Dong Wang,Jing Liu,Haiying Sun,Jin Xu,Jiexiang Kang

DOI: https://doi.org/10.1142/S0218194021400210

IF: 1.007

2021-01-01

International Journal of Software Engineering and Knowledge Engineering

Abstract:Model checking is a verification technique that explores all possible system states in a brute-force manner. However, the state space can be extremely large for many practical systems and the verification time grows exponentially with the size of systems. It is a major limitation for state-space search algorithms of model checking. This paper presents a novel approach to perform Linear Temporal Logic (LTL) and Computation Tree Logic (CTL) model checking by using the connective probe machine, which is a fully parallel computing model. Our state-space search algorithm is based on the semantics of CTL properties and we design transformation algorithms to transform the model of a system into the structure that can run on the existing probe machine. We propose another approach to find multiple accepting cycles in linear time, which greatly shortens the verification time of LTL model checking. Compared to the traditional model checker, our approach can find multiple counterexamples according to the given property, which can trace as many system defects as possible. Simultaneously, it can greatly reduce the verification time for systems with large state spaces. We develop a model checker called MC2PROBE based on our approach and prove the feasibility and efficiency of our checker by experiments.

Dong Wang,Jing Liu,Jin Xu,Haiying Sun,Jiexiang Kang

DOI: https://doi.org/10.18293/seke2021-139

2021-01-01

Abstract:Model checking has established as an effective method for automatic system analysis and verification.It is making its way into many domains and methodologies.However, the state space may be extremely large for many practical systems, and this is a major limitation for state-space search algorithms in model checking.We have proposed a novel computing model called probe machine in 2016, which is a fully parallel computing model.In comparison to the Turing machine, it can solve the graph search problems efficiently, which can overcome the existing model checking limitations.In this paper, we propose a novel approach to perform Computation Tree Logic (CTL) model checking based on the mathematical model of probe machine, which can verify all CTL properties.It can greatly reduce the verification time for systems with large state space.We develop a model checker called CTL2PROBE based on our approach and the experimental results show that our approach is better than NuSMV.

Prantik Chatterjee,Subhajit Roy,Bui Phi Diep,Akash Lal

DOI: https://doi.org/10.48550/arXiv.2005.08063

2020-05-17

Abstract:Program verification is a resource-hungry task. This paper looks at the problem of parallelizing SMT-based automated program verification, specifically bounded model-checking, so that it can be distributed and executed on a cluster of machines. We present an algorithm that dynamically unfolds the call graph of the program and frequently splits it to create sub-tasks that can be solved in parallel. The algorithm is adaptive, controlling the splitting rate according to available resources, and also leverages information from the SMT solver to split where most complexity lies in the search. We implemented our algorithm by modifying CORRAL, the verifier used by Microsoft's Static Driver Verifier (SDV), and evaluate it on a series of hard SDV benchmarks.

Programming Languages,Software Engineering

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1007/978-3-540-72863-4_31

2007-01-01

Abstract:Bounded Model Checking (BMC) based on SAT is a complementary technique to BDD-based Symbolic Model Checking, and it is useful for finding counterexamples of minimum length. However, for model checking of large real world systems, BMC is still limited by the state explosion problem, thus abstraction is essential. In this paper, BMC is implemented on a higher abstraction level - Register Transfer Level (RTL) within an abstraction framework of symbolic trajectory evaluation and hybrid three-valued SAT solving. An efficient SAT solver for RTL circuits is presented, and it is modified into a three-valued solver for the cooperative BMC application. The experimental results comparing with the ordinary BMC without abstraction show the efficiency of our method.

