Vadim Mutilin

• PhD
• Leading researcher at ISPRAS

The memory model describes memory consistency requirements in a multithreading system. Compiler optimizations may violate the consistency requirements due to bugs, and the program behavior will differ from the required one. Bugs in compiler optimizations, like incorrect instruction reordering, are very difficult to detect because they may occur wit...

Memory model describes the memory consistency requirements in a multithreading system. Compiler optimizations may violate the consistency requirements due to bugs, and the program behavior will differ from the required one. The bugs in compiler optimizations, like incorrect instruction reordering, are very difficult to detect, because they may occu...

Our submission to SV-COMP’21 is based on the software verification framework "Image missing" and implements the extension to the thread-modular approach. It considers every thread separately, but in a special environment which models thread interactions. The environment is expressed by projections of normal transitions in each thread. A projection...

Most of the state-of-the-art verifiers do not scale well on complicated software. Concurrency benchmarks from SV-COMP based on Linux device drivers cause significant difficulties for any software model checker tool.

Our submission to SV-COMP’18 is a composite tool based on software verification framework CPAchecker and static analysis platform Frama-C. The base verifier uses a combination of predicate and explicit value analysis with block-abstraction memoization as the CPA-BAM-BnB tool presented at SV-COMP’17. In this submission we augment the verifier on rea...

The paper presents a configurable method for static data race detection. The method is based on a lightweight approach that implements Lockset algorithm with a simplified memory model. The paper contributes two heavyweight extensions which allow to adjust required precision of the analysis by choosing the balance between spent resources and a numbe...

Our submission to SV-COMP’17 is based on the software verification framework CPAchecker. Combined with value analysis and predicate analysis we use the concept of block-abstraction memoization with optimization and several fixes relative to the version of SV-COMP’16. A novelty of our approach is usage of BnB memory model for predicate analysis, whi...

The paper presents a survey of existing approaches to modeling memory states of C programs with SMT-formulas in context of static verification. The paper highlights the essential problems of C memory model development and describes two major groups of C memory models: one comprising of models that support unbounded memory regions and another includ...

The Linux kernel is often used as a real world case study to demonstrate novel software product line engineering research methods. It is one of the most sophisticated programs nowadays. To provide the most safe experience of building of Linux product line variants it is necessary to analyse Kconfig file as well as source code. Ten of thousands of v...

Major breakthroughs have increased the efficiency and effectiveness of software model checking considerably, such that this technology is now applicable to industrial-scale software. However, verifying the full formal specification of a software system is still considered too complex, and in practice, sets of properties are verified one by one in i...

At present static verifiers, which are based on Counterexample Guided Abstraction Refinement (CEGAR), can prove correctness of a program against a specified requirement, find its violation in a program and stop analysis or exhaust the given resources without producing any useful result. If we use this approach for checking several requirements at o...

This paper regards problems of analysis and verification of complex modern operating systems, which should take into account variability and configurability of those systems. The main problems of current interest are related with conditional compilation as variability mechanism widely used in system software domain. It makes impossible fruitful ana...

The paper presents a configurable method of static data race detection that is trying to keep a balance between resource consumption and a number of false alarms. The method is based on well known Lockset approach. It uses simplified memory model to be fast enough. At the same time it includes advanced techniques aimed to achieve acceptable false a...

Linux kernel modules operate in an event-driven environment. During static verification of such modules it is necessary to take into consideration all feasible scenarios of interaction between modules and their environment. The paper presents a new method which allows to automatically generate an environment model for a particular kernel module on...

One of the key problems in modern static verification methods is a precise model for semantics of expressions containing pointers. The trustworthiness of the verification verdict highly depends on the analysis of these expressions. In the paper we describe the verification methods with memory models based on uninterpreted functions, allowing analyz...

An operating system (OS) kernel is a critical software regarding to reliability and efficiency. Quality of modern OS kernels is already high enough. However, this is not the case for kernel modules, like, for example, device drivers that, due to various reasons, have a significantly lower level of quality. One of the most critical and widespread bu...

The paper presents an approach to lightweight static data race detection. It takes into account the specifics of operating system kernels, such as complex parallelism and kernel specifics synchronization mechanisms. The method is based on the Lockset one, but it implements two heuristics that are aimed to reduce amount of false alarms: a memory mod...

The paper presents a lightweight approach to static data race detection. It is based on the Lockset one, but it implements several simplifications that are aimed to reduce amount of false alarms. The approach is implemented on top of CPAchecker tool and its evaluation is in progress. The main target of our research and evaluation is operating syste...

