Automatic Abstraction in SMT-Based Unbounded Software Model Checking

Software model checkers based on under-approximations and SMT solvers are very successful at verifying safety (i.e. reachability) properties. They combine two key ideas -- (a) "concreteness": a counterexample in an under-approximation is a counterexample in the original program as well, and (b) "generalization": a proof of safety of an under-approximation, produced by an SMT solver, are generalizable to proofs of safety of the original program. In this paper, we present a combination of "automatic abstraction" with the under-approximation-driven framework. We explore two iterative approaches for obtaining and refining abstractions -- "proof based" and "counterexample based" -- and show how they can be combined into a unified algorithm. To the best of our knowledge, this is the first application of Proof-Based Abstraction, primarily used to verify hardware, to Software Verification. We have implemented a prototype of the framework using Z3, and evaluate it on many benchmarks from the Software Verification Competition. We show experimentally that our combination is quite effective on hard instances.Comment: Extended version of a paper in the proceedings of CAV 201

SimpleCAR: An Efficient Bug-Finding Tool Based on Approximate Reachability

We present a new safety hardware model checker SimpleCAR that serves as a reference implementation for evaluating Complementary Approximate Reachability (CAR), a new SAT-based model checking framework inspired by classical reachability analysis. The tool gives a “bottom-line” performance measure for comparing future extensions to the framework. We demonstrate the performance of SimpleCAR on challenging benchmarks from the Hardware Model Checking Competition. Our experiments indicate that SimpleCAR is particularly suited for unsafety checking, or bug-finding; it is able to solve 7 unsafe instances within 1 h that are not solvable by any other state-of-the-art techniques, including BMC and IC3/PDR, within 8 h. We also identify a bug (reports safe instead of unsafe) and 48 counterexample generation errors in the tools compared in our analysis

Connecting speeds, directions and arrival times of 22 coronal mass ejections from the Sun to 1 AU

Forecasting the in situ properties of coronal mass ejections (CMEs) from remote images is expected to strongly enhance predictions of space weather, and is of general interest for studying the interaction of CMEs with planetary environments. We study the feasibility of using a single heliospheric imager (HI) instrument, imaging the solar wind density from the Sun to 1 AU, for connecting remote images to in situ observations of CMEs. We compare the predictions of speed and arrival time for 22 CMEs (in 2008-2012) to the corresponding interplanetary coronal mass ejection (ICME) parameters at in situ observatories (STEREO PLASTIC/IMPACT, Wind SWE/MFI). The list consists of front- and backsided, slow and fast CMEs (up to $2700 \: km \: s^{-1}$). We track the CMEs to $34.9 \pm 7.1$ degrees elongation from the Sun with J-maps constructed using the SATPLOT tool, resulting in prediction lead times of $-26.4 \pm 15.3$ hours. The geometrical models we use assume different CME front shapes (Fixed-$\Phi$, Harmonic Mean, Self-Similar Expansion), and constant CME speed and direction. We find no significant superiority in the predictive capability of any of the three methods. The absolute difference between predicted and observed ICME arrival times is $8.1 \pm 6.3$ hours ($rms$ value of 10.9h). Speeds are consistent to within $284 \pm 288 \: km \: s^{-1}$. Empirical corrections to the predictions enhance their performance for the arrival times to $6.1 \pm 5.0$ hours ($rms$ value of 7.9h), and for the speeds to $53 \pm 50 \: km \: s^{-1}$. These results are important for Solar Orbiter and a space weather mission positioned away from the Sun-Earth line.Comment: 19 pages, 13 figures, accepted for publication in the Astrophysical Journa

Active oxygen species in copper intrauterine device users

The mechanism of copper intrauterine device (Cu IUD) in limiting intrauterine infections is poorly understood. Copper ions may enhance the release of reactive oxygen species which are deleterious to the microbes. The present study compares the oxidative responses of adherent cell population of uterus prior to Cu-T insertion and at different post-insertion intervals. Increase in reactive oxygen intermediates was evident at 1 week post-insertion. However, the release of active oxygen species decreased thereafter. Further, these responses were only a local phenomenon as the peripheral blood monocytes failed to produce appreciable change following Cu-T insertion. Results suggest the protective role of active oxygen species in Cu IUD users which lasts for a brief period. The withering of respiratory burst activity later on may possibly prevent endometerial damage

An analysis of SAT-based model checking techniques in an industrial environment

Model checking is a formal technique for automatically verifying that a finite-state model satisfies a temporal property. In model checking, generally Binary Decision Diagrams (BDDs) are used to efficiently encode the transition relation of the finite-state model. Recently model checking algorithms based on Boolean satisfiability (SAT) procedures have been developed to complement the traditional BDD-based model checking. These algorithms can be broadly classified into three categories: (1) bounded model checking which is useful for finding failures (2) hybrid algorithms that combine SAT and BDD based methods for unbounded model checking, and (3) purely SAT-based unbounded model checking algorithms. The goal of this paper is to provide a uniform and comprehensive basis for evaluating these algorithms. The paper describes eight bounded and unbounded techniques, and analyzes the performance of these algorithms on a large and diverse set of hardware benchmarks