In the last three decades, memory safety issues in system programming languages such as C or C++ have been one of the significant sources of security vulnerabilities. However, there exist only a few attempts with limited success to cope with the complexity of C++ program verification. Here we describe and evaluate a novel verification approach based on bounded model checking (BMC) and satisfiability modulo theories (SMT) to verify C++ programs formally. Our verification approach analyzes bounded C++ programs by encoding into SMT various sophisticated features that the C++ programming language offers, such as templates, inheritance, polymorphism, exception handling, and the Standard C++ Libraries. We formalize these features within our formal verification framework using a decidable fragment of first-order logic and then show how state-of-the-art SMT solvers can efficiently handle that. We implemented our verification approach on top of ESBMC. We compare ESBMC to LLBMC and DIVINE, which are state-of-the-art verifiers to check C++ programs directly from the LLVM bitcode. Experimental results show that ESBMC can handle a wide range of C++ programs, presenting a higher number of correct verification results. At the same time, it reduces the verification time if compared to LLBMC and DIVINE tools. Additionally, ESBMC has been applied to a commercial C++ application in the telecommunication domain and successfully detected arithmetic overflow errors, potentially leading to security vulnerabilities.
翻译:过去三十年来,C或C+++等系统方案编制语言中的记忆安全问题一直是安全脆弱性的重要根源之一。然而,在应对C++程序复杂的程序核查方面,只有少数尝试取得了有限的成功。在这里,我们描述和评价了一种基于约束式模式检查(BMC)和可视性模调理论(SMT)的新式核查方法,以正式核查C++程序。我们的核查方法通过将C+编程语言提供的各种复杂功能,如模板、继承、多元形态、例外处理和标准C++图书馆等,来分析C++程序的约束性C+方案。我们将这些功能正式纳入我们的正式核查框架,使用一阶逻辑的可破碎片段,然后展示出最先进的SMT解决者如何有效处理这些功能。我们在ESBMC上实施了我们的核查方法。我们将ESBMC与LBMC和DIVINE(LBMBBBBBBBBC和DIVINE)这两个最先进的校验器,直接检查C+BT的C方案。实验结果表明,ESMC可以处理广泛的前期核查结果,如果在C+BSBR(C)实地核查中,则减少DLBA工具。
相关内容
微信扫码咨询专知VIP会员