Low-Level Reachability Analysis Based on Formal Logic

, , &
In Virgile Prevosto & Cristina Seceleanu, Tests and Proofs: 17th International Conference, TAP 2023, Leicester, UK, July 18–19, 2023, Proceedings. Springer Nature Switzerland. pp. 2147483647-2147483647 (2023)
  Copy   BIBTEX

Abstract

Reachability is an important problem in program analysis. Automatically being able to show that – and how – a certain state is reachable, can be used to detect bugs and vulnerabilities. Various research has focused on formalizing a program logic that connects preconditions to post-conditions in the context of reachability analysis, e.g., must+, Lisbon Triples, and Outcome Logic. Outcome Logic and its variants can be seen as an adaptation of Hoare Logic and Incorrectness Logic. In this paper, we aim to study 1.) how such a formal reachability logic can be used for automated precondition generation, and 2.) how it can be used to reason over low-level assembly code. Automated precondition generation for reachability logic enables us to find inputs that provably trigger an assertion (i.e., a post-condition). Motivation for focusing on low-level code is that low-level code accurately describes actual program behavior, can be targeted in cases where source code is unavailable, and allows reasoning over low-level properties like return pointer integrity. An implementation has been developed, and the entire system is proven to be sound and complete (the latter only in the absence of unresolved indirections) in the Isabelle/HOL theorem prover. Initial results are obtained on litmus tests and case studies. The results expose limitations: traversal may not terminate, and more scalability would require a compositional approach. However, the results show as well that precondition generation based on low-level reachability logic allows exposing bugs in low-level code.

Categories

Add categories

Keywords

Reprint years

DOI

10.1007/978-3-031-38828-6_2

Other Versions

No versions found

Links

PhilArchive

    This entry is not archived by us. If you are the author and have permission from the publisher, we recommend that you archive it. Many publishers automatically grant permission to authors to archive pre-prints. By uploading a copy of your work, you will enable us to better index it, making it easier to find.

    Upload a copy of this work     Papers currently archived: 105,375

External links

Setup an account with your affiliations in order to access resources via your University's proxy server

Through your library

My notes

Similar books and articles

BIRD: A Binary Intermediate Representation for Formally Verified Decompilation of X86-64 Binaries.Daniel Engel, Freek Verbeek & Binoy Ravindran - 2023 - In Virgile Prevosto & Cristina Seceleanu, Tests and Proofs: 17th International Conference, TAP 2023, Leicester, UK, July 18–19, 2023, Proceedings. Springer Nature Switzerland. pp. 3-20.
Tests and Proofs: 17th International Conference, TAP 2023, Leicester, UK, July 18–19, 2023, Proceedings.Virgile Prevosto & Cristina Seceleanu (eds.) - 2023 - Springer Nature Switzerland.
Proving Properties of Operation Contracts with Test Scenarios.Martin Gogolla & Lars Hamann - 2023 - In Virgile Prevosto & Cristina Seceleanu, Tests and Proofs: 17th International Conference, TAP 2023, Leicester, UK, July 18–19, 2023, Proceedings. Springer Nature Switzerland. pp. 2147483647-2147483647.
Certified Logic-Based Explainable AI – The Case of Monotonic Classifiers.Aurélie Hurault & Joao Marques-Silva - 2023 - In Virgile Prevosto & Cristina Seceleanu, Tests and Proofs: 17th International Conference, TAP 2023, Leicester, UK, July 18–19, 2023, Proceedings. Springer Nature Switzerland. pp. 2147483647-2147483647.
Abstract Interpretation of Recursive Logic Definitions for Efficient Runtime Assertion Checking.Thibaut Benajmin & Julien Signoles - 2023 - In Virgile Prevosto & Cristina Seceleanu, Tests and Proofs: 17th International Conference, TAP 2023, Leicester, UK, July 18–19, 2023, Proceedings. Springer Nature Switzerland. pp. 168-186.
A note on the undecidability of the reachability problem for o‐minimal dynamical systems.Thomas Brihaye - 2006 - Mathematical Logic Quarterly 52 (2):165-170.
cc-Golog – An Action Language with Continuous Change.Henrik Grosskreutz & Gerhard Lakemeyer - 2003 - Logic Journal of the IGPL 11 (2):179-221.
Benefits of cybernetic models in philosophy.Ferenc András - 2024 - The Reasoner 18 (2):13-14.
Reachability Analysis of Low-Order Discrete State Reaction Networks Obeying Conservation Laws.Gergely Szlobodnyik & Gábor Szederkényi - 2019 - Complexity 2019:1-13.
Source code obfuscation with genetic algorithms using LLVM code optimizations.Juan Carlos de la Torre, Javier Jareño, José Miguel Aragón-Jurado, Sébastien Varrette & Bernabé Dorronsoro - forthcoming - Logic Journal of the IGPL.

Analytics

Added to PP
2023-07-22

Downloads
5 (#1,797,293)

6 months
2 (#1,365,994)

Historical graph of downloads
How can I increase my downloads?

Citations of this work

No citations found.

Add more citations

References found in this work

No references found.

Add more references