An operating system (OS) kernel is a critical software regarding to reliability and efficiency. Quality of modern OS kernels is already high enough. However, this is not the case for kernel modules, like, for example, device drivers that, due to various reasons, have a significantly lower level of quality. One of the most critical and widespread bu...

Linux kernel modules operate in an event-driven environment. Static verification of such software has to take into consideration all feasible scenarios of interaction between modules and their environment. The paper presents a new method for modeling the environment which allows to automatically generate an environment model for a particular kernel...

In static device driver verification of Linux operating system it is necessary to take into account the specifics of the communication between drivers and kernel core as far as it plays the main role in the drivers’ behavior. At the same time the verification of a driver together with kernel core source code is not feasible due to complexity and si...

Precision, completeness and scalability of static verification tools have dramatically improved over the last decade. In particular, automatic checking of moderate-sized software systems has been made possible due to development of CEGAR — Counter-Example Guided Abstraction Refinement. This approach is used in such tools as SLAM, BLAST, SATABS, and...

Linux device drivers can't be analyzed separately from the kernel core due to their large interdependency with each other. But source code of the whole Linux kernel is rather complex and huge to be analyzed by existing model checking tools. So a driver should be analyzed with environment model instead of the real kernel core. In the given paper req...

The Linux Driver Verification system is designed for static analysis of the source code of Linux kernel space device drivers. In this paper, we describe the architecture of the verification system, including the integration of third-party tools for static verification of C programs. We consider characteristics of the Linux drivers source code that...

The BLAST static verification tool is one of the open-source verifiers of software written in C. The paper describes principles of BLAST implementation, the limitations revealed in the course of its practical use in the verification of the Linux operating system drivers, and an attempt to improve BLAST in the framework of the Linux Driver Verificat...

We present the software verification tool BLAST 2.7, which we submitted for the Competition on Software Verification. The tool is an improvement over BLAST 2.5, and its development is mostly targeted at its performance and usability in the Linux Driver Verification project. The paper overviews the tool and outlines our contribution to it.

The paper presents a twofold verification system that aimes to be an open platform for experimentation with various verification techniques as well as an industrial-ready domain specific verification tool for Linux device drivers. We describe the architecture of the verification system and discuss a perspective to build an open benchmarking suite o...

The survey considers methods and techniques used in modern static verification tools for C programs. It describes two main approaches Counter Example Guided Abstraction Refinement (CEGAR) and Bounded Model Checking (BMC) and techniques used to efficiently implement them such as Predicate Abstraction, Abstract Reachability Tree, Lazy Abstraction, Co...

The paper describes an implementation of instantiation-based Craig interpolation for quantified formulae. The implementation is based on the CSIsat interpolating solver. The tool supports interpolation for formulae with linear real arithmetic, uninterpreted functions and quantifiers. The paper suggests usage of an external decision procedure (namel...

Linux, разрабатываемых большим распределенным сообществом программистов, привел к тому, что на сегодняшний день не существует единой базы правил, которые полностью описывают корректное взаимодействие драйверов и ядра. Это является препятствием, с одной стороны, для тех программистов, которые не обладают экспертными знаниями во всех особенностях дан...

BLAST is an open-source static verification tool used in checking safety properties of C programs. Given a C program with several assertions, which should not fail at runtime, BLAST statically analyzes the program, and either returns a program execution path that leads to violation of one of the assertions, or proves that no assertion is violated....

The paper discusses requirements to a twofold verification system that should be an open platform for experimentation with various verification techniques as well as an industrial-ready domain specific verification tool for Linux device drivers. An architecture of a verification system implementing the requirements is presented and its components a...

In the paper, the new method Sapsan is described. It is designed for functional testing of parallel programs representing program interface the methods (procedures) of which can be invoked from several threads simultaneously. The Sapsan method makes it possible to verify one of the frequently used requirements to such programs, namely, the interfac...

This paper presents an initiative program aimed at enhancing Linux device driver designing and maintenance by launching a long-term process that will attend the OS kernel development. This process includes two adjacent lines of activity: 1) creation and replenishment of a repository of potential faults and errors that may occur in Linux device driv...

We present the preliminary results of our work on designing an automatic toolset for verification of Linux kernel-space drivers. By now the toolset includes three components: • a library of verification models; each model is a formal description of some safety property to be checked; • a preprocessor unit; it is intended for simulating an envi-ronm...

Concurrent systems work nondeterministically. For concurrent systems, UniTESK-based test suite executes methods with different parameters in different states, but it does not guarantee that all possible execution paths of a method will be tested because of its concurrent nature. This paper presents an integration method that combines the testing te...