Verification of C programs using slicing execution

Abstract

The paper presents a novel method, namely slicing execution, to verify C programs with respect to temporal safety properties. The distinguished feature is that it only simulates the execution of the relevant statements under abstraction criteria and checks the properties on the fly. The abstraction criterion begins with a proper initial set of program variables and may be iteratively refined according to spurious counter-examples. Provided that the properties to be verified usually involve only a few variables in practical programs, slicing execution may have the same precision as path-sensitive simulation with the cost close to standard flow-sensitive dataflow analysis. The presented method has been used to verify the initial handshake process of SSL protocol based on the C source code of openssl-0.9.6c. The experiment results confirm our claim and show that slicing execution is not only practical but also effective.