Verifying Multithreaded Software with Impact
|
|
- Myron Hoover
- 5 years ago
- Views:
Transcription
1 Verifying Multithreaded Software with Impact Björn Wachter, Daniel Kroening and Joël Ouaknine University of Oxford
2 Intro Multi-threading C/C++ with POSIX/WIN 32 threads event processing, device drivers, web servers, databases,... coming to embedded systems Verification Challenges Multi threading WMM SC data variables pointers loops 2 / 20
3 Intro Multi-threading C/C++ with POSIX/WIN 32 threads event processing, device drivers, web servers, databases,... coming to embedded systems Verification Challenges Multi threading WMM SC data variables pointers loops symbolic reasoning SMT SAT 2 / 20
4 Intro Multi-threading C/C++ with POSIX/WIN 32 threads event processing, device drivers, web servers, databases,... coming to embedded systems Verification Challenges Multi threading WMM SC data variables pointers abstraction predicate abstraction Impact algorithm [McMillan 2006] loops symbolic reasoning SMT SAT 2 / 20
5 Intro Multi-threading C/C++ with POSIX/WIN 32 threads event processing, device drivers, web servers, databases,... coming to embedded systems Verification Challenges partial orders modular reasoning Multi threading WMM SC data variables pointers abstraction predicate abstraction Impact algorithm [McMillan 2006] loops symbolic reasoning SMT SAT 2 / 20
6 Software model checkers CBMC ESBMC LLBMC SatAbs SLAM Threader Kratos Blast Impact UFO CPAChecker Ultimate ARMC Magic Wolverine 3 / 20
7 Software model checkers multithreading support CBMC ESBMC LLBMC SatAbs SLAM Threader Kratos Blast Impact UFO CPAChecker Ultimate ARMC Magic Wolverine 3 / 20
8 Software model checkers multithreading support CBMC ESBMC LLBMC SatAbs SLAM Threader Kratos Blast? Impact UFO CPAChecker Ultimate ARMC Magic Wolverine 3 / 20
9 Software model checkers multithreading support CBMC ESBMC LLBMC SatAbs SLAM Threader Kratos Blast Impara Impact UFO CPAChecker Ultimate ARMC Magic Wolverine 3 / 20
10 Software model checkers multithreading support CBMC SatAbs Impara Threader ESBMC Contribution: Kratos 1st Impact-style analysis SLAM for multithreaded software Impact LLBMC Partial-Order Reduction implemented in Impara Blast CPAChecker UFO Ultimate ARMC Magic Wolverine 3 / 20
11 Outline Recap: Impact for Sequential Software Impact for Multithreaded Software Partial order reduction Experiments with our tool Impara 4 / 20
12 Impact algorithm expand refine interpolation UNSAT check SAT CEX maintain abstract reachability tree node labels covering relation v w implies label(v) label(w) 5 / 20
13 Impact algorithm expand complete proof refine interpolation UNSAT check SAT CEX maintain abstract reachability tree node labels covering relation v w implies label(v) label(w) complete iff all nodes either covered expanded 5 / 20
14 Classical SLAM example do { lock(); old=new; if(*) { unlock(); new++; } } while (new!=old); 6 / 20
15 Classical SLAM example do { lock(); old=new; if(*) { unlock(); new++; } } while (new!=old); ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] 6 / 20
16 reachable states label ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] Abstract Reachability Tree T rue T rue L=0 [L!=0] T rue ERR 6 / 20
17 reachable states label ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] Abstract Reachability Tree T rue F alse L=0 [L!=0] L = 0 ERR 6 / 20
18 reachable states label ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] T rue ERR Abstract Reachability Tree T rue F alse L=0 [L!=0] L = 0 ERR L=1 old=new T rue L=0 new++ T rue [new!=old] [L!=0] T rue [new==old] T rue 6 / 20
19 reachable states label ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] F alse ERR Abstract Reachability Tree T rue F alse L=0 [L!=0] L = 0 ERR L=1 old=new T rue L=0 new++ L = 0 [new!=old] [L!=0] L = 0 [new==old] T rue 6 / 20
20 reachable states label ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] Abstract Reachability Tree T rue F alse L=0 [L!=0] L = 0 ERR L=1 old=new T rue L=0 new++ L = 0 [new!=old] [new==old] F alse [L!=0] T rue ERR L = 0 6 / 20
21 reachable states label ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] Abstract Reachability Tree T rue F alse L=0 [L!=0] L = 0 ERR L=1 old=new T rue L=0 new++ L = 0 [new!=old] [new==old] F alse [L!=0] T rue ERR L = 0 [new!=old] [L!=0] ERR 6 / 20
22 reachable states label ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] Abstract Reachability Tree T rue F alse L=0 [L!=0] L = 0 ERR L=1 old=new old = new L=0 new++ L = 0 old = new [new!=old] [new==old] F alse [L!=0] T rue ERR L = 0 [new!=old] [L!=0] F alse F alse ERR 6 / 20
23 reachable states label terminates if all nodes covered or fully expanded ERR [L!=0] L=0;new++ L=0 L=1; old=new * [new!=old] [new==old] Abstract Reachability Tree T rue F alse L=0 [L!=0] L = 0 ERR L=1 old=new old = new L=0 new++ L = 0 [new!=old] [new==old] F alse [L!=0] T rue ERR L = 0 old = new [new!=old] [L!=0] F alse F alse ERR 6 / 20
