Incremental bounded model checking for embedded software

Schrammel, Peter; Kroening, Daniel; Brain, Martin; Martins, Ruben; Teige, Tino; Bienmüller, Tom

doi:10.1007/s00165-017-0419-1

Cited by 23 publications

(21 citation statements)

References 57 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…It is tempting to use a real arithmetic strategy to tackle these formulae; however, the floating-point arithmetic is an approximation of the real one and introduces a new set of values (e.g., NaNs). ESBMC follows the same approach as CBMC [2] and 2LS [15], which also bit-blast all operations, including floating-point operations, before checking satisfiability using SAT solvers. The bit-blasting algorithm in ESBMC is based on the bit-blasting performed by Z3, which is an improved version of the algorithms described by Muller et al [12].…”

Section: Test Generation Approachmentioning

confidence: 99%

ESBMC: Scalable and Precise Test Generation based on the Floating-Point Theory

Gadelha¹,

Menezes

Monteiro

et al. 2020

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

ESBMC is an SMT-based bounded model checker for realworld C programs. Such programs often represent real numbers using the floating-points, most commonly, the IEEE floating-point standard (IEEE 754-2008). Thus, ESBMC now includes a new floating-point arithmetic encoding layer in our SMT backend, that encodes floating-point operations into bit-vector operations. In particular, ESBMC can use offthe-shelf SMT solvers that offer support for bit-vectors only to encode floating-point arithmetic.

show abstract

Section: Test Generation Approachmentioning

confidence: 99%

ESBMC: Scalable and Precise Test Generation based on the Floating-Point Theory

Gadelha¹,

Menezes

Monteiro

et al. 2020

Fundamental Approaches to Software Engineering

View full text Add to dashboard Cite

show abstract

“…SLDV uses rational approximations of floating-point arithmetic and tries to identify suspicious test cases. Additionally, there are some third-party tools based on formal methods, e.g., BTC † Embedded Tester [5] and AutoMOTGen [6]. Embedded Tester converts a model into a C code and generates test cases based on formal analysis of the C code.…”

Section: Related Workmentioning

confidence: 99%

Template-Based Monte-Carlo Test-Suite Generation for Large and Complex Simulink Models

Tomita

Ishii

Murakami³

et al. 2020

IEICE Trans. Fundamentals

View full text Add to dashboard Cite

MATLAB/Simulink is the de facto standard tool for the model-based development (MBD) of control software for automotive systems. A Simulink model developed in MBD for real automotive systems involves complex computation as well as tens of thousands of blocks. In this paper, we focus on decision coverage (DC), condition coverage (CC) and modified condition/decision coverage (MC/DC) criteria, and propose a Monte-Carlo test suite generation method for large and complex Simulink models. In the method, a candidate test case is generated by assigning random values to the parameters of signal templates with specific waveforms. We try to find contributable candidates in a plausible and understandable search space, specified by a set of templates. We implemented the method as a tool, and our experimental evaluation showed that the tool was able to generate test suites for industrial implementation models with higher coverages and shorter execution times than Simulink Design Verifier. Additionally, the tool includes a fast coverage measurement engine, which demonstrated better performance than Simulink Coverage in our experiments.

show abstract

“…This enables ESBMC, and the respective solver, to learn from previous checks, optimizing the search procedure and potentially eliminating a large amount of formula state space to be searched, because it solves and disregards data during the process, incrementally. This technique is called "incremental SMT" [39] and allows us to reduce the memory overhead, mainly when the verified system is complex and the computing platform does not have large amount of memory to deal with all the design space state.…”

Section: A Esbmcmentioning

confidence: 99%

Automated formal verification of stand-alone solar photovoltaic systems

Trindade

Cordeiro

2019

Solar Energy

View full text Add to dashboard Cite

With declining costs and increasing performance, the deployment of renewable energy systems is growing faster. Particular attention is given to stand-alone solar photovoltaic systems in rural areas or where grid extension is unfeasible. Tools to evaluate electrification projects are available, but they are based on simulations that do not cover all aspects of the design space. Automated verification using model checking has proven to be an effective technique to program verification. This paper marks the first application of software model checking to formally verify the design of a stand-alone solar photovoltaic system including solar panel, charge controller, battery, inverter, and electric load. Case studies, from real photovoltaic systems deployed in five different sites, ranging from 700W to 1,200W, were used to evaluate this proposed approach and to compare that with specialized simulation tools. Data from practical applications show the effectiveness of our approach, where specific conditions that lead to failures in a photovoltaic solar system are only detected by our automated verification method.

show abstract

Incremental bounded model checking for embedded software

Cited by 23 publications

References 57 publications

ESBMC: Scalable and Precise Test Generation based on the Floating-Point Theory

ESBMC: Scalable and Precise Test Generation based on the Floating-Point Theory

Template-Based Monte-Carlo Test-Suite Generation for Large and Complex Simulink Models

Automated formal verification of stand-alone solar photovoltaic systems

Contact Info

Product

Resources

About