Advertisement

Using DimSpec for Bounded and Unbounded Software Model Checking

  • Marko Kleine Büning
  • Tomáš Balyo
  • Carsten SinzEmail author
Conference paper
  • 515 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11852)

Abstract

This paper describes a unified approach for both bounded and unbounded software model checking to find errors in programs written in the programming language C. It is based on a propositional logic intermediate representation, called DimSpec, that has been successfully applied in SAT-based automated planning. Using DimSpec formulas allows us to exploit the advantages of incremental SAT solving and provides an alternative approach to using the universal incremental SAT API IPASIR or native solver APIs. The DimSpec formula can be used for bounded model checking (via incremental SAT solving) as well as unbounded model checking (using a backend that implements an IC3-style algorithm). We also present an implementation of our approach, called LLUMC, which encodes the presence of certain errors in a C program into a DimSpec formula. We evaluate our approach on benchmark problems from the Software Verification Competition (SV-COMP) and compare it with other tools to demonstrate runtime and functionality advantages compared to state-of-the-art solvers.

References

  1. 1.
    Albarghouthi, A., Li, Y., Gurfinkel, A., Chechik, M.: Ufo: a framework for abstraction- and interpolation-based software verification. In: Madhusudan, P., Seshia, S.A. (eds.) CAV 2012. LNCS, vol. 7358, pp. 672–678. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-31424-7_48CrossRefGoogle Scholar
  2. 2.
    Audemard, G., Simon, L.: Glucose in the SAT 2014 competition. SAT Compet. 2014, 31 (2014)Google Scholar
  3. 3.
    Babić, D., Hu, A.J.: Structural abstraction of software verification conditions. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 366–378. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73368-3_41CrossRefzbMATHGoogle Scholar
  4. 4.
    Balyo, T., Biere, A., Iser, M., Sinz, C.: SAT race 2015. Artif. Intell. 241, 45–65 (2016)MathSciNetCrossRefGoogle Scholar
  5. 5.
    Barrett, C., Stump, A., Tinelli, C., et al.: The SMT-lib standard: version 2.0. In: Proceedings of the 8th International Workshop on SMT, vol. 13, p. 14 (2010)Google Scholar
  6. 6.
    Beyer, D.: Second competition on software verification. In: Piterman, N., Smolka, S.A. (eds.) TACAS 2013. LNCS, vol. 7795, pp. 594–609. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36742-7_43CrossRefGoogle Scholar
  7. 7.
    Beyer, D., Cimatti, A., Griggio, A., Keremoglu, M.E., Sebastiani, R.: Software model checking via large-block encoding. In: FMCAD, pp. 25–32. IEEE (2009)Google Scholar
  8. 8.
    Biere, A.: PicoSAT essentials. J. Satisf. Boolean Model. Comput. 4, 75–97 (2008)zbMATHGoogle Scholar
  9. 9.
    Biere, A., Cimatti, A., Clarke, E.M., Strichman, O., Zhu, Y.: Bounded model checking. Adv. Comput. 58, 117–148 (2003)CrossRefGoogle Scholar
  10. 10.
    Biere, A., Heljanko, K., Wieringa, S.: AIGER 1.9 and beyond. Technical report, Johannes Kepler University, FMV Reports Series, Institute for Formal Models and Verification, Johannes Kepler University, Altenbergerstr. 69, 4040 Linz, Austria (2011)Google Scholar
  11. 11.
    Biere, A., Heule, M., van Maaren, H.: Handbook of Satisfiability, vol. 185. IOS press, Amsterdam (2009)zbMATHGoogle Scholar
  12. 12.
    Bradley, A.R.: SAT-based model checking without unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-18275-4_7CrossRefGoogle Scholar
  13. 13.
    Chen, J.: MiniSAT BCD and abcdSAT: solvers based on blocked clause decomposition. SAT RACE (2015)Google Scholar
  14. 14.