24 Impact for Multithreaded Software 7 / 20
25 Naive Impact for Multi-threading interleave at every step threads 1,2, / 20
26 Example assert(x==0) 0, 0 0, 1 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: 9 / 20
27 Example assert(x==0) 0, 0 0, 1 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: 2, 0 3, 0 x=0 assert(x==0) 3, 1 9 / 20
28 Example assert(x==0) 0, 0 0, 1 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: 3, 0 2, 0 T rue x=0 x = 0 assert(x==0) 3, 1 9 / 20
29 Example assert(x==0) 0, 0 0, 1 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: 3, 0 2, 0 x = 0 x=0 assert(x==0) x = 0 2, 1 assert(x==0) 3, 1 9 / 20
30 Example assert(x==0) 0, 0 0, 1 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: CEX 1, 0 x=1 2, 0 2, 0 x = 0 assert(x==0) x=0 assert(x==0) 2, 1 3, 0 x = 0 2, 1 assert(x==0) 3, 1 9 / 20
31 Naive Impact blows up ART from a concrete case study (Peterson s algorithm) 10 / 20
32 Partial-Order Reduction [Godefroid 94, Peled 93, Valmari 90] avoid unnecessary interleavings resulting in same state main() thread 1 thread 2 assume(i!=j); v[i]=0; v[j]=0; A : v[i]=1; a : v[j]=-2; pthread_create(t 1 ); B : v[i]=v[i]+1; b : v[j]=v[j]+1; pthread_create(t 2 ); C : v[i]=v[j]; c : v[i]=v[i]+1; pthread_join(t 1 ); pthread_join(t 2 ); assert(v[j] 0); A a B a A b C a B b A c a C b B c A b C c B c C A a and T ID(A) < T ID(a) 11 / 20
33 Partial-Order Reduction [Godefroid 94, Peled 93, Valmari 90] avoid unnecessary interleavings resulting in same state main() thread 1 thread 2 assume(i!=j); v[i]=0; v[j]=0; A : v[i]=1; a : v[j]=-2; pthread_create(t 1 ); B : v[i]=v[i]+1; b : v[j]=v[j]+1; pthread_create(t 2 ); C : v[i]=v[j]; c : v[i]=v[i]+1; pthread_join(t 1 ); pthread_join(t 2 ); assert(v[j] 0); A a B a A b C a B b A c a C b B c A b C c B c C A a and T ID(A) < T ID(a) 11 / 20
34 Partial-Order Reduction [Godefroid 94, Peled 93, Valmari 90] avoid unnecessary interleavings resulting in same state main() thread 1 thread 2 assume(i!=j); v[i]=0; v[j]=0; A : v[i]=1; a : v[j]=-2; pthread_create(t 1 ); B : v[i]=v[i]+1; b : v[j]=v[j]+1; pthread_create(t 2 ); C : v[i]=v[j]; c : v[i]=v[i]+1; pthread_join(t 1 ); pthread_join(t 2 ); assert(v[j] 0); consecutive independent actions only occur in the order of increasing thread ids, e.g., Aa but not aa A a B a A b C a B b A c a C b B c A b C c B c C A a and T ID(A) < T ID(a) B b and T ID(B) < T ID(b) A b and T ID(A) < T ID(b) 11 / 20
35 Partial-Order Reduction [Godefroid 94, Peled 93, Valmari 90] avoid unnecessary interleavings resulting in same state main() thread 1 thread 2 assume(i!=j); v[i]=0; v[j]=0; A : v[i]=1; a : v[j]=-2; pthread_create(t 1 ); B : v[i]=v[i]+1; b : v[j]=v[j]+1; pthread_create(t 2 ); C : v[i]=v[j]; c : v[i]=v[i]+1; pthread_join(t 1 ); pthread_join(t 2 ); assert(v[j] 0); consecutive independent actions only occur in the order of increasing thread ids, e.g., Aa but not aa A a B a A b C a B b A c a C b B c A b C c B c C A a and T ID(A) < T ID(a) B b and T ID(B) < T ID(b) A b and T ID(A) < T ID(b) 11 / 20
36 Algorithm: POR+Impact (First Attempt) POR restricts expansion 1: procedure Expand (v) 2: for T T with Skip (v, T ) do 3: Expand-thread(T, v) 12 / 20
37 Algorithm: POR+Impact (First Attempt) POR restricts expansion 1: procedure Expand (v) 2: for T T with Skip (v, T ) do 3: Expand-thread(T, v) 4: 5: procedure Skip (v, T ) 6: select unique parent action T, a s.t. u T,a v 7: return T < T Action(v, T ) a }{{} dependence check 12 / 20
38 Algorithm: POR+Impact (First Attempt) POR restricts expansion 1: procedure Expand (v) 2: for T T with Skip (v, T ) do 3: Expand-thread(T, v) 4: 5: procedure Skip (v, T ) 6: select unique parent action T, a s.t. u T,a v 7: return T < T Action(v, T ) a }{{} dependence check Is that sound? 12 / 20
39 Impact + POR 0, 0 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: CEX 1, 0 x=1 2, 0 assert(x==0) 2, 1 2, 0 x = 0 x=0 assert(x==0) 3, 0 x = 0 2, 1 assert(x==0) 3, 1 and assert(x==0) independent 13 / 20
40 Impact + POR 0, 0 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: CEX 1, 0 x=1 2, 0 assert(x==0) 2, 1 3, 0 2, 0 x = 0 x=0 x = 0 assert(x==0) 3, 1 and assert(x==0) independent reduction 13 / 20
41 Impact + POR 0, 0 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: CEX 1, 0 x=1 2, 0 assert(x==0) 2, 1 3, 0 2, 0 T rue x=0 x = 0 assert(x==0) 3, 1 and assert(x==0) independent reduction 13 / 20
42 Impact + POR 0, 0 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: CEX 1, 0 x=1 2, 0 assert(x==0) 2, 1 3, 0 2, 0 T rue x=0 x = 0 assert(x==0) 3, 1 and assert(x==0) independent reduction 13 / 20
43 Impact + POR 0, 0 int x=0; thread 1 thread 2 0: assert(x==0); 0: if(*) 1: 1: x=1; 2: x=0; 3: CEX x=1 1, 0 2, 0 3, 0 2, 0 T rue x=0 x = 0 assert(x==0) 3, 1 and assert(x==0) independent reduction 13 / 20
