|
| 1 | +# VMCAI '24 Artifact Description |
| 2 | +## Correctness Witness Validation by Abstract Interpretation |
| 3 | + |
| 4 | +This is the artifact description for our [VMCAI '24 paper "Correctness Witness Validation by Abstract Interpretation"](https://doi.org/10.1007/978-3-031-50524-9_4). |
| 5 | +The artifact is available on [Zenodo](https://doi.org/10.5281/zenodo.8253000). |
| 6 | + |
| 7 | +This artifact contains everything mentioned in the evaluation section of the paper: Goblint implementation, scripts, benchmarks, manual witnesses and other tools. |
| 8 | + |
| 9 | +**The description here is provided for convenience and not maintained.** |
| 10 | +The artifact is based on [Goblint at `vmcai24` git tag](https://github.com/goblint/analyzer/releases/tag/vmcai24) and [Goblint benchmarks at `vmcai24` git tag](https://github.com/goblint/bench/releases/tag/vmcai24). |
| 11 | + |
| 12 | +## Requirements |
| 13 | +* [VirtualBox](https://www.virtualbox.org/). |
| 14 | +* 2 CPU cores. |
| 15 | +* 8 GB RAM. |
| 16 | +* 7 GB disk space. |
| 17 | +* ~45min. |
| 18 | + |
| 19 | +## Layout |
| 20 | +* `README.md`/`README.pdf` — this file. |
| 21 | +* `LICENSE`. |
| 22 | +* `unassume.ova` — VirtualBox virtual machine. |
| 23 | + |
| 24 | + In `/home/vagrant` contains: |
| 25 | + |
| 26 | + * `goblint/` — Goblint with unassume support, including source code. |
| 27 | + * `CPAchecker-2.2-unix/` — CPAchecker from [SV-COMP 2023 archives](https://gitlab.com/sosy-lab/sv-comp/archives-2023). |
| 28 | + * `UAutomizer-linux/` — Ultimate Automizer from [SV-COMP 2023 archives](https://gitlab.com/sosy-lab/sv-comp/archives-2023). |
| 29 | + * `eval-prec/` — precision evaluation (script, benchmarks, manual witnesses). |
| 30 | + * `eval-perf/` — performance evaluation (script, benchmarks, manual witnesses). |
| 31 | + * `results/` — results (initially empty). |
| 32 | + |
| 33 | +* `results/` — evaluation results tables with data used for the paper. |
| 34 | + |
| 35 | +## Reproduction |
| 36 | +1. Import the virtual machine into VirtualBox. |
| 37 | +2. Start the virtual machine and log in with username "vagrant" (not "Ubuntu"!) and password "vagrant". |
| 38 | +3. Right click on the desktop and open Applications → Accessories → Terminal Emulator. |
| 39 | + |
| 40 | +### Precision evaluation |
| 41 | +1. Run `./eval-prec/run.sh` in the terminal emulator. This takes ~42min. |
| 42 | +2. Run `firefox results/eval-prec/table-generator.table.html` to view the results. |
| 43 | + |
| 44 | + The HTML table contains the following status columns (cputime, walltime and memory can be ignored): |
| 45 | + |
| 46 | + 1. Goblint w/o witness (true means verified). |
| 47 | + 2. Goblint w/ manual witness (true means witness validated). |
| 48 | + 3. Goblint w/ witness from CPAchecker (true means program verified with witness-guidance). |
| 49 | + 4. Goblint w/ witness from CPAchecker (true means witness validated). |
| 50 | + 5. Goblint w/ witness from UAutomizer (true means program verified with witness-guidance). |
| 51 | + 6. Goblint w/ witness from UAutomizer (true means witness validated). |
| 52 | + |
| 53 | + Table 1 in the paper presents these results, except the rows are likely in a different order. |
| 54 | + |
| 55 | +### Performance evaluation |
| 56 | +1. Run `./eval-perf/run.sh` in the terminal emulator. This takes ~30s. |
| 57 | +2. Run `firefox results/eval-perf/table-generator.table.html` to view the results. |
| 58 | + |
| 59 | + The HTML table contains the following relevant columns (others can be ignored): |
| 60 | + |
| 61 | + 1. Goblint w/o witness, evals. |
| 62 | + 2. Goblint w/o witness, cputime. |
| 63 | + 3. Goblint w/ manual witness, evals. |
| 64 | + 4. Goblint w/ manual witness, cputime. |
| 65 | + |
| 66 | + Table 2 in the paper presents these results, except the rows are likely in a different order. |
| 67 | + |
| 68 | + |
| 69 | +## Goblint implementation |
| 70 | +[Goblint](https://github.com/goblint/analyzer) is an open source static analysis framework for C. |
| 71 | +Goblint itself is written in OCaml. |
| 72 | +Being open source, it allows existing implementations of analyses and abstract domains to be reused and modified. |
| 73 | +As a framework, it also allows new ones to be easily added. |
| 74 | +For more details, refer to the linked GitHub repository and related documentation. |
| 75 | + |
| 76 | +Key parts of the code related to this paper are the following: |
| 77 | + |
| 78 | +1. `src/analyses/unassumeAnalysis.ml`: analysis, which emits unassume operation events to other analyses for YAML-witness–guided verification. |
| 79 | +2. `src/analyses/base.ml` lines 2551–2641: propagating unassume for non-relational domains of the `base` analysis. |
| 80 | +3. `src/analyses/apron/relationAnalysis.apron.ml` lines 668–693: strengthening-based dual-narrowing unassume for relational Apron domains of the `apron` analysis. |
| 81 | +4. `src/cdomains/apron/apronDomain.apron.ml` lines 625–679: strengthening operator used for dual-narrowing of Apron domains. |
| 82 | +5. `src/util/wideningTokens.ml`: analysis lifter that adds widening tokens for delaying widenings from unassuming. |
| 83 | +6. `src/witness/yamlWitness.ml` lines 398–683: YAML witness validation. |
0 commit comments