12,471 research outputs found
Exploiting Hierarchy in the Abstraction-Based Verification of Statecharts Using SMT Solvers
Statecharts are frequently used as a modeling formalism in the design of
state-based systems. Formal verification techniques are also often applied to
prove certain properties about the behavior of the system. One of the most
efficient techniques for formal verification is Counterexample-Guided
Abstraction Refinement (CEGAR), which reduces the complexity of systems by
automatically building and refining abstractions. In our paper we present a
novel adaptation of the CEGAR approach to hierarchical statechart models. First
we introduce an encoding of the statechart to logical formulas that preserves
information about the state hierarchy. Based on this encoding we propose
abstraction and refinement techniques that utilize the hierarchical structure
of statecharts and also handle variables in the model. The encoding allows us
to use SMT solvers for the systematic exploration and verification of the
abstract model, including also bounded model checking. We demonstrate the
applicability and efficiency of our abstraction techniques with measurements on
an industry-motivated example.Comment: In Proceedings FESCA 2017, arXiv:1703.0659
IC3-Guided Abstraction
Abstract-Localization is a powerful automated abstraction-refinement technique to reduce the complexity of property checking. This process is often guided by SATbased bounded model checking, using counterexamples obtained on the abstract model, proofs obtained on the original model, or a combination of both to select irrelevant logic. In this paper, we propose the use of bounded invariants obtained during an incomplete IC3 run to derive higher-quality abstractions for complex problems. Experiments confirm that this approach yields significantly smaller abstractions in many cases, and that the resulting abstract models are often easier to verify
Verifying multi-threaded software using SMT-based context-bounded model checking
We describe and evaluate three approaches to model check multi-threaded software with shared variables and locks using bounded model checking based on Satisfiability Modulo Theories (SMT) and our modelling of the synchronization primitives of the Pthread library. In the lazy approach, we generate all possible interleavings and call the SMT solver on each of them individually, until we either find a bug, or have systematically explored all interleavings. In the schedule recording approach, we encode all possible interleavings into one single formula and then exploit the high speed of the SMT solvers. In the underapproximation and widening approach, we reduce the state space by abstracting the number of interleavings from the proofs of unsatisfiability generated by the SMT solvers. In all three approaches, we bound the number of context switches allowed among threads in order to reduce the number of interleavings explored. We implemented these approaches in ESBMC, our SMT-based bounded model checker for ANSI-C programs. Our experiments show that ESBMC can analyze larger problems and substantially reduce the verification time compared to state-of-the-art techniques that use iterative context-bounding algorithms or counter-example guided abstraction refinement
Interpolant-Based Transition Relation Approximation
In predicate abstraction, exact image computation is problematic, requiring
in the worst case an exponential number of calls to a decision procedure. For
this reason, software model checkers typically use a weak approximation of the
image. This can result in a failure to prove a property, even given an adequate
set of predicates. We present an interpolant-based method for strengthening the
abstract transition relation in case of such failures. This approach guarantees
convergence given an adequate set of predicates, without requiring an exact
image computation. We show empirically that the method converges more rapidly
than an earlier method based on counterexample analysis.Comment: Conference Version at CAV 2005. 17 Pages, 9 Figure
MeGARA: Menu-based Game Abstraction and Abstraction Refinement of Markov Automata
Markov automata combine continuous time, probabilistic transitions, and
nondeterminism in a single model. They represent an important and powerful way
to model a wide range of complex real-life systems. However, such models tend
to be large and difficult to handle, making abstraction and abstraction
refinement necessary. In this paper we present an abstraction and abstraction
refinement technique for Markov automata, based on the game-based and
menu-based abstraction of probabilistic automata. First experiments show that a
significant reduction in size is possible using abstraction.Comment: In Proceedings QAPL 2014, arXiv:1406.156
Chaining Test Cases for Reactive System Testing (extended version)
Testing of synchronous reactive systems is challenging because long input
sequences are often needed to drive them into a state at which a desired
feature can be tested. This is particularly problematic in on-target testing,
where a system is tested in its real-life application environment and the time
required for resetting is high. This paper presents an approach to discovering
a test case chain---a single software execution that covers a group of test
goals and minimises overall test execution time. Our technique targets the
scenario in which test goals for the requirements are given as safety
properties. We give conditions for the existence and minimality of a single
test case chain and minimise the number of test chains if a single test chain
is infeasible. We report experimental results with a prototype tool for C code
generated from Simulink models and compare it to state-of-the-art test suite
generators.Comment: extended version of paper published at ICTSS'1
Software Model Checking with Explicit Scheduler and Symbolic Threads
In many practical application domains, the software is organized into a set
of threads, whose activation is exclusive and controlled by a cooperative
scheduling policy: threads execute, without any interruption, until they either
terminate or yield the control explicitly to the scheduler. The formal
verification of such software poses significant challenges. On the one side,
each thread may have infinite state space, and might call for abstraction. On
the other side, the scheduling policy is often important for correctness, and
an approach based on abstracting the scheduler may result in loss of precision
and false positives. Unfortunately, the translation of the problem into a
purely sequential software model checking problem turns out to be highly
inefficient for the available technologies. We propose a software model
checking technique that exploits the intrinsic structure of these programs.
Each thread is translated into a separate sequential program and explored
symbolically with lazy abstraction, while the overall verification is
orchestrated by the direct execution of the scheduler. The approach is
optimized by filtering the exploration of the scheduler with the integration of
partial-order reduction. The technique, called ESST (Explicit Scheduler,
Symbolic Threads) has been implemented and experimentally evaluated on a
significant set of benchmarks. The results demonstrate that ESST technique is
way more effective than software model checking applied to the sequentialized
programs, and that partial-order reduction can lead to further performance
improvements.Comment: 40 pages, 10 figures, accepted for publication in journal of logical
methods in computer scienc
- …