CPBPV: A Constraint-Programming Framework for Bounded Program Verification

Abstract: This paper studies how to verify the conformity of a program with its specification and proposes a novel constraint-programming framework for bounded program verification (CPBPV). The CPBPV framework uses constraint stores to represent both the specification and the program and explores execution paths of bounded length nondeterministically. The CPBPV framework detects non-conformities and provides counter examples when a path of bounded length that refutes some properties exists. The input program is partiall… Show more

“…The main dierence between constraint-based BMC and standard BMC (i.e., BMC based on SAT or SMT solvers) [20] lies in the representation of the program and the assertions: the standard BMC approach generates a big Boolean formula whereas we generate the constraints on the y. We proposed in a previous work a constraintbased BMC framework named CPBPV [11,12]. CPBPV is based on a depth rst search strategy that explores the Control Flow Graph (CFG) of a program starting from the pre-condition.…”

“…The rst strategy we have developed was a naive depth rst search strategy, called CPBPV [12]. This strategy was successful on academic benchmarks, in particular for programs with a strong pre-condition like the binary search program.…”

“…Next subsection details algorithm DPVS. 11 Notation (n) is used for statement nodes, and n for conditional nodes in the CFG of Fig. 2 and 3.…”

“…In particular, performances of a sequential backward strategy were even worse than those of the depth-rst strategy of CPBPV. We also tested DPVS on other well known examples: the Tritype program for triangle classication [12], On the contrary, DPVS and CPBPV have very different performances on the Binary search example. The characteristic of this example is that it is correct, which means that all executable paths must be explored, and above all, it has a very strong pre-condition.…”

Constraint-based BMC: a backjumping strategy

“…The main dierence between constraint-based BMC and standard BMC (i.e., BMC based on SAT or SMT solvers) [20] lies in the representation of the program and the assertions: the standard BMC approach generates a big Boolean formula whereas we generate the constraints on the y. We proposed in a previous work a constraintbased BMC framework named CPBPV [11,12]. CPBPV is based on a depth rst search strategy that explores the Control Flow Graph (CFG) of a program starting from the pre-condition.…”

“…The rst strategy we have developed was a naive depth rst search strategy, called CPBPV [12]. This strategy was successful on academic benchmarks, in particular for programs with a strong pre-condition like the binary search program.…”

“…Next subsection details algorithm DPVS. 11 Notation (n) is used for statement nodes, and n for conditional nodes in the CFG of Fig. 2 and 3.…”

“…In particular, performances of a sequential backward strategy were even worse than those of the depth-rst strategy of CPBPV. We also tested DPVS on other well known examples: the Tritype program for triangle classication [12], On the contrary, DPVS and CPBPV have very different performances on the Binary search example. The characteristic of this example is that it is correct, which means that all executable paths must be explored, and above all, it has a very strong pre-condition.…”

Constraint-based BMC: a backjumping strategy

“…Even the problems in which decisions are not Boolean often exhibit a rich Boolean structure, and their resolution involves Boolean reasoning. For instance in software verification [22,30,67] problems tend to be formulated as complex Boolean combinations of simple (e.g., numerical) constraints: the Boolean structure encodes the control flow of the program, and the numerical relations encode the basic operations (increment, assignment of integer variables, addition, etc.). But disjunctions, implications, and other logical combinations of constraints are in fact present in all other areas of applications: from disjunctive scheduling and resource allocation to configuration or computational biology.…”

Connections and Integration with SAT Solvers: A Survey and a Case Study in Computational Biology

Optimal Length Cutting Plane Refutations of Integer Programs