Devleena Ghosh,Sumana Ghosh,Ansuman Banerjee,Raj Kumar Gajavelly,Sudhakar Surendran

DOI: https://doi.org/10.1145/3675168

IF: 1.447

2024-07-02

ACM Transactions on Design Automation of Electronic Systems

Abstract:In recent times, Bounded Model Checking (BMC) engines have gained wide prominence in formal verification. Different BMC engines exist, differing in their optimization, representations and solving mechanisms used to represent and navigate the underlying state transition of the given design to be verified. The objective of this paper is to examine if combinations of BMC engines can help to combine their strengths. We propose an approach that can create a sequencing of BMC engines that can reach better depth in formal verification, as opposed to executing them alone for a specified time. Our approach uses machine learning, specifically, the Multi-Armed Bandit paradigm of reinforcement learning, to predict the best-performing BMC engine for a given unrolling depth of the underlying circuit design. We evaluate our approach on a set of benchmark designs from the Hardware Model Checking Competition (HWMCC) benchmarks and show that it outperforms the state-of-the-art BMC engines in terms of the depth reached or time taken to deduce a property violation. The synthesized BMC engine sequences reach better depths than HWMCC results and the state-of-the-art technique, super_deep, for more than 80% of the cases. It also outperforms single engine runs for more than 92% of the cases where a property violation is not found within a given time duration. For designs where property violations are found within the given time duration, the synthesized sequences found the property violation in a lesser time than HWMCC for all the designs and outperformed both super_deep and single engine runs for more than 87% of the designs.

computer science, software engineering, hardware & architecture

Shujun Deng,Weimin Wu,Jinian Bian

DOI: https://doi.org/10.1109/cscwd.2006.253184

2006-01-01

Abstract:This paper presents a cooperative bounded model checking (BMC) method for RTL designs. The method firstly extends the Boolean DPLL algorithm into a unified procedure to solve hybrid satisfiability problems for RTL circuits, and then changes this solver to a hybrid three-valued SAT solver. Symbolic trajectory evaluation (STE) assertions are transformed to a three-valued problem combining the expansion method in BMC and the abstraction of STE. The experimental results comparing with ordinary BMC which based on an ordinary hybrid SAT solver demonstrate the efficiency of our approach

Daniel Kroening,Peter Schrammel,Michael Tautschnig

DOI: https://doi.org/10.48550/arXiv.2302.02384

2023-02-05

Abstract:The C Bounded Model Checker (CBMC) demonstrates the violation of assertions in C programs, or proves safety of the assertions under a given bound. CBMC implements a bit-precise translation of an input C program, annotated with assertions and with loops unrolled to a given depth, into a formula. If the formula is satisfiable, then an execution leading to a violated assertion exists. CBMC is one of the most successful software verification tools. Its main advantages are its precision, robustness and simplicity. CBMC is shipped as part of several Linux distributions. It has been used by thousands of software developers to verify real-world software, such as the Linux kernel, and powers commercial software analysis and test generation tools. Table 1 gives an overview of CBMC's features. CBMC is also a versatile tool that can be applied to solve many practical program analysis problems such as bug finding, property checking, test input generation, detection of security vulnerabilities, equivalence checking and program synthesis. This chapter will give an introduction into CBMC, including practical examples and pointers to further reading. Moreover, we give insights about the development of CBMC itself, showing how its performance evolved over the last decade.

Software Engineering,Logic in Computer Science,Programming Languages

Florian Frohn,Jürgen Giesl

2024-08-09

Abstract:Bounded Model Checking (BMC) is a powerful technique for proving unsafety. However, finding deep counterexamples that require a large bound is challenging for BMC. On the other hand, acceleration techniques compute "shortcuts" that "compress" many execution steps into a single one. In this paper, we tightly integrate acceleration techniques into SMT-based bounded model checking. By adding suitable "shortcuts" on the fly, our approach can quickly detect deep counterexamples. Moreover, using so-called blocking clauses, our approach can prove safety of examples where BMC diverges. An empirical comparison with other state-of-the-art techniques shows that our approach is highly competitive for proving unsafety, and orthogonal to existing techniques for proving safety.

