75 research outputs found
Scaling Bounded Model Checking By Transforming Programs With Arrays
Bounded Model Checking is one the most successful techniques for finding bugs
in program. However, model checkers are resource hungry and are often unable to
verify programs with loops iterating over large arrays.We present a
transformation that enables bounded model checkers to verify a certain class of
array properties. Our technique transforms an array-manipulating (ANSI-C)
program to an array-free and loop-free (ANSI-C) program thereby reducing the
resource requirements of a model checker significantly. Model checking of the
transformed program using an off-the-shelf bounded model checker simulates the
loop iterations efficiently. Thus, our transformed program is a sound
abstraction of the original program and is also precise in a large number of
cases - we formally characterize the class of programs for which it is
guaranteed to be precise. We demonstrate the applicability and usefulness of
our technique on both industry code as well as academic benchmarks
Benchmarking Symbolic Execution Using Constraint Problems -- Initial Results
Symbolic execution is a powerful technique for bug finding and program
testing. It is successful in finding bugs in real-world code. The core
reasoning techniques use constraint solving, path exploration, and search,
which are also the same techniques used in solving combinatorial problems,
e.g., finite-domain constraint satisfaction problems (CSPs). We propose CSP
instances as more challenging benchmarks to evaluate the effectiveness of the
core techniques in symbolic execution. We transform CSP benchmarks into C
programs suitable for testing the reasoning capabilities of symbolic execution
tools. From a single CSP P, we transform P depending on transformation choice
into different C programs. Preliminary testing with the KLEE, Tracer-X, and
LLBMC tools show substantial runtime differences from transformation and solver
choice. Our C benchmarks are effective in showing the limitations of existing
symbolic execution tools. The motivation for this work is we believe that
benchmarks of this form can spur the development and engineering of improved
core reasoning in symbolic execution engines
Formal Verification of Industrial Software and Neural Networks
Software ist ein wichtiger Bestandteil unsere heutige Gesellschaft. Da Software vermehrt
in sicherheitskritischen Bereichen angewandt wird, müssen wir uns auf eine korrekte und
sichere Ausführung verlassen können. Besonders eingebettete Software, zum Beispiel in
medizinischen Geräten, Autos oder Flugzeugen, muss gründlich und formal geprüft werden.
Die Software solcher eingebetteten Systeme kann man in zwei Komponenten aufgeteilt.
In klassische (deterministische) Steuerungssoftware und maschinelle Lernverfahren
zum Beispiel für die Bilderkennung oder Kollisionsvermeidung angewandt werden.
Das Ziel dieser Dissertation ist es den Stand der Technik bei der Verifikation von
zwei Hauptkomponenten moderner eingebetteter Systeme zu verbessern: in C/C++
geschriebene Software und neuronalen Netze. Für beide Komponenten wird das Verifikationsproblem
formal definiert und neue Verifikationsansätze werden vorgestellt
Reasoning About Vote Counting Schemes Using Light-weight and Heavy-weight Methods
We compare and contrast our experiences in specifying, implementing
and verifying the monotonicity property of a simple plurality voting
scheme using modern light-weight and heavy-weight verification tools
Theory and Implementation of Software Bounded Model Checking
This thesis provides a detailed overview of the theory of software bounded model checking (SBMC) and its implementation in LLBMC, which is based on the LLVM compiler framework. The whole process from a C program to an SMT formula is described in detail. Furthermore, a theory of dynamic memory allocation is introduced which allows modelling C\u27s memory model with high precision. Finally, it is shown that LLBMC\u27s approach to software bounded model checking performs well compared to competing tools
- …