44 Let s take a step back expand? 14 / 20
45 Let s take a step back POR inspects node history dep expand? POR: yes 14 / 20
46 Let s take a step back POR inspects node history covers merge distinct histories dep expand? POR: yes 14 / 20
47 Let s take a step back POR inspects node history covers merge distinct histories dep indep expand? POR: yes expand? POR: no 14 / 20
48 Let s take a step back POR inspects node history covers merge distinct histories incomplete: lost program path no corresponding ART path dep indep expand? POR: yes cover: no expand? POR: no 14 / 20
49 Let s take a step back POR inspects node history covers merge distinct histories incomplete: lost program path no corresponding ART path How to fix this? corresponding path? allow cover edges jump to more abstract node dep 14 / 20
50 Let s take a step back POR inspects node history covers merge distinct histories incomplete: lost program path no corresponding ART path How to fix this? corresponding path? allow cover edges jump to more abstract node dep 14 / 20
51 Complete Algorithm v w consider both histories v s and w s dep v w indep expand 15 / 20
52 Complete Algorithm v w consider both histories v s and w s Note: we re still doing POR dep v w indep expand 15 / 20
53 Π-completeness Π determined by POR strategy Definition (Π-complete ART) ART A is Π-complete iff: for every π Π, there is a corresponding path v 0,..., v n. 16 / 20
54 Π-completeness v 0 v 1 u 2 v 3 v 4 v 2 Π determined by POR strategy Definition (Π-complete ART) ART A is Π-complete iff: for every π Π, there is a corresponding path v 0,..., v n. 16 / 20
55 Π-completeness v 0 v 1 u 2 v 3 v 4 v 2 Π determined by POR strategy Definition (Π-complete ART) ART A is Π-complete iff: for every π Π, there is a corresponding path v 0,..., v n. Soundness 16 / 20
56 Impara C++ implementation CBMC frontend bit-precise interpolation unsatisfiable cores + weakest preconditions 17 / 20
57 Impara vs. other tools CBMC 4.5 ESMBC SatAbs Threader Impara technique BMC BMC Pred. Abs. Pred. Abs. Interpolation threads PO encoding POR POR Modular Reasoning POR unbounded loops bit-precise weak memory SVCOMP 13 multi-threading benchmarks program safe CBMC ESBMC SatAbs Threader Impara dekker y TO 0.1 lamport y peterson y szymanski y read_write_u n 0.2 TO read_write_s y 0.4 TO time_var_mutex y stack_u n 1.0 TO TO stack_s y 33.5 TO TO / 20
58 Conclusion Impact abstraction + POR take-home message: look at both histories Experiments SVCOMP 13 weak memory benchmarks (low-lock algorithms) Impara gives correct results which gives us confidence Binary & benchmarks at: 19 / 20
59 Thank you! 20 / 20
Verifying Multi-threaded Software with Impact
Verifying Multi-threaded Software with Impact Björn Wachter Department of omputer Science University of Oxford Email: bjoern.wachter@cs.ox.ac.uk Daniel Kroening Department of omputer Science University
More informationSoftware Model Checking. Xiangyu Zhang
Software Model Checking Xiangyu Zhang Symbolic Software Model Checking CS510 S o f t w a r e E n g i n e e r i n g Symbolic analysis explicitly explores individual paths, encodes and resolves path conditions
More informationCS 510/13. Predicate Abstraction
CS 50/3 Predicate Abstraction Predicate Abstraction Extract a finite state model from an infinite state system Used to prove assertions or safety properties Successfully applied for verification of C programs
More informationHaving a BLAST with SLAM
Having a BLAST with SLAM Meeting, CSCI 555, Fall 20 Announcements Homework 0 due Sat Questions? Move Tue office hours to -5pm 2 Software Model Checking via Counterexample Guided Abstraction Refinement
More informationHaving a BLAST with SLAM
Announcements Having a BLAST with SLAM Meetings -, CSCI 7, Fall 00 Moodle problems? Blog problems? Looked at the syllabus on the website? in program analysis Microsoft uses and distributes the Static Driver
More informationHaving a BLAST with SLAM
Having a BLAST with SLAM # #2 Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement There are easily two dozen SLAM/BLAST/MAGIC papers; I will skim. #3 SLAM Overview INPUT: Program
More informationHaving a BLAST with SLAM
Having a BLAST with SLAM # #2 Topic: Software Model Checking via Counter-Example Guided Abstraction Refinement There are easily two dozen SLAM/BLAST/MAGIC papers; I will skim. #3 SLAM Overview INPUT: Program
More informationMore on Verification and Model Checking
More on Verification and Model Checking Wednesday Oct 07, 2015 Philipp Rümmer Uppsala University Philipp.Ruemmer@it.uu.se 1/60 Course fair! 2/60 Exam st October 21, 8:00 13:00 If you want to participate,
More informationSoftware Model Checking. From Programs to Kripke Structures