Logic in Computer Science

Zhenyu Chen,Zhihong Tao,Baowen Xu,Lifu Wang

DOI: https://doi.org/10.1007/978-3-540-75698-9_23

2007-01-01

Abstract:This paper presents an iterative framework based on over-approximation and under-approximation for traditional bounded model checking (BMC). A novel feature of our approach is the approximations are defined based on “implication” instead of “simulation”. As a common partial order relation of logic formulas, implication is suitable for the satisfiability checking of BMC for debugging. Our approach could generate the implication-based approximations efficiently with necessary accuracy, thus it potentially enables BMC to go deeper and the output counterexamples with fewer variables are easier to understand. An experiment on a suite of Petri nets shows the effectiveness of implication-based approximating BMC.

Peter Schrammel,Daniel Kroening,Martin Brain,Ruben Martins,Tino Teige,Tom Bienmüller

DOI: https://doi.org/10.48550/arXiv.1409.5872

2014-09-20

Abstract:Program analysis is on the brink of mainstream in embedded systems development. Formal verification of behavioural requirements, finding runtime errors and automated test case generation are some of the most common applications of automated verification tools based on Bounded Model Checking. Existing industrial tools for embedded software use an off-the-shelf Bounded Model Checker and apply it iteratively to verify the program with an increasing number of unwindings. This approach unnecessarily wastes time repeating work that has already been done and fails to exploit the power of incremental SAT solving. This paper reports on the extension of the software model checker CBMC to support incremental Bounded Model Checking and its successful integration with the industrial embedded software verification tool BTC EmbeddedTester. We present an extensive evaluation over large industrial embedded programs, which shows that incremental Bounded Model Checking cuts runtimes by one order of magnitude in comparison to the standard non-incremental approach, enabling the application of formal verification to large and complex embedded software.

Software Engineering

Rafael Sá Menezes,Edoardo Manino,Fedor Shmarov,Mohannad Aldughaim,Rosiane de Freitas,Lucas C. Cordeiro

2024-06-22

Abstract:Bounded Model Checking (BMC) is a widely used software verification technique. Despite its successes, the technique has several limiting factors, from state-space explosion to lack of completeness. Over the years, interval analysis has repeatedly been proposed as a partial solution to these limitations. In this work, we evaluate whether the computational cost of interval analysis yields significant enough improvements in BMC's performance to justify its use. In more detail, we quantify the benefits of interval analysis on two benchmarks: the Intel Core Power Management firmware and 9537 programs in the ReachSafety category of the International Competition on Software Verification. Our results show that interval analysis is essential in solving 203 unique benchmarks.

Software Engineering

Yang Yang,Lei Bu,Xuandong Li

2012-01-01

Abstract:Instead of encoding the bounded state space of a linear hybrid automaton(LHA) in given threshold k into SMT formulas then solving them by SMT solvers, the authors proposed a different approach to handle the bounded reachability verification(BMC) of LHA in the previous work. First, the reachability specification along one abstract path in LHA can be checked by linear programming (LP). Then, all the abstract paths under the threshold can be checked one by one by depth-first-search (DFS) traversing. This approach was implemented in a prototype tool BACH, and the experiment result shows it is efficient. As BACH uses DFS to traverse the bounded state space, clearly, if DFS traverses more quickly, the BMC can be finished more efficiently. Nevertheless, in many cases, the path segments which make the system infeasible are hidden “deeply” in the model or have many entry points which makes the DFS difficult to find them or has to traverse them many times. This burdens the DFS-style BMC approach a lot. To handle this problem, in this paper, the authors propose a backward-DFS BMC approach for LHA. First, reverse the graph structure of LHA. Then, conduct the DFS-style BMC on the reversed LHA. In this way, the “deep” path segments in the forward-DFS can be found very quickly to prune the DFS tree which is needed to be traversed. This backward-DFS approach is implemented into BACH. The experiment shows the performance of BACH is optimized significantly to handle large cases.

