Handling loops in bounded model checking of C programs via k-induction

Gadelha, Mikhail R.; Ismail, Hussama; Cordeiro, Lucas C.

doi:10.1007/s10009-015-0407-9

Cited by 63 publications

(40 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(RP3) Novel approaches to model check embedded software using k -induction and invariants were proposed and evaluated in the literature, which demonstrate its effectiveness in some real-life embedded-system applications [23,25,26,28]; however, the main challenge still remains open, i.e., to compute and strengthen loop invariants to prove program correctness and timeliness in a more efficient and effective way, in order to be competitive with other model-checking approaches. In particular, invariant-generation algorithms have substantially evolved over the last years, with the goal of discovering inductive invariants of programs [21,22] or continuously refine them during verification [24]; however, there is still a lack of studies for exploiting the combination of different invariant-generation algorithms (e.g., interval analysis, linear inequalities, polynomial equalities and inequalities) and how to strengthen them during verification, in order to ensure system robustness w.r.t.…”

Section: Current Achievements and Future Trendsmentioning

confidence: 99%

“…Novel verification algorithms for proving correctness of (a large set of) C programs, by mathematical induction, in a completely automatic way (i.e., users do not need to provide the loop invariant) were recently proposed [23,24,25,26,27]. Additionally, k -induction based verification was also applied to ensure that (restricted) C programs (1) do not contain violations related to data races [28], considering the Cell BE processor, and (2) do respect time constraints, which are specified during the system design phase [18].…”

Section: Induction-based Verification Of C Programsmentioning

confidence: 99%

See 1 more Smart Citation

SMT-Based Context-Bounded Model Checking for Embedded Systems

Cordeiro

Filho

2016

SIGSOFT Softw. Eng. Notes

Self Cite

View full text Add to dashboard Cite

The dependency on the correct functioning of embedded systems is rapidly growing, mainly due to their wide range of applications, such as micro-grids, automotive device control (e.g., airbag control), health care, surveillance, mobile devices, and consumer electronics. Their structures are becoming more and more complex and now require multi-core processors with scalable shared memory, in order to meet increasing computational power demands. As a consequence, reliability of embedded (distributed) software becomes a key issue during system development, which must be carefully addressed and assured. Normally, state-of-the-art verification methodologies for embedded systems generate test vectors (with constraints) and use assertion-based verification and highlevel processor models, during simulation; however, other additional challenges have been raised: the need for meeting time and energy constraints, handling concurrent software, dealing with platform restrictions, evaluating implementation-structure choices, and supporting new software architectures and legacy designs (usually written in low-level languages). The present paper discusses challenges, problems, and recent advances to ensure correctness and timeliness regarding embedded systems. Reliability issues, in the development of micro-grids and cyber-physical systems, are then considered, as a prominent (bounded) model checking application.

show abstract

Section: Current Achievements and Future Trendsmentioning

confidence: 99%

Section: Induction-based Verification Of C Programsmentioning

confidence: 99%

SMT-Based Context-Bounded Model Checking for Embedded Systems

Cordeiro

Filho

2016

SIGSOFT Softw. Eng. Notes

Self Cite

View full text Add to dashboard Cite

show abstract

“…Iterative deepening implies that ESBMC always finds the smallest k to either prove correctness or find a property violation. ESBMC now uses an improved scheme of the earlier version described by Gadelha et al [3]. In particular, this new version no longer collects havocked variables into states, rewriting every access to these variables into state accesses.…”

Section: The K-induction Algorithm In Esbmcmentioning

confidence: 99%

“…It does not require any special annotations in the source code to find such bugs, but it does allow users to add their own assertions and also checks for violations of these. In addition, ESBMC implements k-induction [3] and can therefore be used to prove the absence of property violations (resp. the validity of user-defined assertions).…”

Section: Introductionmentioning

confidence: 99%

ESBMC 5.0: an industrial-strength C model checker

Gadelha

Monteiro

Morse

et al. 2018

Proceedings of the 33rd ACM/IEEE International Conference on Automated Software Engineering

Self Cite

View full text Add to dashboard Cite

ESBMC is a mature, permissively licensed opensource context-bounded model checker for the verification of single-and multi-threaded C programs. It can verify both safety (e.g., bounds check, pointer safety, overflow) and userdefined (as asserts in the program) properties automatically. ESBMC provides C++ and Python APIs to access internal data structures, allowing inspection and extension at any stage of the verification process. We discuss improvements over previous versions of ESBMC, including the description of new front-and back-ends, IEEE floating-point support, and an improved k-induction algorithm. A demonstration is available at https://www.youtube.com/watch?v=N_qmN-cazvM.

show abstract

“…In each step k of the k-induction algorithm, three checks are performed: the base case B(k), forward condition F (k) and inductive step I(k), for k = [1, d] [16]. The base case B(k) is the standard BMC and B(k) is satisfiable if and only if B(k) has a counterexample of length k or less [17]:…”

Section: The K-induction Algorithmmentioning

confidence: 99%

Towards counterexample-guided k-induction for fast bug detection

Gadelha

Monteiro

Cordeiro

et al. 2018

Proceedings of the 2018 26th ACM Joint Meeting on European Software Engineering Conference and Symposium on the Foundations of

Self Cite

View full text Add to dashboard Cite

Recently, the k-induction algorithm has proven to be a successful approach for both finding bugs and proving correctness. However, since the algorithm is an incremental approach, it might waste resources trying to prove incorrect programs. In this paper, we propose to extend the k-induction algorithm in order to shorten the number of steps required to find a property violation. We convert the algorithm into a meet-in-the-middle bidirectional search algorithm, using the counterexample produced from over-approximating the program. The preliminary results show that the number of steps required to find a property violation is reduced to ⌊ k 2 +1⌋ and the verification time for programs with large state space is reduced considerably.

show abstract

Handling loops in bounded model checking of C programs via k-induction

Cited by 63 publications

References 37 publications

SMT-Based Context-Bounded Model Checking for Embedded Systems

SMT-Based Context-Bounded Model Checking for Embedded Systems

ESBMC 5.0: an industrial-strength C model checker

Towards counterexample-guided k-induction for fast bug detection

Contact Info

Product

Resources

About