Software Model Checking (in (in C or or Java) Java) Model Model Extraction 1: int x = 2; int y = 2; 2: while (y
More informationF-Soft: Software Verification Platform
F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com
More informationCounterexample Guided Abstraction Refinement in Blast
Counterexample Guided Abstraction Refinement in Blast Reading: Checking Memory Safety with Blast 17-654/17-754 Analysis of Software Artifacts Jonathan Aldrich 1 How would you analyze this? * means something
More informationUfo: A Framework for Abstraction- and Interpolation-Based Software Verification
Ufo: A Framework for Abstraction- and Interpolation-Based Software Verification Aws Albarghouthi 1, Yi Li 1, Arie Gurfinkel 2, and Marsha Chechik 1 1 Department of Computer Science, University of Toronto,
More informationInterpolation-based Software Verification with Wolverine
Interpolation-based Software Verification with Wolverine Daniel Kroening 1 and Georg Weissenbacher 2 1 Computer Science Department, Oxford University 2 Department of Electrical Engineering, Princeton University
More informationOn Reasoning about Finite Sets in Software Checking
On Reasoning about Finite Sets in Software Model Checking Pavel Shved Institute for System Programming, RAS SYRCoSE 2 June 2010 Static Program Verification Static Verification checking programs against
More informationVerification of Concurrent Software
Verification of Concurrent Software Daniel KROENING Department of Computer Science, University of Oxford Abstract. We provide a tutorial on the verification of concurrent software. We first discuss semantics
More informationProving Properties of non-array Programs
Proving Properties of non-array Programs Thanks to Priyanka Darke Tata Research Development and Design Centre, Pune, India December 13, 2017 Copyright 2012 Tata Consultancy Services Limited 1 Background
More informationKRATOS A Software Model Checker for SystemC
KRATOS A Software Model Checker for SystemC A. Cimatti, A. Griggio, A. Micheli, I. Narasamdya, and M. Roveri Fondazione Bruno Kessler Irst {cimatti,griggio,amicheli,narasamdya,roveri}@fbk.eu Abstract.
More informationarxiv: v2 [cs.pl] 3 Apr 2018
1 Scheduling Constraint Based Abstraction Refinement for Multi-Threaded Program Verification arxiv:1708.08323v2 [cs.pl] 3 Apr 2018 LIANGZE YIN, School of Computer, National University of Defense Technology,
More informationVerifying Concurrent Programs
Verifying Concurrent Programs Daniel Kroening 8 May 1 June 01 Outline Shared-Variable Concurrency Predicate Abstraction for Concurrent Programs Boolean Programs with Bounded Replication Boolean Programs
More informationScalable Program Verification by Lazy Abstraction
Scalable Program Verification by Lazy Abstraction Ranjit Jhala U.C. Berkeley ars, July, 997 Lost contact due to real-time priority inversion bug ars, December, 999 Crashed due to uninitialized variable
More informationAbstraction techniques for Floating-Point Arithmetic
Abstraction techniques for Floating-Point Arithmetic Angelo Brillout 1, Daniel Kroening 2 and Thomas Wahl 2 1 ETH Zurich, 2 Oxford University ETH Zürich Floating-Point Arithmetic (FPA) Used for embedded
More informationThe ComFoRT Reasoning Framework
Pittsburgh, PA 15213-3890 The ComFoRT Reasoning Framework Sagar Chaki James Ivers Natasha Sharygina Kurt Wallnau Predictable Assembly from Certifiable Components Enable the development of software systems
More informationPredicate Refinement Heuristics in Program Verification with CEGAR
Predicate Refinement Heuristics in Program Verification with CEGAR Tachio Terauchi (JAIST) Part of this is joint work with Hiroshi Unno (U. Tsukuba) 1 Predicate Abstraction with CEGAR Iteratively generate
More informationStatic Program Analysis
Static Program Analysis Thomas Noll Software Modeling and Verification Group RWTH Aachen University https://moves.rwth-aachen.de/teaching/ws-1617/spa/ Schedule of Lectures Jan 17/19: Interprocedural DFA
More informationSMT-Based Bounded Model Checking for Embedded ANSI-C Software. Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva
SMT-Based Bounded Model Checking for Embedded ANSI-C Software Lucas Cordeiro, Bernd Fischer, Joao Marques-Silva b.fischer@ecs.soton.ac.uk Bounded Model Checking (BMC) Basic Idea: check negation of given
More informationHandling Loops in Bounded Model Checking of C Programs via k-induction
Software Tools for Technology Transfer manuscript No. (will be inserted by the editor) Handling Loops in Bounded Model Checking of C Programs via k-induction Mikhail Y. R. Gadelha, Hussama I. Ismail, and
More informationSoftware Model Checking with Abstraction Refinement
Software Model Checking with Abstraction Refinement Computer Science and Artificial Intelligence Laboratory MIT Armando Solar-Lezama With slides from Thomas Henzinger, Ranjit Jhala and Rupak Majumdar.