Romain Brenguier,Lucas Cordeiro,Daniel Kroening,Peter Schrammel

DOI: https://doi.org/10.48550/arXiv.2302.02381

2023-02-05

Software Engineering

Abstract:JBMC is an open-source SAT- and SMT-based bounded model checking tool for verifying Java bytecode. JBMC relies on an operational model of the Java libraries, which conservatively approximates their semantics, to verify assertion violations, array out-of-bounds, unintended arithmetic overflows, and other kinds of functional and runtime errors in Java bytecode. JBMC can be used to either falsify properties or prove program correctness if an upper bound on the depth of the state-space is known. Practical applications of JBMC include but are not limited to bug finding, property checking, test input generation, detection of security vulnerabilities, and program synthesis. Here we provide a detailed description of JBMC's architecture and its functionalities, including an in-depth discussion of its background theories and underlying technologies, including a state-of-the-art string solver to ensure safety and security of Java bytecode.

Olga Shumsky Matlin,William McCune,Ewing Lusk

DOI: https://doi.org/10.48550/arXiv.cs/0312012

2003-12-06

Abstract:We report on an effort to develop methodologies for formal verification of parts of the Multi-Purpose Daemon (MPD) parallel process management system. MPD is a distributed collection of communicating processes. While the individual components of the collection execute simple algorithms, their interaction leads to unexpected errors that are difficult to uncover by conventional means. Two verification approaches are discussed here: the standard model checking approach using the software model checker SPIN and the nonstandard use of a general-purpose first-order resolution-style theorem prover OTTER to conduct the traditional state space exploration. We compare modeling methodology and analyze performance and scalability of the two methods with respect to verification of MPD.

Logic in Computer Science,Distributed, Parallel, and Cluster Computing

Yuesheng Zhu,Deke Yu

DOI: https://doi.org/10.2991/iccnce.2013.70

2013-01-01

Abstract:Model checking is one of main formal verification methods that are used in the process of circuit design and verification. However, there is a problem of state memory explosion in traditional model checking methods. Bounded model checking (BMC), in which the Davis-Putnam-Logemann-Loveland (DPLL) algorithm based Satisfiability (SAT) solver is used to verify the circuits, can avoid this problem, whereas, its efficiency depends on the performance of the solver. Hybrid SAT solver combines the advantages of the completeness of DPLL and the fast solving property of stochastic local search algorithm, e.g. WalkSAT, and is proved to be an efficient improving way. However, it is noted that the noise parameter in WalkSAT could affect the solver's overall performance. In this paper, an adaptive noise mechanism is proposed to integrate with the hybrid algorithm framework to further improve the solver's performance. Our experimental results have shown that the designed hybrid solver with adaptive noise performs well in BMC instances and some other circuits.

邝宏斌,罗贵明

DOI: https://doi.org/10.3969/j.issn.1000-3428.2008.19.009

2008-01-01

Abstract:Parallelism is an effective method in improving the efficiency of model checking. C program model checking based on LTS is studied and a methodology for parallel software model checking is presented. It utilizes modularity of MAGIC, a software model checker, to decompose C program into components, distributes them over computational nodes and parallel call MAGIC to complete the verification. Close to linear speedup and good scalability can be achieved due to little synchronization and inter-nodes communication. The reduction of time expense is beneficial to formal verification of large-scale software.

Yannan Ma,Zhijiang Shao,Xi Chen,Lorenz T. Biegler

DOI: https://doi.org/10.1016/j.compchemeng.2016.07.015

IF: 4.13

2016-01-01

Computers & Chemical Engineering

Abstract:The equation-oriented (EO) approach is widely used for process simulation and optimization. Nevertheless, large-scale EO models consist of a huge number of nonlinear equations and make the solution procedure a challenging and time-consuming task. For most gradient-based numerical algorithms, function evaluations are the dominant step during the solution procedure. Here, a parallel computation method is developed for function evaluations within EO optimization strategies. After dividing the equations into several groups, function evaluations are calculated by using multiple threads on a parallel hardware platform simultaneously. Theoretical analysis for the speedup ratio is conducted. The implementation of the proposed method on a multi-core processor platform as well as a graphics processing unit (GPU) platform is then presented with several case studies. Numerical results are compared and discussed to show that the multi-core processor implementation has good computational performance, whereas the GPU implementation only achieves computational acceleration under relatively specific conditions.

