Software Model Checking via IC3

  • Alessandro Cimatti
  • Alberto Griggio
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7358)

Abstract

IC3 is a recently proposed verification technique for the analysis of sequential circuits. IC3 incrementally overapproximates the state space, refuting potential violations to the property at hand by constructing relative inductive blocking clauses. The algorithm relies on aggressive use of Boolean satisfiability (SAT) techniques, and has demonstrated impressive effectiveness.

In this paper, we present the first investigation of IC3 in the setting of software verification. We first generalize it from SAT to Satisfiability Modulo Theories (SMT), thus enabling the direct analysis of programs after an encoding in form of symbolic transition systems. Second, to leverage the Control-Flow Graph (CFG) of the program being analyzed, we adapt the “linear” search style of IC3 to a tree-like search. Third, we cast this approach in the framework of lazy abstraction with interpolants, and optimize it by using interpolants extracted from proofs, when useful.

The experimental results demonstrate the great potential of IC3, and the effectiveness of the proposed optimizations.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Barrett, C.W., Sebastiani, R., Seshia, S.A., Tinelli, C.: Satisfiability modulo theories. In: Handbook of Satisfiability, vol. 185, pp. 825–885. IOS Press (2009)Google Scholar
  2. 2.
    Beckman, N.E., Nori, A.V., Rajamani, S.K., Simmons, R.J.: Proofs from tests. In: Proc. of ISSTA, pp. 3–14. ACM (2008)Google Scholar
  3. 3.
    Beyer, D., Cimatti, A., Griggio, A., Keremoglu, M.E., Sebastiani, R.: Software model checking via Large-Block Encoding. In: Proc. of FMCAD, pp. 25–32. IEEE (2009)Google Scholar
  4. 4.
    Beyer, D., Keremoglu, M.E.: CPAchecker: A Tool for Configurable Software Verification. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 184–190. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  5. 5.
    Bradley, A., Somenzi, F., Hassan, Z., Zhang, Y.: An incremental approach to model checking progress properties. In: Proc. of FMCAD (2011)Google Scholar
  6. 6.
    Bradley, A.R.: SAT-Based Model Checking without Unrolling. In: Jhala, R., Schmidt, D. (eds.) VMCAI 2011. LNCS, vol. 6538, pp. 70–87. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Chokler, H., Ivrii, A., Matsliah, A., Moran, S., Nevo, Z.: Incremenatal formal verification of hardware. In: Proc. of FMCAD (2011)Google Scholar
  8. 8.
    Cimatti, A., Griggio, A., Micheli, A., Narasamdya, I., Roveri, M.: Kratos – A Software Model Checker for SystemC. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 310–316. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  9. 9.
    Cimatti, A., Griggio, A., Sebastiani, R.: Efficient generation of craig interpolants in satisfiability modulo theories. ACM Trans. Comput. Log. 12(1), 7 (2010)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Cimatti, A., Mover, S., Tonetta, S.: Efficient Scenario Verification for Hybrid Automata. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 317–332. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  11. 11.
    Dutertre, B., de Moura, L.: A Fast Linear-Arithmetic Solver for DPLL(T). In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 81–94. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Een, N., Mishchenko, A., Brayton, R.: Efficient implementation of property-directed reachability. In: Proc. of FMCAD (2011)Google Scholar
  13. 13.
    Godefroid, P., Nori, A.V., Rajamani, S.K., Tetali, S.: Compositional may-must program analysis: unleashing the power of alternation. In: Proc. of POPL, pp. 43–56. ACM (2010)Google Scholar
  14. 14.
    Griggio, A.: A Practical Approach to Satisfiability Modulo Linear Integer Arithmetic. JSAT 8 (2012)Google Scholar
  15. 15.
    Harris, W.R., Sankaranarayanan, S., Ivancic, F., Gupta, A.: Program analysis via satisfiability modulo path programs. In: Proc. of POPL, pp. 71–82. ACM (2010)Google Scholar
  16. 16.
    Henzinger, T.A., Jhala, R., Majumdar, R., Sutre, G.: Lazy abstraction. In: Proc. of POPL, pp. 58–70 (2002)Google Scholar
  17. 17.
    Kroening, D., Weissenbacher, G.: Interpolation-Based Software Verification with Wolverine. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 573–578. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  18. 18.
    McMillan, K.L.: Lazy Abstraction with Interpolants. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 123–136. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  19. 19.
    McMillan, K.L.: Lazy Annotation for Program Testing and Verification. In: Touili, T., Cook, B., Jackson, P. (eds.) CAV 2010. LNCS, vol. 6174, pp. 104–118. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Monniaux, D.: A Quantifier Elimination Algorithm for Linear Real Arithmetic. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS (LNAI), vol. 5330, pp. 243–257. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  21. 21.
    Nguyen, M.D., Stoffel, D., Wedler, M., Kunz, W.: Transition-by-transition FSM traversal for reachability analysis in bounded model checking. In: Proc. of ICCAD. IEEE (2005)Google Scholar
  22. 22.
    Roorda, J.-W., Claessen, K.: SAT-Based Assistance in Abstraction Refinement for Symbolic Trajectory Evaluation. In: Ball, T., Jones, R.B. (eds.) CAV 2006. LNCS, vol. 4144, pp. 175–189. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Somenzi, F., Bradley, A.: IC3: Where Monolithic and Incremental Meet. In: Proc. of FMCAD (2011)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Alessandro Cimatti
    • 1
  • Alberto Griggio
    • 1
  1. 1.Fondazione Bruno Kessler – IRSTTrentoItaly

Personalised recommendations