More informationTRACER: A Symbolic Execution Tool for Verification
TRACER: A Symbolic Execution Tool for Verification Joxan Jaffar, Vijayaraghavan Murali, Jorge A. Navas, and Andrew E. Santosa 3 National University of Singapore The University of Melbourne 3 University
More informationSeminar in Software Engineering Presented by Dima Pavlov, November 2010
Seminar in Software Engineering-236800 Presented by Dima Pavlov, November 2010 1. Introduction 2. Overview CBMC and SAT 3. CBMC Loop Unwinding 4. Running CBMC 5. Lets Compare 6. How does it work? 7. Conclusions
More informationModel Checking Embedded C Software using k-induction and Invariants
FEDERAL UNIVERSITY OF RORAIMA and FEDERAL UNIVESITY OF AMAZONAS Model Checking Embedded C Software using k-induction and Invariants Herbert Rocha, Hussama Ismail, Lucas Cordeiro and Raimundo Barreto Agenda
More informationPart II: Atomicity for Software Model Checking. Analysis of concurrent programs is difficult (1) Transaction. The theory of movers (Lipton 75)
Part II: Atomicity for Software Model Checking Class Account { int balance; static int MIN = 0, MAX = 00; bool synchronized deposit(int n) { int t = balance + n; if (t > MAX) return false; bool synchronized
More informationESBMC 1.22 (Competition Contribution) Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer
ESBMC 1.22 (Competition Contribution) Jeremy Morse, Mikhail Ramalho, Lucas Cordeiro, Denis Nicole, Bernd Fischer ESBMC: SMT-based BMC of single- and multi-threaded software exploits SMT solvers and their
More informationKRATOS A Software Model Checker for SystemC
KRATOS A Software Model Checker for SystemC A. Cimatti, A. Griggio, A. Micheli, I. Narasamdya, and M. Roveri Fondazione Bruno Kessler Irst {cimatti,griggio,amicheli,narasamdya,roveri}@fbk.eu Abstract.
More informationModel Checking with Abstract State Matching
Model Checking with Abstract State Matching Corina Păsăreanu QSS, NASA Ames Research Center Joint work with Saswat Anand (Georgia Institute of Technology) Radek Pelánek (Masaryk University) Willem Visser
More informationCounter-Example Guided Program Verification
Counter-Example Guided Program Verification Parosh Aziz Abdulla, Mohamed Faouzi Atig, and Bui Phi Diep Uppsala University, Sweden {parosh,mohamed faouzi.atig,bui.phi-diep}@it.uu.se Abstract. This paper
More informationMEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE MEMORY MANAGEMENT TEST-CASE GENERATION OF C PROGRAMS USING BOUNDED MODEL CHECKING Herbert Rocha, Raimundo Barreto,
More informationRace Analysis for SystemC using Model Checking
Race Analysis for SystemC using Model Checking Nicolas Blanc, Daniel Kroening www.cprover.org/scoot Supported by Intel and SRC Department of Computer Science ETH Zürich Wednesday, 19 November 2008 This
More informationBounded Model Checking of Concurrent Programs
Bounded Model Checking of Concurrent Programs Ishai Rabinovitz 1, and Orna Grumberg 1 1 Technion - Israel Institute of Technology IBM Haifa Research Laboratory, Haifa, Israel ishai@il.ibm.com orna@cs.technion.ac.il
More informationSliced Path Prefixes: An Effective Method to Enable Refinement Selection
FORTE '15 Sliced Path Prefixes: An Effective Method to Enable Refinement Selection Dirk Beyer, Stefan Löwe, Philipp Wendler SoSy-Lab Software Systems We want Refinement Selection!!! Because straight-forward
More informationVerification of Parametric System Designs
Verification of Parametric System Designs Alessandro Cimatti, Iman Narasamdya, and Marco Roveri Fondazione Bruno Kessler, Italy. Via Sommarive 18, I-38050, Trento, Italy {cimatti,narasamdya,roveri}@fbk.eu
More informationDouble Header. Two Lectures. Flying Boxes. Some Key Players: Model Checking Software Model Checking SLAM and BLAST
Model Checking #1 Double Header Two Lectures Model Checking Software Model Checking SLAM and BLAST Flying Boxes It is traditional to describe this stuff (especially SLAM and BLAST) with high-gloss animation
More informationModel Checking and Its Applications
Model Checking and Its Applications Orna Grumberg Technion, Israel Verification and Deduction Mentoring Workshop July 13, 2018 1 Personal data Ph.d. in (non-automated) verification Postdoc in Model Checking
More informationMain Goal. Language-independent program verification framework. Derive program properties from operational semantics
Main Goal Language-independent program verification framework Derive program properties from operational semantics Questions: Is it possible? Is it practical? Answers: Sound and complete proof system,
More informationOn partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency
On partial order semantics for SAT/SMT-based symbolic encodings of weak memory concurrency Alex Horn and Daniel Kroening University of Oxford April 30, 2015 Outline What s Our Problem? Motivation and Example
More informationSymbolic and Concolic Execution of Programs
Symbolic and Concolic Execution of Programs Information Security, CS 526 Omar Chowdhury 10/7/2015 Information Security, CS 526 1 Reading for this lecture Symbolic execution and program testing - James
More informationHoare logic. A proof system for separation logic. Introduction. Separation logic
Introduction Hoare logic Lecture 6: Examples in separation logic In the previous lecture, we saw how reasoning about pointers in Hoare logic was problematic, which motivated introducing separation logic.
