A Tool for Checking ANSI-C Programs

Clarke, Edmund M.; Kroening, Daniel; Lerda, Flavio

doi:10.1007/978-3-540-24730-2_15

Cited by 1,045 publications

(843 citation statements)

References 8 publications

(5 reference statements)

Supporting

Mentioning

838

Contrasting

Unclassified

Order By: Relevance

“…Our symbolic encoding for detecting atomicity violations is related to, but is different from, the SSA-based SAT encoding [15], which is popular for sequential programs. Our analysis differs from the context-bounded analysis in [25,26,16] since they a priori fix the number of context switches in order to reduce concurrent programs to sequential programs.…”

Section: Related Workmentioning

confidence: 99%

Trace-Based Symbolic Analysis for Atomicity Violations

Wang¹,

Limaye

Ganai³

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose a symbolic algorithm to accurately predict atomicity violations by analyzing a concrete execution trace of a concurrent program. We use both the execution trace and the program source code to construct a symbolic predictive model, which captures a large set of alternative interleavings of the events of the given trace. We use precise symbolic reasoning with a satisfiability modulo theory (SMT) solver to check the feasible interleavings for atomicity violations. Our algorithm differs from the existing methods in that all reported atomicity violations can appear in the actual program execution; and at the same time the feasible interleavings analyzed by our model are significantly more than other predictive models that guarantee the absence of false alarms.

show abstract

Section: Related Workmentioning

confidence: 99%

Trace-Based Symbolic Analysis for Atomicity Violations

Wang¹,

Limaye

Ganai³

et al. 2010

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…As the CWE gathers almost any kind of error, which is observable in a computer based environment, we do by far not match all error classes, but only show the most relevant ones for static software analysis. The result of these tests is shown in Table 1, where we have compared MEMICS with two analysis tools, CBMC [CKL04] and LLBMC [SFM10], which are also operating based on BMC. With this results we have shown that our tool is already able to identify a lot of runtime errors, as well common sequential as difficult concurrent ones.…”

Section: Resultsmentioning

confidence: 99%

Formal Verification of Concurrent Embedded Software

Nowotka

Traub

2013

IFIP Advances in Information and Communication Technology

View full text Add to dashboard Cite

Abstract. With the introduction of multicore hardware to embedded systems their vulnerability to race conditions has been drastically increased. Therefore, sufficient methods and techniques have to be developed in order to identify this kind of runtime errors. In this paper, we demonstrate an approach employing a formal technique in the verification process. We use MEMICS, which is a specialized constraint solver able to identify general runtime errors as well as race conditions. We show how this tool can be embedded into an existing software analysis tool chain. In particular, we describe the process of deriving the formal input model for the solver from C code. The advantage of using constraint solving techniques is that we can offer an entire trace leading to a race condition. The ongoing development of MEMICS is part of our work inside the ARAMiS project.

show abstract

“…The first module parses the input program, the second carries out the preprocessing, the third builds the quantifier-free formula, and the fourth module solves the formula according to the user options by invoking CVC Lite. 3 The latter module also builds and prints the error trace whenever a counterexample is returned by CVC Lite.…”

Section: Resultsmentioning

confidence: 99%

Bounded Model Checking of Software Using SMT Solvers Instead of SAT Solvers

Armando

Mantovani

Platania

2006

Model Checking Software

109

View full text Add to dashboard Cite

Abstract. C Bounded Model Checking (CBMC) is one of the leading approaches to automatic software analysis. The key idea is to (i) build a propositional formula whose models correspond to program traces (of bounded length) that violate some given property and (ii) use state-ofthe-art SAT solvers to check the resulting formulae for satisfiability. In this paper we propose a generalisation of the CBMC approach based on an encoding into richer (but still decidable) theories than propositional logic. We show that our approach may lead to considerably more compact formulae than those obtained with CBMC. We have built a prototype implementation of our technique that uses a Satisfiability Modulo Theories (SMT) solver to solve the resulting formulae. Computer experiments indicate that our approach compares favourably with and on some significant problems outperforms CBMC.

show abstract

A Tool for Checking ANSI-C Programs

Cited by 1,045 publications

References 8 publications

Trace-Based Symbolic Analysis for Atomicity Violations

Trace-Based Symbolic Analysis for Atomicity Violations

Formal Verification of Concurrent Embedded Software

Bounded Model Checking of Software Using SMT Solvers Instead of SAT Solvers

Contact Info

Product

Resources

About