    Eén, N., Sörensson, N.: An extensible SAT-solver. In: Giunchiglia, E., Tacchella, A. (eds.) SAT 2003. LNCS, vol. 2919, pp. 502–518. Springer, Heidelberg (2004).  https://doi.org/10.1007/978-3-540-24605-3_37CrossRefGoogle Scholar
  15. 15.
    Ganesh, V., Dill, D.L.: A decision procedure for bit-vectors and arrays. In: Damm, W., Hermanns, H. (eds.) CAV 2007. LNCS, vol. 4590, pp. 519–531. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-73368-3_52CrossRefGoogle Scholar
  16. 16.
    Gocht, S., Balyo, T.: Accelerating SAT based planning with incremental SAT solving. In: International Conference on Automated Planning and Scheduling (2017)Google Scholar
  17. 17.
    Gurfinkel, A., Kahsai, T., Navas, J.A.: SeaHorn: a framework for verifying C programs (competition contribution). In: Baier, C., Tinelli, C. (eds.) TACAS 2015. LNCS, vol. 9035, pp. 447–450. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46681-0_41CrossRefGoogle Scholar
  18. 18.
    Jha, S., Limaye, R., Seshia, S.A.: Beaver: engineering an efficient SMT solver for bit-vector arithmetic. In: Bouajjani, A., Maler, O. (eds.) CAV 2009. LNCS, vol. 5643, pp. 668–674. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-02658-4_53CrossRefGoogle Scholar
  19. 19.
    Khurshid, S., PĂsĂreanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36577-X_40CrossRefzbMATHGoogle Scholar
  20. 20.
    Kleine Büning, M.: Unbounded Software Model Checking with Incremental SAT-Solving. Master Thesis at the Karlsruhe Institute for Technology (2017)Google Scholar
  21. 21.
    Kleine Büning, M.: LLUMC (Low Level Unbounded Model Checker (2019). https://github.com/MarkoKleineBuening/LLUMC-Publications
  22. 22.
    Koopman, P.: A case study of Toyota unintended acceleration and software safety. Carnegie Mellon University Presentation, September 2014Google Scholar
  23. 23.
    Kroening, D., Tautschnig, M.: CBMC – C bounded model checker. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 389–391. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-642-54862-8_26CrossRefGoogle Scholar
  24. 24.
    Le Lann, G.: An analysis of the Ariane 5 flight 501 failure-a system engineering perspective. In: Proceedings of the International Conference and Workshop on Engineering of Computer-Based Systems, 1997, pp. 339–346 (1997)Google Scholar
  25. 25.
    Leveson, N.G., Turner, C.S.: An investigation of the Therac-25 accidents. Computer 26(7), 18–41 (1993)CrossRefGoogle Scholar
  26. 26.
    The LLVM Compiler Infrastructure. http://llvm.org/. Accessed Nov 2018
  27. 27.
    Merz, F.: Theory and Implementation of Software Bounded Model Checking. Ph.D. thesis, Dissertation, Karlsruher Institut für Technologie (KIT) (2016)Google Scholar
  28. 28.
    Merz, F., Falke, S., Sinz, C.: LLBMC: Bounded model checking of C and C++ programs using a compiler IR. Verified Software: Theories, Tools, Experiments (2012)Google Scholar
  29. 29.
    Sorensson, N., Een, N.: An Extensible SAT-solver. In: 6th International Conference of the Theory and Applications of Satisfiability Testing, SAT 2003, Santa Margherita Ligure, Italy, 5–8 May 2003, pp. 502–518 (2003) Google Scholar
  30. 30.
    Suda, M.: Property directed reachability for automated planning. J. Artif. Intell. Res. (JAIR) 50, 265–319 (2014)MathSciNetCrossRefGoogle Scholar
  31. 31.
    Suda, M.: Dimspec, a format for specifying symbolic transition systems (2016). http://forsyte.at/dimspec
  32. 32.
    SV-Benchmarks. https://github.com/sosy-lab/sv-benchmarks/. Accessed 01 Nov 2018
  33. 33.
    Tange, O., et al.: Gnu parallel-the command-line power tool. USENIX Mag. 36(1), 42–47 (2011)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Marko Kleine Büning
    • 1
  • Tomáš Balyo
    • 1
  • Carsten Sinz
    • 1
    Email author
  1. 1.Karlsruhe Institute of Technology (KIT)KarlsruheGermany

Personalised recommendations