More informationVerifying C & C++ with ESBMC
Verifying C & C++ with ESBMC Denis A Nicole dan@ecs.soton.ac.uk CyberSecuritySoton.org [w] @CybSecSoton [fb & tw] ESBMC ESBMC, the Efficient SMT-Based Context-Bounded Model Checker was originally developed
More informationConfigurable Software Model Checking
Configurable Software Model Checking CPAchecker Dirk Beyer Dirk Beyer 1 / 26 Software Verification C Program int main() { int a = foo(); int b = bar(a); } assert(a == b); Verification Tool TRUE i.e., specification
More informationUsing Counterexample Analysis to Minimize the Number of Predicates for Predicate Abstraction
Using Counterexample Analysis to Minimize the Number of Predicates for Predicate Abstraction Thanyapat Sakunkonchak, Satoshi Komatsu, and Masahiro Fujita VLSI Design and Education Center, The University
More informationPredicate Abstraction with Adjustable-Block Encoding
Predicate Abstraction with Adjustable-Block Encoding Dirk Beyer Simon Fraser University / University of Passau M. Erkan Keremoglu Simon Fraser University, B.C., Canada Philipp Wendler University of Passau,
More informationBuilding Program Verifiers from Compilers and Theorem Provers
Building Program Verifiers from Compilers and Theorem Provers Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 Arie Gurfinkel based on joint work with Teme Kahsai, Jorge A.
More informationSoftware Model Checking via Large-Block Encoding
Software Model Checking via Large-Block Encoding Dirk Beyer Simon Fraser University Alessandro Cimatti FBK-irst, Trento Alberto Griggio University of Trento & Simon Fraser University M. Erkan Keremoglu
More informationPredicate Abstraction for Relaxed Memory Models
Predicate Abstraction for Relaxed Memory Models Andrei Dan 1, Yuri Meshman 2, Martin Vechev 1, and Eran Yahav 2 1 ETH Zurich {andrei.dan, martin.vechev}@inf.ethz.ch 2 Technion {yurime, yahave}@cs.technion.ac.il
More informationFormal Verification at Higher Levels of Abstraction
Formal Verification at Higher Levels of Abstraction Daniel Kroening Oxford University Computing Laboratory kroening@kroening.com Sanjit A. Seshia UC Berkeley sseshia@eecs.berkeley.edu Abstract Most formal
More informationIntroduction to CBMC. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Arie Gurfinkel December 5, 2011
Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213 December 5, 2011 based on slides by Daniel Kroening Bug Catching with SAT-Solvers Main Idea: Given a program and a claim use
More informationDIPARTIMENTO DI INGEGNERIA E SCIENZA DELL INFORMAZIONE Povo Trento (Italy), Via Sommarive 14
UNIVERSITY OF TRENTO DIPARTIMENTO DI INGEGNERIA E SCIENZA DELL INFORMAZIONE 38050 Povo Trento (Italy), Via Sommarive 14 http://www.disi.unitn.it SOFTWARE MODEL CHECKING VIA LARGE-BLOCK ENCODING Dirk Beyer,
More informationLecture 1: Model Checking. Edmund Clarke School of Computer Science Carnegie Mellon University
Lecture 1: Model Checking Edmund Clarke School of Computer Science Carnegie Mellon University 1 Cost of Software Errors June 2002 Software bugs, or errors, are so prevalent and so detrimental that they
More informationDecision Procedures in First Order Logic
in First Order Logic for Equality Logic Daniel Kroening and Ofer Strichman 1 Outline Introduction Definition, complexity Reducing Uninterpreted Functions to Equality Logic Using Uninterpreted Functions
More informationThe SMT-LIB 2 Standard: Overview and Proposed New Theories
1 / 23 The SMT-LIB 2 Standard: Overview and Proposed New Theories Philipp Rümmer Oxford University Computing Laboratory philr@comlab.ox.ac.uk Third Workshop on Formal and Automated Theorem Proving and
More informationModel Checking: Back and Forth Between Hardware and Software
Model Checking: Back and Forth Between Hardware and Software Edmund Clarke 1, Anubhav Gupta 1, Himanshu Jain 1, and Helmut Veith 2 1 School of Computer Science, Carnegie Mellon University {emc, anubhav,
More informationDecision Procedures. An Algorithmic Point of View. Bit-Vectors. D. Kroening O. Strichman. Version 1.0, ETH/Technion
Decision Procedures An Algorithmic Point of View Bit-Vectors D. Kroening O. Strichman ETH/Technion Version 1.0, 2007 Part VI Bit-Vectors Outline 1 Introduction to Bit-Vector Logic 2 Syntax 3 Semantics
More informationFormal Systems Tutorial Hybrid System Modeling, Program Analysis
Formal Systems Tutorial Hybrid System Modeling, Program Analysis Department of Computer Science & Engineering, Indian Institute of Technology, Kharagpur 1. There are three taps in the system, namely Tap-1
More informationLazy Abstraction with Interpolants
Lazy Abstraction with Interpolants Kenneth L. McMillan Cadence Berkeley Labs Abstract. We describe a model checker for infinite-state sequential programs, based on Craig interpolation and the lazy abstraction
More informationAbstractions and small languages in synthesis CS294: Program Synthesis for Everyone
Abstractions and small languages in synthesis CS294: Program Synthesis for Everyone Ras Bodik Emina Torlak Division of Computer Science University of California, Berkeley Today Today: we describe why high-level
More informationGetting Rid of Store-Buffers in TSO Analysis
Getting Rid of Store-Buffers in TSO Analysis Mohamed Faouzi Atig 1, Ahmed Bouajjani 2, and Gennaro Parlato 2 1 Uppsala University, Sweden, email: mohamed faouzi.atig@it.uu.se 2 LIAFA, CNRS and University
More informationSMT-Style Program Analysis with Value-based Refinements
SMT-Style Program Analysis with Value-based Refinements Vijay D Silva Leopold Haller Daniel Kröning NSV-3 July 15, 2010 Outline Imprecision and Refinement in Abstract Interpretation SAT Style Abstract
More informationn HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week!
