1,700 research outputs found
Fast LTL Satisfiability Checking by SAT Solvers
Satisfiability checking for Linear Temporal Logic (LTL) is a fundamental step
in checking for possible errors in LTL assertions. Extant LTL satisfiability
checkers use a variety of different search procedures. With the sole exception
of LTL satisfiability checking based on bounded model checking, which does not
provide a complete decision procedure, LTL satisfiability checkers have not
taken advantage of the remarkable progress over the past 20 years in Boolean
satisfiability solving. In this paper, we propose a new LTL
satisfiability-checking framework that is accelerated using a Boolean SAT
solver. Our approach is based on the variant of the \emph{obligation-set
method}, which we proposed in earlier work. We describe here heuristics that
allow the use of a Boolean SAT solver to analyze the obligations for a given
LTL formula. The experimental evaluation indicates that the new approach
provides a a significant performance advantage
Verifying multi-threaded software using SMT-based context-bounded model checking
We describe and evaluate three approaches to model check multi-threaded software with shared variables and locks using bounded model checking based on Satisfiability Modulo Theories (SMT) and our modelling of the synchronization primitives of the Pthread library. In the lazy approach, we generate all possible interleavings and call the SMT solver on each of them individually, until we either find a bug, or have systematically explored all interleavings. In the schedule recording approach, we encode all possible interleavings into one single formula and then exploit the high speed of the SMT solvers. In the underapproximation and widening approach, we reduce the state space by abstracting the number of interleavings from the proofs of unsatisfiability generated by the SMT solvers. In all three approaches, we bound the number of context switches allowed among threads in order to reduce the number of interleavings explored. We implemented these approaches in ESBMC, our SMT-based bounded model checker for ANSI-C programs. Our experiments show that ESBMC can analyze larger problems and substantially reduce the verification time compared to state-of-the-art techniques that use iterative context-bounding algorithms or counter-example guided abstraction refinement
Synthesizing realistic verification tasks
This thesis by publications focuses on realistic benchmarks for software verification approaches.
Such benchmarks are crucial to an evaluation of verification tools which helps to assess their capabilities and inform potential users.
This work provides an overview of the current landscape of verification tool evaluation and compares manual and automatic approaches to benchmark generation.
The main contribution of this thesis is a new framework to synthesize realistic verification tasks.
This framework allows to generate verification tasks that target sequential or parallel programs.
Starting from a realistic formal specification,
a Büchi automaton is synthesized while ensuring realistic hardness characteristics such as the number of computation steps after which errors occur.
The resulting automaton is then transformed to a Mealy machine to produce a sequential program in C or Java or to a parallel composition of modal transition systems. A refinement of the latter is encoded in Promela or as a Petri net.
A task that targets such a parallel system requires checking whether or not a given interruptible temporal property is satisfied or whether parallel systems are weakly bisimilar.
Temporal properties may include branching-time and linear-time formulas.
For the latter, it can be ensured that every parallel component matters during verification.
This thesis contains additional contributions that build on top of attached publications.
These are (i) a generalization of interruptibility that covers branching-time properties, (ii) an improved generation of parallel contexts, and (iii) a definition of alphabet extension on a semantic level.
Alphabet extensions are a key part for ensuring hardness of generated tasks that target parallel systems.
Benchmarks that were synthesized using the presented framework have been employed in the international Rigorous Examination of Reactive Systems (RERS) Challenge during the last five years.
Several international teams attempted to solve the corresponding verification tasks and used ten different tools to verify the newly added parallel programs.
Apart from the evaluation of these tools, this endeavor motivated participants of RERS to conceive new formal techniques to verify parallel systems.
The result of this thesis thus helps to improve the state of the art of software verification
Software Model Checking with Explicit Scheduler and Symbolic Threads
In many practical application domains, the software is organized into a set
of threads, whose activation is exclusive and controlled by a cooperative
scheduling policy: threads execute, without any interruption, until they either
terminate or yield the control explicitly to the scheduler. The formal
verification of such software poses significant challenges. On the one side,
each thread may have infinite state space, and might call for abstraction. On
the other side, the scheduling policy is often important for correctness, and
an approach based on abstracting the scheduler may result in loss of precision
and false positives. Unfortunately, the translation of the problem into a
purely sequential software model checking problem turns out to be highly
inefficient for the available technologies. We propose a software model
checking technique that exploits the intrinsic structure of these programs.
Each thread is translated into a separate sequential program and explored
symbolically with lazy abstraction, while the overall verification is
orchestrated by the direct execution of the scheduler. The approach is
optimized by filtering the exploration of the scheduler with the integration of
partial-order reduction. The technique, called ESST (Explicit Scheduler,
Symbolic Threads) has been implemented and experimentally evaluated on a
significant set of benchmarks. The results demonstrate that ESST technique is
way more effective than software model checking applied to the sequentialized
programs, and that partial-order reduction can lead to further performance
improvements.Comment: 40 pages, 10 figures, accepted for publication in journal of logical
methods in computer scienc
Conformant Planning as a Case Study of Incremental QBF Solving
We consider planning with uncertainty in the initial state as a case study of
incremental quantified Boolean formula (QBF) solving. We report on experiments
with a workflow to incrementally encode a planning instance into a sequence of
QBFs. To solve this sequence of incrementally constructed QBFs, we use our
general-purpose incremental QBF solver DepQBF. Since the generated QBFs have
many clauses and variables in common, our approach avoids redundancy both in
the encoding phase and in the solving phase. Experimental results show that
incremental QBF solving outperforms non-incremental QBF solving. Our results
are the first empirical study of incremental QBF solving in the context of
planning and motivate its use in other application domains.Comment: added reference to extended journal article; revision (camera-ready,
to appear in the proceedings of AISC 2014, volume 8884 of LNAI, Springer
SAT-based Explicit LTL Reasoning
We present here a new explicit reasoning framework for linear temporal logic
(LTL), which is built on top of propositional satisfiability (SAT) solving. As
a proof-of-concept of this framework, we describe a new LTL satisfiability
tool, Aalta\_v2.0, which is built on top of the MiniSAT SAT solver. We test the
effectiveness of this approach by demonnstrating that Aalta\_v2.0 significantly
outperforms all existing LTL satisfiability solvers. Furthermore, we show that
the framework can be extended from propositional LTL to assertional LTL (where
we allow theory atoms), by replacing MiniSAT with the Z3 SMT solver, and
demonstrating that this can yield an exponential improvement in performance
- …