Efficient SAT-based bounded model checking for software verification

Ivančić, Franjo; Yang, Zijiang; Ganai, Malay K.; Gupta, Aarti; Ashar, Pranav

doi:10.1016/j.tcs.2008.03.013

Cited by 69 publications

(37 citation statements)

References 34 publications

(21 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Automated program abstraction and refinement are difficult, and the iterative process may not converge. In practice, automated abstract model checking methods are limited to small or special-purpose programs [12,13].…”

Section: Related Workmentioning

confidence: 99%

Practical lock/unlock pairing for concurrent programs

Cho

Kelly

Wang

et al. 2013

Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)

View full text Add to dashboard Cite

In the multicore era, developers face increasing pressure to parallelize their programs. However, building correct and efficient concurrent programs is substantially more difficult than building sequential ones. To address the multicore challenge, numerous tools have been developed to assist multithreaded programmers, including static and dynamic bug detectors, automated bug fixers, and optimization tools. Many of these tools rely on or benefit from the precise identification of critical sections, i.e., sections where the thread of execution holds at least one lock. For languages where critical sections are not lexically scoped, e.g., C/C++, static analysis often fails to pair up lock and unlock calls correctly.In this paper, we propose a practical lock/unlock pairing mechanism that combines static analysis with dynamic instrumentation to identify critical sections in POSIX multithreaded C/C++ programs. Our method first applies a conservative inter-procedural path-sensitive dataflow analysis to pair up all lock and unlock calls. When the static analysis fails, our method makes assumptions about the pairing using common heuristics. These assumptions are checked at runtime using lightweight instrumentation. Our experiments show that only one out of 891 lock/unlock pairs violates our assumptions at runtime and the instrumentation imposes negligible overhead of 3.34% at most, for large open-source server programs. Overall, our mechanism can pair up 98.2% of all locks including 7.1% of them paired speculatively.

show abstract

Section: Related Workmentioning

confidence: 99%

Practical lock/unlock pairing for concurrent programs

Cho

Kelly

Wang

et al. 2013

Proceedings of the 2013 IEEE/ACM International Symposium on Code Generation and Optimization (CGO)

View full text Add to dashboard Cite

show abstract

“…TCMBC approach requires full inlining of functions and unwinding of loops like CBMC. This CBMC-based approach, therefore, is not scalable to large piece of code or code with reactive behavior, as shown previously [29].…”

Section: Comparison With Related Workmentioning

confidence: 88%

“…For brevity, we highlight the essentials in building a thread model (EFSM) from a C thread (using the F-Soft framework [29]) under the assumption of a bounded heap and a bounded stack. First we obtain a simplified CFG by creating an explicit memory model for (finite) data structures and heap memory, where indirect memory accesses through pointers are converted to direct accesses by using auxiliary variables.…”

Section: Building Efsms From C Threadsmentioning

confidence: 99%

“…We perform source-to-source transformations to directly use a model builder (F-Soft [29]) for sequential programs and obtain sound abstraction. Token: We introduce a global Boolean variable, a token T K, to signify that the thread with the token can execute a shared access operation and commit its current shared state to be visible to the future transitions.…”

Section: Sound Abstraction: Independent Thread Modelsmentioning

confidence: 99%

See 1 more Smart Citation

Efficient Modeling of Concurrent Systems in BMC

Ganai

Gupta

Model Checking Software

Self Cite

View full text Add to dashboard Cite

Abstract. We present an efficient method for modeling multi-threaded concurrent systems with shared variables and locks in Bounded Model Checking (BMC), and use it to improve the detection of safety properties such as data races. Previous approaches based on synchronous modeling of interleaving semantics do not scale up well due to the inherent asynchronism in those models. Instead, in our approach, we first create independent (uncoupled) models for each individual thread in the system, then explicitly add additional synchronization variables and constraints, incrementally, and only where such synchronization is needed to guarantee the (chosen) concurrency semantics (based on sequential consistency). We describe our modeling in detail and report verification results to demonstrate the efficacy of our approach on a complex case study.

show abstract

“…Other symbolic methods were introduced by NEC [15] and SLAM [2]. Symbolic model checking handles non-deterministic data efficiently, whereas explicit-state model checking handles non-deterministic scheduling of concurrent processes easily using partial order reduction [14].…”

Section: Introductionmentioning

confidence: 99%

ExpliSAT: Guiding SAT-Based Software Verification with Explicit States

Barner

Eisner

Glazberg

et al.

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We present a hybrid method for software model checking that combines explicit-state and symbolic techniques. Our method traverses the control flow graph of the program explicitly, and encodes the data values in a CNF formula, which we solve using a SAT solver. In order to avoid traversing control flow paths that do not correspond to a valid execution of the program we introduce the idea of a representative of a control path. We present favorable experimental results, which show that our method scales well both with regards to the non-deterministic data and the number of threads.

show abstract

Efficient SAT-based bounded model checking for software verification

Cited by 69 publications

References 34 publications

Practical lock/unlock pairing for concurrent programs

Practical lock/unlock pairing for concurrent programs

Efficient Modeling of Concurrent Systems in BMC

ExpliSAT: Guiding SAT-Based Software Verification with Explicit States

Contact Info

Product

Resources

About