Announcements SMT Solvers, Symbolic Execution n HW7 due in about ten days n HW8 will be optional n No CLASS or office hours on Tuesday n I will catch up on grading next week! n Presentations n Some of
More informationAbstract Interpretation
Abstract Interpretation Ranjit Jhala, UC San Diego April 22, 2013 Fundamental Challenge of Program Analysis How to infer (loop) invariants? Fundamental Challenge of Program Analysis Key issue for any analysis
More informationPANDA: Simultaneous Predicate Abstraction and Concrete Execution
PANDA: Simultaneous Predicate Abstraction and Concrete Execution Jakub Daniel and Pavel Parízek Charles University in Prague, Faculty of Mathematics and Physics, Department of Distributed and Dependable
More informationFrom Underapproximations to Overapproximations and Back!
From Underapproximations to Overapproximations and Back! Software Engineering Institute Carnegie Mellon University joint work with Aws Albarghouthi and Marsha Chechik from University of Toronto NO WARRANTY
More informationIntroduction. Preliminaries. Original IC3. Tree-IC3. IC3 on Control Flow Automata. Conclusion
.. Introduction Preliminaries Original IC3 Tree-IC3 IC3 on Control Flow Automata Conclusion 2 of 22 Lifting IC3 to Control Flow Automata Tim Lange tim.lange@cs.rwth-aachen.de Introduction Preliminaries
More informationC Code Verification based on the Extended Labeled Transition System Model
C Code Verification based on the Extended Labeled Transition System Model Dexi Wang, Chao Zhang, Guang Chen, Ming Gu, and Jiaguang Sun School of Software, TNLIST, Tsinghua University, China {dx-wang12,zhang-chao13,chenguan14}@mails.tsinghua.edu.cn
More informationAlgorithms for Software Model Checking: Predicate Abstraction vs. IMPACT
Algorithms for Software Model Checking: Predicate Abstraction vs. IMPACT Dirk Beyer University of Passau, Germany Philipp Wendler University of Passau, Germany Abstract CEGAR, SMT solving, and Craig interpolation
More informationFormally Certified Satisfiability Solving
SAT/SMT Proof Checking Verifying SAT Solver Code Future Work Computer Science, The University of Iowa, USA April 23, 2012 Seoul National University SAT/SMT Proof Checking Verifying SAT Solver Code Future
More informationAutomatic Verification of RMA Programs via Abstraction Extrapolation
Automatic Verification of RMA Programs via Abstraction Extrapolation Cedric Baumann 1, Andrei Marian Dan 1, Yuri Meshman 2, Torsten Hoefler 1, and Martin Vechev 1 1 Department of Computer Science, ETH
More informationAbstraction Learning
Abstraction Learning Joxan Jaffar National University of Singapore joxan@comp.nus.edu.sg Jorge Navas National University of Singapore navas@comp.nus.edu.sg Andrew E. Santosa National University of Singapore
More informationHybrid POR with Under-Approximate Dynamic Points-To and Determinacy Information
Hybrid POR with Under-Approximate Dynamic Points-To and Determinacy Information http://d3s.mff.cuni.cz Pavel Parízek CHARLES UNIVERSITY IN PRAGUE faculty of mathematics and physics P. Parízek Hybrid POR
More informationA Context-Sensitive Memory Model for Verification of C/C++ Programs
A Context-Sensitive Memory Model for Verification of C/C++ Programs Arie Gurfinkel and Jorge A. Navas University of Waterloo and SRI International SAS 17, August 30th, 2017 Gurfinkel and Navas (UWaterloo/SRI)
More informationPVAIR: Partial Variable Assignment InterpolatoR
PVAIR: Partial Variable Assignment InterpolatoR Pavel Jančík 2, Leonardo Alt 1, Grigory Fedyukovich 1, Antti E. J. Hyvärinen 1, Jan Kofroň 2, and Natasha Sharygina 1 1 University of Lugano, Switzerland,
More informationApplications of Logic in Software Engineering. CS402, Spring 2016 Shin Yoo
Applications of Logic in Software Engineering CS402, Spring 2016 Shin Yoo Acknowledgements I borrow slides from: Moonzoo Kim Theo C. Ruys (http://spinroot.com/spin/doc/ SpinTutorial.pdf) CBMC & Daniel
More informationDecision Procedures for Equality Logic. Daniel Kroening and Ofer Strichman 1
in First Order Logic for Equality Logic Daniel Kroening and Ofer Strichman 1 Outline Introduction Definition, complexity Reducing Uninterpreted Functions to Equality Logic Using Uninterpreted Functions
More informationExploiting Schedule Insensitivity for Enhancing Concurrent Program Verification
Exploiting Schedule Insensitivity for Enhancing Concurrent Program Verification Vineet Kahlon, NEC Labs, Princeton, USA. Abstract. The key to making program analysis practical for large concurrent programs
More informationSymmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs
Symmetry-Aware Predicate Abstraction for Shared-Variable Concurrent Programs Alastair Donaldson, Alexander Kaiser, Daniel Kroening, and Thomas Wahl Computer Science Department, Oxford University, United
More informationSymbolic Model Checking
Bug Catching 5-398 Symbolic Model Checking Hao Zheng Dept. of Computer Science & Eng. Univ. of South Florida Overview CTL model checking operates on sets. Calculates the fix points over finite state sets.
