architecture of the verification system, including the integration of third-party tools for static verification of C programs. We consider characteristics of the Linux drivers source code that are important from the viewpoint of verification algorithms and give examples of comparative analysis of different verification tools, as well as different versions and configurations of a given tool.

Concurrent Testing of Java Components Using Java PathFinder

Concurrent systems work nondeterministically. For concurrent systems, UniTESK-based test suite executes methods with different parameters in different states, but it does not guarantee that all possible execution paths of a method will be tested because of its concurrent nature. This paper presents an integration method that combines the testing techniques with model checking techniques of Java PathFinder (JPF). The method guarantees that all possible execution paths needed for checking the correctness of the system are explored. The method is based on localization of the search performed by JPF. It reduces the state space while preserving the advantages of UniTESK like state abstraction and automatic checking of correctness. Moreover, it allows to use the same test suite without modification with JPF.

How to Cook an Automated System for Linux Driver Verification

We present the preliminary results of our work on designing an automatic toolset for verification of Linux kernelspace drivers. By now the toolset includes three components: • a library of verification models each model is a formal description of some safety property to be checked • a preprocessor unit it is intended for simulating an environment of a driver • a verification unit BLAST it is a general-purpose toolkit intended for automatic program verification based on Boolean abstraction and counter-example guided abstraction refinements techniques. We discuss in some details how our system operates and outline the directions for future work.

Modeling Environment for Static Verification of Linux Kernel Modules

Linux kernel modules operate in an event-driven environment. Static verification of such software has to take into consideration all feasible scenarios of interaction between modules and their environment. The paper presents a new method for modeling the environment which allows to automatically generate an environment model for a particular kernel module on the base of analysis of module source code and a set of specifications describing patterns of possible interactions. In specifications one can describe both generic patterns that are widespread in the Linux kernel and detailed patterns specific for a particular subsystem. This drastically reduces a specification size and thus helps to verify more modules with less efforts. The suggested method was implemented in Linux Driver Verification Tools and was successfully used for static verification of modules from almost all Linux kernel subsystems.

Static Verification “Under The Hood”: Implementation Details and Improvements of BLAST

BLAST is an open-source static verification tool used in checking safety properties of C programs. Given a C program with several assertions, which should not fail at runtime, BLAST statically analyzes the program, and either returns a program execution path that leads to violation of one of the assertions, or proves that no assertion is violated. If BLAST fails to prove inreachability of assertions, it may terminate with error, or loop forever. The framework approach employed in BLAST is counterexample guided abstraction refinement (CEGAR) empowered with lazy abstraction. The first record of BLAST dates from 2002. The tool had been constantly improving until July 2008, mostly by its original creators. Beginning in 2009, we continued working on it as a part of Linux Driver Verification project. In this article we overview the current status of BLAST: outline the algorithms the CEGAR framework approach is implemented on top of, describe the heuristics used and the technical details of the implementation, and list the external components BLAST relies on. Along with this description, we outline and evaluate the improvements we made since its last release by the original BLAST team, and share our view on the further improvement of the tool.

Pattern-based environment modeling for static verification of Linux kernel modules

Linux kernel modules operate in an event-driven environment. During static verification of such modules it is necessary to take into consideration all feasible scenarios of interaction between modules and their environment. The paper presents a new method which allows to automatically generate an environment model for a particular kernel module on the base of analysis of its source code and a set of specifications describing patterns of scenarios of interaction between modules and their environment. In specifications one can describe both generic patterns that are widespread in the Linux kernel and detailed specific patterns for a particular subsystem. It drastically reduces a specification size and thus helps to verify more modules with less efforts. Proposed method was implemented as a component of Linux Driver Verification Tools and was applied for static verification of modules from almost all Linux kernel subsystems.