55,877 research outputs found
Theory and Implementation of Software Bounded Model Checking
This thesis provides a detailed overview of the theory of software bounded model checking (SBMC) and its implementation in LLBMC, which is based on the LLVM compiler framework. The whole process from a C program to an SMT formula is described in detail. Furthermore, a theory of dynamic memory allocation is introduced which allows modelling C\u27s memory model with high precision. Finally, it is shown that LLBMC\u27s approach to software bounded model checking performs well compared to competing tools
Bounded Model Checking of State-Space Digital Systems: The Impact of Finite Word-Length Effects on the Implementation of Fixed-Point Digital Controllers Based on State-Space Modeling
The extensive use of digital controllers demands a growing effort to prevent
design errors that appear due to finite-word length (FWL) effects. However,
there is still a gap, regarding verification tools and methodologies to check
implementation aspects of control systems. Thus, the present paper describes an
approach, which employs bounded model checking (BMC) techniques, to verify
fixed-point digital controllers represented by state-space equations. The
experimental results demonstrate the sensitivity of such systems to FWL effects
and the effectiveness of the proposed approach to detect them. To the best of
my knowledge, this is the first contribution tackling formal verification
through BMC of fixed-point state-space digital controllers.Comment: International Symposium on the Foundations of Software Engineering
201
Incremental bounded model checking for embedded software
Program analysis is on the brink of mainstream usage in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and test case generation are some of the most common applications of automated verification tools based on bounded model checking (BMC). Existing industrial tools for embedded software use an off-the-shelf bounded model checker and apply it iteratively to verify the program with an increasing number of unwindings. This approach unnecessarily wastes time repeating work that has already been done and fails to exploit the power of incremental SAT solving. This article reports on the extension of the software model checker CBMC to support incremental BMC and its successful integration with the industrial embedded software verification tool BTC EMBEDDED TESTER. We present an extensive evaluation over large industrial embedded programs, mainly from the automotive industry. We show that incremental BMC cuts runtimes by one order of magnitude in comparison to the standard non-incremental approach, enabling the application of formal verification to large and complex embedded software. We furthermore report promising results on analysing programs with arbitrary loop structure using incremental BMC, demonstrating its applicability and potential to verify general software beyond the embedded domain
SMT-Based Bounded Model Checking of Fixed-Point Digital Controllers
Digital controllers have several advantages with respect to their flexibility
and design's simplicity. However, they are subject to problems that are not
faced by analog controllers. In particular, these problems are related to the
finite word-length implementation that might lead to overflows, limit cycles,
and time constraints in fixed-point processors. This paper proposes a new
method to detect design's errors in digital controllers using a state-of-the
art bounded model checker based on satisfiability modulo theories. The
experiments with digital controllers for a ball and beam plant demonstrate that
the proposed method can be very effective in finding errors in digital
controllers than other existing approaches based on traditional simulations
tools
Verification of Magnitude and Phase Responses in Fixed-Point Digital Filters
In the digital signal processing (DSP) area, one of the most important tasks
is digital filter design. Currently, this procedure is performed with the aid
of computational tools, which generally assume filter coefficients represented
with floating-point arithmetic. Nonetheless, during the implementation phase,
which is often done in digital signal processors or field programmable gate
arrays, the representation of the obtained coefficients can be carried out
through integer or fixed-point arithmetic, which often results in unexpected
behavior or even unstable filters. The present work addresses this issue and
proposes a verification methodology based on the digital-system verifier
(DSVerifier), with the goal of checking fixed-point digital filters w.r.t.
implementation aspects. In particular, DSVerifier checks whether the number of
bits used in coefficient representation will result in a filter with the same
features specified during the design phase. Experimental results show that
errors regarding frequency response and overflow are likely to be identified
with the proposed methodology, which thus improves overall system's
reliability
SMT-based Model Checking for Recursive Programs
We present an SMT-based symbolic model checking algorithm for safety
verification of recursive programs. The algorithm is modular and analyzes
procedures individually. Unlike other SMT-based approaches, it maintains both
"over-" and "under-approximations" of procedure summaries. Under-approximations
are used to analyze procedure calls without inlining. Over-approximations are
used to block infeasible counterexamples and detect convergence to a proof. We
show that for programs and properties over a decidable theory, the algorithm is
guaranteed to find a counterexample, if one exists. However, efficiency depends
on an oracle for quantifier elimination (QE). For Boolean Programs, the
algorithm is a polynomial decision procedure, matching the worst-case bounds of
the best BDD-based algorithms. For Linear Arithmetic (integers and rationals),
we give an efficient instantiation of the algorithm by applying QE "lazily". We
use existing interpolation techniques to over-approximate QE and introduce
"Model Based Projection" to under-approximate QE. Empirical evaluation on
SV-COMP benchmarks shows that our algorithm improves significantly on the
state-of-the-art.Comment: originally published as part of the proceedings of CAV 2014; fixed
typos, better wording at some place
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
Benchmarks for Parity Games (extended version)
We propose a benchmark suite for parity games that includes all benchmarks
that have been used in the literature, and make it available online. We give an
overview of the parity games, including a description of how they have been
generated. We also describe structural properties of parity games, and using
these properties we show that our benchmarks are representative. With this work
we provide a starting point for further experimentation with parity games.Comment: The corresponding tool and benchmarks are available from
https://github.com/jkeiren/paritygame-generator. This is an extended version
of the paper that has been accepted for FSEN 201
- …