Abstract
We present a hybrid method for software model checking that combines explicit-state and symbolic techniques. Our method traverses the control flow graph of the program explicitly, and encodes the data values in a CNF formula, which we solve using a SAT solver. In order to avoid traversing control flow paths that do not correspond to a valid execution of the program we introduce the idea of a representative of a control path. We present favorable experimental results, which show that our method scales well both with regards to the non-deterministic data and the number of threads.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Andrews, T., et al.: Zing: Exploiting program structure for model checking concurrent software. In: CONCUR (2004)
Ball, T., Rajamani, S.K.: Bebop: A symbolic model checker for boolean programs. In: Havelund, K., Penix, J., Visser, W. (eds.) SPIN Model Checking and Software Verification. LNCS, vol. 1885, pp. 113–130. Springer, Heidelberg (2000)
Barner, S., Glazberg, Z., Rabinovitz, I.: Wolf - bug hunter for concurrent software using formal methods. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 153–157. Springer, Heidelberg (2005)
Barner, S., Rabinovitz, I.: Effcient symbolic model checking of software using partial disjunctive partitioning. In: Geist, D., Tronci, E. (eds.) CHARME 2003. LNCS, vol. 2860, pp. 35–50. Springer, Heidelberg (2003)
Chockler, H., et al.: Formal verification of concurrent software: two case studies. In: Proceedings of 4th International Workshop on Parallel and Distributed Systems: Testing and Debugging (PADTAD) (2006)
Clarke, E., Grumberg, O., Peled, D.: Model Checking. MIT Press, Cambridge (1999)
Cytron, R., et al.: An efficient method of computing static single assignment form. In: POPL, pp. 25–35. ACM Press, New York (1989)
Eisner, C.: Model checking the garbage collection mechanism of SMV. ENTCS 55(3) (2001)
Eisner, C.: Formal verification of software source code through semi-automatic modeling. Software and Systems Modeling 4(1), 14–31 (2005)
Farchi, E., Nir, Y., Ur, S.: Concurrent Bug Patterns and How to Test Them. In: IPDPS, p. 286b. IEEE Computer Society Press, Los Alamitos (2003)
Godefroid, P.: VeriSoft: A tool for the automatic analysis of concurrent reactive software. In: Grumberg, O. (ed.) CAV 1997. LNCS, vol. 1254, pp. 476–479. Springer, Heidelberg (1997)
Godefroid, P., Klarlund, N., Sen, K.: DART: directed automated random testing. In: PLDI, pp. 213–223. ACM Press, New York (2005), doi:10.1145/1065010.1065036
Holzmann, G.: The model checker SPIN. IEEE Trans. on Software Engineering 23(5), 279–295 (1997)
Holzmann, G., Peled, D.: An improvement in formal verification. In: Proc. Formal Description Techniques, FORTE94, pp. 197–211. Chapman & Hall, Boca Raton (1994)
Ivancic, F., et al.: Efficient SAT-based bounded model checking for software verification (2004)
Khurshid, S., Pasareanu, C.S., Visser, W.: Generalized symbolic execution for model checking and testing. In: Garavel, H., Hatcliff, J. (eds.) ETAPS 2003 and TACAS 2003. LNCS, vol. 2619, pp. 553–568. Springer, Heidelberg (2003)
Kroening, D., Clarke, E., Yorav, K.: Behavioral Consistency of C and Verilog Programs Using Bounded Model Checking. In: DAC, pp. 368–371. ACM Press, New York (2003)
Rabinovitz, I., Grumberg, O.: Bounded Model Checking of Concurrent Programs. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 82–97. Springer, Heidelberg (2005)
Sen, K., Agha, G.: Cute and jcute: Concolic unit testing and explicit path model-checking tools (Tool Paper). In: Computer Aided Verification. LNCS, vol. 4144, Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer Berlin Heidelberg
About this paper
Cite this paper
Barner, S., Eisner, C., Glazberg, Z., Kroening, D., Rabinovitz, I. (2007). ExpliSAT: Guiding SAT-Based Software Verification with Explicit States. In: Bin, E., Ziv, A., Ur, S. (eds) Hardware and Software, Verification and Testing. HVC 2006. Lecture Notes in Computer Science, vol 4383. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70889-6_11
Download citation
DOI: https://doi.org/10.1007/978-3-540-70889-6_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70888-9
Online ISBN: 978-3-540-70889-6
eBook Packages: Computer ScienceComputer Science (R0)