ESBMC v6.0: Verifying C Programs Using k-Induction and Invariant Inference

Gadelha, Mikhail R.; Monteiro, Felipe R.; Cordeiro, Lucas C.; Nicole, Denis A.

doi:10.1007/978-3-030-17502-3_15

Cited by 45 publications

(33 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…2 devise a new paradigm for control-system design, which now includes a test phase during development and aims to minimize rework after implementing a given system in a real platform. Besides, the main obtained benefit is cost and time reduction in digital control-system development, due to minimization of additional development, bug-fixing, and even testing, given that the proposed methodology is fully automatic based on efficient model-checking procedures (Gadelha et al 2019;Kroening and Tautschnig 2014).…”

Section: Brief Discussion Regarding Methodology Use Contributions Fmentioning

confidence: 99%

Formal Non-fragile Verification of Step Response Requirements for Digital State-Feedback Control Systems

Cavalcante

Bessa

Filho³

et al. 2020

J Control Autom Electr Syst

Self Cite

View full text Add to dashboard Cite

We describe and evaluate a novel approach to formally verify whether a digital control system meets specifications related to step response parameters. In particular, we obtain a state feedback controller designed for a system represented by a state-space model. Then, we analyze whether its required specifications regarding settling time and maximum overshoot are met, using both open-and closed-loop forms and considering finite-word-length (FWL) effects for the latter. We developed our verification approaches inside DSVerifier, which is a verification tool that employs bounded (and unbounded) model checking based on satisfiability modulo theories. Thus, DSVerifier checks performance requirements of digital control systems considering fragility, such as round-off and numerical quantization errors. Our approaches were also evaluated over a set of standard control-system benchmarks extracted from the control literature. Experimental results show that DSVerifier can check settling time and overshoot in control systems suffering from FWL effects, while other existing approaches routinely ignore those issues. Keywords Formal verification • Digital control systems • Finite word length • Controller fragility 1 Introduction A digital control system consists of sensors, controlled systems, control algorithms, and actuators, which together seek to maintain the behavior of a plant's (controlled system) variables under control, i.e., they ensure the desired transientand steady-state responses (Franklin et al. 1998). The development of digital controllers is a crucial task in control engineering since they are routinely used for many different applications, which range from industrial plants to smart cities.

show abstract

Section: Brief Discussion Regarding Methodology Use Contributions Fmentioning

confidence: 99%

Formal Non-fragile Verification of Step Response Requirements for Digital State-Feedback Control Systems

Cavalcante

Bessa

Filho³

et al. 2020

J Control Autom Electr Syst

Self Cite

View full text Add to dashboard Cite

show abstract

“…If they do not succeed within 100 s, they give up and output a condition. For verifier v 2 , we use the three tools CPA-SEQ [29], ESBMC [34], and VeriAbs [30] that performed best on the reachability categories of SV-COMP 2020 4 as well as Symbiotic, which performed best in the SoftwareSystems category of SV-COMP 2020. For all four tools, we use their version submitted to SV-COMP 2020.…”

Section: Methodsmentioning

confidence: 99%

FRed: Conditional Model Checking via Reducers and Folders

Beyer

Jakobs

2020

Software Engineering and Formal Methods

View full text Add to dashboard Cite

There are many hard verification problems that are currently only solvable by applying several verifiers that are based on complementing technologies. Conditional model checking (CMC) is a successful solution for cooperation between verification tools. In CMC, the first verifier outputs a condition describing the state space that it successfully verified. The second verifier uses the condition to focus its verification on the unverified state space. To use arbitrary second verifiers, we recently proposed a reducer-based approach. One can use the reducer-based approach to construct a conditional verifier from a reducer and a (non-conditional) verifier: the reducer translates the condition into a residual program that describes the unverified state space and the verifier can be any off-the-shelf verifier (that does not need to understand conditions). Until now, only one reducer was available. But for a systematic investigation of the reducer concept, we need several reducers. To fill this gap, we developed FRed, a Framework for exploring different REDucers. Given an existing reducer, FRed allows us to derive various new reducers, which differ in their trade-off between size and precision of the residual program. For our experiments, we derived seven different reducers. Our evaluation on the largest and most diverse public collection of verification problems shows that we need all seven reducers to solve hard verification tasks that were not solvable before with the considered verifiers.

show abstract

“…1). FuSeBMC builds on top of clang [1] to instrument the C program, uses Map2check [8] as a fuzzing engine, and ESBMC (Efficient SMT-based Bounded Model Checker) [4,5] as BMC and symbolic execution engines, thus combining dynamic and static verification techniques. FuSeBMC takes a C program and a test specification [3] as input.…”

Section: Test Generation Approachmentioning

confidence: 99%

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Alshmrany

Menezes

Gadelha³

et al. 2021

Fundamental Approaches to Software Engineering

Self Cite

View full text Add to dashboard Cite

We describe and evaluate a novel white-box fuzzer for C programs named , which combines fuzzing and symbolic execution, and applies Bounded Model Checking (BMC) to find security vulnerabilities in C programs. explores and analyzes C programs (1) to find execution paths that lead to property violations and (2) to incrementally inject labels to guide the fuzzer and the BMC engine to produce test-cases for code coverage. successfully participates in Test-Comp’21 and achieves first place in the category and second place in the category.

show abstract

ESBMC v6.0: Verifying C Programs Using k-Induction and Invariant Inference

Cited by 45 publications

References 7 publications

Formal Non-fragile Verification of Step Response Requirements for Digital State-Feedback Control Systems

Formal Non-fragile Verification of Step Response Requirements for Digital State-Feedback Control Systems

FRed: Conditional Model Checking via Reducers and Folders

FuSeBMC: A White-Box Fuzzer for Finding Security Vulnerabilities in C Programs (Competition Contribution)

Contact Info

Product

Resources

About