More informationHECTOR: Formal System-Level to RTL Equivalence Checking
ATG SoC HECTOR: Formal System-Level to RTL Equivalence Checking Alfred Koelbl, Sergey Berezin, Reily Jacoby, Jerry Burch, William Nicholls, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2008
More informationDuet: Static Analysis for Unbounded Parallelism
Duet: Static Analysis for Unbounded Parallelism Azadeh Farzan and Zachary Kincaid University of Toronto Abstract. Duet is a static analysis tool for concurrent programs in which the number of executing
More informationRace Analysis for SystemC using Model Checking
Race Analysis for SystemC using Model Checking Nicolas Blanc ETH Zurich, Switzerland nicolas.blanc@inf.ethz.ch Daniel Kroening Oxford University, Computing Laboratory, UK Daniel.Kroening@comlab.ox.ac.uk
More informationExpliSAT: Guiding SAT-Based Software Verification with Explicit States
ExpliSAT: Guiding SAT-Based Software Verification with Explicit States Sharon Barner 1, Cindy Eisner 1,ZivGlazberg 1, Daniel Kroening 2, and Ishai Rabinovitz 3, 1 IBM Haifa Research Lab {sharon,eisner,glazberg}@il.ibm.com
More informationDon t sit on the fence: A static analysis approach to automatic fence insertion
Don t sit on the fence: A static analysis approach to automatic fence insertion Power, ARM! SC! \ / ~. ~ ) / ( / / \_/ \ / /\ / \ Jade Alglave, Daniel Kroening, Vincent Nimal, Daniel Poetzl University
More informationUNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES
FEDERAL UNIVERSITY OF AMAZONAS INSTITUTE OF COMPUTING GRADUATE PROGRAM IN COMPUTER SCIENCE UNDERSTANDING PROGRAMMING BUGS IN ANSI-C SOFTWARE USING BOUNDED MODEL CHECKING COUNTER-EXAMPLES Herbert Oliveira
More informationCS 153 Lab4 and 5. Kishore Kumar Pusukuri. Kishore Kumar Pusukuri CS 153 Lab4 and 5
CS 153 Lab4 and 5 Kishore Kumar Pusukuri Outline Introduction A thread is a straightforward concept : a single sequential flow of control. In traditional operating systems, each process has an address
More informationProgram Analysis and Constraint Programming
Program Analysis and Constraint Programming Joxan Jaffar National University of Singapore CPAIOR MasterClass, 18-19 May 2015 1 / 41 Program Testing, Verification, Analysis (TVA)... VS... Satifiability/Optimization
More informationBounded Verification and Testing of Heap Programs
Bounded Verification and Testing of Heap Programs Duc-Hiep Chu IST Austria Email: duc-hiep.chu@ist.ac.at Joxan Jaffar and Andrew E. Santosa National University of Singapore Email: {joxan@comp.,dcsandr@nus.edu.sg
More informationSoftware Model Checking
20 ans de Recherches sur le Software Model Checking 1989 1994 2006 2009 Université de Liège Bell Labs Microsoft Research Patrice Godefroid Page 1 Mars 2009 Model Checking A B C Each component is modeled
More informationApplication of Propositional Logic II - How to Test/Verify my C program? Moonzoo Kim
Application of Propositional Logic II - How to Test/Verify my C program? Moonzoo Kim 2 Solving Various Problems using SAT Solver Sudoku Puzzle Encoding 1 Encoding 2 Verify/Testing C Programs Encoding 3
More informationPredicate Abstraction Daniel Kroening 1
Predicate Abstraction 20.1.2005 Daniel Kroening 1 Motivation Software has too many state variables State Space Explosion Graf/Saïdi 97: Predicate Abstraction Idea: Only keep track of predicates on data
More informationIntermediate Representations
Compiler Design 1 Intermediate Representations Compiler Design 2 Front End & Back End The portion of the compiler that does scanning, parsing and static semantic analysis is called the front-end. The translation
More informationApplying Multi-Core Model Checking to Hardware-Software Partitioning in Embedded Systems
V Brazilian Symposium on Computing Systems Engineering Applying Multi-Core Model Checking to Hardware-Software Partitioning in Embedded Systems Alessandro Trindade, Hussama Ismail, and Lucas Cordeiro Foz
More informationScalable Program Analysis Using Boolean Satisfiability: The Saturn Project
Scalable Program Analysis Using Boolean Satisfiability: The Saturn Project Alex Aiken Stanford University Saturn 1 The Idea Verify properties of large systems! Doesn t {SLAM, BLAST, CQual, ESP} already
More informationEmbedded Software Verification Challenges and Solutions. Static Program Analysis
Embedded Software Verification Challenges and Solutions Static Program Analysis Chao Wang chaowang@nec-labs.com NEC Labs America Princeton, NJ ICCAD Tutorial November 11, 2008 www.nec-labs.com 1 Outline
More information