Dingbao Xie,Lei Bu,Xuandong Li

DOI: https://doi.org/10.1109/RTSS.2014.22

2014-01-01

Abstract:The behavior space of real time hybrid systems is very complex and hence expensive to conduct the classical full state space model checking. Compared to the classical model checking, bounded model checking (BMC) is much cheaper to conduct and has better scalability. This work presents a technique that can derive, in some cases, a proof of unbounded reach ability argument of Linear Hybrid Automata (LHA) from a BMC procedure. During BMC of LHA, typical procedures can discover sets of unsatisfiable constraint cores, a.k.a. UC or IIS, in the constraint set according to the bounded continuous state space of LHA. Currently, such unsatisfiable constraints are only fed back to the constraint set to accelerate the BMC solving. In this paper, we propose that such unsatisfiable constraint core can be exploited to give general unbounded verification result of the system model. As each constraint can be mapped back to certain semantical elements of the system model, the unsatisfiable constraint cores can be mapped back into path segments, which are not feasible, in the graph structure of the LHA model. Clearly, if all the potential paths to reach the target location in the graph structure have to go through such infeasible path segments, the target location is not reachable in general, not only in the given bound. Based on this observation, we propose to encode the infeasible path segments as linear temporal logic (LTL) formulas, and present the graph structure, the discrete part, of the LHA model as a transition system. Then, we can take advantage of the mature off-the-shelf LTL model checking techniques to verify whether there exists a path to reach the target location without touching any detected IIS path segment in the graph structure of the LHA model. We implement this technique into a bounded LHA checker BACH. The experiments show that most of the benchmarks can be verified by the enhanced BACH with a clearly better performance and scalability.

Liangze Yin,Fei He,Ming Gu

DOI: https://doi.org/10.1109/TASE.2013.11

2013-01-01

Abstract:This paper considers bounded model checking for extended labeled transition systems. Bounded model checking relies on a SAT solver to prove (or disprove) the existence of a counterexample with a bounded length. During the translation of a BMC problem to a SAT problem, much useful information is lost. This paper proposes an algorithm to analyze the transition system model, and then utilize the structure information hidden in the model to refine the decision ordering of variables in SAT solving. The basic idea is to guide the search process of SAT solving by the structure of the transition system. Experiments with this heuristic on real industrial designs show 5-12 times speedup over standard bounded model checking.

Zhou Conghua,Tao Zhihong,Ding Decheng,Wang Lifu

IF: 1.019

2006-01-01

Chinese Journal of Electronics

Abstract:Bounded model checking (BMC) has been recently introduced as an efficient verification method for reactive systems. Propositional satisfiability (SAT)-based bounded model checking methods consists in searching for a counter- example of a particular length and generating a propositional formula that is satisfiable iff such a counterexample exists. Until now, SAT-based bounded model checking only concerns with universal properties. In this paper we focus on bounded model checking for Computation tree logic (CTL). We present how quantified Boolean decision procedures like Davis & Putnam Procedure can replaces Binary decision diagrams (BDDs). Our basic idea is to decide the validation of a CTL formula phi in finite executions of a system and reduce the validation to a Quantified Boolean formula (QBF) psi which is satisfiable if and only if phi is valid in finite executions of the system. QBF solvers based on Davis & Putnam Procedure do not blow up in space. Therefore, our new technique avoids the space blow up of BDDs, and sometimes speeds up the verification.